* validation-scripts: validation scripts useful to all deployment
configurations
+ * roles: example roles that can be used with the tripleoclient to generate
+ a roles_data.yaml for a deployment See the
+ `roles/README.rst <roles/README.rst>`_ for additional details.
Service testing matrix
----------------------
--- /dev/null
+# NOTE: This is an environment specific for containers CI. Mainly we
+# deploy non-pacemakerized overcloud. Once we are able to deploy and
+# upgrade pacemakerized and containerized overcloud, we should remove
+# this file and use normal CI multinode environments/scenarios.
+
+resource_registry:
+ OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml
+ OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml
+ OS::TripleO::Services::CephMon: ../../puppet/services/ceph-mon.yaml
+ OS::TripleO::Services::CephOSD: ../../puppet/services/ceph-osd.yaml
+ OS::TripleO::Services::CephClient: ../../puppet/services/ceph-client.yaml
+ OS::TripleO::Services::PankoApi: ../../puppet/services/panko-api.yaml
+ OS::TripleO::Services::Collectd: ../../puppet/services/metrics/collectd.yaml
+ OS::TripleO::Services::Tacker: ../../puppet/services/tacker.yaml
+ OS::TripleO::Services::Congress: ../../puppet/services/congress.yaml
+ OS::TripleO::Services::FluentdClient: ../../puppet/services/logging/fluentd-client.yaml
+ OS::TripleO::Services::SensuClient: ../../puppet/services/monitoring/sensu-client.yaml
+ # NOTE: This is needed because of upgrades from Ocata to Pike. We
+ # deploy the initial environment with Ocata templates, and
+ # overcloud-resource-registry.yaml there doesn't have this Docker
+ # mapping at all. After we stop CI'ing Ocata->Pike upgrade, we can
+ # remove this.
+ OS::TripleO::Services::Docker: OS::Heat::None
+
+parameter_defaults:
+ ControllerServices:
+ - OS::TripleO::Services::Docker
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::Keystone
+ - OS::TripleO::Services::GlanceApi
+ - OS::TripleO::Services::HeatApi
+ - OS::TripleO::Services::HeatApiCfn
+ - OS::TripleO::Services::HeatApiCloudwatch
+ - OS::TripleO::Services::HeatEngine
+ - OS::TripleO::Services::MySQL
+ - OS::TripleO::Services::MySQLClient
+ - OS::TripleO::Services::NeutronDhcpAgent
+ - OS::TripleO::Services::NeutronL3Agent
+ - OS::TripleO::Services::NeutronMetadataAgent
+ - OS::TripleO::Services::NeutronServer
+ - OS::TripleO::Services::NeutronCorePlugin
+ - OS::TripleO::Services::NeutronOvsAgent
+ - OS::TripleO::Services::RabbitMQ
+ - OS::TripleO::Services::HAproxy
+ - OS::TripleO::Services::Keepalived
+ - OS::TripleO::Services::Memcached
+ - OS::TripleO::Services::Pacemaker
+ - OS::TripleO::Services::NovaConductor
+ - OS::TripleO::Services::NovaApi
+ - OS::TripleO::Services::NovaPlacement
+ - OS::TripleO::Services::NovaMetadata
+ - OS::TripleO::Services::NovaScheduler
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Sshd
+ - OS::TripleO::Services::Securetty
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::NovaCompute
+ - OS::TripleO::Services::NovaLibvirt
+ - OS::TripleO::Services::MongoDb
+ - OS::TripleO::Services::Redis
+ - OS::TripleO::Services::AodhApi
+ - OS::TripleO::Services::AodhEvaluator
+ - OS::TripleO::Services::AodhNotifier
+ - OS::TripleO::Services::AodhListener
+ - OS::TripleO::Services::CeilometerAgentCentral
+ - OS::TripleO::Services::CeilometerAgentIpmi
+ - OS::TripleO::Services::CeilometerAgentNotification
+ - OS::TripleO::Services::GnocchiApi
+ - OS::TripleO::Services::GnocchiMetricd
+ - OS::TripleO::Services::GnocchiStatsd
+ - OS::TripleO::Services::PankoApi
+ - OS::TripleO::Services::CephMon
+ - OS::TripleO::Services::CephOSD
+ - OS::TripleO::Services::CephClient
+ - OS::TripleO::Services::CinderApi
+ - OS::TripleO::Services::CinderBackup
+ - OS::TripleO::Services::CinderScheduler
+ - OS::TripleO::Services::CinderVolume
+ - OS::TripleO::Services::Collectd
+ - OS::TripleO::Services::Tacker
+ - OS::TripleO::Services::Congress
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::SensuClient
+
+ ControllerExtraConfig:
+ nova::compute::libvirt::services::libvirt_virt_type: qemu
+ nova::compute::libvirt::libvirt_virt_type: qemu
+ Debug: true
+ #NOTE(gfidente): not great but we need this to deploy on ext4
+ #http://docs.ceph.com/docs/jewel/rados/configuration/filesystem-recommendations/
+ ExtraConfig:
+ ceph::profile::params::osd_max_object_name_len: 256
+ ceph::profile::params::osd_max_object_namespace_len: 64
+ #NOTE: These ID's and keys should be regenerated for
+ # a production deployment. What is here is suitable for
+ # developer and CI testing only.
+ CephClusterFSID: '4b5c8c0a-ff60-454b-a1b4-9747aa737d19'
+ CephMonKey: 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ=='
+ CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ=='
+ CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw=='
+ NovaEnableRbdBackend: true
+ CinderEnableRbdBackend: true
+ CinderBackupBackend: ceph
+ GlanceBackend: rbd
+ GnocchiBackend: rbd
+ CinderEnableIscsiBackend: false
+ BannerText: |
+ ******************************************************************
+ * This system is for the use of authorized users only. Usage of *
+ * this system may be monitored and recorded by system personnel. *
+ * Anyone using this system expressly consents to such monitoring *
+ * and is advised that if such monitoring reveals possible *
+ * evidence of criminal activity, system personnel may provide *
+ * the evidence from such monitoring to law enforcement officials.*
+ ******************************************************************
+ CollectdExtraPlugins:
+ - rrdtool
+ LoggingServers:
+ - host: 127.0.0.1
+ port: 24224
+ MonitoringRabbitHost: 127.0.0.1
+ MonitoringRabbitPort: 5676
+ MonitoringRabbitPassword: sensu
+ TtyValues:
+ - console
+ - tty1
+ - tty2
+ - tty3
+ - tty4
+ - tty5
+ - tty6
-# NOTE: This is an environment specific for containers upgrade
-# CI. Mainly we deploy non-pacemakerized overcloud, as at the time
-# being containerization of services managed by pacemaker is not
-# complete, so we deploy and upgrade the non-HA services for now.
+# NOTE: This is an environment specific for containers CI. Mainly we
+# deploy non-pacemakerized overcloud. Once we are able to deploy and
+# upgrade pacemakerized and containerized overcloud, we should remove
+# this file and use normal CI multinode environments/scenarios.
resource_registry:
- OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml
- OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml
-
+ OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml
+ OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml
+ OS::TripleO::Services::BarbicanApi: ../../puppet/services/barbican-api.yaml
+ OS::TripleO::Services::Zaqar: ../../puppet/services/zaqar.yaml
+ OS::TripleO::Services::Ec2Api: ../../puppet/services/ec2-api.yaml
# NOTE: This is needed because of upgrades from Ocata to Pike. We
# deploy the initial environment with Ocata templates, and
# overcloud-resource-registry.yaml there doesn't have this Docker
parameter_defaults:
ControllerServices:
- - OS::TripleO::Services::CephMon
- - OS::TripleO::Services::CephOSD
- - OS::TripleO::Services::CinderApi
- - OS::TripleO::Services::CinderScheduler
- - OS::TripleO::Services::CinderVolume
- OS::TripleO::Services::Docker
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Keystone
- OS::TripleO::Services::NovaMetadata
- OS::TripleO::Services::NovaScheduler
- OS::TripleO::Services::Ntp
- - OS::TripleO::Services::SwiftProxy
- - OS::TripleO::Services::SwiftStorage
- - OS::TripleO::Services::SwiftRingBuilder
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::Timezone
- - OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::NovaCompute
- OS::TripleO::Services::NovaLibvirt
+ - OS::TripleO::Services::CinderApi
+ - OS::TripleO::Services::CinderBackup
+ - OS::TripleO::Services::CinderScheduler
+ - OS::TripleO::Services::CinderVolume
+ - OS::TripleO::Services::SwiftProxy
+ - OS::TripleO::Services::SwiftStorage
+ - OS::TripleO::Services::SwiftRingBuilder
+ - OS::TripleO::Services::BarbicanApi
+ - OS::TripleO::Services::MongoDb
+ - OS::TripleO::Services::Zaqar
+ - OS::TripleO::Services::Ec2Api
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::Sshd
ControllerExtraConfig:
nova::compute::libvirt::services::libvirt_virt_type: qemu
nova::compute::libvirt::libvirt_virt_type: qemu
- # Required for Centos 7.3 and Qemu 2.6.0
- nova::compute::libvirt::libvirt_cpu_mode: 'none'
- #NOTE(gfidente): not great but we need this to deploy on ext4
- #http://docs.ceph.com/docs/jewel/rados/configuration/filesystem-recommendations/
- ceph::profile::params::osd_max_object_name_len: 256
- ceph::profile::params::osd_max_object_namespace_len: 64
- SwiftCeilometerPipelineEnabled: False
- Debug: True
+ Debug: true
+ SwiftCeilometerPipelineEnabled: false
--- /dev/null
+# NOTE: This is an environment specific for containers CI. Mainly we
+# deploy non-pacemakerized overcloud. Once we are able to deploy and
+# upgrade pacemakerized and containerized overcloud, we should remove
+# this file and use normal CI multinode environments/scenarios.
+
+resource_registry:
+ OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml
+ OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml
+ OS::TripleO::Services::SaharaApi: ../../puppet/services/sahara-api.yaml
+ OS::TripleO::Services::SaharaEngine: ../../puppet/services/sahara-engine.yaml
+ OS::TripleO::Services::MistralApi: ../../puppet/services/mistral-api.yaml
+ OS::TripleO::Services::MistralEngine: ../../puppet/services/mistral-engine.yaml
+ OS::TripleO::Services::MistralExecutor: ../../puppet/services/mistral-executor.yaml
+ # NOTE: This is needed because of upgrades from Ocata to Pike. We
+ # deploy the initial environment with Ocata templates, and
+ # overcloud-resource-registry.yaml there doesn't have this Docker
+ # mapping at all. After we stop CI'ing Ocata->Pike upgrade, we can
+ # remove this.
+ OS::TripleO::Services::Docker: OS::Heat::None
+
+parameter_defaults:
+ ControllerServices:
+ - OS::TripleO::Services::Docker
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::Keystone
+ - OS::TripleO::Services::GlanceApi
+ - OS::TripleO::Services::HeatApi
+ - OS::TripleO::Services::HeatApiCfn
+ - OS::TripleO::Services::HeatApiCloudwatch
+ - OS::TripleO::Services::HeatEngine
+ - OS::TripleO::Services::MySQL
+ - OS::TripleO::Services::MySQLClient
+ - OS::TripleO::Services::NeutronDhcpAgent
+ - OS::TripleO::Services::NeutronL3Agent
+ - OS::TripleO::Services::NeutronMetadataAgent
+ - OS::TripleO::Services::NeutronServer
+ - OS::TripleO::Services::NeutronCorePlugin
+ - OS::TripleO::Services::NeutronOvsAgent
+ - OS::TripleO::Services::RabbitMQ
+ - OS::TripleO::Services::HAproxy
+ - OS::TripleO::Services::Keepalived
+ - OS::TripleO::Services::Memcached
+ - OS::TripleO::Services::Pacemaker
+ - OS::TripleO::Services::NovaConductor
+ - OS::TripleO::Services::NovaApi
+ - OS::TripleO::Services::NovaPlacement
+ - OS::TripleO::Services::NovaMetadata
+ - OS::TripleO::Services::NovaScheduler
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::NovaCompute
+ - OS::TripleO::Services::NovaLibvirt
+ - OS::TripleO::Services::SaharaApi
+ - OS::TripleO::Services::SaharaEngine
+ - OS::TripleO::Services::MistralApi
+ - OS::TripleO::Services::MistralEngine
+ - OS::TripleO::Services::MistralExecutor
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::Sshd
+ ControllerExtraConfig:
+ nova::compute::libvirt::services::libvirt_virt_type: qemu
+ nova::compute::libvirt::libvirt_virt_type: qemu
+ Debug: true
+ # we don't deploy Swift so we switch to file backend.
+ GlanceBackend: 'file'
+ KeystoneTokenProvider: 'fernet'
+ SwiftCeilometerPipelineEnabled: false
--- /dev/null
+# NOTE: This is an environment specific for containers CI. Mainly we
+# deploy non-pacemakerized overcloud. Once we are able to deploy and
+# upgrade pacemakerized and containerized overcloud, we should remove
+# this file and use normal CI multinode environments/scenarios.
+
+resource_registry:
+ OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml
+ OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml
+ OS::TripleO::Services::CephMds: ../../puppet/services/ceph-mds.yaml
+ OS::TripleO::Services::CephMon: ../../puppet/services/ceph-mon.yaml
+ OS::TripleO::Services::CephOSD: ../../puppet/services/ceph-osd.yaml
+ OS::TripleO::Services::CephRgw: ../../puppet/services/ceph-rgw.yaml
+ OS::TripleO::Services::SwiftProxy: OS::Heat::None
+ OS::TripleO::Services::SwiftStorage: OS::Heat::None
+ OS::TripleO::Services::SwiftRingBuilder: OS::Heat::None
+ OS::TripleO::Services::ManilaApi: ../../puppet/services/manila-api.yaml
+ OS::TripleO::Services::ManilaScheduler: ../../puppet/services/manila-scheduler.yaml
+ OS::TripleO::Services::ManilaShare: ../../puppet/services/manila-share.yaml
+ OS::TripleO::Services::ManilaBackendCephFs: ../../puppet/services/manila-backend-cephfs.yaml
+ OS::TripleO::Services::NeutronBgpVpnApi: ../../puppet/services/neutron-bgpvpn-api.yaml
+ # NOTE: This is needed because of upgrades from Ocata to Pike. We
+ # deploy the initial environment with Ocata templates, and
+ # overcloud-resource-registry.yaml there doesn't have this Docker
+ # mapping at all. After we stop CI'ing Ocata->Pike upgrade, we can
+ # remove this.
+ OS::TripleO::Services::Docker: OS::Heat::None
+
+
+parameter_defaults:
+ ControllerServices:
+ - OS::TripleO::Services::CephMds
+ - OS::TripleO::Services::CephMon
+ - OS::TripleO::Services::CephOSD
+ - OS::TripleO::Services::CephRgw
+ - OS::TripleO::Services::Docker
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::Keystone
+ - OS::TripleO::Services::GlanceApi
+ - OS::TripleO::Services::HeatApi
+ - OS::TripleO::Services::HeatApiCfn
+ - OS::TripleO::Services::HeatApiCloudwatch
+ - OS::TripleO::Services::HeatEngine
+ - OS::TripleO::Services::MySQL
+ - OS::TripleO::Services::MySQLClient
+ - OS::TripleO::Services::NeutronBgpVpnApi
+ - OS::TripleO::Services::NeutronDhcpAgent
+ - OS::TripleO::Services::NeutronL3Agent
+ - OS::TripleO::Services::NeutronMetadataAgent
+ - OS::TripleO::Services::NeutronServer
+ - OS::TripleO::Services::NeutronCorePlugin
+ - OS::TripleO::Services::NeutronOvsAgent
+ - OS::TripleO::Services::RabbitMQ
+ - OS::TripleO::Services::HAproxy
+ - OS::TripleO::Services::Keepalived
+ - OS::TripleO::Services::ManilaApi
+ - OS::TripleO::Services::ManilaScheduler
+ - OS::TripleO::Services::ManilaBackendCephFs
+ - OS::TripleO::Services::ManilaShare
+ - OS::TripleO::Services::Memcached
+ - OS::TripleO::Services::Pacemaker
+ - OS::TripleO::Services::NovaConductor
+ - OS::TripleO::Services::NovaApi
+ - OS::TripleO::Services::NovaPlacement
+ - OS::TripleO::Services::NovaMetadata
+ - OS::TripleO::Services::NovaScheduler
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::NovaCompute
+ - OS::TripleO::Services::NovaLibvirt
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::Sshd
+ ControllerExtraConfig:
+ nova::compute::libvirt::services::libvirt_virt_type: qemu
+ nova::compute::libvirt::libvirt_virt_type: qemu
+ Debug: true
+ #NOTE(gfidente): not great but we need this to deploy on ext4
+ #http://docs.ceph.com/docs/jewel/rados/configuration/filesystem-recommendations/
+ ExtraConfig:
+ ceph::profile::params::osd_max_object_name_len: 256
+ ceph::profile::params::osd_max_object_namespace_len: 64
+ #NOTE: These ID's and keys should be regenerated for
+ # a production deployment. What is here is suitable for
+ # developer and CI testing only.
+ CephClusterFSID: '4b5c8c0a-ff60-454b-a1b4-9747aa737d19'
+ CephMonKey: 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ=='
+ CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ=='
+ CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw=='
+ SwiftCeilometerPipelineEnabled: false
+ NeutronServicePlugins: 'router, networking_bgpvpn.neutron.services.plugin.BGPVPNPlugin'
+ BgpvpnServiceProvider: 'BGPVPN:Dummy:networking_bgpvpn.neutron.services.service_drivers.driver_api.BGPVPNDriver:default'
--- /dev/null
+- hosts: localhost
+ connection: local
+ tasks:
+ #####################################################
+ # Per step puppet configuration of the baremetal host
+ #####################################################
+ - name: Write the config_step hieradata
+ copy: content="{{dict(step=step|int)|to_json}}" dest=/etc/puppet/hieradata/config_step.json force=true
+ - name: Run puppet host configuration for step {{step}}
+ # FIXME: modulepath requires ansible 2.4, our builds currently only have 2.3
+ # puppet: manifest=/var/lib/tripleo-config/puppet_step_config.pp modulepath=/etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules
+ puppet: manifest=/var/lib/tripleo-config/puppet_step_config.pp
+ ######################################
+ # Generate config via docker-puppet.py
+ ######################################
+ - name: Run docker-puppet tasks (generate config)
+ shell: python /var/lib/docker-puppet/docker-puppet.py
+ environment:
+ NET_HOST: 'true'
+ when: step == "1"
+ changed_when: false
+ check_mode: no
+ ##################################################
+ # Per step starting of the containers using paunch
+ ##################################################
+ - name: Check if /var/lib/hashed-tripleo-config/docker-container-startup-config-step_{{step}}.json exists
+ stat:
+ path: /var/lib/tripleo-config/hashed-docker-container-startup-config-step_{{step}}.json
+ register: docker_config_json
+ # Note docker-puppet.py generates the hashed-*.json file, which is a copy of
+ # the *step_n.json with a hash of the generated external config added
+ # This acts as a salt to enable restarting the container if config changes
+ - name: Start containers for step {{step}}
+ command: paunch --debug apply --file /var/lib/tripleo-config/hashed-docker-container-startup-config-step_{{step}}.json --config-id tripleo_step{{step}} --managed-by tripleo-{{role_name}}
+ when: docker_config_json.stat.exists
+ changed_when: false
+ check_mode: no
+ ########################################################
+ # Bootstrap tasks, only performed on bootstrap_server_id
+ ########################################################
+ - name: Run docker-puppet tasks (bootstrap tasks)
+ shell: python /var/lib/docker-puppet/docker-puppet.py
+ environment:
+ CONFIG: /var/lib/docker-puppet/docker-puppet-tasks{{step}}.json
+ NET_HOST: "true"
+ NO_ARCHIVE: "true"
+ STEP: "{{step}}"
+ when: deploy_server_id == bootstrap_server_id
+ changed_when: false
+ check_mode: no
# that can be used to generate config files or run ad-hoc puppet modules
# inside of a container.
+import glob
import json
import logging
import os
+import sys
import subprocess
import sys
import tempfile
log.debug(cmd_stderr)
+def match_config_volume(prefix, config):
+ # Match the mounted config volume - we can't just use the
+ # key as e.g "novacomute" consumes config-data/nova
+ volumes = config.get('volumes', [])
+ config_volume=None
+ for v in volumes:
+ if v.startswith(prefix):
+ config_volume = os.path.relpath(
+ v.split(":")[0], prefix).split("/")[0]
+ break
+ return config_volume
+
+
+def get_config_hash(prefix, config_volume):
+ hashfile = os.path.join(prefix, "%s.md5sum" % config_volume)
+ hash_data = None
+ if os.path.isfile(hashfile):
+ with open(hashfile) as f:
+ hash_data = f.read().rstrip()
+ return hash_data
+
+
def rm_container(name):
if os.environ.get('SHOW_DIFF', None):
log.info('Diffing container: %s' % name)
mkdir -p /var/lib/config-data/${NAME}/etc
cp -a /etc/* /var/lib/config-data/${NAME}/etc/
+ # workaround LP1696283
+ mkdir -p /var/lib/config-data/${NAME}/etc/ssh
+ touch /var/lib/config-data/${NAME}/etc/ssh/ssh_known_hosts
+
if [ -d /root/ ]; then
cp -a /root/ /var/lib/config-data/${NAME}/root/
fi
mkdir -p /var/lib/config-data/${NAME}/var/www
cp -a /var/www/* /var/lib/config-data/${NAME}/var/www/
fi
+
+ # Write a checksum of the config-data dir, this is used as a
+ # salt to trigger container restart when the config changes
+ tar cf - /var/lib/config-data/${NAME} | md5sum | awk '{print $1}' > /var/lib/config-data/${NAME}.md5sum
fi
""")
log.error('ERROR configuring %s' % config_volume)
success = False
+
+# Update the startup configs with the config hash we generated above
+config_volume_prefix = os.environ.get('CONFIG_VOLUME_PREFIX', '/var/lib/config-data')
+log.debug('CONFIG_VOLUME_PREFIX: %s' % config_volume_prefix)
+startup_configs = os.environ.get('STARTUP_CONFIG_PATTERN', '/var/lib/tripleo-config/docker-container-startup-config-step_*.json')
+log.debug('STARTUP_CONFIG_PATTERN: %s' % startup_configs)
+infiles = glob.glob('/var/lib/tripleo-config/docker-container-startup-config-step_*.json')
+for infile in infiles:
+ with open(infile) as f:
+ infile_data = json.load(f)
+
+ for k, v in infile_data.iteritems():
+ config_volume = match_config_volume(config_volume_prefix, v)
+ if config_volume:
+ config_hash = get_config_hash(config_volume_prefix, config_volume)
+ if config_hash:
+ env = v.get('environment', [])
+ env.append("TRIPLEO_CONFIG_HASH=%s" % config_hash)
+ log.debug("Updating config hash for %s, config_volume=%s hash=%s" % (k, config_volume, config_hash))
+ infile_data[k]['environment'] = env
+
+ outfile = os.path.join(os.path.dirname(infile), "hashed-" + os.path.basename(infile))
+ with open(outfile, 'w') as out_f:
+ json.dump(infile_data, out_f)
+
if not success:
sys.exit(1)
step_{{step}}: {}
{%- endfor %}
-# BEGIN primary_role_name docker-puppet-tasks (run only on a single node)
-{% for step in range(1, deploy_steps_max) %}
-
- {{primary_role_name}}DockerPuppetTasksConfig{{step}}:
+ RoleConfig:
type: OS::Heat::SoftwareConfig
properties:
- group: script
- config: {get_file: docker-puppet.py}
+ group: ansible
+ options:
+ modulepath: /usr/share/ansible-modules
inputs:
- - name: CONFIG
- - name: NET_HOST
- - name: NO_ARCHIVE
- - name: STEP
-
- {{primary_role_name}}DockerPuppetTasksDeployment{{step}}:
- type: OS::Heat::SoftwareDeployment
- depends_on:
- {% for dep in roles %}
- - {{dep.name}}Deployment_Step{{step}}
- - {{dep.name}}ContainersDeployment_Step{{step}}
- {% endfor %}
- properties:
- name: {{primary_role_name}}DockerPuppetTasksDeployment{{step}}
- server: {get_param: [servers, {{primary_role_name}}, '0']}
- config: {get_resource: {{primary_role_name}}DockerPuppetTasksConfig{{step}}}
- input_values:
- CONFIG: /var/lib/docker-puppet/docker-puppet-tasks{{step}}.json
- NET_HOST: 'true'
- NO_ARCHIVE: 'true'
- STEP: {{step}}
-
-{% endfor %}
-# END primary_role_name docker-puppet-tasks
+ - name: step
+ - name: role_name
+ - name: update_identifier
+ - name: bootstrap_server_id
+ config: {get_file: deploy-steps-playbook.yaml}
{% for role in roles %}
# Post deployment steps for all roles
docker_startup_configs: {get_attr: [{{role.name}}DockerConfig, value]}
kolla_config: {get_param: [role_data, {{role.name}}, kolla_config]}
bootstrap_server_id: {get_param: [servers, {{primary_role_name}}, '0']}
+ puppet_step_config: {get_attr: [{{role.name}}PuppetStepConfig, value]}
tasks:
# Join host_prep_tasks with the other per-host configuration
yaql:
host_prep_tasks: {get_param: [role_data, {{role.name}}, host_prep_tasks]}
template_tasks:
{%- raw %}
- # This is where we stack puppet configuration (for now)...
