The configuration for the CI scenarios will be defined in `tripleo-heat-templates/ci/`
and should be executed according to the following table:
-+----------------+-------------+-------------+-------------+-------------+-----------------+
-| - | scenario001 | scenario002 | scenario003 | scenario004 | multinode-nonha |
-+================+=============+=============+=============+=============+=================+
-| keystone | X | X | X | X | X |
-+----------------+-------------+-------------+-------------+-------------+-----------------+
-| glance | rbd | swift | file | swift + rbd | swift |
-+----------------+-------------+-------------+-------------+-------------+-----------------+
-| cinder | rbd | iscsi | | | iscsi |
-+----------------+-------------+-------------+-------------+-------------+-----------------+
-| heat | X | X | X | X | X |
-+----------------+-------------+-------------+-------------+-------------+-----------------+
-| mysql | X | X | X | X | X |
-+----------------+-------------+-------------+-------------+-------------+-----------------+
-| neutron | ovs | ovs | ovs | ovs | X |
-+----------------+-------------+-------------+-------------+-------------+-----------------+
-| neutron-bgpvpn | | | | X | |
-+----------------+-------------+-------------+-------------+-------------+-----------------+
-| neutron-l2gw | | | | X | |
-+----------------+-------------+-------------+-------------+-------------+-----------------+
-| rabbitmq | X | X | X | X | X |
-+----------------+-------------+-------------+-------------+-------------+-----------------+
-| mongodb | X | X | | | |
-+----------------+-------------+-------------+-------------+-------------+-----------------+
-| redis | X | | | | |
-+----------------+-------------+-------------+-------------+-------------+-----------------+
-| haproxy | X | X | X | X | X |
-+----------------+-------------+-------------+-------------+-------------+-----------------+
-| keepalived | X | X | X | X | X |
-+----------------+-------------+-------------+-------------+-------------+-----------------+
-| memcached | X | X | X | X | X |
-+----------------+-------------+-------------+-------------+-------------+-----------------+
-| pacemaker | X | X | X | X | X |
-+----------------+-------------+-------------+-------------+-------------+-----------------+
-| nova | qemu | qemu | qemu | qemu | X |
-+----------------+-------------+-------------+-------------+-------------+-----------------+
-| ntp | X | X | X | X | X |
-+----------------+-------------+-------------+-------------+-------------+-----------------+
-| snmp | X | X | X | X | X |
-+----------------+-------------+-------------+-------------+-------------+-----------------+
-| timezone | X | X | X | X | X |
-+----------------+-------------+-------------+-------------+-------------+-----------------+
-| sahara | | | X | | |
-+----------------+-------------+-------------+-------------+-------------+-----------------+
-| mistral | | | X | | |
-+----------------+-------------+-------------+-------------+-------------+-----------------+
-| swift | | X | | | X |
-+----------------+-------------+-------------+-------------+-------------+-----------------+
-| aodh | X | | | | |
-+----------------+-------------+-------------+-------------+-------------+-----------------+
-| ceilometer | X | | | | |
-+----------------+-------------+-------------+-------------+-------------+-----------------+
-| gnocchi | X | | | | |
-+----------------+-------------+-------------+-------------+-------------+-----------------+
-| panko | X | | | | |
-+----------------+-------------+-------------+-------------+-------------+-----------------+
-| barbican | | X | | | |
-+----------------+-------------+-------------+-------------+-------------+-----------------+
-| zaqar | | X | | | |
-+----------------+-------------+-------------+-------------+-------------+-----------------+
-| ec2api | | X | | | |
-+----------------+-------------+-------------+-------------+-------------+-----------------+
-| cephrgw | | X | | X | |
-+----------------+-------------+-------------+-------------+-------------+-----------------+
-| tacker | X | | | | |
-+----------------+-------------+-------------+-------------+-------------+-----------------+
-| congress | X | | | | |
-+----------------+-------------+-------------+-------------+-------------+-----------------+
-| cephmds | | | | X | |
-+----------------+-------------+-------------+-------------+-------------+-----------------+
-| manila | | | | X | |
-+----------------+-------------+-------------+-------------+-------------+-----------------+
-| collectd | X | | | | |
-+----------------+-------------+-------------+-------------+-------------+-----------------+
-| fluentd | X | | | | |
-+----------------+-------------+-------------+-------------+-------------+-----------------+
-| sensu-client | X | | | | |
-+----------------+-------------+-------------+-------------+-------------+-----------------+
++----------------+-------------+-------------+-------------+-------------+-----------------++-------------+
+| - | scenario001 | scenario002 | scenario003 | scenario004 | multinode-nonha | scenario007 |
++================+=============+=============+=============+=============+=================+==============+
+| keystone | X | X | X | X | X | X |
++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+
+| glance | rbd | swift | file | swift + rbd | swift | file |
++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+
+| cinder | rbd | iscsi | | | iscsi | |
++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+
+| heat | X | X | X | X | X | X |
++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+
+| mysql | X | X | X | X | X | X |
++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+
+| neutron | ovs | ovs | ovs | ovs | X | ovn |
++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+
+| neutron-bgpvpn | | | | X | | |
++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+
+| ovn | | | | | | X |
++---------------------------------------------------------------------------------------------------------+
+| neutron-l2gw | | | | X | | |
++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+
+| rabbitmq | X | X | X | X | X | X |
++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+
+| mongodb | X | X | | | | |
++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+
+| redis | X | | | | | |
++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+
+| haproxy | X | X | X | X | X | X |
++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+
+| keepalived | X | X | X | X | X | X |
++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+
+| memcached | X | X | X | X | X | X |
++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+
+| pacemaker | X | X | X | X | X | X |
++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+
+| nova | qemu | qemu | qemu | qemu | X | qemu |
++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+
+| ntp | X | X | X | X | X | X |
++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+
+| snmp | X | X | X | X | X | X |
++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+
+| timezone | X | X | X | X | X | X |
++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+
+| sahara | | | X | | | X |
++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+
+| mistral | | | X | | | X |
++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+
+| swift | | X | | | X | |
++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+
+| aodh | X | | | | | |
++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+
+| ceilometer | X | | | | | |
++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+
+| gnocchi | X | | | | | |
++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+
+| panko | X | | | | | |
++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+
+| barbican | | X | | | | |
++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+
+| zaqar | | X | | | | |
++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+
+| ec2api | | X | | | | |
++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+
+| cephrgw | | X | | X | | |
++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+
+| tacker | X | | | | | |
++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+
+| congress | X | | | | | |
++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+
+| cephmds | | | | X | | |
++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+
+| manila | | | | X | | |
++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+
+| collectd | X | | | | | |
++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+
+| fluentd | X | | | | | |
++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+
+| sensu-client | X | | | | | |
++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+
configured via puppet
requires:
- overcloud-resource-registry-puppet.yaml
+ - file: environments/cinder-veritas-hyperscale-config.yaml
+ title: Cinder Veritas HyperScale backend
+ description: >
+ Enables a Cinder Veritas HyperScale backend,
+ configured via puppet
+ requires:
+ - overcloud-resource-registry-puppet.yaml
- title: Ceph
description: >
Enable the use of Ceph in the overcloud
- OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::NovaCompute
- OS::TripleO::Services::NovaLibvirt
+ - OS::TripleO::Services::NovaMigrationTarget
- OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::Sshd
+ - OS::TripleO::Services::Iscsid
- name: Controller
CountDefault: 1
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::Sshd
+ - OS::TripleO::Services::Iscsid
# Some infra instances don't pass the ping test but are otherwise working.
# Since the OVB jobs also test this functionality we can shut it off here.
OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml
+ OS::TripleO::Services::NovaMigrationTarget: OS::Heat::None
parameter_defaults:
ControllerServices:
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::NovaCompute
- OS::TripleO::Services::NovaLibvirt
+ - OS::TripleO::Services::NovaMigrationTarget
- OS::TripleO::Services::Sshd
+ - OS::TripleO::Services::Iscsid
ControllerExtraConfig:
nova::compute::libvirt::services::libvirt_virt_type: qemu
nova::compute::libvirt::libvirt_virt_type: qemu
Debug:
type: string
default: ''
+ description: Set to True to enable debugging on all services.