- - name: Create /var/lib/config-data
- file: path=/var/lib/config-data state=directory
+ # Write the manifest for baremetal puppet configuration
+ - name: Create /var/lib/tripleo-config directory
+ file: path=/var/lib/tripleo-config state=directory
+ - name: Write the puppet step_config manifest
+ copy: content="{{puppet_step_config}}" dest=/var/lib/tripleo-config/puppet_step_config.pp force=yes
# This is the docker-puppet configs end in
- name: Create /var/lib/docker-puppet
file: path=/var/lib/docker-puppet state=directory
# Here we are dumping all the docker container startup configuration data
# so that we can have access to how they are started outside of heat
# and docker-cmd. This lets us create command line tools to test containers.
+ # FIXME do we need the docker-container-startup-configs.json or is the new per-step
+ # data consumed by paunch enough?
- name: Write docker-container-startup-configs
copy: content="{{docker_startup_configs | to_json}}" dest=/var/lib/docker-container-startup-configs.json force=yes
+ - name: Write per-step docker-container-startup-configs
+ copy: content="{{item.value|to_json}}" dest="/var/lib/tripleo-config/docker-container-startup-config-{{item.key}}.json" force=yes
+ with_dict: "{{docker_startup_configs}}"
- name: Create /var/lib/kolla/config_files directory
file: path=/var/lib/kolla/config_files state=directory
- name: Write kolla config json files
servers: {get_param: [servers, {{role.name}}]}
config: {get_resource: {{role.name}}HostPrepConfig}
- {{role.name}}GenerateConfig:
- type: OS::Heat::SoftwareConfig
- properties:
- group: script
- config: {get_file: docker-puppet.py}
- inputs:
- - name: NET_HOST
-
- {{role.name}}GenerateConfigDeployment:
- type: OS::Heat::SoftwareDeploymentGroup
- depends_on: [{{role.name}}ArtifactsDeploy, {{role.name}}HostPrepDeployment]
- properties:
- name: {{role.name}}GenerateConfigDeployment
- servers: {get_param: [servers, {{role.name}}]}
- config: {get_resource: {{role.name}}GenerateConfig}
- input_values:
- NET_HOST: 'true'
-
{{role.name}}PuppetStepConfig:
type: OS::Heat::Value
properties:
service_names: {get_param: [role_data, {{role.name}}, service_names]}
docker_config: {get_param: [role_data, {{role.name}}, docker_config]}
- # BEGIN BAREMETAL CONFIG STEPS
+ # BEGIN CONFIG STEPS
{{role.name}}PreConfig:
type: OS::TripleO::Tasks::{{role.name}}PreConfig
+ depends_on: {{role.name}}HostPrepDeployment
properties:
servers: {get_param: [servers, {{role.name}}]}
input_values:
update_identifier: {get_param: DeployIdentifier}
- {{role.name}}Config:
- type: OS::TripleO::{{role.name}}Config
- properties:
- StepConfig: {get_attr: [{{role.name}}PuppetStepConfig, value]}
-
{% for step in range(1, deploy_steps_max) %}
{{role.name}}Deployment_Step{{step}}:
depends_on:
{% for dep in roles %}
- {{dep.name}}Deployment_Step{{step -1}}
- - {{dep.name}}ContainersDeployment_Step{{step -1}}
{% endfor %}
- - {{primary_role_name}}DockerPuppetTasksDeployment{{step -1}}
{% endif %}
properties:
name: {{role.name}}Deployment_Step{{step}}
servers: {get_param: [servers, {{role.name}}]}
- config: {get_resource: {{role.name}}Config}
+ config: {get_resource: RoleConfig}
input_values:
step: {{step}}
+ role_name: {{role.name}}
update_identifier: {get_param: DeployIdentifier}
+ bootstrap_server_id: {get_param: [servers, {{primary_role_name}}, '0']}
{% endfor %}
- # END BAREMETAL CONFIG STEPS
-
- # BEGIN CONTAINER CONFIG STEPS
- {% for step in range(1, deploy_steps_max) %}
+ # END CONFIG STEPS
- {{role.name}}ContainersConfig_Step{{step}}:
- type: OS::Heat::StructuredConfig
- properties:
- group: docker-cmd
- config:
- {get_attr: [{{role.name}}DockerConfig, value, step_{{step}}]}
-
- {{role.name}}ContainersDeployment_Step{{step}}:
- type: OS::Heat::StructuredDeploymentGroup
- {% if step == 1 %}
- depends_on:
- {%- for dep in roles %}
- - {{dep.name}}Deployment_Step{{step}} # baremetal steps of the same level run first
- {%- endfor %}
- - {{role.name}}PreConfig
- - {{role.name}}HostPrepDeployment
- - {{role.name}}GenerateConfigDeployment
- {% else %}
+ # Note, this should be the last step to execute configuration changes.
+ # Ensure that all {{role.name}}ExtraConfigPost steps are executed
+ # after all the previous deployment steps.
+ {{role.name}}ExtraConfigPost:
depends_on:
- {% for dep in roles %}
- - {{dep.name}}ContainersDeployment_Step{{step -1}}
- - {{dep.name}}Deployment_Step{{step}} # baremetal steps of the same level run first
- - {{dep.name}}Deployment_Step{{step -1}}
- {% endfor %}
- - {{primary_role_name}}DockerPuppetTasksDeployment{{step -1}}
- {% endif %}
- properties:
- name: {{role.name}}ContainersDeployment_Step{{step}}
- servers: {get_param: [servers, {{role.name}}]}
- config: {get_resource: {{role.name}}ContainersConfig_Step{{step}}}
-
+ {% for dep in roles %}
+ - {{dep.name}}Deployment_Step5
{% endfor %}
- # END CONTAINER CONFIG STEPS
+ type: OS::TripleO::NodeExtraConfigPost
+ properties:
+ servers: {get_param: [servers, {{role.name}}]}
+ # The {{role.name}}PostConfig steps are in charge of
+ # quiescing all services, i.e. in the Controller case,
+ # we should run a full service reload.
{{role.name}}PostConfig:
type: OS::TripleO::Tasks::{{role.name}}PostConfig
depends_on:
{% for dep in roles %}
- - {{dep.name}}Deployment_Step5
- - {{primary_role_name}}DockerPuppetTasksDeployment5
+ - {{dep.name}}ExtraConfigPost
{% endfor %}
properties:
servers: {get_param: servers}
input_values:
update_identifier: {get_param: DeployIdentifier}
- # Note, this should come last, so use depends_on to ensure
- # this is created after any other resources.
- {{role.name}}ExtraConfigPost:
- depends_on:
- {% for dep in roles %}
- - {{dep.name}}PostConfig
- {% endfor %}
- type: OS::TripleO::NodeExtraConfigPost
- properties:
- servers: {get_param: [servers, {{role.name}}]}
{% endfor %}
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerAodhApiImage} ]
kolla_config:
- /var/lib/kolla/config_files/aodh-api.json:
+ /var/lib/kolla/config_files/aodh_api.json:
command: /usr/sbin/httpd -DFOREGROUND
permissions:
- path: /var/log/aodh
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/kolla/config_files/aodh-api.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/kolla/config_files/aodh_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro
- - /var/lib/config-data/aodh/etc/httpd/:/etc/httpd/:ro
+ - /var/lib/config-data/aodh/etc/httpd/conf/:/etc/httpd/conf/:ro
+ - /var/lib/config-data/aodh/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro
+ - /var/lib/config-data/aodh/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro
- /var/lib/config-data/aodh/var/www/:/var/www/:ro
- /var/log/containers/aodh:/var/log/aodh
-
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerAodhEvaluatorImage} ]
kolla_config:
- /var/lib/kolla/config_files/aodh-evaluator.json:
+ /var/lib/kolla/config_files/aodh_evaluator.json:
command: /usr/bin/aodh-evaluator
permissions:
- path: /var/log/aodh
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/kolla/config_files/aodh-evaluator.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/kolla/config_files/aodh_evaluator.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro
- /var/log/containers/aodh:/var/log/aodh
environment:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerAodhListenerImage} ]
kolla_config:
- /var/lib/kolla/config_files/aodh-listener.json:
+ /var/lib/kolla/config_files/aodh_listener.json:
command: /usr/bin/aodh-listener
permissions:
- path: /var/log/aodh
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/kolla/config_files/aodh-listener.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/kolla/config_files/aodh_listener.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro
- /var/log/containers/aodh:/var/log/aodh
environment:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerAodhNotifierImage} ]
kolla_config:
- /var/lib/kolla/config_files/aodh-notifier.json:
+ /var/lib/kolla/config_files/aodh_notifier.json:
command: /usr/bin/aodh-notifier
permissions:
- path: /var/log/aodh
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/kolla/config_files/aodh-notifier.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/kolla/config_files/aodh_notifier.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro
- /var/log/containers/aodh:/var/log/aodh
environment:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerCeilometerCentralImage} ]
kolla_config:
- /var/lib/kolla/config_files/ceilometer-agent-central.json:
+ /var/lib/kolla/config_files/ceilometer_agent_central.json:
command: /usr/bin/ceilometer-polling --polling-namespaces central
docker_config:
step_3:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/kolla/config_files/ceilometer-agent-central.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/kolla/config_files/ceilometer_agent_central.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
upgrade_tasks:
- name: Stop and disable ceilometer agent central service
tags: step2
- service: name=openstack-ceilometer-agent-central state=stopped enabled=no
+ service: name=openstack-ceilometer-central state=stopped enabled=no
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerCeilometerComputeImage} ]
kolla_config:
- /var/lib/kolla/config_files/ceilometer-agent-compute.json:
+ /var/lib/kolla/config_files/ceilometer_agent_compute.json:
command: /usr/bin/ceilometer-polling --polling-namespaces compute
docker_config:
step_4:
- ceilometer_agent-compute:
+ ceilometer_agent_compute:
image: *ceilometer_agent_compute_image
net: host
privileged: false
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/kolla/config_files/ceilometer-agent-compute.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/kolla/config_files/ceilometer_agent_compute.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro
+ - /var/run/libvirt:/var/run/libvirt:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
upgrade_tasks:
- name: Stop and disable ceilometer-agent-compute service
tags: step2
- service: name=openstack-ceilometer-agent-compute state=stopped enabled=no
+ service: name=openstack-ceilometer-compute state=stopped enabled=no
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerCeilometerNotificationImage} ]
kolla_config:
- /var/lib/kolla/config_files/ceilometer-agent-notification.json:
+ /var/lib/kolla/config_files/ceilometer_agent_notification.json:
command: /usr/bin/ceilometer-agent-notification
docker_config:
step_3:
volumes:
- /var/log/containers/ceilometer:/var/log/ceilometer
step_4:
- ceilometer_agent-notification:
+ ceilometer_agent_notification:
image: *ceilometer_agent_notification_image
net: host
privileged: false
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/kolla/config_files/ceilometer-agent-notification.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/kolla/config_files/ceilometer_agent_notification.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
--- /dev/null
+heat_template_version: pike
+
+description: >
+ Containerized collectd service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerCollectdImage:
+ description: image
+ default: 'centos-binary-collectd:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+ CollectdBase:
+ type: ../../puppet/services/metrics/collectd.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the collectd role.
+ value:
+ service_name: {get_attr: [CollectdBase, role_data, service_name]}
+ config_settings: {get_attr: [CollectdBase, role_data, config_settings]}
+ step_config: &step_config
+ get_attr: [CollectdBase, role_data, step_config]
+ service_config_settings: {get_attr: [CollectdBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ config_volume: collectd
+ puppet_tags: collectd_client_config
+ step_config: *step_config
+ config_image: &collectd_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerCollectdImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/collectd.json:
+ command: /usr/sbin/collectd -f
+ docker_config:
+ step_3:
+ collectd:
+ image: *collectd_image
+ net: host
+ privileged: true
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/run/docker.sock:/var/run/docker.sock:rw
+ - /var/lib/kolla/config_files/collectd.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/collectd/etc/collectd/:/etc/collectd/:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ upgrade_tasks:
+ - name: Stop and disable collectd service
+ tags: step2
+ service: name=collectd.service state=stopped enabled=no
+
--- /dev/null
+heat_template_version: pike
+
+description: >
+ OpenStack containerized Congress API service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerCongressApiImage:
+ description: image
+ default: 'centos-binary-congress-api:latest'
+ type: string
+ DockerCongressConfigImage:
+ description: image
+ default: 'centos-binary-congress-api:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+ CongressApiBase:
+ type: ../../puppet/services/congress.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Congress API role.
+ value:
+ service_name: {get_attr: [CongressApiBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [CongressApiBase, role_data, config_settings]
+ step_config: &step_config
+ get_attr: [CongressApiBase, role_data, step_config]
+ service_config_settings: {get_attr: [CongressApiBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ config_volume: congress
+ puppet_tags: congress_config
+ step_config: *step_config
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerCongressConfigImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/congress_api.json:
+ command: /usr/bin/congress-server --config-file=/etc/congress/congress.conf --log-file=/var/log/congress/api.log
+ permissions:
+ - path: /var/log/congress
+ owner: congress:congress
+ recurse: true
+ docker_config:
+ # db sync runs before permissions set by kolla_config
+ step_3:
+ congress_init_logs:
+ start_order: 0
+ image: &congress_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerCongressApiImage} ]
+ privileged: false
+ user: root
+ volumes:
+ - /var/log/containers/congress:/var/log/congress
+ command: ['/bin/bash', '-c', 'chown -R congress:congress /var/log/congress']
+ congress_db_sync:
+ start_order: 1
+ image: *congress_image
+ net: host
+ privileged: false
+ detach: false
+ user: root
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/config-data/congress/etc/:/etc/:ro
+ - /var/log/containers/congress:/var/log/congress
+ command: "/usr/bin/bootstrap_host_exec congress su congress -s /bin/bash -c 'congress-db-manage --config-file /etc/congress/congress.conf upgrade head'"
+ step_4:
+ congress_api:
+ start_order: 15
+ image: *congress_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/congress_api.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/congress/etc/congress/:/etc/congress/:ro
+ - /var/log/containers/congress:/var/log/congress
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ host_prep_tasks:
+ - name: create persistent logs directory
+ file:
+ path: /var/log/containers/congress
+ state: directory
+ upgrade_tasks:
+ - name: Stop and disable congress_api service
+ tags: step2
+ service: name=openstack-congress-server state=stopped enabled=no
- /etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro
# Syslog socket
- /dev/log:/dev/log
+ - /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro
privileged: false
volumes: &mongodb_volumes
- /var/lib/kolla/config_files/mongodb.json:/var/lib/kolla/config_files/config.json
- - /var/lib/config-data/mongodb/etc/:/etc/:ro
+ - /var/lib/config-data/mongodb/etc/mongod.conf:/etc/mongod.conf:ro
+ - /var/lib/config-data/mongodb/etc/mongos.conf:/etc/mongos.conf:ro
- /etc/localtime:/etc/localtime:ro
- /var/log/containers/mongodb:/var/log/mongodb
- /var/lib/mongodb:/var/lib/mongodb
command: ['bash', '-c', 'test -e /var/lib/mysql/mysql || kolla_start']
volumes: &mysql_volumes
- /var/lib/kolla/config_files/mysql.json:/var/lib/kolla/config_files/config.json
- - /var/lib/config-data/mysql/etc/:/etc/:ro
+ - /var/lib/config-data/mysql/etc/my.cnf.d:/etc/my.cnf.d:ro
- /etc/localtime:/etc/localtime:ro
- /etc/hosts:/etc/hosts:ro
- /var/lib/mysql:/var/lib/mysql
recurse: true
docker_config:
step_1:
+ redis_init_logs:
+ start_order: 0
+ image: *redis_image
+ privileged: false
+ user: root
+ volumes:
+ - /var/log/containers/redis:/var/log/redis
+ command: ['/bin/bash', '-c', 'chown -R redis:redis /var/log/redis']
redis:
image: *redis_image
net: host
volumes:
- /run:/run
- /var/lib/kolla/config_files/redis.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/redis/etc/:/etc/:ro
+ - /var/lib/config-data/redis/etc/redis.conf:/etc/redis.conf:ro
- /etc/localtime:/etc/localtime:ro
- - logs:/var/log/kolla
+ - /var/log/containers/redis:/var/log/redis
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- - name: create /var/run/redis
+ - name: create persistent directories
file:
- path: /var/run/redis
+ path: "{{ item }}"
state: directory
+ with_items:
+ - /var/log/containers/redis
+ - /var/run/redis
upgrade_tasks:
- name: Stop and disable redis service
tags: step2
step_config: 'include ::tripleo::profile::base::etcd'
config_image: *etcd_image
volumes:
- - /var/lib/config-data/etcd/etc/:/etc
+ - /var/lib/config-data/etcd/etc/etcd/:/etc/etcd:ro
- /var/lib/etcd:/var/lib/etcd:ro
host_prep_tasks:
- name: create /var/lib/etcd
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerGlanceApiImage} ]
kolla_config:
- /var/lib/kolla/config_files/glance-api.json:
+ /var/lib/kolla/config_files/glance_api.json:
command: /usr/bin/glance-api --config-file /usr/share/glance/glance-api-dist.conf --config-file /etc/glance/glance-api.conf
/var/lib/kolla/config_files/glance_api_tls_proxy.json:
command: /usr/sbin/httpd -DFOREGROUND
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/kolla/config_files/glance-api.json:/var/lib/kolla/config_files/config.json
+ - /var/lib/kolla/config_files/glance_api.json:/var/lib/kolla/config_files/config.json
- /var/lib/config-data/glance_api/etc/glance/:/etc/glance/:ro
- /var/log/containers/glance:/var/log/glance
environment:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/glance_api_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/glance_api/etc/httpd/:/etc/httpd/:ro
+ - /var/lib/config-data/glance_api/etc/httpd/conf/:/etc/httpd/conf/:ro
+ - /var/lib/config-data/glance_api/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro
+ - /var/lib/config-data/glance_api/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
environment:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerGnocchiApiImage} ]
kolla_config:
- /var/lib/kolla/config_files/gnocchi-api.json:
+ /var/lib/kolla/config_files/gnocchi_api.json:
command: /usr/sbin/httpd -DFOREGROUND
permissions:
- path: /var/log/gnocchi
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/kolla/config_files/gnocchi-api.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/kolla/config_files/gnocchi_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro
- - /var/lib/config-data/gnocchi/etc/httpd/:/etc/httpd/:ro
+ - /var/lib/config-data/gnocchi/etc/httpd/conf/:/etc/httpd/conf/:ro
+ - /var/lib/config-data/gnocchi/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro
+ - /var/lib/config-data/gnocchi/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro
- /var/lib/config-data/gnocchi/var/www/:/var/www/:ro
- /var/log/containers/gnocchi:/var/log/gnocchi
-
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerGnocchiMetricdImage} ]
kolla_config:
- /var/lib/kolla/config_files/gnocchi-metricd.json:
+ /var/lib/kolla/config_files/gnocchi_metricd.json:
command: /usr/bin/gnocchi-metricd
permissions:
- path: /var/log/gnocchi
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/kolla/config_files/gnocchi-metricd.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/kolla/config_files/gnocchi_metricd.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro
- /var/log/containers/gnocchi:/var/log/gnocchi
environment:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerGnocchiStatsdImage} ]
kolla_config:
- /var/lib/kolla/config_files/gnocchi-statsd.json:
+ /var/lib/kolla/config_files/gnocchi_statsd.json:
command: /usr/bin/gnocchi-statsd
permissions:
- path: /var/log/gnocchi
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/kolla/config_files/gnocchi-statsd.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/kolla/config_files/gnocchi_statsd.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro
- /var/log/containers/gnocchi:/var/log/gnocchi
environment:
--- /dev/null
+heat_template_version: pike
+
+description: >
+ OpenStack containerized HAproxy service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerHAProxyImage:
+ description: image
+ default: 'centos-binary-haproxy:latest'
+ type: string
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ HAProxyStatsPassword:
+ description: Password for HAProxy stats endpoint
+ hidden: true
+ type: string
+ HAProxyStatsUser:
+ description: User for HAProxy stats endpoint
+ default: admin
+ type: string
+ HAProxySyslogAddress:
+ default: /dev/log
+ description: Syslog address where HAproxy will send its log
+ type: string
+ RedisPassword:
+ description: The password for Redis
+ type: string
+ hidden: true
+ MonitoringSubscriptionHaproxy:
+ default: 'overcloud-haproxy'
+ type: string
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+ HAProxyBase:
+ type: ../../puppet/services/haproxy.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the HAproxy role.
+ value:
+ service_name: {get_attr: [HAProxyBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [HAProxyBase, role_data, config_settings]
+ - tripleo::haproxy::haproxy_daemon: false
+ step_config: &step_config
+ get_attr: [HAProxyBase, role_data, step_config]
+ service_config_settings: {get_attr: [HAProxyBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ config_volume: haproxy
+ puppet_tags: haproxy_config
+ step_config: *step_config
+ config_image: &haproxy_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerHAProxyImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/haproxy.json:
+ command: haproxy -f /etc/haproxy/haproxy.cfg
+ docker_config:
+ step_1:
+ haproxy:
+ image: *haproxy_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/haproxy.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/haproxy/etc/:/etc/:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ metadata_settings:
+ get_attr: [HAProxyBase, role_data, metadata_settings]
-
- /var/lib/kolla/config_files/heat_api_cfn.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/heat_api_cfn/etc/heat/:/etc/heat/:ro
- - /var/lib/config-data/heat_api_cfn/etc/httpd/:/etc/httpd/:ro
+ - /var/lib/config-data/heat_api_cfn/etc/httpd/conf/:/etc/httpd/conf/:ro
+ - /var/lib/config-data/heat_api_cfn/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro
+ - /var/lib/config-data/heat_api_cfn/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro
- /var/lib/config-data/heat_api_cfn/var/www/:/var/www/:ro
- /var/log/containers/heat:/var/log/heat
-
-
- /var/lib/kolla/config_files/heat_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/heat_api/etc/heat/:/etc/heat/:ro
- - /var/lib/config-data/heat_api/etc/httpd/:/etc/httpd/:ro
+ - /var/lib/config-data/heat_api/etc/httpd/conf/:/etc/httpd/conf/:ro
+ - /var/lib/config-data/heat_api/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro
+ - /var/lib/config-data/heat_api/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro
- /var/lib/config-data/heat_api/var/www/:/var/www/:ro
- /var/log/containers/heat:/var/log/heat
-
--- /dev/null
+heat_template_version: pike
+
+description: >
+ OpenStack containerized Horizon service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerHorizonImage:
+ description: image
+ default: 'centos-binary-horizon:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+ HorizonBase:
+ type: ../../puppet/services/horizon.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Horizon API role.