resources:
- OS::TripleO::Services::NovaLibvirt
- OS::TripleO::Services::Horizon
- OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::NovaMigrationTarget
- OS::TripleO::Services::Sshd
+ - OS::TripleO::Services::Iscsid
ControllerExtraConfig:
nova::compute::libvirt::services::libvirt_virt_type: qemu
nova::compute::libvirt::libvirt_virt_type: qemu
- OS::TripleO::Services::NovaScheduler
- OS::TripleO::Services::NovaCompute
- OS::TripleO::Services::NovaLibvirt
+ - OS::TripleO::Services::NovaMigrationTarget
- OS::TripleO::Services::Pacemaker
- OS::TripleO::Services::Horizon
- OS::TripleO::Services::Sshd
+ - OS::TripleO::Services::Iscsid
ControllerExtraConfig:
nova::compute::libvirt::services::libvirt_virt_type: qemu
nova::compute::libvirt::libvirt_virt_type: qemu
# Some infra instances don't pass the ping test but are otherwise working.
# Since the OVB jobs also test this functionality we can shut it off here.
OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml
+ OS::TripleO::Services::NovaMigrationTarget: OS::Heat::None
parameter_defaults:
ControllerServices:
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::NovaCompute
- OS::TripleO::Services::NovaLibvirt
+ - OS::TripleO::Services::NovaMigrationTarget
- OS::TripleO::Services::MongoDb
- OS::TripleO::Services::Redis
- OS::TripleO::Services::AodhApi
- OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::FluentdClient
- OS::TripleO::Services::SensuClient
+ - OS::TripleO::Services::Iscsid
ControllerExtraConfig:
nova::compute::libvirt::services::libvirt_virt_type: qemu
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::NovaCompute
- OS::TripleO::Services::NovaLibvirt
+ - OS::TripleO::Services::NovaMigrationTarget
- OS::TripleO::Services::MongoDb
- OS::TripleO::Services::Redis
- OS::TripleO::Services::AodhApi
- OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::FluentdClient
- OS::TripleO::Services::SensuClient
+ - OS::TripleO::Services::Iscsid
ControllerExtraConfig:
nova::compute::libvirt::services::libvirt_virt_type: qemu
# Some infra instances don't pass the ping test but are otherwise working.
# Since the OVB jobs also test this functionality we can shut it off here.
OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml
+ OS::TripleO::Services::NovaMigrationTarget: OS::Heat::None
parameter_defaults:
ControllerServices:
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::NovaCompute
- OS::TripleO::Services::NovaLibvirt
+ - OS::TripleO::Services::NovaMigrationTarget
- OS::TripleO::Services::CinderApi
- OS::TripleO::Services::CinderBackup
- OS::TripleO::Services::CinderScheduler
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::Sshd
+ - OS::TripleO::Services::Iscsid
ControllerExtraConfig:
nova::compute::libvirt::services::libvirt_virt_type: qemu
nova::compute::libvirt::libvirt_virt_type: qemu
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::NovaCompute
- OS::TripleO::Services::NovaLibvirt
+ - OS::TripleO::Services::NovaMigrationTarget
- OS::TripleO::Services::CinderApi
- OS::TripleO::Services::CinderBackup
- OS::TripleO::Services::CinderScheduler
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::Sshd
+ - OS::TripleO::Services::Iscsid
ControllerExtraConfig:
nova::compute::libvirt::services::libvirt_virt_type: qemu
nova::compute::libvirt::libvirt_virt_type: qemu
# Some infra instances don't pass the ping test but are otherwise working.
# Since the OVB jobs also test this functionality we can shut it off here.
OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml
+ OS::TripleO::Services::NovaMigrationTarget: OS::Heat::None
parameter_defaults:
ControllerServices:
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::Sshd
+ - OS::TripleO::Services::Iscsid
ControllerExtraConfig:
nova::compute::libvirt::services::libvirt_virt_type: qemu
nova::compute::libvirt::libvirt_virt_type: qemu
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::NovaCompute
+ - OS::TripleO::Services::NovaMigrationTarget
- OS::TripleO::Services::NovaLibvirt
- OS::TripleO::Services::SaharaApi
- OS::TripleO::Services::SaharaEngine
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::Sshd
+ - OS::TripleO::Services::Iscsid
ControllerExtraConfig:
nova::compute::libvirt::services::libvirt_virt_type: qemu
nova::compute::libvirt::libvirt_virt_type: qemu
# Some infra instances don't pass the ping test but are otherwise working.
# Since the OVB jobs also test this functionality we can shut it off here.
OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml
+ OS::TripleO::Services::NovaMigrationTarget: OS::Heat::None
parameter_defaults:
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::NovaCompute
- OS::TripleO::Services::NovaLibvirt
+ - OS::TripleO::Services::NovaMigrationTarget
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::Sshd
+ - OS::TripleO::Services::Iscsid
ControllerExtraConfig:
nova::compute::libvirt::services::libvirt_virt_type: qemu
nova::compute::libvirt::libvirt_virt_type: qemu
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::NovaCompute
- OS::TripleO::Services::NovaLibvirt
+ - OS::TripleO::Services::NovaMigrationTarget
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::Sshd
+ - OS::TripleO::Services::Iscsid
ControllerExtraConfig:
nova::compute::libvirt::services::libvirt_virt_type: qemu
nova::compute::libvirt::libvirt_virt_type: qemu
--- /dev/null
+resource_registry:
+ OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml
+ OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml
+ OS::TripleO::Services::RabbitMQ: ../../puppet/services/pacemaker/rabbitmq.yaml
+ OS::TripleO::Services::HAproxy: ../../puppet/services/pacemaker/haproxy.yaml
+ OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
+ OS::TripleO::Services::MySQL: ../../puppet/services/pacemaker/database/mysql.yaml
+ OS::TripleO::Services::Keepalived: OS::Heat::None
+ OS::TripleO::Tasks::ControllerPreConfig: ../../extraconfig/tasks/pre_puppet_pacemaker.yaml
+ OS::TripleO::Tasks::ControllerPostConfig: ../../extraconfig/tasks/post_puppet_pacemaker.yaml
+ OS::TripleO::Tasks::ControllerPostPuppetRestart: ../../extraconfig/tasks/post_puppet_pacemaker_restart.yaml
+ # Disable neutron services not required for OVN and enable services required for OVN.
+ OS::TripleO::Services::NeutronL3Agent: OS::Heat::None
+ OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
+ OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None
+ OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None
+ OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
+ OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginML2OVN
+ OS::TripleO::Services::ComputeNeutronCorePlugin: ../../puppet/services/neutron-compute-plugin-ovn.yaml
+ OS::TripleO::Services::OVNDBs: ../../puppet/services/ovn-dbs.yaml
+
+parameter_defaults:
+ ControllerServices:
+ - OS::TripleO::Services::Docker
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::Keystone
+ - OS::TripleO::Services::GlanceApi
+ - OS::TripleO::Services::HeatApi
+ - OS::TripleO::Services::HeatApiCfn
+ - OS::TripleO::Services::HeatApiCloudwatch
+ - OS::TripleO::Services::HeatEngine
+ - OS::TripleO::Services::MySQL
+ - OS::TripleO::Services::MySQLClient
+ - OS::TripleO::Services::NeutronServer
+ - OS::TripleO::Services::NeutronCorePlugin
+ - OS::TripleO::Services::OVNDBs
+ - OS::TripleO::Services::ComputeNeutronCorePlugin
+ - OS::TripleO::Services::RabbitMQ
+ - OS::TripleO::Services::HAproxy
+ - OS::TripleO::Services::Keepalived
+ - OS::TripleO::Services::Memcached
+ - OS::TripleO::Services::Pacemaker
+ - OS::TripleO::Services::NovaConductor
+ - OS::TripleO::Services::NovaApi
+ - OS::TripleO::Services::NovaPlacement
+ - OS::TripleO::Services::NovaMetadata
+ - OS::TripleO::Services::NovaScheduler
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::NovaCompute
+ - OS::TripleO::Services::NovaLibvirt
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::Sshd
+ ControllerExtraConfig:
+ nova::compute::libvirt::services::libvirt_virt_type: qemu
+ nova::compute::libvirt::libvirt_virt_type: qemu
+ # For OVN.
+ NeutronMechanismDrivers: ovn
+ OVNVifType: ovs
+ OVNNeutronSyncMode: log
+ OVNQosDriver: ovn-qos
+ OVNTunnelEncapType: geneve
+ NeutronEnableDHCPAgent: false
+ NeutronTypeDrivers: 'geneve,vlan,flat,vxlan'
+ NeutronNetworkType: 'geneve'
+ NeutronServicePlugins: 'qos,networking_ovn.l3.l3_ovn.OVNL3RouterPlugin'
+ NeutronVniRanges: ['1:65536', ]
+ OVNBridgeMappings: 'datacentre:br-ex'
+ Debug: true
+ # we don't deploy Swift so we switch to file backend.
+ GlanceBackend: 'file'
+ KeystoneTokenProvider: 'fernet'
+ SwiftCeilometerPipelineEnabled: false
--- /dev/null
+heat_template_version: pike
+
+description: >
+ HOT template to created resources deployed by scenario007.
+parameters:
+ key_name:
+ type: string
+ description: Name of keypair to assign to servers
+ default: 'pingtest_key'
+ image:
+ type: string
+ description: Name of image to use for servers
+ default: 'pingtest_image'
+ public_net_name:
+ type: string
+ default: 'nova'
+ description: >
+ ID or name of public network for which floating IP addresses will be allocated
+ private_net_name:
+ type: string
+ description: Name of private network to be created
+ default: 'default-net'
+ private_net_cidr:
+ type: string
+ description: Private network address (CIDR notation)
+ default: '192.168.2.0/24'
+ private_net_gateway:
+ type: string
+ description: Private network gateway address
+ default: '192.168.2.1'
+ private_net_pool_start:
+ type: string
+ description: Start of private network IP address allocation pool
+ default: '192.168.2.100'
+ private_net_pool_end:
+ type: string
+ default: '192.168.2.200'
+ description: End of private network IP address allocation pool
+
+resources:
+
+ key_pair:
+ type: OS::Nova::KeyPair
+ properties:
+ save_private_key: true
+ name: {get_param: key_name }
+
+ private_net:
+ type: OS::Neutron::Net
+ properties:
+ name: { get_param: private_net_name }
+
+ private_subnet:
+ type: OS::Neutron::Subnet
+ properties:
+ network_id: { get_resource: private_net }
+ cidr: { get_param: private_net_cidr }
+ gateway_ip: { get_param: private_net_gateway }
+ allocation_pools:
+ - start: { get_param: private_net_pool_start }
+ end: { get_param: private_net_pool_end }
+
+ router:
+ type: OS::Neutron::Router
+ properties:
+ external_gateway_info:
+ network: { get_param: public_net_name }
+
+ router_interface:
+ type: OS::Neutron::RouterInterface
+ properties:
+ router_id: { get_resource: router }
+ subnet_id: { get_resource: private_subnet }
+
+ server1:
+ type: OS::Nova::Server
+ properties:
+ name: Server1
+ flavor: { get_resource: test_flavor }
+ image: { get_param: image }
+ key_name: { get_resource: key_pair }
+ networks:
+ - port: { get_resource: server1_port }
+
+ server1_port:
+ type: OS::Neutron::Port
+ properties:
+ network_id: { get_resource: private_net }
+ fixed_ips:
+ - subnet_id: { get_resource: private_subnet }
+ security_groups: [{ get_resource: server_security_group }]
+
+ server1_floating_ip:
+ type: OS::Neutron::FloatingIP
+ # TODO: investigate why we need this depends_on and if we could
+ # replace it by router_id with get_resource: router_interface
+ depends_on: router_interface
+ properties:
+ floating_network: { get_param: public_net_name }
+ port_id: { get_resource: server1_port }
+
+ server_security_group:
+ type: OS::Neutron::SecurityGroup
+ properties:
+ description: Add security group rules for server
+ name: pingtest-security-group
+ rules:
+ - remote_ip_prefix: 0.0.0.0/0
+ protocol: tcp
+ port_range_min: 22
+ port_range_max: 22
+ - remote_ip_prefix: 0.0.0.0/0
+ protocol: icmp
+
+ test_flavor:
+ type: OS::Nova::Flavor
+ properties:
+ ram: 512
+ vcpus: 1
+
+outputs:
+ server1_private_ip:
+ description: IP address of server1 in private network
+ value: { get_attr: [ server1, first_address ] }
+ server1_public_ip:
+ description: Floating IP address of server1 in public network
+ value: { get_attr: [ server1_floating_ip, floating_ip_address ] }
-#FIXME move into common when specfile adds it
heat_template_version: pike
description: >
properties:
RoleData: {get_attr: [ServiceChain, role_data]}
-outputs:
- role_data:
- description: Combined Role data for this set of services.
- value:
- service_names:
- {get_attr: [ServiceChain, role_data, service_name]}
- monitoring_subscriptions:
+ PuppetStepConfig:
+ type: OS::Heat::Value
+ properties:
+ type: string
+ value:
yaql:
- expression: list($.data.role_data.where($ != null).select($.get('monitoring_subscription')).where($ != null))
- data: {role_data: {get_attr: [ServiceChain, role_data]}}
- logging_sources:
+ expression:
+ # select 'step_config' only from services that do not have a docker_config
+ coalesce($.data.service_names, []).zip(coalesce($.data.step_config, []), coalesce($.data.docker_config, [])).where($[2] = null).where($[1] != null).select($[1]).join("\n")
+ data:
+ service_names: {get_attr: [ServiceChain, role_data, service_name]}
+ step_config: {get_attr: [ServiceChain, role_data, step_config]}
+ docker_config: {get_attr: [ServiceChain, role_data, docker_config]}
+
+ DockerConfig:
+ type: OS::Heat::Value
+ properties:
+ type: json
+ value:
+ yaql:
+ expression:
+ # select 'docker_config' only from services that have it
+ coalesce($.data.service_names, []).zip(coalesce($.data.docker_config, [])).where($[1] != null).select($[1]).reduce($1.mergeWith($2), {})
+ data:
+ service_names: {get_attr: [ServiceChain, role_data, service_names]}
+ docker_config: {get_attr: [ServiceChain, role_data, docker_config]}
+
+ LoggingSourcesConfig:
+ type: OS::Heat::Value
+ properties:
+ type: comma_delimited_list
+ value:
# Transform the individual logging_source configuration from
# each service in the chain into a global list, adding some
# default configuration at the same time.
yaql:
expression: >
let(
- default_format => $.data.default_format,
- pos_file_path => $.data.pos_file_path,
- sources => $.data.sources.flatten()
+ default_format => coalesce($.data.default_format, ''),
+ pos_file_path => coalesce($.data.pos_file_path, ''),
+ sources => coalesce($.data.sources, {}).flatten()
) ->
$sources.where($ != null).select({
'type' => 'tail',
sources:
- {get_attr: [LoggingConfiguration, LoggingDefaultSources]}
- yaql:
- expression: list($.data.role_data.where($ != null).select($.get('logging_source')).where($ != null))
+ expression: list(coalesce($.data.role_data, []).where($ != null).select($.get('logging_source')).where($ != null))
data: {role_data: {get_attr: [ServiceChain, role_data]}}
- {get_attr: [LoggingConfiguration, LoggingExtraSources]}
default_format: {get_attr: [LoggingConfiguration, LoggingDefaultFormat]}
pos_file_path: {get_attr: [LoggingConfiguration, LoggingPosFilePath]}
- logging_groups:
+
+ LoggingGroupsConfig:
+ type: OS::Heat::Value
+ properties:
+ type: comma_delimited_list
+ value:
# Build a list of unique groups to which we should add the
# fluentd user.
yaql:
expression: >
- set(($.data.default + $.data.extra + $.data.role_data.where($ != null).select($.get('logging_groups'))).flatten()).where($)
+ set((coalesce($.data.default, []) + coalesce($.data.extra, []) + coalesce($.data.role_data, []).where($ != null).select($.get('logging_groups'))).flatten()).where($)
data:
default: {get_attr: [LoggingConfiguration, LoggingDefaultGroups]}
extra: {get_attr: [LoggingConfiguration, LoggingExtraGroups]}
role_data: {get_attr: [ServiceChain, role_data]}
- config_settings: {map_merge: {get_attr: [ServiceChain, role_data, config_settings]}}
- global_config_settings:
+
+ MonitoringSubscriptionsConfig:
+ type: OS::Heat::Value
+ properties:
+ type: comma_delimited_list
+ value:
+ yaql:
+ expression: list(coalesce($.data.role_data, []).where($ != null).select($.get('monitoring_subscription')).where($ != null))
+ data: {role_data: {get_attr: [ServiceChain, role_data]}}
+
+ ServiceNames:
+ type: OS::Heat::Value
+ properties:
+ type: comma_delimited_list
+ value:
+ filter:
+ - [null]
+ - {get_attr: [ServiceChain, role_data, service_name]}
+
+ GlobalConfigSettings:
+ type: OS::Heat::Value
+ properties:
+ type: json
+ value:
map_merge:
yaql:
- expression: list($.data.role_data.where($ != null).select($.get('global_config_settings')).where($ != null))
+ expression: list(coalesce($.data.role_data, []).where($ != null).select($.get('global_config_settings')).where($ != null))
data: {role_data: {get_attr: [ServiceChain, role_data]}}
- service_config_settings:
+
+ ServiceConfigSettings:
+ type: OS::Heat::Value
+ properties:
+ type: json
+ value:
yaql:
- expression: $.data.role_data.where($ != null).select($.get('service_config_settings')).where($ != null).reduce($1.mergeWith($2), {})
+ expression: coalesce($.data.role_data, []).where($ != null).select($.get('service_config_settings')).where($ != null).reduce($1.mergeWith($2), {})
data: {role_data: {get_attr: [ServiceChain, role_data]}}
- service_workflow_tasks:
+
+ ServiceWorkflowTasks:
+ type: OS::Heat::Value
+ properties:
+ type: json
+ value:
yaql:
- expression: $.data.role_data.where($ != null).select($.get('service_workflow_tasks')).where($ != null).reduce($1.mergeWith($2), {})
+ expression: coalesce($.data.role_data, []).where($ != null).select($.get('service_workflow_tasks')).where($ != null).reduce($1.mergeWith($2), {})
data: {role_data: {get_attr: [ServiceChain, role_data]}}
- step_config: {get_attr: [ServiceChain, role_data, step_config]}
- upgrade_tasks:
+
+ UpgradeTasks:
+ type: OS::Heat::Value
+ properties:
+ type: comma_delimited_list
+ value:
yaql:
# Note we use distinct() here to filter any identical tasks, e.g yum update for all services
- expression: $.data.where($ != null).select($.get('upgrade_tasks')).where($ != null).flatten().distinct()
+ expression: coalesce($.data, []).where($ != null).select($.get('upgrade_tasks')).where($ != null).flatten().distinct()
data: {get_attr: [ServiceChain, role_data]}
- upgrade_batch_tasks:
+
+ UpgradeBatchTasks:
+ type: OS::Heat::Value
+ properties:
+ type: comma_delimited_list
+ value:
yaql:
- # Note we use distinct() here to filter any identical tasks, e.g yum update for all services
- expression: $.data.where($ != null).select($.get('upgrade_batch_tasks')).where($ != null).flatten().distinct()
+ expression: coalesce($.data, []).where($ != null).select($.get('upgrade_batch_tasks')).where($ != null).flatten().distinct()
data: {get_attr: [ServiceChain, role_data]}
- service_metadata_settings: {get_attr: [ServiceServerMetadataHook, metadata]}
- # Keys to support docker/services
- puppet_config: {get_attr: [ServiceChain, role_data, puppet_config]}
- kolla_config:
- map_merge: {get_attr: [ServiceChain, role_data, kolla_config]}
- docker_config:
- {get_attr: [ServiceChain, role_data, docker_config]}
- docker_puppet_tasks:
- {get_attr: [ServiceChain, role_data, docker_puppet_tasks]}
- host_prep_tasks:
+ PuppetConfig:
+ type: OS::Heat::Value
+ properties:
+ type: comma_delimited_list
+ value:
+ yaql:
+ expression: coalesce($.data, []).where($ != null).select($.get('puppet_config')).where($ != null).distinct()
+ data: {get_attr: [ServiceChain, role_data]}
+
+ KollaConfig:
+ type: OS::Heat::Value
+ properties:
+ type: json
+ value:
+ yaql:
+ expression: coalesce($.data.role_data, []).where($ != null).select($.get('kolla_config')).where($ != null).reduce($1.mergeWith($2), {})
+ data: {role_data: {get_attr: [ServiceChain, role_data]}}
+
+ DockerPuppetTasks:
+ type: OS::Heat::Value
+ properties:
+ type: json
+ value:
+ yaql:
+ expression: dict(coalesce($.data, []).where($ != null).select($.get('docker_puppet_tasks')).where($ != null).selectMany($.items()).groupBy($[0], $[1]))
+ data: {get_attr: [ServiceChain, role_data]}
+
+ HostPrepTasks:
+ type: OS::Heat::Value
+ properties:
+ type: comma_delimited_list
+ value:
yaql:
# Note we use distinct() here to filter any identical tasks
- expression: $.data.where($ != null).select($.get('host_prep_tasks')).where($ != null).flatten().distinct()
+ expression: coalesce($.data, []).where($ != null).select($.get('host_prep_tasks')).where($ != null).flatten().distinct()
data: {get_attr: [ServiceChain, role_data]}
+
+outputs:
+ role_data:
+ description: Combined Role data for this set of services.