+ value:
+ service_name: {get_attr: [HorizonBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [HorizonBase, role_data, config_settings]
+ - horizon::vhost_extra_params:
+ add_listen: true
+ priority: 10
+ access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"'
+ options: ['FollowSymLinks','MultiViews']
+ - horizon::secure_cookies: false
+ step_config: {get_attr: [HorizonBase, role_data, step_config]}
+ service_config_settings: {get_attr: [HorizonBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ config_volume: horizon
+ puppet_tags: horizon_config
+ step_config: {get_attr: [HorizonBase, role_data, step_config]}
+ config_image: &horizon_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerHorizonImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/horizon.json:
+ command: /usr/sbin/httpd -DFOREGROUND
+ permissions:
+ - path: /var/log/horizon/
+ owner: apache:apache
+ recurse: true
+ # FIXME Apache tries to write a .lock file there
+ - path: /usr/share/openstack-dashboard/openstack_dashboard/local/
+ owner: apache:apache
+ recurse: false
+ docker_config:
+ step_3:
+ horizon_fix_perms:
+ image: *horizon_image
+ user: root
+ # NOTE Set ownership for /var/log/horizon/horizon.log file here,
+ # otherwise it's created by root when generating django cache.
+ # FIXME Apache needs to read files in /etc/openstack-dashboard
+ # Need to set permissions to match the BM case,
+ # http://paste.openstack.org/show/609819/
+ command: ['/bin/bash', '-c', 'touch /var/log/horizon/horizon.log && chown -R apache:apache /var/log/horizon && chmod -R a+rx /etc/openstack-dashboard']
+ volumes:
+ - /var/log/containers/horizon:/var/log/horizon
+ - /var/lib/config-data/horizon/etc/:/etc/
+ horizon:
+ start_order: 1
+ image: *horizon_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/horizon.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/horizon/etc/httpd:/etc/httpd:ro
+ - /var/lib/config-data/horizon/etc/openstack-dashboard:/etc/openstack-dashboard:ro
+ - /var/log/containers/horizon:/var/log/horizon
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ host_prep_tasks:
+ - name: create persistent logs directory
+ file:
+ path: /var/log/containers/horizon
+ state: directory
+ upgrade_tasks:
+ - name: Stop and disable horizon service (running under httpd)
+ tags: step2
+ service: name=httpd state=stopped enabled=no
+ metadata_settings:
+ get_attr: [HorizonBase, role_data, metadata_settings]
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/config-data/ironic/etc/:/etc/:ro
+ - /var/lib/config-data/ironic/etc/ironic:/etc/ironic:ro
- /var/log/containers/ironic:/var/log/ironic
command: "/usr/bin/bootstrap_host_exec ironic_api su ironic -s /bin/bash -c 'ironic-dbsync --config-file /etc/ironic/ironic.conf'"
step_4:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ironic_api.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/ironic/etc/:/etc/:ro
+ - /var/lib/config-data/ironic/etc/ironic:/etc/ironic:ro
- /var/log/containers/ironic:/var/log/ironic
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
-
- /var/lib/kolla/config_files/ironic_pxe_http.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/ironic/etc/ironic/:/etc/ironic/:ro
- - /var/lib/config-data/ironic/etc/httpd/:/etc/httpd/:ro
+ - /var/lib/config-data/ironic/etc/httpd/conf/:/etc/httpd/conf/:ro
+ - /var/lib/config-data/ironic/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro
+ - /var/lib/config-data/ironic/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro
- /var/lib/config-data/ironic/var/www/:/var/www/:ro
- /var/lib/ironic:/var/lib/ironic/
- /var/log/containers/ironic:/var/log/ironic
- /var/lib/kolla/config_files/keystone.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/keystone/var/www/:/var/www/:ro
- /var/lib/config-data/keystone/etc/keystone/:/etc/keystone/:ro
- - /var/lib/config-data/keystone/etc/httpd/:/etc/httpd/:ro
+ - /var/lib/config-data/keystone/etc/httpd/conf/:/etc/httpd/conf/:ro
+ - /var/lib/config-data/keystone/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro
+ - /var/lib/config-data/keystone/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro
- /var/log/containers/keystone:/var/log/keystone
-
if:
--- /dev/null
+heat_template_version: pike
+
+description: >
+ OpenStack containerized Manila API service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerManilaApiImage:
+ description: image
+ default: 'centos-binary-manila-api:latest'
+ type: string
+ DockerManilaConfigImage:
+ description: image
+ default: 'centos-binary-manila-base:latest'
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+resources:
+
+ ManilaApiPuppetBase:
+ type: ../../puppet/services/manila-api.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the Manila API role.
+ value:
+ service_name: {get_attr: [ManilaApiPuppetBase, role_data, service_name]}
+ config_settings: {get_attr: [ManilaApiPuppetBase, role_data, config_settings]}
+ step_config: &step_config
+ {get_attr: [ManilaApiPuppetBase, role_data, step_config]}
+ service_config_settings: {get_attr: [ManilaApiPuppetBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS #
+ puppet_config:
+ config_volume: manila
+ puppet_tags: manila_config,manila_api_paste_ini
+ step_config: *step_config
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerManilaConfigImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/manila_api.json:
+ command: /usr/bin/manila-api --config-file /usr/share/manila/manila-dist.conf --config-file /etc/manila/manila.conf
+ permissions:
+ - path: /var/log/manila
+ owner: manila:manila
+ recurse: true
+ docker_config:
+ step_3:
+ manila_api_db_sync:
+ user: root
+ image: &manila_api_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerManilaApiImage} ]
+ net: host
+ detach: false
+ volumes:
+ - /var/lib/config-data/manila/etc/manila/:/etc/manila:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - logs:/var/log
+ command: "/usr/bin/bootstrap_host_exec manila_api su manila -s /bin/bash -c '/usr/bin/manila-manage db sync'"
+ step_4:
+ manila_api:
+ image: *manila_api_image
+ net: host
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/manila_api.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/manila/etc/manila/:/etc/manila/:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /var/log/containers/manila:/var/log/manila
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ host_prep_tasks:
+ - name: Create persistent manila logs directory
+ file:
+ path: /var/log/containers/manila
+ state: directory
+ upgrade_tasks:
+ - name: Stop and disable manila_api service
+ tags: step2
+ service: name=openstack-manila-api state=stopped enabled=no
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/config-data/mistral/etc/:/etc/:ro
+ - /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro
- /var/log/containers/mistral:/var/log/mistral
command: "/usr/bin/bootstrap_host_exec mistral_api su mistral -s /bin/bash -c 'mistral-db-manage --config-file /etc/mistral/mistral.conf upgrade head'"
mistral_db_populate:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/config-data/mistral/etc/:/etc/:ro
+ - /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro
- /var/log/containers/mistral:/var/log/mistral
# NOTE: dprince this requires that we install openstack-tripleo-common into
# the Mistral API image so that we get tripleo* actions
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/neutron_server_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/neutron/etc/httpd/:/etc/httpd/:ro
+ - /var/lib/config-data/neutron/etc/httpd/conf/:/etc/httpd/conf/:ro
+ - /var/lib/config-data/neutron/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro
+ - /var/lib/config-data/neutron/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
environment:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ]
kolla_config:
- /var/lib/kolla/config_files/neutron-l3-agent.json:
+ /var/lib/kolla/config_files/neutron_l3_agent.json:
command: /usr/bin/neutron-l3-agent --config-file /usr/share/neutron/neutron-dist.conf --config-dir /usr/share/neutron/l3_agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/l3_agent.ini
permissions:
- path: /var/log/neutron
recurse: true
docker_config:
step_4:
- neutronl3agent:
+ neutron_l3_agent:
image:
list_join:
- '/'
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/kolla/config_files/neutron-l3-agent.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/kolla/config_files/neutron_l3_agent.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro
- /lib/modules:/lib/modules:ro
- /run:/run
file:
path: /var/log/containers/neutron
state: directory
+ upgrade_tasks:
+ - name: Stop and disable neutron_l3 service
+ tags: step2
+ service: name=neutron-l3-agent state=stopped enabled=no
+
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ]
kolla_config:
- /var/lib/kolla/config_files/neutron-metadata-agent.json:
+ /var/lib/kolla/config_files/neutron_metadata_agent.json:
command: /usr/bin/neutron-metadata-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/metadata_agent.ini --config-dir /etc/neutron/conf.d/common --config-dir /etc/neutron/conf.d/neutron-metadata-agent
permissions:
- path: /var/log/neutron
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/kolla/config_files/neutron-metadata-agent.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/kolla/config_files/neutron_metadata_agent.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro
- /lib/modules:/lib/modules:ro
- /run:/run
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ]
kolla_config:
- /var/lib/kolla/config_files/neutron-openvswitch-agent.json:
+ /var/lib/kolla/config_files/neutron_ovs_agent.json:
command: /usr/bin/neutron-openvswitch-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini --config-file /etc/neutron/plugins/ml2/ml2_conf.ini
permissions:
- path: /var/log/neutron
recurse: true
docker_config:
step_4:
- neutronovsagent:
+ neutron_ovs_agent:
image: &neutron_ovs_agent_image
list_join:
- '/'
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/kolla/config_files/neutron-openvswitch-agent.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/kolla/config_files/neutron_ovs_agent.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro
- /lib/modules:/lib/modules:ro
- /run:/run
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerNovaComputeImage} ]
kolla_config:
- /var/lib/kolla/config_files/nova-compute.json:
+ /var/lib/kolla/config_files/nova_compute.json:
command: /usr/bin/nova-compute --config-file /etc/nova/nova.conf --config-file /etc/nova/rootwrap.conf
permissions:
- path: /var/log/nova
docker_config:
# FIXME: run discover hosts here
step_4:
- novacompute:
+ nova_compute:
image: *nova_compute_image
net: host
privileged: true
- user: root
+ user: nova
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/kolla/config_files/nova-compute.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/kolla/config_files/nova_compute.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/nova_libvirt/etc/nova/:/etc/nova/:ro
- /dev:/dev
- /etc/iscsi:/etc/iscsi
recurse: true
docker_config:
step_5:
- novacompute:
+ nova_compute:
image:
list_join:
- '/'
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ EnableInternalTLS:
+ type: boolean
+ default: false
+ UseTLSTransportForLiveMigration:
+ type: boolean
+ default: true
+ description: If set to true and if EnableInternalTLS is enabled, it will
+ set the libvirt URI's transport to tls and configure the
+ relevant keys for libvirt.
+
+conditions:
+
+ use_tls_for_live_migration:
+ and:
+ - equals:
+ - {get_param: EnableInternalTLS}
+ - true
+ - equals:
+ - {get_param: UseTLSTransportForLiveMigration}
+ - true
resources:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ]
kolla_config:
- /var/lib/kolla/config_files/nova-libvirt.json:
- command: /usr/sbin/libvirtd --config /etc/libvirt/libvirtd.conf
+ /var/lib/kolla/config_files/nova_libvirt.json:
+ command:
+ if:
+ - use_tls_for_live_migration
+ - /usr/sbin/libvirtd --listen --config /etc/libvirt/libvirtd.conf
+ - /usr/sbin/libvirtd --config /etc/libvirt/libvirtd.conf
permissions:
- path: /var/log/nova
owner: nova:nova
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/kolla/config_files/nova-libvirt.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/kolla/config_files/nova_libvirt.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/nova_libvirt/etc/libvirt/:/etc/libvirt/:ro
- /lib/modules:/lib/modules:ro
- /dev:/dev
-
- /var/lib/kolla/config_files/nova_placement.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/nova_placement/etc/nova/:/etc/nova/:ro
- - /var/lib/config-data/nova_placement/etc/httpd/:/etc/httpd/:ro
+ - /var/lib/config-data/nova_placement/etc/httpd/conf/:/etc/httpd/conf/:ro
+ - /var/lib/config-data/nova_placement/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro
+ - /var/lib/config-data/nova_placement/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro
- /var/lib/config-data/nova_placement/var/www/:/var/www/:ro
- /var/log/containers/nova:/var/log/nova
environment:
--- /dev/null
+heat_template_version: pike
+
+description: >
+ MySQL HA clustercheck service deployment using puppet
+ This service is used by HAProxy in a HA scenario to report whether
+ the local galera node is synced
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerClustercheckImage:
+ description: image
+ default: 'centos-binary-mariadb:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+resources:
+
+ ContainersCommon:
+ type: ../containers-common.yaml
+
+ MysqlPuppetBase:
+ type: ../../../puppet/services/pacemaker/database/mysql.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Containerized service clustercheck using composable services.
+ value:
+ service_name: clustercheck
+ config_settings: {get_attr: [MysqlPuppetBase, role_data, config_settings]}
+ step_config: "include ::tripleo::profile::pacemaker::clustercheck"
+ # BEGIN DOCKER SETTINGS #
+ puppet_config:
+ config_volume: clustercheck
+ puppet_tags: file # set this even though file is the default
+ step_config: "include ::tripleo::profile::pacemaker::clustercheck"
+ config_image: &clustercheck_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerClustercheckImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/clustercheck.json:
+ command: /usr/sbin/xinetd -dontfork
+ config_files:
+ - dest: /etc/xinetd.conf
+ source: /var/lib/kolla/config_files/src/etc/xinetd.conf
+ owner: mysql
+ perm: '0644'
+ - dest: /etc/xinetd.d/galera-monitor
+ source: /var/lib/kolla/config_files/src/etc/xinetd.d/galera-monitor
+ owner: mysql
+ perm: '0644'
+ - dest: /etc/sysconfig/clustercheck
+ source: /var/lib/kolla/config_files/src/etc/sysconfig/clustercheck
+ owner: mysql
+ perm: '0600'
+ docker_config:
+ step_2:
+ clustercheck:
+ start_order: 1
+ image: *clustercheck_image
+ restart: always
+ net: host
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/clustercheck.json:/var/lib/kolla/config_files/config.json
+ - /var/lib/config-data/clustercheck/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/mysql:/var/lib/mysql
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ host_prep_tasks:
+ upgrade_tasks:
--- /dev/null
+heat_template_version: pike
+
+description: >
+ MySQL service deployment with pacemaker bundle
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerMysqlImage:
+ description: image
+ default: 'centos-binary-mariadb:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ MysqlRootPassword:
+ type: string
+ hidden: true
+ default: ''
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+resources:
+
+ ContainersCommon:
+ type: ../../containers-common.yaml
+
+ MysqlPuppetBase:
+ type: ../../../../puppet/services/pacemaker/database/mysql.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Containerized service MySQL using composable services.
+ value:
+ service_name: {get_attr: [MysqlPuppetBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - {get_attr: [MysqlPuppetBase, role_data, config_settings]}
+ - tripleo::profile::pacemaker::database::mysql_bundle::mysql_docker_image: &mysql_image
+ list_join:
+ - '/'
+ - - {get_param: DockerNamespace}
+ - {get_param: DockerMysqlImage}
+ step_config: ""
+ # BEGIN DOCKER SETTINGS #
+ puppet_config:
+ config_volume: mysql
+ puppet_tags: file # set this even though file is the default
+ step_config:
+ list_join:
+ - "\n"
+ - - "['Mysql_datadir', 'Mysql_user', 'Mysql_database', 'Mysql_grant', 'Mysql_plugin'].each |String $val| { noop_resource($val) }"
+ - "exec {'wait-for-settle': command => '/bin/true' }"
+ - "include ::tripleo::profile::pacemaker::database::mysql_bundle"
+ config_image: *mysql_image
+ kolla_config:
+ /var/lib/kolla/config_files/mysql.json:
+ command: /usr/sbin/pacemaker_remoted
+ config_files:
+ - dest: /etc/libqb/force-filesystem-sockets
+ source: /dev/null
+ owner: root
+ perm: '0644'
+ - dest: /etc/my.cnf
+ source: /var/lib/kolla/config_files/src/etc/my.cnf
+ owner: mysql
+ perm: '0644'
+ - dest: /etc/my.cnf.d/galera.cnf
+ source: /var/lib/kolla/config_files/src/etc/my.cnf.d/galera.cnf
+ owner: mysql
+ perm: '0644'
+ - dest: /etc/sysconfig/clustercheck
+ source: /var/lib/kolla/config_files/src/etc/sysconfig/clustercheck
+ owner: root
+ perm: '0600'
+ docker_config:
+ step_1:
+ mysql_data_ownership:
+ start_order: 0
+ detach: false
+ image: *mysql_image
+ net: host
+ user: root
+ # Kolla does only non-recursive chown
+ command: ['chown', '-R', 'mysql:', '/var/lib/mysql']
+ volumes:
+ - /var/lib/mysql:/var/lib/mysql
+ mysql_bootstrap:
+ start_order: 1
+ detach: false
+ image: *mysql_image
+ net: host
+ # Kolla bootstraps aren't idempotent, explicitly checking if bootstrap was done
+ command: ['bash', '-c', 'test -e /var/lib/mysql/mysql || kolla_start']
+ volumes: &mysql_volumes
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/mysql.json:/var/lib/kolla/config_files/config.json
+ - /var/lib/config-data/mysql/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/mysql:/var/lib/mysql
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ - KOLLA_BOOTSTRAP=True
+ # NOTE(mandre) skip wsrep cluster status check
+ - KOLLA_KUBERNETES=True
+ -
+ list_join:
+ - '='
+ - - 'DB_ROOT_PASSWORD'
+ -
+ yaql:
+ expression: $.data.passwords.where($ != '').first()
+ data:
+ passwords:
+ - {get_param: MysqlRootPassword}
+ - {get_param: [DefaultPasswords, mysql_root_password]}
+ step_2:
+ mysql_init_bundle:
+ start_order: 1
+ detach: false
+ net: host
+ user: root
+ command:
+ - '/bin/bash'
+ - '-c'
+ - str_replace:
+ template:
+ list_join:
+ - '; '
+ - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 2}' > /etc/puppet/hieradata/docker.json"
+ - "FACTER_uuid=docker puppet apply --tags file,file_line,concat,augeas,TAGS -v -e 'CONFIG'"
+ params:
+ TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation,galera_ready,mysql_database,mysql_grant,mysql_user'
+ CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::database::mysql_bundle'
+ image: *mysql_image
+ volumes:
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /etc/puppet:/tmp/puppet-etc:ro
+ - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
+ - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro
+ - /dev/shm:/dev/shm:rw
+ - /var/lib/config-data/mysql/etc/my.cnf:/etc/my.cnf:ro
+ - /var/lib/config-data/mysql/etc/my.cnf.d:/etc/my.cnf.d:ro
+ - /var/lib/mysql:/var/lib/mysql:rw
+ host_prep_tasks:
+ - name: create /var/lib/mysql
+ file:
+ path: /var/lib/mysql
+ state: directory
+ upgrade_tasks:
+ - name: Stop and disable mysql service
+ tags: step2
+ service: name=mariadb state=stopped enabled=no
--- /dev/null
+heat_template_version: pike
+
+description: >
+ OpenStack containerized Redis services
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerRedisImage:
+ description: image
+ default: 'centos-binary-redis:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+resources:
+
+ RedisBase:
+ type: ../../../../puppet/services/database/redis.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Redis API role.
+ value:
+ service_name: {get_attr: [RedisBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - {get_attr: [RedisBase, role_data, config_settings]}
+ - redis::service_manage: false
+ redis::notify_service: false
+ redis::managed_by_cluster_manager: true
+ tripleo::profile::pacemaker::database::redis_bundle::redis_docker_image: &redis_image
+ list_join:
+ - '/'
+ - - {get_param: DockerNamespace}
+ - {get_param: DockerRedisImage}
+
+ step_config: ""
+ service_config_settings: {get_attr: [RedisBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ config_volume: 'redis'
+ # NOTE: we need the exec tag to copy /etc/redis.conf.puppet to
+ # /etc/redis.conf
+ # https://github.com/arioch/puppet-redis/commit/1c004143223e660cbd433422ff8194508aab9763
+ puppet_tags: 'exec'
+ step_config:
+ get_attr: [RedisBase, role_data, step_config]
+ config_image: *redis_image
+ kolla_config:
+ /var/lib/kolla/config_files/redis.json:
+ command: /usr/sbin/pacemaker_remoted
+ config_files:
+ - dest: /etc/libqb/force-filesystem-sockets
+ source: /dev/null
+ owner: root
+ perm: '0644'
+ permissions:
+ - path: /var/run/redis
+ owner: redis:redis
+ recurse: true
+ - path: /var/lib/redis
+ owner: redis:redis
+ recurse: true
+ - path: /var/log/redis
+ owner: redis:redis
+ recurse: true
+ docker_config:
+ step_2:
+ redis_init_bundle:
+ start_order: 2
+ detach: false
+ net: host
+ user: root
+ config_volume: 'redis_init_bundle'
+ command:
+ - '/bin/bash'
+ - '-c'
+ - str_replace:
+ template:
+ list_join:
+ - '; '
+ - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 2}' > /etc/puppet/hieradata/docker.json"
+ - "FACTER_uuid=docker puppet apply --tags file,file_line,concat,augeas,TAGS -v -e 'CONFIG'"
+ params:
+ TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation'
+ CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::database::redis_bundle'
+ image: *redis_image
+ volumes:
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /etc/puppet:/tmp/puppet-etc:ro
+ - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
+ - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro
+ - /dev/shm:/dev/shm:rw
+ host_prep_tasks:
+ - name: create /var/run/redis
+ file:
+ path: /var/run/redis
+ state: directory
+ - name: create /var/log/redis
+ file:
+ path: /var/log/redis
+ state: directory
+ - name: create /var/lib/redis
+ file:
+ path: /var/lib/redis
+ state: directory
+ upgrade_tasks:
+ - name: Stop and disable redis service
+ tags: step2
+ service: name=redis state=stopped enabled=no
--- /dev/null
+heat_template_version: pike
+
+description: >
+ OpenStack containerized HAproxy service for pacemaker
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerHAProxyImage:
+ description: image
+ default: 'centos-binary-haproxy:latest'
+ type: string
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+resources:
+
+ HAProxyBase:
+ type: ../../../puppet/services/pacemaker/haproxy.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the HAproxy role.
+ value:
+ service_name: {get_attr: [HAProxyBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [HAProxyBase, role_data, config_settings]
+ - tripleo::haproxy::haproxy_daemon: false
+ haproxy_docker: true
+ tripleo::profile::pacemaker::haproxy_bundle::haproxy_docker_image: &haproxy_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerHAProxyImage} ]
+ step_config:
+ list_join:
+ - "\n"
+ - - &noop_pcmk "['pcmk_bundle', 'pcmk_resource', 'pcmk_property', 'pcmk_constraint', 'pcmk_resource_default'].each |String $val| { noop_resource($val) }"
+ - 'include ::tripleo::profile::pacemaker::haproxy_bundle'
+ service_config_settings: {get_attr: [HAProxyBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ config_volume: haproxy
+ puppet_tags: haproxy_config
+ step_config:
+ list_join:
+ - "\n"
+ - - "exec {'wait-for-settle': command => '/bin/true' }"
+ - &noop_firewall "class tripleo::firewall(){}; define tripleo::firewall::rule( $port = undef, $dport = undef, $sport = undef, $proto = undef, $action = undef, $state = undef, $source = undef, $iniface = undef, $chain = undef, $destination = undef, $extras = undef){}"
+ - *noop_pcmk
+ - 'include ::tripleo::profile::pacemaker::haproxy_bundle'
+ config_image: *haproxy_image
+ kolla_config:
+ /var/lib/kolla/config_files/haproxy.json:
+ command: haproxy -f /etc/haproxy/haproxy.cfg
+ docker_config:
+ step_2:
+ haproxy_init_bundle:
+ start_order: 3
+ detach: false
+ net: host
+ user: root
+ command:
+ - '/bin/bash'
+ - '-c'
+ - str_replace:
+ template:
+ list_join:
+ - '; '
+ - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 2}' > /etc/puppet/hieradata/docker.json"
+ - "FACTER_uuid=docker puppet apply --tags file,file_line,concat,augeas,TAGS -v -e 'CONFIG'"
+ params:
+ TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ip,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation'
+ CONFIG:
+ list_join:
+ - ';'
+ - - *noop_firewall
+ - 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::haproxy_bundle'
+ image: *haproxy_image
+ volumes:
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /etc/puppet:/tmp/puppet-etc:ro
+ - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
+ - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro
+ - /dev/shm:/dev/shm:rw
+ metadata_settings:
+ get_attr: [HAProxyBase, role_data, metadata_settings]
--- /dev/null
+heat_template_version: pike
+
+description: >
+ OpenStack containerized Rabbitmq service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerRabbitmqImage:
+ description: image
+ default: 'centos-binary-rabbitmq:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RabbitCookie:
+ type: string
+ default: ''
+ hidden: true
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+resources:
+
+ RabbitmqBase:
+ type: ../../../puppet/services/rabbitmq.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Rabbitmq API role.
+ value:
+ service_name: {get_attr: [RabbitmqBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - {get_attr: [RabbitmqBase, role_data, config_settings]}
+ - rabbitmq::service_manage: false
+ tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image: &rabbitmq_image
+ list_join:
+ - '/'
+ - - {get_param: DockerNamespace}
+ - {get_param: DockerRabbitmqImage}
+ step_config: &step_config
+ get_attr: [RabbitmqBase, role_data, step_config]
+ service_config_settings: {get_attr: [RabbitmqBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ config_volume: rabbitmq
+ puppet_tags: file
+ step_config: *step_config
+ config_image: *rabbitmq_image
+ kolla_config:
+ /var/lib/kolla/config_files/rabbitmq.json:
+ command: /usr/sbin/pacemaker_remoted
+ config_files:
+ - dest: /etc/libqb/force-filesystem-sockets
+ source: /dev/null
+ owner: root
+ perm: '0644'
+ permissions:
+ - path: /var/lib/rabbitmq
+ owner: rabbitmq:rabbitmq
+ recurse: true
+ - path: /var/log/rabbitmq
+ owner: rabbitmq:rabbitmq
+ recurse: true
+ # When using pacemaker we don't launch the container, instead that is done by pacemaker
+ # itself.
+ docker_config:
+ step_1:
+ rabbitmq_bootstrap:
+ start_order: 0
+ image: *rabbitmq_image
+ net: host
+ privileged: false
+ volumes:
+ - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/rabbitmq/etc/rabbitmq:/etc/rabbitmq:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /var/lib/rabbitmq:/var/lib/rabbitmq
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ - KOLLA_BOOTSTRAP=True
+ -
+ list_join:
+ - '='
+ - - 'RABBITMQ_CLUSTER_COOKIE'
+ -
+ yaql:
+ expression: $.data.passwords.where($ != '').first()
+ data:
+ passwords:
+ - {get_param: RabbitCookie}
+ - {get_param: [DefaultPasswords, rabbit_cookie]}
+ step_2:
+ rabbitmq_init_bundle:
+ start_order: 0
+ detach: false
+ net: host
+ user: root
+ command:
+ - '/bin/bash'
+ - '-c'
+ - str_replace:
+ template:
+ list_join:
+ - '; '
+ - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 2}' > /etc/puppet/hieradata/docker.json"
+ - "FACTER_uuid=docker puppet apply --tags file,file_line,concat,augeas,TAGS -v -e 'CONFIG'"
+ params:
+ TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation'
+ CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::rabbitmq_bundle'
+ image: *rabbitmq_image
+ volumes:
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /etc/puppet:/tmp/puppet-etc:ro
+ - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
+ - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro
+ - /dev/shm:/dev/shm:rw
+ host_prep_tasks:
+ - name: create /var/lib/rabbitmq
+ file:
+ path: /var/lib/rabbitmq
+ state: directory
+ - name: stop the Erlang port mapper on the host and make sure it cannot bind to the port used by container
+ shell: |
+ echo 'export ERL_EPMD_ADDRESS=127.0.0.1' > /etc/rabbitmq/rabbitmq-env.conf
+ echo 'export ERL_EPMD_PORT=4370' >> /etc/rabbitmq/rabbitmq-env.conf
+ for pid in $(pgrep epmd); do if [ "$(lsns -o NS -p $pid)" == "$(lsns -o NS -p 1)" ]; then kill $pid; break; fi; done
+ upgrade_tasks:
+ - name: Stop and disable rabbitmq service
+ tags: step2
+ service: name=rabbitmq-server state=stopped enabled=no
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerPankoApiImage} ]
kolla_config:
- /var/lib/kolla/config_files/panko-api.json:
+ /var/lib/kolla/config_files/panko_api.json:
command: /usr/sbin/httpd -DFOREGROUND
permissions:
- path: /var/log/panko
recurse: true
docker_config:
step_3:
- panko-init-log:
+ panko_init_log:
start_order: 0
image: *panko_image
user: root
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/kolla/config_files/panko-api.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/kolla/config_files/panko_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/panko/etc/panko/:/etc/panko/:ro
- - /var/lib/config-data/panko/etc/httpd/:/etc/httpd/:ro
+ - /var/lib/config-data/panko/etc/httpd/conf/:/etc/httpd/conf/:ro
+ - /var/lib/config-data/panko/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro
+ - /var/lib/config-data/panko/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro
- /var/lib/config-data/panko/var/www/:/var/www/:ro
- /var/log/containers/panko:/var/log/panko
-
step_config: 'include ::tripleo::profile::base::rabbitmq'
config_image: *rabbitmq_image
volumes:
- - /var/lib/config-data/rabbitmq/etc/:/etc/
+ - /var/lib/config-data/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/:ro
- /var/lib/rabbitmq:/var/lib/rabbitmq:ro
host_prep_tasks:
- name: create persistent directories
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/swift_proxy_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/swift/etc/httpd/:/etc/httpd/:ro
+ - /var/lib/config-data/swift/etc/httpd/conf/:/etc/httpd/conf/:ro
+ - /var/lib/config-data/swift/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro
+ - /var/lib/config-data/swift/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
environment:
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
+ SwiftRawDisks:
+ default: {}
+ description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})'
+ type: json
+
resources:
description: Role data for the swift storage services.
value:
service_name: {get_attr: [SwiftStorageBase, role_data, service_name]}
- config_settings: {get_attr: [SwiftStorageBase, role_data, config_settings]}
+ config_settings:
+ map_merge:
+ - {get_attr: [SwiftStorageBase, role_data, config_settings]}
+ # FIXME (cschwede): re-enable this once checks works inside containers
+ - swift::storage::all::mount_check: false
step_config: &step_config
get_attr: [SwiftStorageBase, role_data, step_config]
service_config_settings: {get_attr: [SwiftStorageBase, role_data, service_config_settings]}
with_items:
- /var/log/containers/swift
- /srv/node
+ - name: Format and mount devices defined in SwiftRawDisks
+ mount:
+ name: /srv/node/{{ item }}
+ src: /dev/{{ item }}
+ fstype: xfs
+ opts: noatime
+ state: mounted
+ with_items:
+ - repeat:
+ template: 'DEVICE'
+ for_each:
+ DEVICE: {get_param: SwiftRawDisks}
upgrade_tasks:
- name: Stop and disable swift storage services
tags: step2
--- /dev/null
+heat_template_version: pike
+
+description: >
+ OpenStack containerized Tacker service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerTackerImage:
+ description: image
+ default: 'centos-binary-tacker:latest'
+ type: string
+ DockerTackerConfigImage:
+ description: image
+ default: 'centos-binary-tacker:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+ TackerBase:
+ type: ../../puppet/services/tacker.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Tacker role.
+ value:
+ service_name: {get_attr: [TackerBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [TackerBase, role_data, config_settings]
+ step_config: &step_config
+ get_attr: [TackerBase, role_data, step_config]
+ service_config_settings: {get_attr: [TackerBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ config_volume: tacker
+ puppet_tags: tacker_config
+ step_config: *step_config
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerTackerConfigImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/tacker_api.json:
+ command: /usr/bin/tacker-server --config-file=/etc/tacker/tacker.conf --log-file=/var/log/tacker/api.log
+ permissions:
+ - path: /var/log/tacker
+ owner: tacker:tacker
+ recurse: true
+ docker_config:
+ # db sync runs before permissions set by kolla_config
+ step_3:
+ tacker_init_logs:
+ start_order: 0
+ image: &tacker_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerTackerImage} ]
+ privileged: false
+ user: root
+ volumes:
+ - /var/log/containers/tacker:/var/log/tacker
+ command: ['/bin/bash', '-c', 'chown -R tacker:tacker /var/log/tacker']
+ tacker_db_sync:
+ start_order: 1
+ image: *tacker_image
+ net: host
+ privileged: false
+ detach: false
+ user: root
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/config-data/tacker/etc/:/etc/:ro
+ - /var/log/containers/tacker:/var/log/tacker
+ command: "/usr/bin/bootstrap_host_exec tacker su tacker -s /bin/bash -c 'tacker-db-manage --config-file /etc/tacker/tacker.conf upgrade head'"
+ step_4:
+ tacker_api:
+ image: *tacker_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/tacker_api.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/tacker/etc/tacker/:/etc/tacker/:ro
+ - /var/log/containers/tacker:/var/log/tacker
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ host_prep_tasks:
+ - name: create persistent logs directory
+ file:
+ path: /var/log/containers/tacker
+ state: directory
+ upgrade_tasks:
+ - name: Stop and disable tacker-server service
+ tags: step2
+ service: name=openstack-tacker-server state=stopped enabled=no
- /var/lib/kolla/config_files/zaqar.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/zaqar/etc/zaqar/:/etc/zaqar/:ro
- /var/lib/config-data/zaqar/var/www/:/var/www/:ro
- - /var/lib/config-data/zaqar/etc/httpd/:/etc/httpd/:ro
+ - /var/lib/config-data/zaqar/etc/httpd/conf/:/etc/httpd/conf/:ro
+ - /var/lib/config-data/zaqar/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro
+ - /var/lib/config-data/zaqar/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro
- /var/log/containers/zaqar:/var/log/zaqar
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
- OS::TripleO::Services::NovaLibvirt
- OS::TripleO::Services::ComputeNeutronOvsAgent
- OS::TripleO::Services::Docker
+ - OS::TripleO::Services::Sshd
OS::TripleO::Services::CeilometerAgentCentral: ../docker/services/ceilometer-agent-central.yaml
OS::TripleO::Services::CeilometerAgentCompute: ../docker/services/ceilometer-agent-compute.yaml
OS::TripleO::Services::CeilometerAgentNotification: ../docker/services/ceilometer-agent-notification.yaml
+ OS::TripleO::Services::Horizon: ../docker/services/horizon.yaml
OS::TripleO::PostDeploySteps: ../docker/post.yaml
OS::TripleO::PostUpgradeSteps: ../docker/post-upgrade.yaml
- OS::TripleO::Services::ComputeNeutronOvsAgent
- OS::TripleO::Services::Docker
- OS::TripleO::Services::CeilometerAgentCompute
+ - OS::TripleO::Services::Sshd
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::ComputeNeutronCorePlugin
- OS::TripleO::Services::ComputeNeutronOvsAgent
+ - OS::TripleO::Services::NeutronLinuxbridgeAgent
- OS::TripleO::Services::ComputeCeilometerAgent
- OS::TripleO::Services::ComputeNeutronL3Agent
- OS::TripleO::Services::ComputeNeutronMetadataAgent
--- /dev/null
+# A Heat environment file that can be used to deploy Neutron BGPVPN service
+#
+# This environment file deploys Neutron BGPVPN service and configures
+# Opendaylight as its service provider.
+#
+# - OpenDaylight: BGPVPN:OpenDaylight:networking_bgpvpn.neutron.services.service_drivers.opendaylight.odl.OpenDaylightBgpvpnDriver:default
+resource_registry:
+ OS::TripleO::Services::NeutronBgpVpnApi: ../puppet/services/neutron-bgpvpn-api.yaml
+
+parameter_defaults:
+ NeutronServicePlugins: 'router, networking_bgpvpn.neutron.services.plugin.BGPVPNPlugin'
+ BgpvpnServiceProvider: 'BGPVPN:OpenDaylight:networking_bgpvpn.neutron.services.service_drivers.opendaylight.odl.OpenDaylightBgpvpnDriver:default'
--- /dev/null
+## A Heat environment that can be used to deploy linuxbridge
+resource_registry:
+ OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
+ OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
+ OS::TripleO::Services::NeutronLinuxbridgeAgent: ../puppet/services/neutron-linuxbridge-agent.yaml
+
+parameter_defaults:
+ NeutronMechanismDrivers: ['linuxbridge']
#NeutronDpdkMemoryChannels: ""
NeutronDatapathType: "netdev"
- NeutronVhostuserSocketDir: "/var/run/openvswitch"
+ NeutronVhostuserSocketDir: "/var/lib/vhost_sockets"
#NeutronDpdkSocketMemory: ""
#NeutronDpdkDriverType: "vfio-pci"
GlanceBackend: rbd
GnocchiBackend: rbd
CinderEnableIscsiBackend: false
- CephPoolDefaultSite: 1
+ CephPoolDefaultSize: 1
--- /dev/null
+resource_registry:
+ OS::TripleO::Services::Collectd: ../../docker/services/collectd.yaml
--- /dev/null
+resource_registry:
+ OS::TripleO::Services::Congress: ../../docker/services/congress-api.yaml
--- /dev/null
+resource_registry:
+ OS::TripleO::Services::ManilaApi: ../../docker/services/manila-api.yaml
--- /dev/null
+resource_registry:
+ OS::TripleO::Services::Tacker: ../../docker/services/tacker.yaml
cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys
fi
-PHYSICAL_NETWORK=ctlplane
-
-ctlplane_id=$(openstack network list -f csv -c ID -c Name --quote none | tail -n +2 | grep ctlplane | cut -d, -f1)
-subnet_ids=$(openstack subnet list -f csv -c ID --quote none | tail -n +2)
-subnet_id=
+if [ "$(hiera neutron_api_enabled)" = "true" ]; then
+ PHYSICAL_NETWORK=ctlplane
+
+ ctlplane_id=$(openstack network list -f csv -c ID -c Name --quote none | tail -n +2 | grep ctlplane | cut -d, -f1)
+ subnet_ids=$(openstack subnet list -f csv -c ID --quote none | tail -n +2)
+ subnet_id=
+
+ for subnet_id in $subnet_ids; do
+ network_id=$(openstack subnet show -f value -c network_id $subnet_id)
+ if [ "$network_id" = "$ctlplane_id" ]; then
+ break
+ fi
+ done
-for subnet_id in $subnet_ids; do
- network_id=$(openstack subnet show -f value -c network_id $subnet_id)
- if [ "$network_id" = "$ctlplane_id" ]; then
- break
- fi
-done
-
-net_create=1
-if [ -n "$subnet_id" ]; then
- cidr=$(openstack subnet show $subnet_id -f value -c cidr)
- if [ "$cidr" = "$undercloud_network_cidr" ]; then
- net_create=0
- else
- echo "New cidr $undercloud_network_cidr does not equal old cidr $cidr"
- echo "Will attempt to delete and recreate subnet $subnet_id"
+ net_create=1
+ if [ -n "$subnet_id" ]; then
+ cidr=$(openstack subnet show $subnet_id -f value -c cidr)
+ if [ "$cidr" = "$undercloud_network_cidr" ]; then
+ net_create=0
+ else
+ echo "New cidr $undercloud_network_cidr does not equal old cidr $cidr"
+ echo "Will attempt to delete and recreate subnet $subnet_id"
+ fi
fi
-fi
-if [ "$net_create" -eq "1" ]; then
- # Delete the subnet and network to make sure it doesn't already exist
- if openstack subnet list | grep start; then
- openstack subnet delete $(openstack subnet list | grep start | awk '{print $4}')
- fi
- if openstack network show ctlplane; then
- openstack network delete ctlplane
+ if [ "$net_create" -eq "1" ]; then
+ # Delete the subnet and network to make sure it doesn't already exist
+ if openstack subnet list | grep start; then
+ openstack subnet delete $(openstack subnet list | grep start | awk '{print $4}')
+ fi
+ if openstack network show ctlplane; then
+ openstack network delete ctlplane
+ fi
+
+
+ NETWORK_ID=$(openstack network create --provider-network-type=flat --provider-physical-network=ctlplane ctlplane | grep " id " | awk '{print $4}')
+
+ NAMESERVER_ARG=""
+ if [ -n "${undercloud_nameserver:-}" ]; then
+ NAMESERVER_ARG="--dns-nameserver $undercloud_nameserver"
+ fi
+
+ openstack subnet create --network=$NETWORK_ID \
+ --gateway=$undercloud_network_gateway \
+ --subnet-range=$undercloud_network_cidr \
+ --allocation-pool start=$undercloud_dhcp_start,end=$undercloud_dhcp_end \
+ --host-route destination=169.254.169.254/32,gateway=$local_ip \
+ $NAMESERVER_ARG ctlplane
fi
-
-
- NETWORK_ID=$(openstack network create --provider-network-type=flat --provider-physical-network=ctlplane ctlplane | grep " id " | awk '{print $4}')
-
- NAMESERVER_ARG=""
- if [ -n "${undercloud_nameserver:-}" ]; then
- NAMESERVER_ARG="--dns-nameserver $undercloud_nameserver"
- fi
-
- openstack subnet create --network=$NETWORK_ID \
- --gateway=$undercloud_network_gateway \
- --subnet-range=$undercloud_network_cidr \
- --allocation-pool start=$undercloud_dhcp_start,end=$undercloud_dhcp_end \
- --host-route destination=169.254.169.254/32,gateway=$local_ip \
- $NAMESERVER_ARG ctlplane
fi
-# Disable nova quotas
-openstack quota set --cores -1 --instances -1 --ram -1 $(openstack project show admin | awk '$2=="id" {print $4}')
+if [ "$(hiera nova_api_enabled)" = "true" ]; then
+ # Disable nova quotas
+ openstack quota set --cores -1 --instances -1 --ram -1 $(openstack project show admin | awk '$2=="id" {print $4}')
+fi
# MISTRAL WORKFLOW CONFIGURATION
if [ "$(hiera mistral_api_enabled)" = "true" ]; then
resources:
-{%- for role in roles -%}
-{% if "controller" in role.tags %}
+{%- for role in roles %}
+ {%- if 'controller' in role.tags %}
{{role.name}}PostPuppetMaintenanceModeConfig:
type: OS::Heat::SoftwareConfig
properties:
properties:
servers: {get_param: [servers, {{role.name}}]}
input_values: {get_param: input_values}
-{%- endif -%}
-{% endfor %}
+ {%- endif %}
+{%- endfor %}
OS::TripleO::Services::NeutronCorePluginMidonet: puppet/services/neutron-midonet.yaml
OS::TripleO::Services::NeutronOvsAgent: puppet/services/neutron-ovs-agent.yaml
+ OS::TripleO::Services::NeutronLinuxbridgeAgent: OS::Heat::None
OS::TripleO::Services::ComputeNeutronOvsAgent: puppet/services/neutron-ovs-agent.yaml
OS::TripleO::Services::Pacemaker: OS::Heat::None
OS::TripleO::Services::PacemakerRemote: OS::Heat::None
description: >
Set to true to append per network Vips to /etc/hosts on each node.
+ DeploymentServerBlacklist:
+ default: []
+ type: comma_delimited_list
+ description: >
+ List of server hostnames to blacklist from any triggered deployments.
+
conditions:
add_vips_to_etc_hosts: {equals : [{get_param: AddVipsToEtcHosts}, True]}
properties:
name: {{role.name}}HostsDeployment
config: {get_attr: [hostsConfig, config_id]}
- servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
+ servers: {get_attr: [{{role.name}}Servers, value]}
{{role.name}}SshKnownHostsDeployment:
type: OS::Heat::StructuredDeployments
properties:
name: {{role.name}}SshKnownHostsDeployment
config: {get_resource: SshKnownHostsConfig}
- servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
+ servers: {get_attr: [{{role.name}}Servers, value]}
{{role.name}}AllNodesDeployment:
type: OS::Heat::StructuredDeployments
properties:
name: {{role.name}}AllNodesDeployment
config: {get_attr: [allNodesConfig, config_id]}
- servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
+ servers: {get_attr: [{{role.name}}Servers, value]}
input_values:
# Note we have to use yaql to look up the first hostname/ip in the
# list because heat path based attributes operate on the attribute
properties:
name: {{role.name}}AllNodesValidationDeployment
config: {get_resource: AllNodesValidationConfig}
- servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
+ servers: {get_attr: [{{role.name}}Servers, value]}
{{role.name}}IpListMap:
type: OS::TripleO::Network::Ports::NetIpListMap
ServiceNames: {get_attr: [{{role.name}}ServiceNames, value]}
MonitoringSubscriptions: {get_attr: [{{role.name}}ServiceChainRoleData, value, monitoring_subscriptions]}
ServiceMetadataSettings: {get_attr: [{{role.name}}ServiceChainRoleData, value, service_metadata_settings]}
+ DeploymentServerBlacklistDict: {get_attr: [DeploymentServerBlacklistDict, value]}
+{% endfor %}
+
+{% for role in roles %}
+ {{role.name}}Servers:
+ type: OS::Heat::Value
+ depends_on: {{role.name}}
+ properties:
+ type: json
+ value:
+ yaql:
+ expression: let(servers=>switch(isDict($.data.servers) => $.data.servers, true => {})) -> $servers.deleteAll($servers.keys().where($servers[$] = null))
+ data:
+ servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
{% endfor %}
+ # This resource just creates a dict out of the DeploymentServerBlacklist,
+ # which is a list. The dict is used in the role templates to set a condition
+ # on whether to create the deployment resources. We can't use the list
+ # directly because there is no way to ask Heat if a list contains a specific
+ # value.