+ value:
+ service_names: {get_attr: [ServiceNames, value]}
+ monitoring_subscriptions: {get_attr: [MonitoringSubscriptionsConfig, value]}
+ logging_sources: {get_attr: [LoggingSourcesConfig, value]}
+ logging_groups: {get_attr: [LoggingGroupsConfig, value]}
+ config_settings: {map_merge: {get_attr: [ServiceChain, role_data, config_settings]}}
+ global_config_settings: {get_attr: [GlobalConfigSettings, value]}
+ service_config_settings: {get_attr: [ServiceConfigSettings, value]}
+ service_workflow_tasks: {get_attr: [ServiceWorkflowTasks, value]}
+ step_config: {get_attr: [PuppetStepConfig, value]}
+ upgrade_tasks: {get_attr: [UpgradeTasks, value]}
+ upgrade_batch_tasks: {get_attr: [UpgradeBatchTasks, value]}
+ service_metadata_settings: {get_attr: [ServiceServerMetadataHook, metadata]}
+
+ # Keys to support docker/services
+ puppet_config: {get_attr: [PuppetConfig, value]}
+ kolla_config: {get_attr: [KollaConfig, value]}
+ docker_config: {get_attr: [DockerConfig, value]}
+ docker_puppet_tasks: {get_attr: [DockerPuppetTasks, value]}
+ host_prep_tasks: {get_attr: [HostPrepTasks, value]}
DeployedServerBootstrapDeployment:
type: OS::Heat::SoftwareDeployment
properties:
+ name: DeployedServerBootstrapDeployment
config: {get_resource: DeployedServerBootstrapConfig}
server: {get_param: server}
DeployedServerBootstrapDeployment:
type: OS::Heat::SoftwareDeployment
properties:
+ name: DeployedServerBootstrapDeployment
config: {get_resource: DeployedServerBootstrapConfig}
server: {get_param: server}
fixed_ips:
- ip_address: {get_param: [VipMap, redis]}
- ResourceRegistry:
- type: OS::Heat::Value
- properties:
- type: json
- value:
- OS::TripleO::DeployedServer::ControlPlanePort: tripleo-heat-templates/deployed-server/deployed-neutron-port.yaml
- OS::TripleO::Network::Ports::ControlPlaneVipPort: tripleo-heat-templates/deployed-server/deployed-neutron-port.yaml
-
DeployedServerEnvironment:
type: OS::Heat::Value
properties:
type: json
value:
- resource_registry:
- {get_attr: [ResourceRegistry, value]}
parameter_defaults:
map_merge:
- {get_attr: [DeployedServerPortMapParameter, value]}
- OS::TripleO::Services::HeatApiCfn
- OS::TripleO::Services::HeatApiCloudwatch
- OS::TripleO::Services::HeatEngine
+ - OS::TripleO::Services::Iscsid
- OS::TripleO::Services::MySQL
- OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::NeutronDhcpAgent
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::NovaCompute
- OS::TripleO::Services::NovaLibvirt
+ - OS::TripleO::Services::NovaMigrationTarget
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::ComputeNeutronCorePlugin
- OS::TripleO::Services::ComputeNeutronOvsAgent
- OS::TripleO::Services::OpenDaylightOvs
- OS::TripleO::Services::SensuClient
- OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::Iscsid
- name: BlockStorageDeployedServer
disable_constraints: True
########################################################
# Bootstrap tasks, only performed on bootstrap_server_id
########################################################
+ - name: Check if /var/lib/docker-puppet/docker-puppet-tasks{{step}}.json exists
+ stat:
+ path: /var/lib/docker-puppet/docker-puppet-tasks{{step}}.json
+ register: docker_puppet_tasks_json
- name: Run docker-puppet tasks (bootstrap tasks)
shell: python /var/lib/docker-puppet/docker-puppet.py
environment:
NET_HOST: "true"
NO_ARCHIVE: "true"
STEP: "{{step}}"
- when: deploy_server_id == bootstrap_server_id
+ when: deploy_server_id == bootstrap_server_id and docker_puppet_tasks_json.stat.exists
changed_when: false
check_mode: no
register: outputs
# Disables archiving
if [ -z "$NO_ARCHIVE" ]; then
- archivedirs=("/etc" "/root" "/opt" "/var/lib/ironic/tftpboot" "/var/lib/ironic/httpboot" "/var/www" "/var/spool/cron")
+ archivedirs=("/etc" "/root" "/opt" "/var/lib/ironic/tftpboot" "/var/lib/ironic/httpboot" "/var/www" "/var/spool/cron" "/var/lib/nova/.ssh")
rsync_srcs=""
for d in "${archivedirs[@]}"; do
if [ -d "$d" ]; then
resources:
- # These utility tasks use docker-puppet.py to execute tasks via puppet
- # We only execute these on the first node in the primary role
- {{primary_role_name}}DockerPuppetTasks:
- type: OS::Heat::Value
- properties:
- type: json
- value:
- yaql:
- expression:
- $.data.default_tasks + dict($.data.docker_puppet_tasks.where($1 != null).selectMany($.items()).groupBy($[0], $[1]))
- data:
- docker_puppet_tasks: {get_param: [role_data, {{primary_role_name}}, docker_puppet_tasks]}
- default_tasks:
-{%- for step in range(1, deploy_steps_max) %}
- step_{{step}}: {}
-{%- endfor %}
-
RoleConfig:
type: OS::Heat::SoftwareConfig
properties:
{%- for r in roles %}
{{r.name}}: {get_param: [role_data, {{r.name}}, merged_config_settings]}
{%- endfor %}
+ evaluate_env: false
UPDATE:
workflow: { get_resource: WorkflowTasks_Step{{step}} }
params:
{%- for r in roles %}
{{r.name}}: {get_param: [role_data, {{r.name}}, merged_config_settings]}
{%- endfor %}
+ evaluate_env: false
always_update: true
# END service_workflow_tasks handling
{% endfor %}
vars:
puppet_config: {get_param: [role_data, {{role.name}}, puppet_config]}
docker_puppet_script: {get_file: docker-puppet.py}
- docker_puppet_tasks: {get_attr: [{{primary_role_name}}DockerPuppetTasks, value]}
- docker_startup_configs: {get_attr: [{{role.name}}DockerConfig, value]}
+ docker_puppet_tasks: {get_param: [role_data, {{role.name}}, docker_puppet_tasks]}
+ docker_startup_configs: {get_param: [role_data, {{role.name}}, docker_config]}
kolla_config: {get_param: [role_data, {{role.name}}, kolla_config]}
bootstrap_server_id: {get_param: [servers, {{primary_role_name}}, '0']}
- puppet_step_config: {get_attr: [{{role.name}}PuppetStepConfig, value]}
+ puppet_step_config: {get_param: [role_data, {{role.name}}, step_config]}
tasks:
# Join host_prep_tasks with the other per-host configuration
yaql:
file: path=/var/lib/tripleo-config state=directory
- name: Write the puppet step_config manifest
copy: content="{{puppet_step_config}}" dest=/var/lib/tripleo-config/puppet_step_config.pp force=yes
- # This is the docker-puppet configs end in
+ # this creates a JSON config file for our docker-puppet.py script
- name: Create /var/lib/docker-puppet
file: path=/var/lib/docker-puppet state=directory
- # this creates a JSON config file for our docker-puppet.py script
- name: Write docker-puppet-tasks json files
copy: content="{{puppet_config | to_json}}" dest=/var/lib/docker-puppet/docker-puppet.json force=yes