+ DeploymentServerBlacklistDict:
+ type: OS::Heat::Value
+ properties:
+ type: json
+ value:
+ map_merge:
+ repeat:
+ template:
+ hostname: 1
+ for_each:
+ hostname: {get_param: DeploymentServerBlacklist}
+
hostsConfig:
type: OS::TripleO::Hosts::SoftwareConfig
properties:
properties:
servers:
{% for role in roles %}
- {{role.name}}: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
+ {{role.name}}: {get_attr: [{{role.name}}Servers, value]}
{% endfor %}
input_values:
deploy_identifier: {get_param: DeployIdentifier}
properties:
servers:
{% for role in roles %}
- {{role.name}}: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
+ {{role.name}}: {get_attr: [{{role.name}}Servers, value]}
{% endfor %}
# Post deployment steps for all roles
properties:
servers:
{% for role in roles %}
- {{role.name}}: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
+ {{role.name}}: {get_attr: [{{role.name}}Servers, value]}
{% endfor %}
EndpointMap: {get_attr: [EndpointMap, endpoint_map]}
role_data:
--- /dev/null
+=================================
+Samples for plan-environment.yaml
+=================================
+
+The ``plan-environment.yaml`` file provides the details of the plan to be
+deployed by TripleO. Along with the details of the heat environments and
+parameters, it is also possible to provide workflow specific parameters to the
+TripleO mistral workflows. A new section ``workflow_parameters`` has been
+added to provide workflow specific parameters. This provides a clear
+separation of heat environment parameters and the workflow only parameters.
+These customized plan environment files can be provided as with ``-p`` option
+to the ``openstack overcloud deploy`` and ``openstack overcloud plan create``
+commands. The sample format to provide the workflow specific parameters::
+
+ workflow_parameters:
+ tripleo.derive_params.v1.derive_parameters:
+ # DPDK Parameters
+ number_of_pmd_cpu_threads_per_numa_node: 2
+
+
+All the parameters specified under the workflow name will be passed as
+``user_input`` to the workflow, while invoking from the tripleoclient.
\ No newline at end of file
--- /dev/null
+version: 1.0
+
+name: overcloud
+description: >
+ Default Deployment plan
+template: overcloud.yaml
+environments:
+ - path: overcloud-resource-registry-puppet.yaml
+workflow_parameters:
+ tripleo.derive_params.v1.derive_parameters:
+ ######### DPDK Parameters #########
+ # Specifices the minimum number of CPU threads to be allocated for DPDK
+ # PMD threads. The actual allocation will be based on network config, if
+ # the a DPDK port is associated with a numa node, then this configuration
+ # will be used, else 0.
+ number_of_pmd_cpu_threads_per_numa_node: 4
+ # Amount of memory to be configured as huge pages in percentage. Ouf the
+ # total available memory (excluding the NovaReservedHostMemory), the
+ # specified percentage of the remaining is configured as huge pages.
+ huge_page_allocation_percentage: 90
+ ######### HCI Parameters #########
+ hci_profile: default
+ hci_profile_config:
+ default:
+ average_guest_memory_size_in_mb: 2048
+ average_guest_cpu_utilization_percentage: 50
+ many_small_vms:
+ average_guest_memory_size_in_mb: 1024
+ average_guest_cpu_utilization_percentage: 20
+ few_large_vms:
+ average_guest_memory_size_in_mb: 4096
+ average_guest_cpu_utilization_percentage: 80
+ nfv_default:
+ average_guest_memory_size_in_mb: 8192
+ average_guest_cpu_utilization_percentage: 90
major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
environment files.
default: ''
+ DeploymentServerBlacklistDict:
+ default: {}
+ type: json
+ description: >
+ Map of server hostnames to blacklist from any triggered
+ deployments. If the value is 1, the server will be blacklisted. This
+ parameter is generated from the parent template.
+
+conditions:
+ server_not_blacklisted:
+ not:
+ equals:
+ - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
+ - 1
resources:
BlockStorage:
name: NetworkDeployment
config: {get_resource: NetworkConfig}
server: {get_resource: BlockStorage}
- actions: {get_param: NetworkDeploymentActions}
+ actions:
+ if:
+ - server_not_blacklisted
+ - {get_param: NetworkDeploymentActions}
+ - []
BlockStorageUpgradeInitConfig:
type: OS::Heat::SoftwareConfig
name: BlockStorageUpgradeInitDeployment
server: {get_resource: BlockStorage}
config: {get_resource: BlockStorageUpgradeInitConfig}
+ actions:
+ if:
+ - server_not_blacklisted
+ - ['CREATE', 'UPDATE']
+ - []
BlockStorageDeployment:
type: OS::Heat::StructuredDeployment
config: {get_resource: BlockStorageConfig}
input_values:
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
+ actions:
+ if:
+ - server_not_blacklisted
+ - ['CREATE', 'UPDATE']
+ - []
# Map heat metadata into hiera datafiles
BlockStorageConfig:
hierarchy:
- '"%{::uuid}"'
- heat_config_%{::deploy_config_name}
+ - config_step
- volume_extraconfig
- extraconfig
- service_names
input_values:
update_identifier:
get_param: UpdateIdentifier
+ actions:
+ if:
+ - server_not_blacklisted
+ - ['CREATE', 'UPDATE']
+ - []
SshHostPubKey:
type: OS::TripleO::Ssh::HostPubKey
description: Heat resource handle for the block storage server
value:
{get_resource: BlockStorage}
+ condition: server_not_blacklisted
external_ip_address:
description: IP address of the server in the external network
value: {get_attr: [ExternalPort, ip_address]}
major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
environment files.
default: ''
+ DeploymentServerBlacklistDict:
+ default: {}
+ type: json
+ description: >
+ Map of server hostnames to blacklist from any triggered
+ deployments. If the value is 1, the server will be blacklisted. This
+ parameter is generated from the parent template.
+
+conditions:
+ server_not_blacklisted:
+ not:
+ equals:
+ - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
+ - 1
resources:
CephStorage:
name: NetworkDeployment
config: {get_resource: NetworkConfig}
server: {get_resource: CephStorage}
- actions: {get_param: NetworkDeploymentActions}
+ actions:
+ if:
+ - server_not_blacklisted
+ - {get_param: NetworkDeploymentActions}
+ - []
CephStorageUpgradeInitConfig:
type: OS::Heat::SoftwareConfig
name: CephStorageUpgradeInitDeployment
server: {get_resource: CephStorage}
config: {get_resource: CephStorageUpgradeInitConfig}
+ actions:
+ if:
+ - server_not_blacklisted
+ - ['CREATE', 'UPDATE']
+ - []
CephStorageDeployment:
type: OS::Heat::StructuredDeployment
server: {get_resource: CephStorage}
input_values:
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
+ actions:
+ if:
+ - server_not_blacklisted
+ - ['CREATE', 'UPDATE']
+ - []
CephStorageConfig:
type: OS::Heat::StructuredConfig
hierarchy:
- '"%{::uuid}"'
- heat_config_%{::deploy_config_name}
+ - config_step
- ceph_extraconfig
- extraconfig
- service_names
input_values:
update_identifier:
get_param: UpdateIdentifier
+ actions:
+ if:
+ - server_not_blacklisted
+ - ['CREATE', 'UPDATE']
+ - []
SshHostPubKey:
type: OS::TripleO::Ssh::HostPubKey
description: Heat resource handle for the ceph storage server
value:
{get_resource: CephStorage}
+ condition: server_not_blacklisted
external_ip_address:
description: IP address of the server in the external network
value: {get_attr: [ExternalPort, ip_address]}
major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
environment files.
default: ''
+ DeploymentServerBlacklistDict:
+ default: {}
+ type: json
+ description: >
+ Map of server hostnames to blacklist from any triggered
+ deployments. If the value is 1, the server will be blacklisted. This
+ parameter is generated from the parent template.
+
+conditions:
+ server_not_blacklisted:
+ not:
+ equals:
+ - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
+ - 1
resources:
depends_on: PreNetworkConfig
properties:
name: NetworkDeployment
+ actions:
+ if:
+ - server_not_blacklisted
+ - {get_param: NetworkDeploymentActions}
+ - []
config: {get_resource: NetworkConfig}
server: {get_resource: NovaCompute}
- actions: {get_param: NetworkDeploymentActions}
input_values:
bridge_name: {get_param: NeutronPhysicalBridge}
interface_name: {get_param: NeutronPublicInterface}
depends_on: NetworkDeployment
properties:
name: NovaComputeUpgradeInitDeployment
+ actions:
+ if:
+ - server_not_blacklisted
+ - ['CREATE', 'UPDATE']
+ - []
server: {get_resource: NovaCompute}
config: {get_resource: NovaComputeUpgradeInitConfig}
hierarchy:
- '"%{::uuid}"'
- heat_config_%{::deploy_config_name}
+ - config_step
- compute_extraconfig
- extraconfig
- service_names
depends_on: NovaComputeUpgradeInitDeployment
properties:
name: NovaComputeDeployment
+ actions:
+ if:
+ - server_not_blacklisted
+ - ['CREATE', 'UPDATE']
+ - []
config: {get_resource: NovaComputeConfig}
server: {get_resource: NovaCompute}
input_values:
depends_on: NetworkDeployment
properties:
name: UpdateDeployment
+ actions:
+ if:
+ - server_not_blacklisted
+ - ['CREATE', 'UPDATE']
+ - []
config: {get_resource: UpdateConfig}
server: {get_resource: NovaCompute}
input_values:
nova_server_resource:
description: Heat resource handle for the Nova compute server
value:
- {get_resource: NovaCompute}
\ No newline at end of file
+ {get_resource: NovaCompute}
+ condition: server_not_blacklisted
major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
environment files.
default: ''
+ DeploymentServerBlacklistDict:
+ default: {}
+ type: json
+ description: >
+ Map of server hostnames to blacklist from any triggered
+ deployments. If the value is 1, the server will be blacklisted. This
+ parameter is generated from the parent template.
parameter_groups:
- label: deprecated
parameters:
- controllerExtraConfig
+conditions:
+ server_not_blacklisted:
+ not:
+ equals:
+ - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
+ - 1
+
+
resources:
Controller:
name: NetworkDeployment
config: {get_resource: NetworkConfig}
server: {get_resource: Controller}
- actions: {get_param: NetworkDeploymentActions}
+ actions:
+ if:
+ - server_not_blacklisted
+ - {get_param: NetworkDeploymentActions}
+ - []
input_values:
bridge_name: br-ex
interface_name: {get_param: NeutronPublicInterface}
depends_on: NetworkDeployment
properties:
name: ControllerUpgradeInitDeployment
+ actions:
+ if:
+ - server_not_blacklisted
+ - ['CREATE', 'UPDATE']
+ - []
server: {get_resource: Controller}
config: {get_resource: ControllerUpgradeInitConfig}
depends_on: ControllerUpgradeInitDeployment
properties:
name: ControllerDeployment
+ actions:
+ if:
+ - server_not_blacklisted
+ - ['CREATE', 'UPDATE']
+ - []
config: {get_resource: ControllerConfig}
server: {get_resource: Controller}
input_values:
hierarchy:
- '"%{::uuid}"'
- heat_config_%{::deploy_config_name}
+ - config_step
- controller_extraconfig
- extraconfig
- service_configs
depends_on: NetworkDeployment
properties:
name: UpdateDeployment
+ actions:
+ if:
+ - server_not_blacklisted
+ - ['CREATE', 'UPDATE']
+ - []
config: {get_resource: UpdateConfig}
server: {get_resource: Controller}
input_values:
description: Heat resource handle for the Nova compute server
value:
{get_resource: Controller}
+ condition: server_not_blacklisted
tls_key_modulus_md5:
description: MD5 checksum of the TLS Key Modulus
value: {get_attr: [NodeTLSData, key_modulus_md5]}
- ''
- - "#!/bin/bash\n\n"
- "set -eu\n\n"
- - "if hiera -c /etc/puppet/hiera.yaml service_names | grep nova_compute ; then\n\n"
- - " crudini --set /etc/nova/nova.conf placement auth_type password\n\n"
- - " crudini --set /etc/nova/nova.conf placement username placement\n\n"
- - " crudini --set /etc/nova/nova.conf placement project_domain_name Default\n\n"
- - " crudini --set /etc/nova/nova.conf placement user_domain_name Default\n\n"
- - " crudini --set /etc/nova/nova.conf placement project_name service\n\n"
- - " crudini --set /etc/nova/nova.conf placement os_interface internal\n\n"
- - str_replace:
- template: |
- crudini --set /etc/nova/nova.conf placement password 'SERVICE_PASSWORD'
- crudini --set /etc/nova/nova.conf placement os_region_name 'REGION_NAME'
- crudini --set /etc/nova/nova.conf placement auth_url 'AUTH_URL'
- params:
- SERVICE_PASSWORD: { get_param: NovaPassword }
- REGION_NAME: { get_param: KeystoneRegion }
- AUTH_URL: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
- - " systemctl restart openstack-nova-compute\n\n"
- - "fi\n\n"
- str_replace:
template: |
ROLE='ROLE_NAME'
major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
environment files.
default: ''
+ DeploymentServerBlacklistDict:
+ default: {}
+ type: json
+ description: >
+ Map of server hostnames to blacklist from any triggered
+ deployments. If the value is 1, the server will be blacklisted. This
+ parameter is generated from the parent template.
+
+conditions:
+ server_not_blacklisted:
+ not:
+ equals:
+ - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
+ - 1
resources:
name: NetworkDeployment
config: {get_resource: NetworkConfig}
server: {get_resource: SwiftStorage}
- actions: {get_param: NetworkDeploymentActions}
+ actions:
+ if:
+ - server_not_blacklisted
+ - {get_param: NetworkDeploymentActions}
+ - []
+
SwiftStorageUpgradeInitConfig:
type: OS::Heat::SoftwareConfig
name: SwiftStorageUpgradeInitDeployment
server: {get_resource: SwiftStorage}
config: {get_resource: SwiftStorageUpgradeInitConfig}
+ actions:
+ if:
+ - server_not_blacklisted
+ - ['CREATE', 'UPDATE']
+ - []
SwiftStorageHieraConfig:
type: OS::Heat::StructuredConfig
hierarchy:
- '"%{::uuid}"'
- heat_config_%{::deploy_config_name}
+ - config_step
- object_extraconfig
- extraconfig
- service_names
config: {get_resource: SwiftStorageHieraConfig}
input_values:
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
+ actions:
+ if:
+ - server_not_blacklisted
+ - ['CREATE', 'UPDATE']
+ - []
# Resource for site-specific injection of root certificate
NodeTLSCAData:
input_values:
update_identifier:
get_param: UpdateIdentifier
+ actions:
+ if:
+ - server_not_blacklisted
+ - ['CREATE', 'UPDATE']
+ - []
SshHostPubKey:
type: OS::TripleO::Ssh::HostPubKey
description: Heat resource handle for the swift storage server
value:
{get_resource: SwiftStorage}
+ condition: server_not_blacklisted
external_ip_address:
description: IP address of the server in the external network
value: {get_attr: [ExternalPort, ip_address]}
update_identifier: {get_param: DeployIdentifier}
{% endfor %}
- {{role.name}}PostConfig:
- type: OS::TripleO::Tasks::{{role.name}}PostConfig
+ # Note, this should be the last step to execute configuration changes.
+ # Ensure that all {{role.name}}ExtraConfigPost steps are executed
+ # after all the previous deployment steps.
+ {{role.name}}ExtraConfigPost:
depends_on:
{% for dep in roles %}
- {{dep.name}}Deployment_Step5
{% endfor %}
+ type: OS::TripleO::NodeExtraConfigPost
properties:
- servers: {get_param: servers}
- input_values:
- update_identifier: {get_param: DeployIdentifier}
+ servers: {get_param: [servers, {{role.name}}]}
- # Note, this should come last, so use depends_on to ensure
- # this is created after any other resources.
- {{role.name}}ExtraConfigPost:
+ # The {{role.name}}PostConfig steps are in charge of
+ # quiescing all services, i.e. in the Controller case,
+ # we should run a full service reload.
+ {{role.name}}PostConfig:
+ type: OS::TripleO::Tasks::{{role.name}}PostConfig
depends_on:
{% for dep in roles %}
- - {{dep.name}}PostConfig
+ - {{dep.name}}ExtraConfigPost
{% endfor %}
- type: OS::TripleO::NodeExtraConfigPost
properties:
- servers: {get_param: [servers, {{role.name}}]}
+ servers: {get_param: servers}
+ input_values:
+ update_identifier: {get_param: DeployIdentifier}
+
{% endfor %}
major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
environment files.
default: ''
+ DeploymentServerBlacklistDict:
+ default: {}
+ type: json
+ description: >
+ Map of server hostnames to blacklist from any triggered
+ deployments. If the value is 1, the server will be blacklisted. This
+ parameter is generated from the parent template.
+
+conditions:
+ server_not_blacklisted:
+ not:
+ equals:
+ - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
+ - 1
resources:
{{role}}:
input_values:
bridge_name: br-ex
interface_name: {get_param: NeutronPublicInterface}
+ actions:
+ if:
+ - server_not_blacklisted
+ - {get_param: NetworkDeploymentActions}
+ - []
{{role}}UpgradeInitConfig:
type: OS::Heat::SoftwareConfig
name: {{role}}UpgradeInitDeployment
server: {get_resource: {{role}}}
config: {get_resource: {{role}}UpgradeInitConfig}
+ actions:
+ if:
+ - server_not_blacklisted
+ - ['CREATE', 'UPDATE']
+ - []
{{role}}Deployment:
type: OS::Heat::StructuredDeployment
server: {get_resource: {{role}}}
input_values:
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
+ actions:
+ if:
+ - server_not_blacklisted
+ - ['CREATE', 'UPDATE']
+ - []
{{role}}Config:
type: OS::Heat::StructuredConfig
hierarchy:
- '"%{::uuid}"'
- heat_config_%{::deploy_config_name}
+ - config_step
- {{role.lower()}}_extraconfig
- extraconfig
- service_names
input_values:
update_identifier:
get_param: UpdateIdentifier
+ actions:
+ if:
+ - server_not_blacklisted
+ - ['CREATE', 'UPDATE']
+ - []
SshHostPubKey:
type: OS::TripleO::Ssh::HostPubKey
description: Heat resource handle for {{role}} server
value:
{get_resource: {{role}}}
+ condition: server_not_blacklisted
external_ip_address:
description: IP address of the server in the external network
value: {get_attr: [ExternalPort, ip_address]}
default: ''
description: Set to True to enable debugging on all services.
type: string
+ AodhDebug:
+ default: ''
+ description: Set to True to enable debugging Aodh services.
+ type: string
KeystoneRegion:
type: string
default: 'regionOne'
description: Keystone region for endpoint
+conditions:
+ service_debug_unset: {equals : [{get_param: AodhDebug}, '']}
+
outputs:
role_data:
description: Role data for the Aodh role.
query:
read_default_file: /etc/my.cnf.d/tripleo.cnf
read_default_group: tripleo
- aodh::debug: {get_param: Debug}
+ aodh::debug:
+ if:
+ - service_debug_unset
+ - {get_param: Debug }
+ - {get_param: AodhDebug }
aodh::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
aodh::rabbit_userid: {get_param: RabbitUserName}
aodh::rabbit_password: {get_param: RabbitPassword}
default: ''
description: Set to True to enable debugging on all services.
type: string
+ BarbicanDebug:
+ default: ''
+ description: Set to True to enable debugging Barbican service.
+ type: string
KeystoneRegion:
type: string
default: 'regionOne'
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
+conditions:
+ service_debug_unset: {equals : [{get_param: BarbicanDebug}, '']}
+
outputs:
role_data:
description: Role data for the Barbican API role.
barbican::api::host_href: {get_param: [EndpointMap, BarbicanPublic, uri]}
barbican::api::db_auto_create: false
barbican::api::enabled_certificate_plugins: ['simple_certificate']
- barbican::api::logging::debug: {get_param: Debug}
+ barbican::api::logging::debug:
+ if:
+ - service_debug_unset
+ - {get_param: Debug }
+ - {get_param: BarbicanDebug }
barbican::api::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
barbican::api::rabbit_userid: {get_param: RabbitUserName}
barbican::api::rabbit_password: {get_param: RabbitPassword}
default: ''
description: Set to True to enable debugging on all services.
type: string
+ CeilometerDebug:
+ default: ''
+ description: Set to True to enable debugging Ceilometer services.
+ type: string
KeystoneRegion:
type: string
default: 'regionOne'
type: string
hidden: true
+conditions:
+ service_debug_unset: {equals : [{get_param: CeilometerDebug}, '']}
+
outputs:
role_data:
description: Role data for the Ceilometer role.
value:
service_name: ceilometer_base
config_settings:
- ceilometer::debug: {get_param: Debug}
+ ceilometer::debug:
+ if:
+ - service_debug_unset
+ - {get_param: Debug }
+ - {get_param: CeilometerDebug }
ceilometer::keystone::authtoken::project_name: 'service'
ceilometer::keystone::authtoken::user_domain_name: 'Default'
ceilometer::keystone::authtoken::project_domain_name: 'Default'
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ EnableInternalTLS:
+ type: boolean
+ default: false
+ DefaultCRLURL:
+ default: 'http://ipa-ca/ipa/crl/MasterCRL.bin'
+ description: URI where to get the CRL to be configured in the nodes.
+ type: string
+
+conditions:
+
+ internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
outputs:
role_data:
description: Role data for the certmonger-user service
value:
service_name: certmonger_user
+ config_settings:
+ tripleo::certmonger::ca::crl::crl_source:
+ if:
+ - internal_tls_enabled
+ - {get_param: DefaultCRLURL}
+ - null
step_config: |
include ::tripleo::profile::base::certmonger_user
default: ''
description: Set to True to enable debugging on all services.
type: string
+ CinderDebug:
+ default: ''
+ description: Set to True to enable debugging on Cinder services.
+ type: string
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
Cron to move deleted instances to another table - Log destination
default: '/var/log/cinder/cinder-rowsflush.log'
+conditions:
+ service_debug_unset: {equals : [{get_param: CinderDebug}, '']}
+
outputs:
role_data:
description: Role data for the Cinder base service.
query:
read_default_file: /etc/my.cnf.d/tripleo.cnf
read_default_group: tripleo
- cinder::debug: {get_param: Debug}
+ cinder::debug:
+ if:
+ - service_debug_unset
+ - {get_param: Debug }
+ - {get_param: CinderDebug }
cinder::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
cinder::rabbit_userid: {get_param: RabbitUserName}
cinder::rabbit_password: {get_param: RabbitPassword}
Debug:
type: string
default: ''
+ CongressDebug:
+ default: ''
+ description: Set to True to enable debugging Glance service.
+ type: string
KeystoneRegion:
type: string
default: 'regionOne'
default: {}
type: json
+conditions:
+ service_debug_unset: {equals : [{get_param: CongressDebug}, '']}
+
outputs:
role_data:
description: Role data for the Congress role.
query:
read_default_file: /etc/my.cnf.d/tripleo.cnf
read_default_group: tripleo
- congress::debug: {get_param: Debug}
+ congress::debug:
+ if:
+ - service_debug_unset
+ - {get_param: Debug }
+ - {get_param: CongressDebug }
congress::rpc_backend: rabbit
congress::rabbit_userid: {get_param: RabbitUserName}
congress::rabbit_password: {get_param: RabbitPassword}
via parameter_defaults in the resource registry.
type: json
-resources:
- CeilometerServiceBase:
- type: ../ceilometer-base.yaml
- properties:
- ServiceNetMap: {get_param: ServiceNetMap}
- DefaultPasswords: {get_param: DefaultPasswords}
- EndpointMap: {get_param: EndpointMap}
- RoleName: {get_param: RoleName}
- RoleParameters: {get_param: RoleParameters}
-
outputs:
role_data:
description: Role data for the disabling Ceilometer Expirer role.
value:
service_name: ceilometer_expirer_disabled
- config_settings:
- map_merge:
- - get_attr: [CeilometerServiceBase, role_data, config_settings]
- - ceilometer::expirer::enable_cron: false
- step_config: |
- include ::tripleo::profile::base::ceilometer::expirer
+ upgrade_tasks:
+ - name: Remove ceilometer expirer cron tab on upgrade
+ tags: step1
+ shell: '/usr/bin/crontab -u ceilometer -r'
default: ''
description: Set to True to enable debugging on all services.
type: string
+ GlanceDebug:
+ default: ''
+ description: Set to True to enable debugging Glance service.
+ type: string
GlancePassword:
description: The password for the glance service and db account, used by the glance services.
type: string
CephClientUserName:
default: openstack
type: string
- Debug:
- default: ''
- description: Set to True to enable debugging on all services.
- type: string
GlanceNotifierStrategy:
description: Strategy to use for Glance notification queue
type: string
conditions:
use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
glance_workers_unset: {equals : [{get_param: GlanceWorkers}, '']}
+ service_debug_unset: {equals : [{get_param: GlanceDebug}, '']}
resources:
glance::api::enable_v2_api: true
glance::api::authtoken::password: {get_param: GlancePassword}
glance::api::enable_proxy_headers_parsing: true
- glance::api::debug: {get_param: Debug}
+ glance::api::debug:
+ if:
+ - service_debug_unset
+ - {get_param: Debug }
+ - {get_param: GlanceDebug }
glance::policy::policies: {get_param: GlanceApiPolicies}
tripleo.glance_api.firewall_rules:
'112 glance_api':
description: The short name of the Gnocchi indexer backend to use.
type: string
MetricProcessingDelay:
- default: 60
+ default: 30
description: Delay between processing metrics.
type: number
GnocchiPassword:
type: string
default: ''
description: Set to True to enable debugging on all services.
+ GnocchiDebug:
+ default: ''
+ description: Set to True to enable debugging Gnocchi services.
+ type: string
+
+conditions:
+ service_debug_unset: {equals : [{get_param: GnocchiDebug}, '']}
outputs:
aux_parameters:
config_settings:
#Gnocchi engine
gnocchi_redis_password: {get_param: RedisPassword}
- gnocchi::debug: {get_param: Debug}
+ gnocchi::debug:
+ if:
+ - service_debug_unset
+ - {get_param: Debug }
+ - {get_param: GnocchiDebug }
gnocchi::db::database_connection:
make_url:
scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
query:
read_default_file: /etc/my.cnf.d/tripleo.cnf
read_default_group: tripleo
- gnocchi::db::sync::extra_opts: '--skip-storage'
+ gnocchi::db::sync::extra_opts: ''
gnocchi::storage::metric_processing_delay: {get_param: MetricProcessingDelay}
gnocchi::storage::swift::swift_user: 'service:gnocchi'
gnocchi::storage::swift::swift_auth_version: 3
type: string
description: Specifies the default CA cert to use if TLS is used for
services in the internal network.
+ InternalTLSCRLPEMFile:
+ default: '/etc/pki/CA/crl/overcloud-crl.pem'
+ type: string
+ description: Specifies the default CRL PEM file to use for revocation if
+ TLS is used for services in the internal network.
resources:
tripleo::haproxy::haproxy_stats_password: {get_param: HAProxyStatsPassword}
tripleo::haproxy::redis_password: {get_param: RedisPassword}
tripleo::haproxy::ca_bundle: {get_param: InternalTLSCAFile}
+ tripleo::haproxy::crl_file: {get_param: InternalTLSCRLPEMFile}
tripleo::profile::base::haproxy::certificates_specs:
map_merge:
- get_attr: [HAProxyPublicTLS, role_data, certificates_specs]
default: ''
description: Set to True to enable debugging on all services.
type: string
+ HeatDebug:
+ default: ''
+ description: Set to True to enable debugging Heat services.
+ type: string
RabbitPassword:
description: The password for RabbitMQ
type: string
description: Maximum raw byte size of the Heat API JSON request body.
type: number
+conditions:
+ service_debug_unset: {equals : [{get_param: HeatDebug}, '']}
+
outputs:
role_data:
description: Shared role data for the Heat services.
heat::rabbit_password: {get_param: RabbitPassword}
heat::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
heat::rabbit_port: {get_param: RabbitClientPort}
- heat::debug: {get_param: Debug}
+ heat::debug:
+ if:
+ - service_debug_unset
+ - {get_param: Debug }
+ - {get_param: HeatDebug }
heat::enable_proxy_headers_parsing: true
heat::rpc_response_timeout: 600
# We need this because the default heat policy.json no longer works on TripleO
default: ''
description: Set to True to enable debugging on all services.
type: string
+ HorizonDebug:
+ default: false
+ description: Set to True to enable debugging Horizon service.
+ type: string
DefaultPasswords:
default: {}
type: json
conditions:
- debug_empty: {equals : [{get_param: Debug}, '']}
+ debug_unset: {equals : [{get_param: Debug}, '']}
outputs:
role_data:
memcached_ipv6: {get_param: MemcachedIPv6}
-
if:
- - debug_empty
- - {}
- - horizon::django_debug: {get_param: Debug}
+ - debug_unset
+ - horizon::django_debug: { get_param: HorizonDebug }
+ - horizon::django_debug: { get_param: Debug }
step_config: |
include ::tripleo::profile::base::horizon
# Ansible tasks to handle upgrade
default: ''
description: Set to True to enable debugging on all services.
type: string
+ IronicDebug:
+ default: ''
+ description: Set to True to enable debugging Ironic services.
+ type: string
IronicPassword:
description: The password for the Ironic service and db account, used by the Ironic services
type: string
an SSL connection to the RabbitMQ host.
type: string
+conditions:
+ service_debug_unset: {equals : [{get_param: IronicDebug}, '']}
+
outputs:
role_data:
description: Role data for the Ironic role.
query:
read_default_file: /etc/my.cnf.d/tripleo.cnf
read_default_group: tripleo
- ironic::debug: {get_param: Debug}
+ ironic::debug:
+ if:
+ - service_debug_unset
+ - {get_param: Debug }
+ - {get_param: IronicDebug }
ironic::rabbit_userid: {get_param: RabbitUserName}
ironic::rabbit_password: {get_param: RabbitPassword}
ironic::rabbit_port: {get_param: RabbitClientPort}
ironic::my_ip: {get_param: [ServiceNetMap, IronicNetwork]}
ironic::pxe::common::http_port: {get_param: IronicIPXEPort}
# Credentials to access other services
+ ironic::cinder::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
+ ironic::cinder::username: 'ironic'
+ ironic::cinder::password: {get_param: IronicPassword}
+ ironic::cinder::project_name: 'service'
+ ironic::cinder::user_domain_name: 'Default'
+ ironic::cinder::project_domain_name: 'Default'
ironic::glance::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
ironic::glance::username: 'ironic'
ironic::glance::password: {get_param: IronicPassword}
Debug:
type: string
default: ''
+ KeystoneDebug:
+ default: ''
+ description: Set to True to enable debugging Keystone service.
+ type: string
AdminEmail:
default: 'admin@example.com'
description: The email for the keystone admin account.
conditions:
keystone_fernet_tokens: {equals: [{get_param: KeystoneTokenProvider}, "fernet"]}
keystone_ldap_domain_enabled: {equals: [{get_param: KeystoneLDAPDomainEnable}, True]}
+ service_debug_unset: {equals : [{get_param: KeystoneDebug}, '']}
outputs:
role_data:
'/etc/keystone/fernet-keys/1':
content: {get_param: KeystoneFernetKey1}
keystone::fernet_replace_keys: false
- keystone::debug: {get_param: Debug}
+ keystone::debug:
+ if:
+ - service_debug_unset
+ - {get_param: Debug }
+ - {get_param: KeystoneDebug }
keystone::rabbit_userid: {get_param: RabbitUserName}
keystone::rabbit_password: {get_param: RabbitPassword}
keystone::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
default: ''
description: Set to True to enable debugging on all services.
type: string
+ ManilaDebug:
+ default: ''
+ description: Set to True to enable debugging Manila services.
+ type: string
RabbitPassword:
description: The password for RabbitMQ
type: string
type: string
hidden: true
+conditions:
+ service_debug_unset: {equals : [{get_param: ManilaDebug}, '']}
+
outputs:
role_data:
description: Role data for the Manila Base service.
manila::rabbit_password: {get_param: RabbitPassword}
manila::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
manila::rabbit_port: {get_param: RabbitClientPort}
- manila::debug: {get_param: Debug}
+ manila::debug:
+ if:
+ - service_debug_unset
+ - {get_param: Debug }
+ - {get_param: ManilaDebug }
manila::db::database_db_max_retries: -1
manila::db::database_max_retries: -1
manila::sql_connection:
default: ''
description: Set to True to enable debugging on all services.
type: string
+ MistralDebug:
+ default: ''
+ description: Set to True to enable debugging Mistral services.
+ type: string
RabbitPassword:
description: The password for RabbitMQ
type: string
default: 'regionOne'
description: Keystone region for endpoint
+conditions:
+ service_debug_unset: {equals : [{get_param: MistralDebug}, '']}
+
outputs:
role_data:
description: Shared role data for the Mistral services.
mistral::rabbit_password: {get_param: RabbitPassword}
mistral::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
mistral::rabbit_port: {get_param: RabbitClientPort}
- mistral::debug: {get_param: Debug}
+ mistral::debug:
+ if:
+ - service_debug_unset
+ - {get_param: Debug }
+ - {get_param: MistralDebug }
mistral::keystone_password: {get_param: MistralPassword}
mistral::keystone_tenant: 'service'
mistral::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
type: string
default: ''
description: Set to True to enable debugging on all services.
+ NeutronDebug:
+ default: ''
+ description: Set to True to enable debugging Neutron services.
+ type: string
EnableConfigPurge:
type: boolean
default: false
conditions:
dhcp_agents_zero: {equals : [{get_param: NeutronDhcpAgentsPerNetwork}, 0]}
+ service_debug_unset: {equals : [{get_param: NeutronDebug}, '']}
outputs:
role_data:
neutron::rabbit_port: {get_param: RabbitClientPort}
neutron::core_plugin: {get_param: NeutronCorePlugin}
neutron::service_plugins: {get_param: NeutronServicePlugins}
- neutron::debug: {get_param: Debug}
+ neutron::debug:
+ if:
+ - service_debug_unset
+ - {get_param: Debug }
+ - {get_param: NeutronDebug }
neutron::purge_config: {get_param: EnableConfigPurge}
neutron::allow_overlapping_ips: true
neutron::dns_domain: {get_param: NeutronDnsDomain}
--- /dev/null
+heat_template_version: ocata
+
+description: >
+ OpenStack Neutron Linuxbridge agent configured with Puppet.
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ PhysicalInterfaceMapping:
+ description: List of <physical_network>:<physical_interface> tuples
+ mapping physical network names to agent's node-specific
+ physical network interfaces. Defaults to empty list.
+ type: comma_delimited_list
+ default: ''
+ NeutronLinuxbridgeFirewallDriver:
+ default: ''
+ description: Configure the classname of the firewall driver to use for
+ implementing security groups. Possible values depend on
+ system configuration. The default value of an empty string
+ will result in a default supported configuration.
+ type: string
+ NeutronEnableL2Pop:
+ type: string
+ description: Enable/disable the L2 population feature in the Neutron agents.
+ default: 'False'
+ NeutronTunnelTypes:
+ default: 'vxlan'
+ description: The tunnel types for the Neutron tenant network.
+ type: comma_delimited_list
+
+conditions:
+ no_firewall_driver: {equals : [{get_param: NeutronLinuxbridgeFirewallDriver}, '']}
+
+resources:
+
+ NeutronBase:
+ type: ./neutron-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Neutron Linuxbridge agent service.
+ value:
+ service_name: neutron_linuxbridge_agent
+ config_settings:
+ map_merge:
+ - get_attr: [NeutronBase, role_data, config_settings]
+ - neutron::agents::ml2::linuxbridge::physical_interface_mappings: {get_param: PhysicalInterfaceMapping}
+ neutron::agents::ml2::linuxbridge::l2_population: {get_param: NeutronEnableL2Pop}
+ neutron::agents::ml2::linuxbridge::tunnel_types: {get_param: NeutronTunnelTypes}
+ neutron::agents::ml2::linuxbridge::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
+ neutron::agents::dhcp::interface_driver: 'neutron.agent.linux.interface.BridgeInterfaceDriver'
+ neutron::agents::dhcp::dhcp_driver: 'neutron.agent.linux.dhcp.Dnsmasq'
+ -
+ if:
+ - no_firewall_driver
+ - {}
+ - neutron::agents::ml2::linuxbridge::firewall_driver: {get_param: NeutronLinuxbridgeFirewallDriver}
+ step_config: |
+ include ::tripleo::profile::base::neutron::linuxbridge
via parameter_defaults in the resource registry.
type: json
HostCpusList:
- default: "'0'"
+ default: "0"
description: List of cores to be used for host process
type: string
constraints:
- - allowed_pattern: "'[0-9,-]+'"
+ - allowed_pattern: "[0-9,-]+"
NeutronDpdkCoreList:
- default: "''"
+ default: ""
description: List of cores to be used for DPDK Poll Mode Driver
type: string
constraints:
- - allowed_pattern: "'[0-9,-]*'"
+ - allowed_pattern: "[0-9,-]*"
NeutronDpdkMemoryChannels:
default: ""
description: Number of memory channels to be used for DPDK
type: string
default: ''
description: Set to True to enable debugging on all services.
+ NovaDebug:
+ default: ''
+ description: Set to True to enable debugging Nova services.
+ type: string
EnableConfigPurge:
type: boolean
default: false
conditions:
compute_upgrade_level_empty: {equals : [{get_param: UpgradeLevelNovaCompute}, '']}
+ service_debug_unset: {equals : [{get_param: NovaDebug}, '']}
outputs:
role_data:
query:
read_default_file: /etc/my.cnf.d/tripleo.cnf
read_default_group: tripleo
- nova::debug: {get_param: Debug}
+ nova::debug:
+ if:
+ - service_debug_unset
+ - {get_param: Debug }
+ - {get_param: NovaDebug }
nova::purge_config: {get_param: EnableConfigPurge}
nova::network::neutron::neutron_project_name: 'service'
nova::network::neutron::neutron_username: 'neutron'
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
+ # Merging role-specific parameters (RoleParameters) with the default parameters.
+ # RoleParameters will have the precedence over the default parameters.
+ RoleParametersValue:
+ type: OS::Heat::Value
+ properties:
+ type: json
+ value:
+ map_replace:
+ - map_replace:
+ - nova::compute::vcpu_pin_set: NovaVcpuPinSet
+ nova::compute::reserved_host_memory: NovaReservedHostMemory
+ - values: {get_param: [RoleParameters]}
+ - values:
+ NovaVcpuPinSet: {get_param: NovaVcpuPinSet}
+ NovaReservedHostMemory: {get_param: NovaReservedHostMemory}
+
outputs:
role_data:
description: Role data for the Nova Compute service.
config_settings:
map_merge:
- get_attr: [NovaBase, role_data, config_settings]
+ - get_attr: [RoleParametersValue, value]
- nova::compute::libvirt::manage_libvirt_services: false
nova::compute::pci_passthrough:
str_replace:
template: "JSON_PARAM"
params:
- JSON_PARAM: {get_param: NovaPCIPassthrough}
- nova::compute::vcpu_pin_set: {get_param: NovaVcpuPinSet}
- nova::compute::reserved_host_memory: {get_param: NovaReservedHostMemory}
+ map_replace:
+ - map_replace:
+ - JSON_PARAM: NovaPCIPassthrough
+ - values: {get_param: [RoleParameters]}
+ - values:
+ NovaPCIPassthrough: {get_param: NovaPCIPassthrough}
# we manage migration in nova common puppet profile
nova::compute::libvirt::migration_support: false
tripleo::profile::base::nova::manage_migration: true
type: string
default: ''
description: Set to True to enable debugging on all services.
+ OctaviaDebug:
+ default: ''
+ description: Set to True to enable debugging Octavia services.
+ type: string
EnableConfigPurge:
type: boolean
default: false
description: Set rabbit subscriber port, change this if using SSL
type: number
+conditions:
+ service_debug_unset: {equals : [{get_param: OctaviaDebug}, '']}
+
outputs:
role_data:
description: Base role data for Octavia services
value:
service_name: octavia_base
config_settings:
- octavia::debug: {get_param: Debug}
+ octavia::debug:
+ if:
+ - service_debug_unset
+ - {get_param: Debug }
+ - {get_param: OctaviaDebug }
octavia::purge_config: {get_param: EnableConfigPurge}
octavia::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
octavia::rabbit_userid: {get_param: RabbitUserName}
MonitoringSubscriptionPacemakerRemote:
default: 'overcloud-pacemaker_remote'
type: string
+ EnableFencing:
+ default: false
+ description: Whether to enable fencing in Pacemaker or not.
+ type: boolean
+ FencingConfig:
+ default: {}
+ description: |
+ Pacemaker fencing configuration. The JSON should have
+ the following structure:
+ {
+ "devices": [
+ {
+ "agent": "AGENT_NAME",
+ "host_mac": "HOST_MAC_ADDRESS",
+ "params": {"PARAM_NAME": "PARAM_VALUE"}
+ }
+ ]
+ }
+ For instance:
+ {
+ "devices": [
+ {
+ "agent": "fence_xvm",
+ "host_mac": "52:54:00:aa:bb:cc",
+ "params": {
+ "multicast_address": "225.0.0.12",
+ "port": "baremetal_0",
+ "manage_fw": true,
+ "manage_key_file": true,
+ "key_file": "/etc/fence_xvm.key",
+ "key_file_password": "abcdef"
+ }
+ }
+ ]
+ }
+ type: json
PacemakerRemoteLoggingSource:
type: json
default:
proto: 'tcp'
dport:
- 3121
+ tripleo::fencing::config: {get_param: FencingConfig}
+ enable_fencing: {get_param: EnableFencing}
tripleo::profile::base::pacemaker_remote::remote_authkey: {get_param: PacemakerRemoteAuthkey}
step_config: |
include ::tripleo::profile::base::pacemaker_remote
default: ''
description: Set to True to enable debugging on all services.
type: string
+ PankoDebug:
+ default: ''
+ description: Set to True to enable debugging Panko services.
+ type: string
KeystoneRegion:
type: string
default: 'regionOne'
description: Keystone region for endpoint
+conditions:
+ service_debug_unset: {equals : [{get_param: PankoDebug}, '']}
+
outputs:
role_data:
description: Role data for the Panko role.
query:
read_default_file: /etc/my.cnf.d/tripleo.cnf
read_default_group: tripleo
- panko::debug: {get_param: Debug}
+ panko::debug:
+ if:
+ - service_debug_unset
+ - {get_param: Debug }
+ - {get_param: PankoDebug }
panko::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
panko::keystone::authtoken::project_name: 'service'
panko::keystone::authtoken::user_domain_name: 'Default'
type: string
default: ''
description: Set to True to enable debugging on all services.
+ SaharaDebug:
+ default: ''
+ description: Set to True to enable debugging Sahara services.
+ type: string
SaharaPlugins:
default: ["ambari","cdh","mapr","vanilla","spark","storm"]
description: Sahara enabled plugin list
type: comma_delimited_list
+conditions:
+ service_debug_unset: {equals : [{get_param: SaharaDebug}, '']}
+
outputs:
role_data:
description: Role data for the Sahara base service.
sahara::rabbit_user: {get_param: RabbitUserName}
sahara::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
sahara::rabbit_port: {get_param: RabbitClientPort}
- sahara::debug: {get_param: Debug}
+ sahara::debug:
+ if:
+ - service_debug_unset
+ - {get_param: Debug }
+ - {get_param: SaharaDebug }
# Remove admin_password when https://review.openstack.org/442619 is merged.
sahara::admin_password: {get_param: SaharaPassword}
sahara::use_neutron: true
Debug:
type: string
default: ''
+ TackerDebug:
+ default: ''
+ description: Set to True to enable debugging Tacker service.
+ type: string
KeystoneRegion:
type: string
default: 'regionOne'
default: {}
type: json
+conditions:
+ service_debug_unset: {equals : [{get_param: TackerDebug}, '']}
+
outputs:
role_data:
description: Role data for the Tacker role.
read_default_file: /etc/my.cnf.d/tripleo.cnf
read_default_group: tripleo
- tacker::debug: {get_param: Debug}
+ tacker::debug:
+ if:
+ - service_debug_unset
+ - {get_param: Debug }
+ - {get_param: TackerDebug }
tacker::rpc_backend: rabbit
tacker::rabbit_userid: {get_param: RabbitUserName}
tacker::rabbit_password: {get_param: RabbitPassword}
default: ''
description: Set to True to enable debugging on all services.
type: string
+ ZaqarDebug:
+ default: ''
+ description: Set to True to enable debugging Zaqar service.
+ type: string
ZaqarPassword:
description: The password for Zaqar
type: string
conditions:
zaqar_workers_zero: {equals : [{get_param: ZaqarWorkers}, 0]}
+ service_debug_unset: {equals : [{get_param: ZaqarDebug}, '']}
resources:
zaqar::keystone::authtoken::project_name: 'service'
zaqar::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
zaqar::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
- zaqar::debug: {get_param: Debug}
+ zaqar::debug:
+ if:
+ - service_debug_unset
+ - {get_param: Debug }
+ - {get_param: ZaqarDebug }
zaqar::server::service_name: 'httpd'
zaqar::transport::websocket::bind: {get_param: [EndpointMap, ZaqarInternal, host]}
zaqar::wsgi::apache::ssl: false
--- /dev/null
+---
+features:
+ - |
+ Allow to configure debug per service.
+ The feature is backward compatible with existing Debug parameter.
+ Adding a new parameter per service, e.g. GlanceDebug. Set to False,
+ it will disable debug for the service, even if Debug is set to True.
+ If Debug is set to False but GlanceDebug is set to True, Glance debug
+ will be enabled.
--- /dev/null
+---
+features:
+ - Added a custom plan-environment file for providing workflow specific
+ inputs for the derived parameters workflow.
--- /dev/null
+---
+features:
+ - |
+ A set of example roles has been created in the roles folder in
+ tripleo-heat-templates. Management of services for roles should occur
+ in these role files rather than in roles_data.yaml.
--- /dev/null
+---
+upgrade:
+ - Ceilometer expirer is deprecated in pike. During upgrade, the crontab thats
+ configured with ceilometer user will be removed to ensure the expirer
+ script is not running.
--- /dev/null
+---
+features:
+ - Added the ability to blacklist servers by name from being
+ associated with any Heat triggered SoftwareDeployment
+ resources. The servers are specified in the new
+ DeploymentServerBlacklist parameter.
--- /dev/null
+---
+fixes:
+ - Update the default metric processing delay to 30. This will help reduce
+ the metric backlog and wont load up the storage backend.
--- /dev/null
+---
+issues:
+ - Modify ``NeutronVhostuserSocketDir`` to a seprate directory in the DPDK
+ environment file. A different set of permission is required for creating
+ vhost sockets when the vhost type is dpdkvhostuserclient (which is default
+ from ocata).