# FIXME: can we move docker-puppet somewhere so it's installed via a package?
########################################################
# Bootstrap tasks, only performed on bootstrap_server_id
########################################################
+ - name: Clean /var/lib/docker-puppet/docker-puppet-tasks*.json files
+ file:
+ path: "{{item}}"
+ state: absent
+ with_fileglob:
+ - /var/lib/docker-puppet/docker-puppet-tasks*.json
+ when: deploy_server_id == bootstrap_server_id
- name: Write docker-puppet-tasks json files
copy: content="{{item.value|to_json}}" dest=/var/lib/docker-puppet/docker-puppet-tasks{{item.key.replace("step_", "")}}.json force=yes
with_dict: "{{docker_puppet_tasks}}"
servers: {get_param: [servers, {{role.name}}]}
config: {get_resource: {{role.name}}HostPrepConfig}
- {{role.name}}PuppetStepConfig:
- type: OS::Heat::Value
- properties:
- type: string
- value:
- yaql:
- expression:
- # select 'step_config' only from services that do not have a docker_config
- $.data.service_names.zip($.data.step_config, $.data.docker_config).where($[2] = null).where($[1] != null).select($[1]).join("\n")
- data:
- service_names: {get_param: [role_data, {{role.name}}, service_names]}
- step_config: {get_param: [role_data, {{role.name}}, step_config]}
- docker_config: {get_param: [role_data, {{role.name}}, docker_config]}
-
- {{role.name}}DockerConfig:
- type: OS::Heat::Value
- properties:
- type: json
- value:
- yaql:
- expression:
- # select 'docker_config' only from services that have it
- $.data.service_names.zip($.data.docker_config).where($[1] != null).select($[1]).reduce($1.mergeWith($2), {})
- data:
- service_names: {get_param: [role_data, {{role.name}}, service_names]}
- docker_config: {get_param: [role_data, {{role.name}}, docker_config]}
-
# BEGIN CONFIG STEPS
{{role.name}}PreConfig:
heat_template_version: pike
-parameters:
- DockerNamespace:
- type: string
- default: tripleoupstream
- description: namespace
- DockerNamespaceIsRegistry:
- type: boolean
- default: false
-
resources:
userdata:
type: OS::Heat::SoftwareConfig
properties:
group: script
- config:
- str_replace:
- params:
- $docker_registry: {get_param: DockerNamespace}
- $docker_namespace_is_registry: {get_param: DockerNamespaceIsRegistry}
- template: {get_file: ./setup_docker_host.sh}
+ config: {get_file: ./setup_docker_host.sh}
outputs:
OS::stack_id:
net: host
detach: false
privileged: false
+ user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro
- /var/log/containers/ceilometer:/var/log/ceilometer
- command: ["/usr/bin/ceilometer-upgrade", "--skip-metering-database"]
+ command:
+ - '/usr/bin/bootstrap_host_exec'
+ - 'ceilometer_agent_central'
+ - "su ceilometer -s /bin/bash -c '/usr/bin/ceilometer-upgrade --skip-metering-database'"
upgrade_tasks:
- name: Stop and disable ceilometer agent central service
tags: step2
- path: /var/log/cinder
owner: cinder:cinder
recurse: true
+ /var/lib/kolla/config_files/cinder_api_cron.json:
+ command: /usr/sbin/crond -n
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
+ permissions:
+ - path: /var/log/cinder
+ owner: cinder:cinder
+ recurse: true
docker_config:
step_2:
cinder_api_init_logs:
- ''
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ cinder_api_cron:
+ image: *cinder_api_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/cinder_api_cron.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro
+ - /var/log/containers/cinder:/var/log/cinder
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+
host_prep_tasks:
- name: create persistent logs directory
file:
dest: "/"
merge: true
preserve_properties: true
+ - source: "/var/lib/kolla/config_files/src-iscsid/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/lib/cinder
owner: cinder:cinder
-
- /var/lib/kolla/config_files/cinder_backup.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro
# FIXME: we need to generate a ceph.conf with puppet for this
- /var/lib/config-data/puppet-generated/ceph/:/var/lib/kolla/config_files/src-ceph:ro
- /dev/:/dev/
- /run/:/run/
- /sys:/sys
- /lib/modules:/lib/modules:ro
- - /etc/iscsi:/etc/iscsi
- /var/lib/cinder:/var/lib/cinder
- /var/log/containers/cinder:/var/log/cinder
environment:
dest: "/"
merge: true
preserve_properties: true
+ - source: "/var/lib/kolla/config_files/src-iscsid/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/cinder
owner: cinder:cinder
-
- /var/lib/kolla/config_files/cinder_volume.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro
# FIXME: we need to generate a ceph.conf with puppet for this
- /var/lib/config-data/puppet-generated/ceph/:/var/lib/kolla/config_files/src-ceph:ro
- /lib/modules:/lib/modules:ro
- /dev/:/dev/
- /run/:/run/
- /sys:/sys
- - /etc/iscsi:/etc/iscsi
- /var/lib/cinder:/var/lib/cinder
- /var/log/containers/cinder:/var/log/cinder
environment:
- path: /var/log/heat
owner: heat:heat
recurse: true
+ /var/lib/kolla/config_files/heat_api_cron.json:
+ command: /usr/sbin/crond -n
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
+ permissions:
+ - path: /var/log/heat
+ owner: heat:heat
+ recurse: true
docker_config:
step_4:
heat_api:
- ''
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ heat_api_cron:
+ image: {get_param: DockerHeatApiImage}
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/heat_api_cron.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/puppet-generated/heat_api/:/var/lib/kolla/config_files/src:ro
+ - /var/log/containers/heat:/var/log/heat
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent logs directory
file:
ContainersCommon:
type: ./containers-common.yaml
+ IscsidBase:
+ type: ../../puppet/services/iscsid.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
outputs:
role_data:
- description: Role data for the Iscsid API role.
+ description: Role data for the Iscsid role.
value:
- service_name: iscsid
- config_settings: {}
- step_config: ''
- service_config_settings: {}
+ service_name: {get_attr: [IscsidBase, role_data, service_name]}
+ config_settings: {get_attr: [IscsidBase, role_data, config_settings]}
+ step_config: &step_config
+ {get_attr: [IscsidBase, role_data, step_config]}
+ service_config_settings: {get_attr: [IscsidBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: iscsid
- #puppet_tags: file
- step_config: ''
+ puppet_tags: iscsid_config
+ step_config: *step_config
config_image: {get_param: DockerIscsidConfigImage}
kolla_config:
/var/lib/kolla/config_files/iscsid.json:
command: /usr/sbin/iscsid -f
+ config_files:
+ - source: "/var/lib/kolla/config_files/src-iscsid/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
docker_config:
step_3:
iscsid:
- /run/:/run/
- /sys:/sys
- /lib/modules:/lib/modules:ro
- - /etc/iscsi:/etc/iscsi
+ - /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- - name: create /etc/iscsi
- file:
- path: /etc/iscsi
- state: directory
- name: stat /lib/systemd/system/iscsid.socket
stat: path=/lib/systemd/system/iscsid.socket
register: stat_iscsid_socket
OpenStack containerized Manila Share service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerManilaShareImage:
description: image
- default: 'centos-binary-manila-share:latest'
type: string
DockerManilaConfigImage:
description: image
- default: 'centos-binary-manila-base:latest'
type: string
EndpointMap:
default: {}
config_volume: manila
puppet_tags: manila_config
step_config: *step_config
- config_image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerManilaConfigImage} ]
+ config_image: {get_param: DockerManilaConfigImage}
kolla_config:
/var/lib/kolla/config_files/manila_share.json:
command: /usr/bin/manila-share --config-file /usr/share/manila/manila-dist.conf --config-file /etc/manila/manila.conf
docker_config:
step_4:
manila_share:
- image: &manila_share_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerManilaShareImage} ]
+ image: &manila_share_image {get_param: DockerManilaShareImage}
net: host
restart: always
volumes:
path: /var/log/containers/mistral
state: directory
upgrade_tasks:
+ - name: Check if mistral executor is deployed
+ command: systemctl is-enabled openstack-mistral-executor
+ tags: common
+ ignore_errors: True
+ register: mistral_executor_enabled
+ - name: "PreUpgrade step0,validation: Check if openstack-mistral-executor is running"
+ shell: >
+ /usr/bin/systemctl show 'openstack-mistral-executor' --property ActiveState |
+ grep '\bactive\b'
+ when: mistral_executor_enabled.rc == 0
+ tags: step0,validation
- name: Stop and disable mistral_executor service
tags: step2
+ when: mistral_executor_enabled.rc == 0
service: name=openstack-mistral-executor state=stopped enabled=no
kolla_config:
/var/lib/kolla/config_files/multipathd.json:
command: /usr/sbin/multipathd -d
+ config_files:
+ - source: "/var/lib/kolla/config_files/src-iscsid/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
docker_config:
step_3:
multipathd:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/multipathd.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro
- /dev/:/dev/
- /run/:/run/
- /sys:/sys
- /lib/modules:/lib/modules:ro
- - /etc/iscsi:/etc/iscsi
- /var/lib/cinder:/var/lib/cinder
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
path: /var/log/containers/neutron
state: directory
upgrade_tasks:
+ - name: Check if neutron_server is deployed
+ command: systemctl is-enabled neutron-server
+ tags: common
+ ignore_errors: True
+ register: neutron_server_enabled
+ - name: "PreUpgrade step0,validation: Check service neutron-server is running"
+ shell: /usr/bin/systemctl show 'neutron-server' --property ActiveState | grep '\bactive\b'
+ when: neutron_server_enabled.rc == 0
+ tags: step0,validation
- name: Stop and disable neutron_api service
tags: step2
+ when: neutron_server_enabled.rc == 0
service: name=neutron-server state=stopped enabled=no
metadata_settings:
get_attr: [NeutronBase, role_data, metadata_settings]
- path: /var/log/neutron
owner: neutron:neutron
recurse: true
+ - path: /var/lib/neutron
+ owner: neutron:neutron
+ recurse: true
docker_config:
step_4:
neutron_dhcp:
- /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro
- /lib/modules:/lib/modules:ro
- /run/:/run
+ - /var/lib/neutron:/var/lib/neutron
- /var/log/containers/neutron:/var/log/neutron
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
+ - name: create /var/lib/neutron
+ file:
+ path: /var/lib/neutron
+ state: directory
- name: create persistent logs directory
file:
path: /var/log/containers/neutron
state: directory
upgrade_tasks:
+ - name: Check if neutron_dhcp_agent is deployed
+ command: systemctl is-enabled neutron-dhcp-agent
+ tags: common
+ ignore_errors: True
+ register: neutron_dhcp_agent_enabled
+ - name: "PreUpgrade step0,validation: Check service neutron-dhcp-agent is running"
+ shell: /usr/bin/systemctl show 'neutron-dhcp-agent' --property ActiveState | grep '\bactive\b'
+ when: neutron_dhcp_agent_enabled.rc == 0
+ tags: step0,validation
- name: Stop and disable neutron_dhcp service
tags: step2
+ when: neutron_dhcp_agent_enabled.rc == 0
service: name=neutron-dhcp-agent state=stopped enabled=no
- path: /var/log/neutron
owner: neutron:neutron
recurse: true
+ - path: /var/lib/neutron
+ owner: neutron:neutron
+ recurse: true
docker_config:
step_4:
neutron_l3_agent:
- /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro
- /lib/modules:/lib/modules:ro
- /run:/run
+ - /var/lib/neutron:/var/lib/neutron
- /var/log/containers/neutron:/var/log/neutron
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
+ - name: create /var/lib/neutron
+ file:
+ path: /var/lib/neutron
+ state: directory
- name: create persistent logs directory
file:
path: /var/log/containers/neutron
- path: /var/log/neutron
owner: neutron:neutron
recurse: true
+ - path: /var/lib/neutron
+ owner: neutron:neutron
+ recurse: true
docker_config:
step_4:
neutron_metadata_agent:
- /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro
- /lib/modules:/lib/modules:ro
- /run:/run
+ - /var/lib/neutron:/var/lib/neutron
- /var/log/containers/neutron:/var/log/neutron
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
+ - name: create /var/lib/neutron
+ file:
+ path: /var/lib/neutron
+ state: directory
- name: create persistent logs directory
file:
path: /var/log/containers/neutron
state: directory
upgrade_tasks:
+ - name: Check if neutron_metadata_agent is deployed
+ command: systemctl is-enabled neutron-metadata-agent
+ tags: common
+ ignore_errors: True
+ register: neutron_metadata_agent_enabled
+ - name: "PreUpgrade step0,validation: Check service neutron-metadata-agent is running"
+ shell: /usr/bin/systemctl show 'neutron-metadata-agent' --property ActiveState | grep '\bactive\b'
+ when: neutron_metadata_agent_enabled.rc == 0
+ tags: step0,validation
- name: Stop and disable neutron_metadata service
tags: step2
+ when: neutron_metadata_agent_enabled.rc == 0
service: name=neutron-metadata-agent state=stopped enabled=no
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ DockerNovaMigrationSshdPort:
+ default: 2022
+ description: Port that dockerized nova migration target sshd service
+ binds to.
+ type: number
resources:
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
+ MigrationSshPort: {get_param: DockerNovaMigrationSshdPort}
outputs:
role_data:
value:
service_name: {get_attr: [NovaComputeBase, role_data, service_name]}
config_settings:
- map_merge:
- - get_attr: [NovaComputeBase, role_data, config_settings]
- # FIXME: we need to disable migration for now as the
- # hieradata is common for all services, and this means nova
- # and nova_placement puppet runs also try to configure
- # libvirt, and they fail. We can remove this override when
- # we have hieradata separation between containers.
- - tripleo::profile::base::nova::manage_migration: false
+ get_attr: [NovaComputeBase, role_data, config_settings]
step_config: &step_config
get_attr: [NovaComputeBase, role_data, step_config]
puppet_config:
dest: "/"
merge: true
preserve_properties: true
+ - source: "/var/lib/kolla/config_files/src-iscsid/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/nova
owner: nova:nova
-
- /var/lib/kolla/config_files/nova_compute.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/nova_libvirt/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro
- /dev:/dev
- - /etc/iscsi:/etc/iscsi
- /lib/modules:/lib/modules:ro
- /run:/run
- /var/lib/nova:/var/lib/nova
dest: "/"
merge: true
preserve_properties: true
+ - source: "/var/lib/kolla/config_files/src-iscsid/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/nova
owner: nova:nova
-
- /var/lib/kolla/config_files/nova_ironic.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro
- /run:/run
- /dev:/dev
- - /etc/iscsi:/etc/iscsi
- /var/lib/nova/:/var/lib/nova
- /var/log/containers/nova:/var/log/nova
environment:
type: string
EnablePackageInstall:
default: 'false'
- description: Set to true to enable package installation
+ description: Set to true to enable package installation at deploy time
type: boolean
ServiceData:
default: {}
description: If set to true and if EnableInternalTLS is enabled, it will
set the libvirt URI's transport to tls and configure the
relevant keys for libvirt.
+ DockerNovaMigrationSshdPort:
+ default: 2022
+ description: Port that dockerized nova migration target sshd service
+ binds to.
+ type: number
+
conditions:
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
+ MigrationSshPort: {get_param: DockerNovaMigrationSshdPort}
outputs:
role_data:
value:
service_name: {get_attr: [NovaLibvirtBase, role_data, service_name]}
config_settings:
- map_merge:
- - get_attr: [NovaLibvirtBase, role_data, config_settings]
- # FIXME: we need to disable migration for now as the
- # hieradata is common for all services, and this means nova
- # and nova_placement puppet runs also try to configure
- # libvirt, and they fail. We can remove this override when
- # we have hieradata separation between containers.
- - tripleo::profile::base::nova::manage_migration: false
+ get_attr: [NovaLibvirtBase, role_data, config_settings]
step_config: &step_config
get_attr: [NovaLibvirtBase, role_data, step_config]
puppet_config:
config_volume: nova_libvirt
- puppet_tags: nova_config
+ puppet_tags: nova_config,file,exec
step_config: *step_config
config_image: {get_param: DockerNovaLibvirtConfigImage}
kolla_config:
- /run:/run
- /sys/fs/cgroup:/sys/fs/cgroup
- /var/lib/nova:/var/lib/nova
+ - /etc/libvirt/secrets:/etc/libvirt/secrets
# Needed to use host's virtlogd
- /var/run/libvirt:/var/run/libvirt
- /var/lib/libvirt:/var/lib/libvirt
path: "{{ item }}"
state: directory
with_items:
+ - /etc/libvirt/secrets
- /etc/libvirt/qemu
- /var/lib/libvirt
- /var/log/containers/nova
--- /dev/null
+heat_template_version: pike
+
+description: >
+ OpenStack containerized Nova Migration Target service
+
+parameters:
+ DockerNovaComputeImage:
+ description: image
+ type: string
+ DockerNovaLibvirtConfigImage:
+ description: The container image to use for the nova_libvirt config_volume
+ type: string
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ DockerNovaMigrationSshdPort:
+ default: 2022
+ description: Port that dockerized nova migration target sshd service
+ binds to.
+ type: number
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+ SshdBase:
+ type: ../../puppet/services/sshd.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+ NovaMigrationTargetBase:
+ type: ../../puppet/services/nova-migration-target.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Nova Migration Target service.