# built documents.
#
# The full version, including alpha/beta/rc tags.
-release = '7.0.0.0b1'
+release = '7.0.0.0b2'
# The short X.Y version.
version = '7.0.0'
--- /dev/null
+###############################################################################
+# Role: BlockStorage #
+###############################################################################
+- name: BlockStorage
+ description: |
+ Cinder Block Storage node role
+ ServicesDefault:
+ - OS::TripleO::Services::AuditD
+ - OS::TripleO::Services::BlockStorageCinderVolume
+ - OS::TripleO::Services::CACerts
+ - OS::TripleO::Services::CertmongerUser
+ - OS::TripleO::Services::Collectd
+ - OS::TripleO::Services::Docker
+ - OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::MySQLClient
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::Securetty
+ - OS::TripleO::Services::SensuClient
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Sshd
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::TripleoPackages
--- /dev/null
+###############################################################################
+# Role: CephStorage #
+###############################################################################
+- name: CephStorage
+ description: |
+ Ceph OSD Storage node role
+ ServicesDefault:
+ - OS::TripleO::Services::AuditD
+ - OS::TripleO::Services::CACerts
+ - OS::TripleO::Services::CephOSD
+ - OS::TripleO::Services::CertmongerUser
+ - OS::TripleO::Services::Collectd
+ - OS::TripleO::Services::Docker
+ - OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::MySQLClient
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::Securetty
+ - OS::TripleO::Services::SensuClient
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Sshd
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::TripleoPackages
--- /dev/null
+###############################################################################
+# Role: Compute #
+###############################################################################
+- name: Compute
+ description: |
+ Basic Compute Node role
+ CountDefault: 1
+ HostnameFormatDefault: '%stackname%-novacompute-%index%'
+ disable_upgrade_deployment: True
+ ServicesDefault:
+ - OS::TripleO::Services::AuditD
+ - OS::TripleO::Services::CACerts
+ - OS::TripleO::Services::CephClient
+ - OS::TripleO::Services::CephExternal
+ - OS::TripleO::Services::CertmongerUser
+ - OS::TripleO::Services::Collectd
+ - OS::TripleO::Services::ComputeCeilometerAgent
+ - OS::TripleO::Services::ComputeNeutronCorePlugin
+ - OS::TripleO::Services::ComputeNeutronL3Agent
+ - OS::TripleO::Services::ComputeNeutronMetadataAgent
+ - OS::TripleO::Services::ComputeNeutronOvsAgent
+ - OS::TripleO::Services::Docker
+ - OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::MySQLClient
+ - OS::TripleO::Services::NeutronLinuxbridgeAgent
+ - OS::TripleO::Services::NeutronSriovAgent
+ - OS::TripleO::Services::NeutronVppAgent
+ - OS::TripleO::Services::NovaCompute
+ - OS::TripleO::Services::NovaLibvirt
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::OpenDaylightOvs
+ - OS::TripleO::Services::Securetty
+ - OS::TripleO::Services::SensuClient
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Sshd
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::Vpp
--- /dev/null
+###############################################################################
+# Role: Controller #
+###############################################################################
+- name: Controller
+ description: |
+ Controller role that has all the controler services loaded and handles
+ Database, Messaging and Network functions.
+ CountDefault: 1
+ tags:
+ - primary
+ - controller
+ HostnameFormatDefault: '%stackname%-controller-%index%'
+ ServicesDefault:
+ - OS::TripleO::Services::AodhApi
+ - OS::TripleO::Services::AodhEvaluator
+ - OS::TripleO::Services::AodhListener
+ - OS::TripleO::Services::AodhNotifier
+ - OS::TripleO::Services::AuditD
+ - OS::TripleO::Services::BarbicanApi
+ - OS::TripleO::Services::CACerts
+ - OS::TripleO::Services::CeilometerAgentCentral
+ - OS::TripleO::Services::CeilometerAgentNotification
+ # FIXME: This service was disabled in Pike and this entry should be removed
+ # in Queens.
+ - OS::TripleO::Services::CeilometerExpirer
+ - OS::TripleO::Services::CephExternal
+ - OS::TripleO::Services::CephMds
+ - OS::TripleO::Services::CephMon
+ - OS::TripleO::Services::CephRbdMirror
+ - OS::TripleO::Services::CephRgw
+ - OS::TripleO::Services::CertmongerUser
+ - OS::TripleO::Services::CinderApi
+ - OS::TripleO::Services::CinderBackendDellPs
+ - OS::TripleO::Services::CinderBackendDellSc
+ - OS::TripleO::Services::CinderBackendNetApp
+ - OS::TripleO::Services::CinderBackendScaleIO
+ - OS::TripleO::Services::CinderBackup
+ - OS::TripleO::Services::CinderHPELeftHandISCSI
+ - OS::TripleO::Services::CinderScheduler
+ - OS::TripleO::Services::CinderVolume
+ - OS::TripleO::Services::Collectd
+ - OS::TripleO::Services::Congress
+ - OS::TripleO::Services::Docker
+ - OS::TripleO::Services::Ec2Api
+ - OS::TripleO::Services::Etcd
+ - OS::TripleO::Services::ExternalSwiftProxy
+ - OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::GlanceApi
+ - OS::TripleO::Services::GnocchiApi
+ - OS::TripleO::Services::GnocchiMetricd
+ - OS::TripleO::Services::GnocchiStatsd
+ - OS::TripleO::Services::HAproxy
+ - OS::TripleO::Services::HeatApi
+ - OS::TripleO::Services::HeatApiCfn
+ - OS::TripleO::Services::HeatApiCloudwatch
+ - OS::TripleO::Services::HeatEngine
+ - OS::TripleO::Services::Horizon
+ - OS::TripleO::Services::IronicApi
+ - OS::TripleO::Services::IronicConductor
+ - OS::TripleO::Services::Keepalived
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::Keystone
+ - OS::TripleO::Services::ManilaApi
+ - OS::TripleO::Services::ManilaBackendCephFs
+ - OS::TripleO::Services::ManilaBackendGeneric
+ - OS::TripleO::Services::ManilaBackendNetapp
+ - OS::TripleO::Services::ManilaScheduler
+ - OS::TripleO::Services::ManilaShare
+ - OS::TripleO::Services::Memcached
+ - OS::TripleO::Services::MongoDb
+ - OS::TripleO::Services::MySQL
+ - OS::TripleO::Services::MySQLClient
+ - OS::TripleO::Services::NeutronApi
+ - OS::TripleO::Services::NeutronBgpVpnApi
+ - OS::TripleO::Services::NeutronCorePlugin
+ - OS::TripleO::Services::NeutronDhcpAgent
+ - OS::TripleO::Services::NeutronL2gwAgent
+ - OS::TripleO::Services::NeutronL2gwApi
+ - OS::TripleO::Services::NeutronL3Agent
+ - OS::TripleO::Services::NeutronLinuxbridgeAgent
+ - OS::TripleO::Services::NeutronMetadataAgent
+ - OS::TripleO::Services::NeutronML2FujitsuCfab
+ - OS::TripleO::Services::NeutronML2FujitsuFossw
+ - OS::TripleO::Services::NeutronOvsAgent
+ - OS::TripleO::Services::NeutronVppAgent
+ - OS::TripleO::Services::NovaApi
+ - OS::TripleO::Services::NovaConductor
+ - OS::TripleO::Services::NovaConsoleauth
+ - OS::TripleO::Services::NovaIronic
+ - OS::TripleO::Services::NovaMetadata
+ - OS::TripleO::Services::NovaPlacement
+ - OS::TripleO::Services::NovaScheduler
+ - OS::TripleO::Services::NovaVncProxy
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::OctaviaApi
+ - OS::TripleO::Services::OctaviaHealthManager
+ - OS::TripleO::Services::OctaviaHousekeeping
+ - OS::TripleO::Services::OctaviaWorker
+ - OS::TripleO::Services::OpenDaylightApi
+ - OS::TripleO::Services::OpenDaylightOvs
+ - OS::TripleO::Services::OVNDBs
+ - OS::TripleO::Services::Pacemaker
+ - OS::TripleO::Services::PankoApi
+ - OS::TripleO::Services::RabbitMQ
+ - OS::TripleO::Services::Redis
+ - OS::TripleO::Services::SaharaApi
+ - OS::TripleO::Services::SaharaEngine
+ - OS::TripleO::Services::Securetty
+ - OS::TripleO::Services::SensuClient
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Sshd
+ - OS::TripleO::Services::SwiftProxy
+ - OS::TripleO::Services::SwiftRingBuilder
+ - OS::TripleO::Services::SwiftStorage
+ - OS::TripleO::Services::Tacker
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::Vpp
+ - OS::TripleO::Services::Zaqar
--- /dev/null
+###############################################################################
+# Role: ControllerOpenstack #
+###############################################################################
+- name: ControllerOpenstack
+ description: |
+ Controller role that does not contain the database, messaging and networking
+ components. Use in combination with the Database, Messaging and Networker
+ roles.
+ tags:
+ - primary
+ - controller
+ HostnameFormatDefault: '%stackname%-controller-%index%'
+ ServicesDefault:
+ - OS::TripleO::Services::AodhApi
+ - OS::TripleO::Services::AodhEvaluator
+ - OS::TripleO::Services::AodhListener
+ - OS::TripleO::Services::AodhNotifier
+ - OS::TripleO::Services::AuditD
+ - OS::TripleO::Services::BarbicanApi
+ - OS::TripleO::Services::CACerts
+ - OS::TripleO::Services::CeilometerAgentCentral
+ - OS::TripleO::Services::CeilometerAgentNotification
+ - OS::TripleO::Services::CeilometerApi
+ - OS::TripleO::Services::CeilometerExpirer
+ - OS::TripleO::Services::CephExternal
+ - OS::TripleO::Services::CephMds
+ - OS::TripleO::Services::CephMon
+ - OS::TripleO::Services::CephRbdMirror
+ - OS::TripleO::Services::CephRgw
+ - OS::TripleO::Services::CinderApi
+ - OS::TripleO::Services::CinderBackup
+ - OS::TripleO::Services::CinderHPELeftHandISCSI
+ - OS::TripleO::Services::CinderScheduler
+ - OS::TripleO::Services::CinderVolume
+ - OS::TripleO::Services::Collectd
+ - OS::TripleO::Services::Congress
+ - OS::TripleO::Services::Docker
+ - OS::TripleO::Services::Ec2Api
+ - OS::TripleO::Services::Etcd
+ - OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::GlanceApi
+ - OS::TripleO::Services::GnocchiApi
+ - OS::TripleO::Services::GnocchiMetricd
+ - OS::TripleO::Services::GnocchiStatsd
+ - OS::TripleO::Services::HAproxy
+ - OS::TripleO::Services::HeatApi
+ - OS::TripleO::Services::HeatApiCfn
+ - OS::TripleO::Services::HeatApiCloudwatch
+ - OS::TripleO::Services::HeatEngine
+ - OS::TripleO::Services::Horizon
+ - OS::TripleO::Services::IronicApi
+ - OS::TripleO::Services::IronicConductor
+ - OS::TripleO::Services::Keepalived
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::Keystone
+ - OS::TripleO::Services::ManilaApi
+ - OS::TripleO::Services::ManilaBackendCephFs
+ - OS::TripleO::Services::ManilaBackendGeneric
+ - OS::TripleO::Services::ManilaBackendNetapp
+ - OS::TripleO::Services::ManilaScheduler
+ - OS::TripleO::Services::ManilaShare
+ - OS::TripleO::Services::Memcached
+ - OS::TripleO::Services::MongoDb
+ - OS::TripleO::Services::MySQLClient
+ - OS::TripleO::Services::NovaApi
+ - OS::TripleO::Services::NovaConductor
+ - OS::TripleO::Services::NovaConsoleauth
+ - OS::TripleO::Services::NovaIronic
+ - OS::TripleO::Services::NovaMetadata
+ - OS::TripleO::Services::NovaPlacement
+ - OS::TripleO::Services::NovaScheduler
+ - OS::TripleO::Services::NovaVncProxy
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::OctaviaApi
+ - OS::TripleO::Services::OctaviaHealthManager
+ - OS::TripleO::Services::OctaviaHousekeeping
+ - OS::TripleO::Services::OctaviaWorker
+ - OS::TripleO::Services::OpenDaylightApi
+ - OS::TripleO::Services::OpenDaylightOvs
+ - OS::TripleO::Services::OVNDBs
+ - OS::TripleO::Services::Pacemaker
+ - OS::TripleO::Services::PankoApi
+ - OS::TripleO::Services::Redis
+ - OS::TripleO::Services::SaharaApi
+ - OS::TripleO::Services::SaharaEngine
+ - OS::TripleO::Services::SensuClient
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Sshd
+ - OS::TripleO::Services::SwiftProxy
+ - OS::TripleO::Services::SwiftRingBuilder
+ - OS::TripleO::Services::SwiftStorage
+ - OS::TripleO::Services::Tacker
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::Vpp
+ - OS::TripleO::Services::Zaqar
+
--- /dev/null
+###############################################################################
+# Role: Database #
+###############################################################################
+- name: Database
+ description: |
+ Standalone database role with the database being managed via Pacemaker
+ HostnameFormatDefault: '%stackname%-database-%index%'
+ ServicesDefault:
+ - OS::TripleO::Services::AuditD
+ - OS::TripleO::Services::CACerts
+ - OS::TripleO::Services::Collectd
+ - OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::MySQL
+ - OS::TripleO::Services::MySQLClient
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::Pacemaker
+ - OS::TripleO::Services::SensuClient
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::TripleoPackages
+
--- /dev/null
+###############################################################################
+# Role: Messaging #
+###############################################################################
+- name: Messaging
+ description: |
+ Standalone messaging role with RabbitMQ being managed via Pacemaker
+ HostnameFormatDefault: '%stackname%-messaging-%index%'
+ ServicesDefault:
+ - OS::TripleO::Services::AuditD
+ - OS::TripleO::Services::CACerts
+ - OS::TripleO::Services::Collectd
+ - OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::Pacemaker
+ - OS::TripleO::Services::RabbitMQ
+ - OS::TripleO::Services::SensuClient
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::TripleoPackages
+
--- /dev/null
+###############################################################################
+# Role: Networker #
+###############################################################################
+- name: Networker
+ description: |
+ Standalone networking role to run Neutron services their own. Includes
+ Pacemaker integration via PacemakerRemote
+ HostnameFormatDefault: '%stackname%-networker-%index%'
+ ServicesDefault:
+ - OS::TripleO::Services::AuditD
+ - OS::TripleO::Services::CACerts
+ - OS::TripleO::Services::Collectd
+ - OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::MySQLClient
+ - OS::TripleO::Services::NeutronApi
+ - OS::TripleO::Services::NeutronBgpvpnApi
+ - OS::TripleO::Services::NeutronCorePlugin
+ - OS::TripleO::Services::NeutronDhcpAgent
+ - OS::TripleO::Services::NeutronL2gwAgent
+ - OS::TripleO::Services::NeutronL2gwApi
+ - OS::TripleO::Services::NeutronL3Agent
+ - OS::TripleO::Services::NeutronMetadataAgent
+ - OS::TripleO::Services::NeutronML2FujitsuCfab
+ - OS::TripleO::Services::NeutronML2FujitsuFossw
+ - OS::TripleO::Services::NeutronOvsAgent
+ - OS::TripleO::Services::NeutronVppAgent
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::OpenDaylightOvs
+ - OS::TripleO::Services::PacemakerRemote
+ - OS::TripleO::Services::SensuClient
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::TripleoPackages
+
--- /dev/null
+###############################################################################
+# Role: ObjectStorage #
+###############################################################################
+- name: ObjectStorage
+ description: |
+ Swift Object Storage node role
+ disable_upgrade_deployment: True
+ ServicesDefault:
+ - OS::TripleO::Services::AuditD
+ - OS::TripleO::Services::CACerts
+ - OS::TripleO::Services::CertmongerUser
+ - OS::TripleO::Services::Collectd
+ - OS::TripleO::Services::Docker
+ - OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::MySQLClient
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::Securetty
+ - OS::TripleO::Services::SensuClient
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Sshd
+ - OS::TripleO::Services::SwiftRingBuilder
+ - OS::TripleO::Services::SwiftStorage
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::TripleoPackages
--- /dev/null
+Roles
+=====
+
+The yaml files in this directory can be combined into a single roles_data.yaml
+and be used with TripleO to create custom deployments.
+
+Use tripleoclient to build your own custom roles_data.yaml for your
+environment.
+
+roles_data.yaml
+---------------
+
+The roles_data.yaml specifies which roles (groups of nodes) will be deployed.
+Note this file is used as an input the the various \*.j2.yaml jinja2 templates,
+so that they are converted into \*.yaml during the plan creation. This occurs
+via a mistral action/workflow. The file format of this file is a yaml list.
+
+Role YAML files
+===============
+
+Each role yaml file should contain only a single role. The filename should
+match the role name. The name of the role is mandatory and must be unique.
+
+The role files in this folder should contain at least a role name and the
+default list of services for the role.
+
+Role Options
+------------
+
+* CountDefault: (number) optional, default number of nodes, defaults to 0
+ sets the default for the {{role.name}}Count parameter in overcloud.yaml
+
+* HostnameFormatDefault: (string) optional default format string for hostname
+ defaults to '%stackname%-{{role.name.lower()}}-%index%'
+ sets the default for {{role.name}}HostnameFormat parameter in overcloud.yaml
+
+* disable_constraints: (boolean) optional, whether to disable Nova and Glance
+ constraints for each role specified in the templates.
+
+* disable_upgrade_deployment: (boolean) optional, whether to run the
+ ansible upgrade steps for all services that are deployed on the role. If set
+ to True, the operator will drive the upgrade for this role's nodes.
+
+* upgrade_batch_size: (number): batch size for upgrades where tasks are
+ specified by services to run in batches vs all nodes at once.
+ This defaults to 1, but larger batches may be specified here.
+
+* ServicesDefault: (list) optional default list of services to be deployed
+ on the role, defaults to an empty list. Sets the default for the
+ {{role.name}}Services parameter in overcloud.yaml
+
+* tags: (list) list of tags used by other parts of the deployment process to
+ find the role for a specific type of functionality. Currently a role
+ with both 'primary' and 'controller' is used as the primary role for the
+ deployment process. If no roles have have 'primary' and 'controller', the
+ first role in this file is used as the primary role.
+
+* description: (string) as few sentences describing the role and information
+ pertaining to the usage of the role.
+
+Working with Roles
+==================
+The tripleoclient provides a series of commands that can be used to view
+roles and generate a roles_data.yaml file for deployment.
+
+Listing Available Roles
+-----------------------
+The ``openstack overcloud role list`` command can be used to view the list
+of roles provided by tripleo-heat-templates.
+
+Usage
+^^^^^
+.. code-block::
+
+ usage: openstack overcloud role list [-h] [--roles-path <roles directory>]
+
+ List availables roles
+
+ optional arguments:
+ -h, --help show this help message and exit
+ --roles-path <roles directory>
+ Filesystem path containing the role yaml files. By
+ default this is /usr/share/openstack-tripleo-heat-
+ templates/roles
+
+Example
+^^^^^^^
+.. code-block::
+
+ [user@host ~]$ openstack overcloud role list
+ BlockStorage
+ CephStorage
+ Compute
+ Controller
+ ControllerOpenstack
+ Database
+ Messaging
+ Networker
+ ObjectStorage
+ Telemetry
+ Undercloud
+
+Viewing Role Details
+--------------------
+The ``openstack overcloud role show`` command can be used as a quick way to
+view some of the information about a role.
+
+Usage
+^^^^^
+.. code-block::
+
+ usage: openstack overcloud role show [-h] [--roles-path <roles directory>]
+ <role>
+
+ Show information about a given role
+
+ positional arguments:
+ <role> Role to display more information about.
+
+ optional arguments:
+ -h, --help show this help message and exit
+ --roles-path <roles directory>
+ Filesystem path containing the role yaml files. By
+ default this is /usr/share/openstack-tripleo-heat-
+ templates/roles
+
+Example
+^^^^^^^
+.. code-block::
+
+ [user@host ~]$ openstack overcloud role show Compute
+ ###############################################################################
+ # Role Data for 'Compute'
+ ###############################################################################
+ HostnameFormatDefault: '%stackname%-novacompute-%index%'
+ ServicesDefault:
+ * OS::TripleO::Services::AuditD
+ * OS::TripleO::Services::CACerts
+ * OS::TripleO::Services::CephClient
+ * OS::TripleO::Services::CephExternal
+ * OS::TripleO::Services::CertmongerUser
+ * OS::TripleO::Services::Collectd
+ * OS::TripleO::Services::ComputeCeilometerAgent
+ * OS::TripleO::Services::ComputeNeutronCorePlugin
+ * OS::TripleO::Services::ComputeNeutronL3Agent
+ * OS::TripleO::Services::ComputeNeutronMetadataAgent
+ * OS::TripleO::Services::ComputeNeutronOvsAgent
+ * OS::TripleO::Services::Docker
+ * OS::TripleO::Services::FluentdClient
+ * OS::TripleO::Services::Kernel
+ * OS::TripleO::Services::MySQLClient
+ * OS::TripleO::Services::NeutronSriovAgent
+ * OS::TripleO::Services::NeutronVppAgent
+ * OS::TripleO::Services::NovaCompute
+ * OS::TripleO::Services::NovaLibvirt
+ * OS::TripleO::Services::Ntp
+ * OS::TripleO::Services::OpenDaylightOvs
+ * OS::TripleO::Services::Securetty
+ * OS::TripleO::Services::SensuClient
+ * OS::TripleO::Services::Snmp
+ * OS::TripleO::Services::Sshd
+ * OS::TripleO::Services::Timezone
+ * OS::TripleO::Services::TripleoFirewall
+ * OS::TripleO::Services::TripleoPackages
+ * OS::TripleO::Services::Vpp
+ name: 'Compute'
+
+Generate roles_data.yaml
+------------------------
+The ``openstack overcloud roles generate`` command can be used to generate
+a roles_data.yaml file for deployments.
+
+Usage
+^^^^^
+.. code-block::
+
+ usage: openstack overcloud roles generate [-h]
+ [--roles-path <roles directory>]
+ [-o <output file>]
+ <role> [<role> ...]
+
+ Generate roles_data.yaml file
+
+ positional arguments:
+ <role> List of roles to use to generate the roles_data.yaml
+ file for the deployment. NOTE: Ordering is important
+ if no role has the "primary" and "controller" tags. If
+ no role is tagged then the first role listed will be
+ considered the primary role. This usually is the
+ controller role.
+
+ optional arguments:
+ -h, --help show this help message and exit
+ --roles-path <roles directory>
+ Filesystem path containing the role yaml files. By
+ default this is /usr/share/openstack-tripleo-heat-
+ templates/roles
+ -o <output file>, --output-file <output file>
+ File to capture all output to. For example,
+ roles_data.yaml
+
+Example
+^^^^^^^
+.. code-block::
+
+ [user@host ~]$ openstack overcloud roles generate -o roles_data.yaml Controller Compute BlockStorage ObjectStorage CephStorage
--- /dev/null
+###############################################################################
+# Role: Telemetry #
+###############################################################################
+- name: Telemetry
+ description: |
+ Telemetry role that has all the telemetry services.
+ HostnameFormatDefault: '%stackname%-telemetry-%index%'
+ ServicesDefault:
+ - OS::TripleO::Services::AodhApi
+ - OS::TripleO::Services::AodhEvaluator
+ - OS::TripleO::Services::AodhListener
+ - OS::TripleO::Services::AodhNotifier
+ - OS::TripleO::Services::CeilometerAgentCentral
+ - OS::TripleO::Services::CeilometerAgentNotification
+ - OS::TripleO::Services::CeilometerApi
+ - OS::TripleO::Services::CeilometerExpirer
+ - OS::TripleO::Services::GnocchiApi
+ - OS::TripleO::Services::GnocchiMetricd
+ - OS::TripleO::Services::GnocchiStatsd
+ - OS::TripleO::Services::Keystone
+ - OS::TripleO::Services::MongoDb
+ - OS::TripleO::Services::MySQL
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::PankoApi
+ - OS::TripleO::Services::RabbitMQ
+ - OS::TripleO::Services::Redis
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::TripleoPackages
+
--- /dev/null
+###############################################################################
+# Role: Undercloud #
+###############################################################################
+- name: Undercloud
+ description: |
+ EXPERIMENTAL. A role to deploy the undercloud via heat using the 'openstack
+ undercloud deploy' command.