+ value:
+ service_name: nova_migration_target
+ config_settings:
+ map_merge:
+ - get_attr: [SshdBase, role_data, config_settings]
+ - get_attr: [NovaMigrationTargetBase, role_data, config_settings]
+ - tripleo.nova_migration_target.firewall_rules:
+ '113 nova_migration_target':
+ dport:
+ - {get_param: DockerNovaMigrationSshdPort}
+ step_config: &step_config
+ list_join:
+ - "\n"
+ - - get_attr: [SshdBase, role_data, step_config]
+ - get_attr: [NovaMigrationTargetBase, role_data, step_config]
+ puppet_config:
+ config_volume: nova_libvirt
+ step_config: *step_config
+ config_image: {get_param: DockerNovaLibvirtConfigImage}
+ kolla_config:
+ /var/lib/kolla/config_files/nova-migration-target.json:
+ command:
+ str_replace:
+ template: "/usr/sbin/sshd -D -p SSHDPORT"
+ params:
+ SSHDPORT: {get_param: DockerNovaMigrationSshdPort}
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
+ - source: /host-ssh/ssh_host_*_key
+ dest: /etc/ssh/
+ owner: "root"
+ perm: "0600"
+ docker_config:
+ step_4:
+ nova_migration_target:
+ image: {get_param: DockerNovaComputeImage}
+ net: host
+ privileged: true
+ user: root
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/nova-migration-target.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/puppet-generated/nova_libvirt/:/var/lib/kolla/config_files/src:ro
+ - /etc/ssh/:/host-ssh/:ro
+ - /run:/run
+ - /var/lib/nova:/var/lib/nova
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
OpenStack containerized OpenDaylight API service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerOpendaylightApiImage:
description: image
- default: 'centos-binary-opendaylight:latest'
type: string
DockerOpendaylightConfigImage:
description: image
- default: 'centos-binary-opendaylight:latest'
type: string
EndpointMap:
default: {}
map_merge:
- get_attr: [OpenDaylightBase, role_data, config_settings]
step_config: &step_config
- list_join:
- - "\n"
- - - get_attr: [OpenDaylightBase, role_data, step_config]
- - "include tripleo::profile::base::neutron::opendaylight::create_cluster"
+ get_attr: [OpenDaylightBase, role_data, step_config]
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: opendaylight
# 'file,concat,file_line,augeas' are included by default
- puppet_tags: odl_user,tripleo::profile::base::neutron::opendaylight::configure_cluster
+ puppet_tags: odl_user
step_config: *step_config
- config_image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerOpendaylightConfigImage} ]
+ config_image: {get_param: DockerOpendaylightConfigImage}
kolla_config:
/var/lib/kolla/config_files/opendaylight_api.json:
command: /opt/opendaylight/bin/karaf
step_1:
opendaylight_api:
start_order: 0
- image: &odl_api_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerOpendaylightApiImage} ]
+ image: &odl_api_image {get_param: DockerOpendaylightApiImage}
privileged: false
net: host
detach: true
- /var/lib/cinder
- /var/log/containers/cinder
upgrade_tasks:
- - name: Stop and disable cinder_backup service
+ - name: get bootstrap nodeid
+ tags: common
+ command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid
+ register: bootstrap_node
+ - name: set is_bootstrap_node fact
+ tags: common
+ set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}}
+ - name: Disable the openstack-cinder-backup cluster resource
tags: step2
- service: name=openstack-cinder-backup state=stopped enabled=no
+ pacemaker_resource:
+ resource: openstack-cinder-backup
+ state: disable
+ wait_for_resource: true
+ when: is_bootstrap_node
+ - name: Delete the stopped openstack-cinder-backup cluster resource.
+ tags: step2
+ pacemaker_resource:
+ resource: openstack-cinder-backup
+ state: delete
+ wait_for_resource: true
+ when: is_bootstrap_node
+ - name: Disable cinder_backup service
+ tags: step2
+ service: name=openstack-cinder-backup enabled=no
executable: /bin/bash
creates: /dev/loop2
upgrade_tasks:
- - name: Stop and disable cinder_volume service
+ - name: get bootstrap nodeid
+ tags: common
+ command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid
+ register: bootstrap_node
+ - name: set is_bootstrap_node fact
+ tags: common
+ set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}}
+ - name: Disable the openstack-cinder-volume cluster resource
tags: step2
- service: name=openstack-cinder-volume state=stopped enabled=no
+ pacemaker_resource:
+ resource: openstack-cinder-volume
+ state: disable
+ wait_for_resource: true
+ when: is_bootstrap_node
+ - name: Delete the stopped openstack-cinder-volume cluster resource.
+ tags: step2
+ pacemaker_resource:
+ resource: openstack-cinder-volume
+ state: delete
+ wait_for_resource: true
+ when: is_bootstrap_node
+ - name: Disable cinder_volume service from boot
+ tags: step2
+ service: name=openstack-cinder-volume enabled=no
+
+
+
path: /var/lib/mysql
state: directory
upgrade_tasks:
- - name: Stop and disable mysql service
+ - name: get bootstrap nodeid
+ tags: common
+ command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid
+ register: bootstrap_node
+ - name: set is_bootstrap_node fact
+ tags: common
+ set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}}
+ - name: Disable the galera cluster resource
tags: step2
- service: name=mariadb state=stopped enabled=no
+ pacemaker_resource:
+ resource: galera
+ state: disable
+ wait_for_resource: true
+ when: is_bootstrap_node
+ - name: Delete the stopped galera cluster resource.
+ tags: step2
+ pacemaker_resource:
+ resource: galera
+ state: delete
+ wait_for_resource: true
+ when: is_bootstrap_node
+ - name: Disable mysql service
+ tags: step2
+ service: name=mariadb enabled=no
path: /var/lib/redis
state: directory
upgrade_tasks:
- - name: Stop and disable redis service
+ - name: get bootstrap nodeid
+ tags: common
+ command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid
+ register: bootstrap_node
+ - name: set is_bootstrap_node fact
+ tags: common
+ set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}}
+ - name: Disable the redis cluster resource
tags: step2
- service: name=redis state=stopped enabled=no
+ pacemaker_resource:
+ resource: {get_attr: [RedisBase, role_data, service_name]}
+ state: disable
+ wait_for_resource: true
+ when: is_bootstrap_node
+ - name: Delete the stopped redis cluster resource.
+ tags: step2
+ pacemaker_resource:
+ resource: {get_attr: [RedisBase, role_data, service_name]}
+ state: delete
+ wait_for_resource: true
+ when: is_bootstrap_node
+ - name: Disable redis service
+ tags: step2
+ service: name=redis enabled=no
- /dev/shm:/dev/shm:rw
metadata_settings:
get_attr: [HAProxyBase, role_data, metadata_settings]
+ upgrade_tasks:
+ - name: get bootstrap nodeid
+ tags: common
+ command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid
+ register: bootstrap_node
+ - name: set is_bootstrap_node fact
+ tags: common
+ set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}}
+ - name: Disable the haproxy cluster resource.
+ tags: step2
+ pacemaker_resource:
+ resource: {get_attr: [HAProxyBase, role_data, service_name]}
+ state: disable
+ wait_for_resource: true
+ when: is_bootstrap_node
+ - name: Delete the stopped haproxy cluster resource.
+ tags: step2
+ pacemaker_resource:
+ resource: {get_attr: [HAProxyBase, role_data, service_name]}
+ state: delete
+ wait_for_resource: true
+ when: is_bootstrap_node
echo 'export ERL_EPMD_PORT=4370' >> /etc/rabbitmq/rabbitmq-env.conf
for pid in $(pgrep epmd); do if [ "$(lsns -o NS -p $pid)" == "$(lsns -o NS -p 1)" ]; then kill $pid; break; fi; done
upgrade_tasks:
- - name: Stop and disable rabbitmq service
+ - name: get bootstrap nodeid
+ tags: common
+ command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid
+ register: bootstrap_node
+ - name: set is_bootstrap_node fact
+ tags: common
+ set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}}
+ - name: Disable the rabbitmq cluster resource.
tags: step2
- service: name=rabbitmq-server state=stopped enabled=no
+ pacemaker_resource:
+ resource: {get_attr: [RabbitmqBase, role_data, service_name]}
+ state: disable
+ wait_for_resource: true
+ when: is_bootstrap_node
+ - name: Delete the stopped rabbitmq cluster resource.