+ CountDefault: 1
+ disable_constraints: True
+ tags:
+ - primary
+ - controller
+ ServicesDefault:
+ - OS::TripleO::Services::Apache
+ - OS::TripleO::Services::GlanceApi
+ - OS::TripleO::Services::HeatApi
+ - OS::TripleO::Services::HeatApiCfn
+ - OS::TripleO::Services::HeatEngine
+ - OS::TripleO::Services::IronicApi
+ - OS::TripleO::Services::IronicConductor
+ - OS::TripleO::Services::IronicPxe
+ - OS::TripleO::Services::Keystone
+ - OS::TripleO::Services::Memcached
+ - OS::TripleO::Services::MistralApi
+ - OS::TripleO::Services::MistralEngine
+ - OS::TripleO::Services::MistralExecutor
+ - OS::TripleO::Services::MongoDb
+ - OS::TripleO::Services::MySQL
+ - OS::TripleO::Services::NeutronApi
+ - OS::TripleO::Services::NeutronCorePlugin
+ - OS::TripleO::Services::NeutronDhcpAgent
+ - OS::TripleO::Services::NeutronOvsAgent
+ - OS::TripleO::Services::NeutronServer
+ - OS::TripleO::Services::NovaApi
+ - OS::TripleO::Services::NovaConductor
+ - OS::TripleO::Services::NovaIronic
+ - OS::TripleO::Services::NovaMetadata
+ - OS::TripleO::Services::NovaPlacement
+ - OS::TripleO::Services::NovaScheduler
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::RabbitMQ
+ - OS::TripleO::Services::SwiftProxy
+ - OS::TripleO::Services::SwiftRingBuilder
+ - OS::TripleO::Services::SwiftStorage
+ - OS::TripleO::Services::UndercloudAodhApi
+ - OS::TripleO::Services::UndercloudAodhEvaluator
+ - OS::TripleO::Services::UndercloudAodhListener
+ - OS::TripleO::Services::UndercloudAodhNotifier
+ - OS::TripleO::Services::UndercloudCeilometerAgentCentral
+ - OS::TripleO::Services::UndercloudCeilometerAgentNotification
+ - OS::TripleO::Services::UndercloudGnocchiApi
+ - OS::TripleO::Services::UndercloudGnocchiMetricd
+ - OS::TripleO::Services::UndercloudGnocchiStatsd
+ - OS::TripleO::Services::UndercloudPankoApi
+ - OS::TripleO::Services::Zaqar
-# Specifies which roles (groups of nodes) will be deployed
-# Note this is used as an input to the various *.j2.yaml
-# jinja2 templates, so that they are converted into *.yaml
-# during the plan creation (via a mistral action/workflow).
-#
-# The format is a list, with the following format:
-#
-# * name: (string) mandatory, name of the role, must be unique
-#
-# CountDefault: (number) optional, default number of nodes, defaults to 0
-# sets the default for the {{role.name}}Count parameter in overcloud.yaml
-#
-# HostnameFormatDefault: (string) optional default format string for hostname
-# defaults to '%stackname%-{{role.name.lower()}}-%index%'
-# sets the default for {{role.name}}HostnameFormat parameter in overcloud.yaml
-#
-# disable_constraints: (boolean) optional, whether to disable Nova and Glance
-# constraints for each role specified in the templates.
-#
-# disable_upgrade_deployment: (boolean) optional, whether to run the
-# ansible upgrade steps for all services that are deployed on the role. If set
-# to True, the operator will drive the upgrade for this role's nodes.
-#
-# upgrade_batch_size: (number): batch size for upgrades where tasks are
-# specified by services to run in batches vs all nodes at once.
-# This defaults to 1, but larger batches may be specified here.
-#
-# ServicesDefault: (list) optional default list of services to be deployed
-# on the role, defaults to an empty list. Sets the default for the
-# {{role.name}}Services parameter in overcloud.yaml
-#
-# tags: (list) list of tags used by other parts of the deployment process to
-# find the role for a specific type of functionality. Currently a role
-# with both 'primary' and 'controller' is used as the primary role for the
-# deployment process. If no roles have have 'primary' and 'controller', the
-# first role in this file is used as the primary role.
-#
+###############################################################################
+# File generated by tripleoclient
+###############################################################################
+###############################################################################
+# Role: Controller #
+###############################################################################
- name: Controller
+ description: |
+ Controller role that has all the controler services loaded and handles
+ Database, Messaging and Network functions.
CountDefault: 1
tags:
- primary
- controller
+ HostnameFormatDefault: '%stackname%-controller-%index%'
ServicesDefault:
+ - OS::TripleO::Services::AodhApi
+ - OS::TripleO::Services::AodhEvaluator
+ - OS::TripleO::Services::AodhListener
+ - OS::TripleO::Services::AodhNotifier
+ - OS::TripleO::Services::AuditD
+ - OS::TripleO::Services::BarbicanApi
- OS::TripleO::Services::CACerts
- - OS::TripleO::Services::CertmongerUser
+ - OS::TripleO::Services::CeilometerAgentCentral
+ - OS::TripleO::Services::CeilometerAgentNotification
+ # FIXME: This service was disabled in Pike and this entry should be removed
+ # in Queens.
+ - OS::TripleO::Services::CeilometerExpirer
+ - OS::TripleO::Services::CephExternal
- OS::TripleO::Services::CephMds
- OS::TripleO::Services::CephMon
- - OS::TripleO::Services::CephExternal
- OS::TripleO::Services::CephRbdMirror
- OS::TripleO::Services::CephRgw
+ - OS::TripleO::Services::CertmongerUser
- OS::TripleO::Services::CinderApi
- - OS::TripleO::Services::CinderBackup
- - OS::TripleO::Services::CinderScheduler
- - OS::TripleO::Services::CinderVolume
- OS::TripleO::Services::CinderBackendDellPs
- OS::TripleO::Services::CinderBackendDellSc
- OS::TripleO::Services::CinderBackendNetApp
- OS::TripleO::Services::CinderBackendScaleIO
+ - OS::TripleO::Services::CinderBackup
+ - OS::TripleO::Services::CinderHPELeftHandISCSI
+ - OS::TripleO::Services::CinderScheduler
+ - OS::TripleO::Services::CinderVolume
+ - OS::TripleO::Services::Collectd
- OS::TripleO::Services::Congress
- - OS::TripleO::Services::Kernel
- - OS::TripleO::Services::Keystone
+ - OS::TripleO::Services::Docker
+ - OS::TripleO::Services::Ec2Api
+ - OS::TripleO::Services::Etcd
+ - OS::TripleO::Services::ExternalSwiftProxy
+ - OS::TripleO::Services::FluentdClient
- OS::TripleO::Services::GlanceApi
+ - OS::TripleO::Services::GnocchiApi
+ - OS::TripleO::Services::GnocchiMetricd
+ - OS::TripleO::Services::GnocchiStatsd
+ - OS::TripleO::Services::HAproxy
- OS::TripleO::Services::HeatApi
- OS::TripleO::Services::HeatApiCfn
- OS::TripleO::Services::HeatApiCloudwatch
- OS::TripleO::Services::HeatEngine
+ - OS::TripleO::Services::Horizon
+ - OS::TripleO::Services::IronicApi
+ - OS::TripleO::Services::IronicConductor
+ - OS::TripleO::Services::Keepalived
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::Keystone
+ - OS::TripleO::Services::ManilaApi
+ - OS::TripleO::Services::ManilaBackendCephFs
+ - OS::TripleO::Services::ManilaBackendGeneric
+ - OS::TripleO::Services::ManilaBackendNetapp
+ - OS::TripleO::Services::ManilaScheduler
+ - OS::TripleO::Services::ManilaShare
+ - OS::TripleO::Services::Memcached
+ - OS::TripleO::Services::MongoDb
- OS::TripleO::Services::MySQL
- OS::TripleO::Services::MySQLClient
+ - OS::TripleO::Services::NeutronApi
- OS::TripleO::Services::NeutronBgpVpnApi
+ - OS::TripleO::Services::NeutronCorePlugin
- OS::TripleO::Services::NeutronDhcpAgent
+ - OS::TripleO::Services::NeutronL2gwAgent
- OS::TripleO::Services::NeutronL2gwApi
- OS::TripleO::Services::NeutronL3Agent
+ - OS::TripleO::Services::NeutronLinuxbridgeAgent
- OS::TripleO::Services::NeutronMetadataAgent
- - OS::TripleO::Services::NeutronApi
- - OS::TripleO::Services::NeutronCorePlugin
+ - OS::TripleO::Services::NeutronML2FujitsuCfab
+ - OS::TripleO::Services::NeutronML2FujitsuFossw
- OS::TripleO::Services::NeutronOvsAgent
- - OS::TripleO::Services::NeutronL2gwAgent
- - OS::TripleO::Services::RabbitMQ
- - OS::TripleO::Services::HAproxy
- - OS::TripleO::Services::Keepalived
- - OS::TripleO::Services::Memcached
- - OS::TripleO::Services::Pacemaker
- - OS::TripleO::Services::Redis
- - OS::TripleO::Services::NovaConductor
- - OS::TripleO::Services::MongoDb
+ - OS::TripleO::Services::NeutronVppAgent
- OS::TripleO::Services::NovaApi
- - OS::TripleO::Services::NovaPlacement
+ - OS::TripleO::Services::NovaConductor
+ - OS::TripleO::Services::NovaConsoleauth
+ - OS::TripleO::Services::NovaIronic
- OS::TripleO::Services::NovaMetadata
+ - OS::TripleO::Services::NovaPlacement
- OS::TripleO::Services::NovaScheduler
- - OS::TripleO::Services::NovaConsoleauth
- OS::TripleO::Services::NovaVncProxy
- - OS::TripleO::Services::Ec2Api
- OS::TripleO::Services::Ntp
- - OS::TripleO::Services::SwiftProxy
- - OS::TripleO::Services::ExternalSwiftProxy
- - OS::TripleO::Services::SwiftStorage
- - OS::TripleO::Services::SwiftRingBuilder
- - OS::TripleO::Services::Snmp
- - OS::TripleO::Services::Sshd
- - OS::TripleO::Services::Securetty
- - OS::TripleO::Services::Timezone
- # FIXME: This service was disabled in Pike and this entry should be removed
- # in Queens.
- - OS::TripleO::Services::CeilometerExpirer
- - OS::TripleO::Services::CeilometerAgentCentral
- - OS::TripleO::Services::CeilometerAgentNotification
- - OS::TripleO::Services::Horizon
- - OS::TripleO::Services::GnocchiApi
- - OS::TripleO::Services::GnocchiMetricd
- - OS::TripleO::Services::GnocchiStatsd
- - OS::TripleO::Services::ManilaApi
- - OS::TripleO::Services::ManilaScheduler
- - OS::TripleO::Services::ManilaBackendGeneric
- - OS::TripleO::Services::ManilaBackendNetapp
- - OS::TripleO::Services::ManilaBackendCephFs
- - OS::TripleO::Services::ManilaShare
- - OS::TripleO::Services::AodhApi
- - OS::TripleO::Services::AodhEvaluator
- - OS::TripleO::Services::AodhNotifier
- - OS::TripleO::Services::AodhListener
- - OS::TripleO::Services::SaharaApi
- - OS::TripleO::Services::SaharaEngine
- - OS::TripleO::Services::IronicApi
- - OS::TripleO::Services::IronicConductor
- - OS::TripleO::Services::NovaIronic
- - OS::TripleO::Services::TripleoPackages
- - OS::TripleO::Services::TripleoFirewall
- - OS::TripleO::Services::OpenDaylightApi
- - OS::TripleO::Services::OpenDaylightOvs
- - OS::TripleO::Services::SensuClient
- - OS::TripleO::Services::FluentdClient
- - OS::TripleO::Services::Collectd
- - OS::TripleO::Services::BarbicanApi
- - OS::TripleO::Services::PankoApi
- - OS::TripleO::Services::Tacker
- - OS::TripleO::Services::Zaqar
- - OS::TripleO::Services::OVNDBs
- - OS::TripleO::Services::NeutronML2FujitsuCfab
- - OS::TripleO::Services::NeutronML2FujitsuFossw
- - OS::TripleO::Services::CinderHPELeftHandISCSI
- - OS::TripleO::Services::Etcd
- - OS::TripleO::Services::AuditD
- OS::TripleO::Services::OctaviaApi
- OS::TripleO::Services::OctaviaHealthManager
- OS::TripleO::Services::OctaviaHousekeeping
- OS::TripleO::Services::OctaviaWorker
+ - OS::TripleO::Services::OpenDaylightApi
+ - OS::TripleO::Services::OpenDaylightOvs
+ - OS::TripleO::Services::OVNDBs
+ - OS::TripleO::Services::Pacemaker
+ - OS::TripleO::Services::PankoApi
+ - OS::TripleO::Services::RabbitMQ
+ - OS::TripleO::Services::Redis
+ - OS::TripleO::Services::SaharaApi
+ - OS::TripleO::Services::SaharaEngine
+ - OS::TripleO::Services::Securetty
+ - OS::TripleO::Services::SensuClient
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Sshd
+ - OS::TripleO::Services::SwiftProxy
+ - OS::TripleO::Services::SwiftRingBuilder
+ - OS::TripleO::Services::SwiftStorage
+ - OS::TripleO::Services::Tacker
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::Vpp
- - OS::TripleO::Services::NeutronVppAgent
- - OS::TripleO::Services::Docker
-
+ - OS::TripleO::Services::Zaqar
+###############################################################################
+# Role: Compute #
+###############################################################################
- name: Compute
+ description: |
+ Basic Compute Node role
CountDefault: 1
HostnameFormatDefault: '%stackname%-novacompute-%index%'
disable_upgrade_deployment: True
ServicesDefault:
+ - OS::TripleO::Services::AuditD
- OS::TripleO::Services::CACerts
- - OS::TripleO::Services::CertmongerUser
- OS::TripleO::Services::CephClient
- OS::TripleO::Services::CephExternal
- - OS::TripleO::Services::Timezone
- - OS::TripleO::Services::Ntp
- - OS::TripleO::Services::Snmp
- - OS::TripleO::Services::Sshd
- - OS::TripleO::Services::Securetty
- - OS::TripleO::Services::NovaCompute
- - OS::TripleO::Services::NovaLibvirt
- - OS::TripleO::Services::Kernel
- - OS::TripleO::Services::ComputeNeutronCorePlugin
- - OS::TripleO::Services::ComputeNeutronOvsAgent
+ - OS::TripleO::Services::CertmongerUser
+ - OS::TripleO::Services::Collectd
- OS::TripleO::Services::ComputeCeilometerAgent
+ - OS::TripleO::Services::ComputeNeutronCorePlugin
- OS::TripleO::Services::ComputeNeutronL3Agent
- OS::TripleO::Services::ComputeNeutronMetadataAgent
- - OS::TripleO::Services::TripleoPackages
- - OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::ComputeNeutronOvsAgent
+ - OS::TripleO::Services::Docker
+ - OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::MySQLClient
+ - OS::TripleO::Services::NeutronLinuxbridgeAgent
- OS::TripleO::Services::NeutronSriovAgent
+ - OS::TripleO::Services::NeutronVppAgent
+ - OS::TripleO::Services::NovaCompute
+ - OS::TripleO::Services::NovaLibvirt
+ - OS::TripleO::Services::Ntp
- OS::TripleO::Services::OpenDaylightOvs
+ - OS::TripleO::Services::Securetty
- OS::TripleO::Services::SensuClient
- - OS::TripleO::Services::FluentdClient
- - OS::TripleO::Services::AuditD
- - OS::TripleO::Services::Collectd
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Sshd
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::Vpp
- - OS::TripleO::Services::NeutronVppAgent
- - OS::TripleO::Services::MySQLClient
- - OS::TripleO::Services::Docker
-
+###############################################################################
+# Role: BlockStorage #
+###############################################################################
- name: BlockStorage
+ description: |
+ Cinder Block Storage node role
ServicesDefault:
+ - OS::TripleO::Services::AuditD
+ - OS::TripleO::Services::BlockStorageCinderVolume
- OS::TripleO::Services::CACerts
- OS::TripleO::Services::CertmongerUser
- - OS::TripleO::Services::BlockStorageCinderVolume
+ - OS::TripleO::Services::Collectd
+ - OS::TripleO::Services::Docker
+ - OS::TripleO::Services::FluentdClient
- OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::Ntp
- - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::Securetty
+ - OS::TripleO::Services::SensuClient
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::Sshd
- - OS::TripleO::Services::Securetty
- - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::Timezone
- OS::TripleO::Services::TripleoFirewall
- - OS::TripleO::Services::SensuClient
- - OS::TripleO::Services::FluentdClient
- - OS::TripleO::Services::AuditD
- - OS::TripleO::Services::Collectd
- - OS::TripleO::Services::MySQLClient
- - OS::TripleO::Services::Docker
-
+ - OS::TripleO::Services::TripleoPackages
+###############################################################################
+# Role: ObjectStorage #
+###############################################################################
- name: ObjectStorage
+ description: |
+ Swift Object Storage node role
disable_upgrade_deployment: True
ServicesDefault:
+ - OS::TripleO::Services::AuditD
- OS::TripleO::Services::CACerts
- OS::TripleO::Services::CertmongerUser
+ - OS::TripleO::Services::Collectd
+ - OS::TripleO::Services::Docker
+ - OS::TripleO::Services::FluentdClient
- OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::Ntp
- - OS::TripleO::Services::SwiftStorage
- - OS::TripleO::Services::SwiftRingBuilder
+ - OS::TripleO::Services::Securetty
+ - OS::TripleO::Services::SensuClient
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::Sshd
- - OS::TripleO::Services::Securetty
+ - OS::TripleO::Services::SwiftRingBuilder
+ - OS::TripleO::Services::SwiftStorage
- OS::TripleO::Services::Timezone
- - OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
- - OS::TripleO::Services::SensuClient
- - OS::TripleO::Services::FluentdClient
- - OS::TripleO::Services::AuditD
- - OS::TripleO::Services::Collectd
- - OS::TripleO::Services::MySQLClient
- - OS::TripleO::Services::Docker
-
+ - OS::TripleO::Services::TripleoPackages
+###############################################################################
+# Role: CephStorage #
+###############################################################################
- name: CephStorage
+ description: |
+ Ceph OSD Storage node role
ServicesDefault:
+ - OS::TripleO::Services::AuditD
- OS::TripleO::Services::CACerts
- - OS::TripleO::Services::CertmongerUser
- OS::TripleO::Services::CephOSD
+ - OS::TripleO::Services::CertmongerUser
+ - OS::TripleO::Services::Collectd
+ - OS::TripleO::Services::Docker
+ - OS::TripleO::Services::FluentdClient
- OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::Securetty
+ - OS::TripleO::Services::SensuClient
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::Sshd
- - OS::TripleO::Services::Securetty
- OS::TripleO::Services::Timezone
- - OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
- - OS::TripleO::Services::SensuClient
- - OS::TripleO::Services::FluentdClient
- - OS::TripleO::Services::AuditD
- - OS::TripleO::Services::Collectd
- - OS::TripleO::Services::MySQLClient
- - OS::TripleO::Services::Docker
+ - OS::TripleO::Services::TripleoPackages
+###############################################################################
+# File generated by tripleoclient
+###############################################################################
+###############################################################################
+# Role: Undercloud #
+###############################################################################
- name: Undercloud
+ description: |
+ EXPERIMENTAL. A role to deploy the undercloud via heat using the 'openstack
+ undercloud deploy' command.
CountDefault: 1
disable_constraints: True
tags:
- primary
- controller
ServicesDefault:
- - OS::TripleO::Services::Ntp
- - OS::TripleO::Services::MySQL
- - OS::TripleO::Services::MongoDb
- - OS::TripleO::Services::Keystone
- OS::TripleO::Services::Apache
- - OS::TripleO::Services::RabbitMQ
- OS::TripleO::Services::GlanceApi
- - OS::TripleO::Services::SwiftProxy
- - OS::TripleO::Services::SwiftStorage
- - OS::TripleO::Services::SwiftRingBuilder
- - OS::TripleO::Services::Memcached
- OS::TripleO::Services::HeatApi
- OS::TripleO::Services::HeatApiCfn
- OS::TripleO::Services::HeatEngine
- - OS::TripleO::Services::NovaApi
- - OS::TripleO::Services::NovaPlacement
- - OS::TripleO::Services::NovaMetadata
- - OS::TripleO::Services::NovaScheduler
- - OS::TripleO::Services::NovaConductor
- - OS::TripleO::Services::MistralEngine
- - OS::TripleO::Services::MistralApi
- - OS::TripleO::Services::MistralExecutor
- OS::TripleO::Services::IronicApi
- OS::TripleO::Services::IronicConductor
- OS::TripleO::Services::IronicPxe
- - OS::TripleO::Services::NovaIronic
- - OS::TripleO::Services::Zaqar
- - OS::TripleO::Services::NeutronServer
+ - OS::TripleO::Services::Keystone
+ - OS::TripleO::Services::Memcached
+ - OS::TripleO::Services::MistralApi
+ - OS::TripleO::Services::MistralEngine
+ - OS::TripleO::Services::MistralExecutor
+ - OS::TripleO::Services::MongoDb
+ - OS::TripleO::Services::MySQL
- OS::TripleO::Services::NeutronApi
- OS::TripleO::Services::NeutronCorePlugin
- - OS::TripleO::Services::NeutronOvsAgent
- OS::TripleO::Services::NeutronDhcpAgent
+ - OS::TripleO::Services::NeutronOvsAgent
+ - OS::TripleO::Services::NeutronServer
+ - OS::TripleO::Services::NovaApi
+ - OS::TripleO::Services::NovaConductor
+ - OS::TripleO::Services::NovaIronic
+ - OS::TripleO::Services::NovaMetadata
+ - OS::TripleO::Services::NovaPlacement
+ - OS::TripleO::Services::NovaScheduler
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::RabbitMQ
+ - OS::TripleO::Services::SwiftProxy
+ - OS::TripleO::Services::SwiftRingBuilder
+ - OS::TripleO::Services::SwiftStorage
- OS::TripleO::Services::UndercloudAodhApi
- OS::TripleO::Services::UndercloudAodhEvaluator
- - OS::TripleO::Services::UndercloudAodhNotifier
- OS::TripleO::Services::UndercloudAodhListener
+ - OS::TripleO::Services::UndercloudAodhNotifier
+ - OS::TripleO::Services::UndercloudCeilometerAgentCentral
+ - OS::TripleO::Services::UndercloudCeilometerAgentNotification
- OS::TripleO::Services::UndercloudGnocchiApi
- OS::TripleO::Services::UndercloudGnocchiMetricd
- OS::TripleO::Services::UndercloudGnocchiStatsd
- OS::TripleO::Services::UndercloudPankoApi
- - OS::TripleO::Services::UndercloudCeilometerAgentCentral
- - OS::TripleO::Services::UndercloudCeilometerAgentNotification
+ - OS::TripleO::Services::Zaqar
six>=1.9.0 # MIT
sphinx!=1.6.1,>=1.5.1 # BSD
oslosphinx>=4.7.0 # Apache-2.0
-reno>=1.8.0 # Apache-2.0
+reno!=2.3.1,>=1.8.0 # Apache-2.0