+ tags: step2
+ pacemaker_resource:
+ resource: {get_attr: [RabbitmqBase, role_data, service_name]}
+ state: delete
+ wait_for_resource: true
+ when: is_bootstrap_node
+ - name: Disable rabbitmq service
+ tags: step2
+ service: name=rabbitmq-server enabled=no
DockerZaqarConfigImage:
description: The container image to use for the zaqar config_volume
type: string
+ ZaqarManagementStore:
+ type: string
+ description: The management store for Zaqar
+ default: mongodb
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
description: Parameters specific to the role
type: json
+conditions:
+ zaqar_management_store_sqlalchemy: {equals : [{get_param: ZaqarManagementStore}, 'sqlalchemy']}
+
resources:
ContainersCommon:
owner: zaqar:zaqar
recurse: true
docker_config:
- step_4:
- zaqar:
- image: &zaqar_image {get_param: DockerZaqarImage}
- net: host
- privileged: false
- restart: always
- # NOTE(mandre) kolla image changes the user to 'zaqar', we need it
- # to be root to run httpd
- user: root
- volumes:
- list_concat:
- - {get_attr: [ContainersCommon, volumes]}
- -
- - /var/lib/kolla/config_files/zaqar.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/puppet-generated/zaqar/:/var/lib/kolla/config_files/src:ro
- - /var/log/containers/zaqar:/var/log/zaqar
- environment:
- - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
- zaqar_websocket:
- image: *zaqar_image
- net: host
- privileged: false
- restart: always
- volumes:
- list_concat:
- - {get_attr: [ContainersCommon, volumes]}
- -
- - /var/lib/kolla/config_files/zaqar_websocket.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/puppet-generated/zaqar/:/var/lib/kolla/config_files/src:ro
- - /var/log/containers/zaqar:/var/log/zaqar
- environment:
- - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ map_merge:
+ -
+ if:
+ - zaqar_management_store_sqlalchemy
+ -
+ step_2:
+ zaqar_init_log:
+ image: &zaqar_image {get_param: DockerZaqarImage}
+ user: root
+ volumes:
+ - /var/log/containers/zaqar:/var/log/zaqar
+ command: ['/bin/bash', '-c', 'chown -R zaqar:zaqar /var/log/zaqar']
+ step_3:
+ zaqar_db_sync:
+ image: *zaqar_image
+ net: host
+ privileged: false
+ detach: false
+ user: root
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/config-data/zaqar/etc/zaqar/:/etc/zaqar/:ro
+ - /var/log/containers/zaqar:/var/log/zaqar
+ command: "/usr/bin/bootstrap_host_exec zaqar su zaqar -s /bin/bash -c 'zaqar-sql-db-manage upgrade head'"
+ - {}
+ - step_4:
+ zaqar:
+ image: *zaqar_image
+ net: host
+ privileged: false
+ restart: always
+ # NOTE(mandre) kolla image changes the user to 'zaqar', we need it
+ # to be root to run httpd
+ user: root
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/zaqar.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/puppet-generated/zaqar/:/var/lib/kolla/config_files/src:ro
+ - /var/log/containers/zaqar:/var/log/zaqar
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ zaqar_websocket:
+ image: *zaqar_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/zaqar_websocket.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/puppet-generated/zaqar/:/var/lib/kolla/config_files/src:ro
+ - /var/log/containers/zaqar:/var/log/zaqar
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent logs directory
file:
- OS::TripleO::Services::CinderHPELeftHandISCSI
- OS::TripleO::Services::Etcd
- OS::TripleO::Services::AuditD
+ - OS::TripleO::Services::Iscsid
- name: Compute
CountDefault: 1
- OS::TripleO::Services::Sshd
- OS::TripleO::Services::NovaCompute
- OS::TripleO::Services::NovaLibvirt
+ - OS::TripleO::Services::NovaMigrationTarget
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::ComputeNeutronCorePlugin
- OS::TripleO::Services::ComputeNeutronOvsAgent
- OS::TripleO::Services::SensuClient
- OS::TripleO::Services::FluentdClient
- OS::TripleO::Services::AuditD
+ - OS::TripleO::Services::Iscsid
- name: BlockStorage
ServicesDefault:
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::SensuClient
- OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::Iscsid
- name: ContrailAnalytics
ServicesDefault:
--- /dev/null
+resource_registry:
+ OS::TripleO::Network::Ports::ControlPlaneVipPort: ../deployed-server/deployed-neutron-port.yaml
+ OS::TripleO::DeployedServer::ControlPlanePort: ../deployed-server/deployed-neutron-port.yaml
+
DockerManilaApiImage: tripleoupstream/centos-binary-manila-api:latest
DockerManilaConfigImage: tripleoupstream/centos-binary-manila-api:latest
DockerManilaSchedulerImage: tripleoupstream/centos-binary-manila-scheduler:latest
+ DockerManilaShareImage: tripleoupstream/centos-binary-manila-share:latest
DockerMemcachedConfigImage: tripleoupstream/centos-binary-memcached:latest
DockerMemcachedImage: tripleoupstream/centos-binary-memcached:latest
DockerMistralApiImage: tripleoupstream/centos-binary-mistral-api:latest
DockerOctaviaHealthManagerImage: tripleoupstream/centos-binary-octavia-health-manager:latest
DockerOctaviaHousekeepingImage: tripleoupstream/centos-binary-octavia-housekeeping:latest
DockerOctaviaWorkerImage: tripleoupstream/centos-binary-octavia-worker:latest
+ DockerOpendaylightApiImage: tripleoupstream/centos-binary-opendaylight:latest
+ DockerOpendaylightConfigImage: tripleoupstream/centos-binary-opendaylight:latest
DockerOpenvswitchImage: tripleoupstream/centos-binary-neutron-openvswitch-agent:latest
DockerPankoApiImage: tripleoupstream/centos-binary-panko-api:latest
DockerPankoConfigImage: tripleoupstream/centos-binary-panko-api:latest
# ...deploy..-e docker.yaml -e docker-ha.yaml
resource_registry:
# Pacemaker runs on the host
- OS::TripleO::Tasks::ControllerPreConfig: ../extraconfig/tasks/pre_puppet_pacemaker.yaml
- OS::TripleO::Tasks::ControllerPostConfig: ../extraconfig/tasks/post_puppet_pacemaker.yaml
- OS::TripleO::Tasks::ControllerPostPuppetRestart: ../extraconfig/tasks/post_puppet_pacemaker_restart.yaml
OS::TripleO::Services::Pacemaker: ../puppet/services/pacemaker.yaml
OS::TripleO::Services::PacemakerRemote: ../puppet/services/pacemaker_remote.yaml
OS::TripleO::Services::Keepalived: OS::Heat::None
# HA Containers managed by pacemaker
- OS::TripleO::Services::CinderVolume: ../docker/services/pacemaker/cinder-volume.yaml
- OS::TripleO::Services::CinderBackup: ../docker/services/pacemaker/cinder-backup.yaml
+ # FIXME: enable those Cinder services once their non-HA counterpart are enabled
+ # OS::TripleO::Services::CinderVolume: ../docker/services/pacemaker/cinder-volume.yaml
+ # OS::TripleO::Services::CinderBackup: ../docker/services/pacemaker/cinder-backup.yaml
OS::TripleO::Services::Clustercheck: ../docker/services/pacemaker/clustercheck.yaml
OS::TripleO::Services::HAproxy: ../docker/services/pacemaker/haproxy.yaml
OS::TripleO::Services::MySQL: ../docker/services/pacemaker/database/mysql.yaml
OS::TripleO::Services::HeatApi: ../docker/services/heat-api.yaml
OS::TripleO::Services::HeatApiCfn: ../docker/services/heat-api-cfn.yaml
OS::TripleO::Services::HeatEngine: ../docker/services/heat-engine.yaml
+ OS::TripleO::Services::Iscsid: ../docker/services/iscsid.yaml
OS::TripleO::Services::Keystone: ../docker/services/keystone.yaml
+ OS::TripleO::Services::NovaMigrationTarget: ../docker/services/nova-migration-target.yaml
OS::TripleO::Services::NeutronApi: ../docker/services/neutron-api.yaml
OS::TripleO::Services::NeutronCorePlugin: ../docker/services/neutron-plugin-ml2.yaml
OS::TripleO::Services::NeutronDhcpAgent: ../docker/services/neutron-dhcp.yaml
OS::TripleO::Services::NovaPlacement: ../docker/services/nova-placement.yaml
OS::TripleO::Services::NovaConductor: ../docker/services/nova-conductor.yaml
OS::TripleO::Services::NovaConsoleauth: ../docker/services/nova-consoleauth.yaml
+ OS::TripleO::Services::NovaMigrationTarget: ../docker/services/nova-migration-target.yaml
OS::TripleO::Services::NovaScheduler: ../docker/services/nova-scheduler.yaml
OS::TripleO::Services::NovaVncProxy: ../docker/services/nova-vnc-proxy.yaml
OS::TripleO::Services::NeutronServer: ../docker/services/neutron-api.yaml
#ComputeParameters:
#KernelArgs: ""
#TunedProfileName: ""
- #HostIsolatedCoreList: ""
+ #IsolCpusList: ""
#ComputeOvsDpdkParameters:
- #KernelArgs: ""
- #TunedProfileName: ""
- #HostIsolatedCoreList: ""
+ #KernelArgs: "intel_iommu=on iommu=pt default_hugepagesz=1GB hugepagesz=1G hugepages=60"
+ #TunedProfileName: "cpu-partitioning"
+ #IsolCpusList: ""
- OS::TripleO::Services::Securetty
- OS::TripleO::Services::NovaCompute
- OS::TripleO::Services::NovaLibvirt
+ - OS::TripleO::Services::NovaMigrationTarget
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::ComputeNeutronCorePlugin
- OS::TripleO::Services::ComputeNeutronOvsAgent
NeutronMechanismDrivers: 'opendaylight_v2'
NeutronServicePlugins: 'odl-router_v2'
NovaSchedulerDefaultFilters: "RamFilter,ComputeFilter,AvailabilityZoneFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,NUMATopologyFilter"
- ## Deploying DPDK requires enabling hugepages for the overcloud compute nodes.
- ## It also requires enabling IOMMU when using the VFIO (vfio-pci) OvsDpdkDriverType.
- ## This can be done using ComputeKernelArgs as shown below.
- ComputeParameters:
- #ComputeKernelArgs: "intel_iommu=on default_hugepagesz=2MB hugepagesz=2MB hugepages=2048"
+
+ ComputeOvsDpdkParameters:
+ OvsEnableDpdk: True
+
+ ## Host configuration Parameters
+ #TunedProfileName: "cpu-partitioning"
+ #IsolCpusList: "" # Logical CPUs list to be isolated from the host process (applied via cpu-partitioning tuned).
+ # It is mandatory to provide isolated cpus for tuned to achive optimal performance.
+ # Example: "3-8,12-15,18"
+ #KernelArgs: "" # Space separated kernel args to configure hugepage and IOMMU.
+ # Deploying DPDK requires enabling hugepages for the overcloud compute nodes.
+ # It also requires enabling IOMMU when using the VFIO (vfio-pci) OvsDpdkDriverType.
+ # This should be done by configuring parameters via host-config-and-reboot.yaml environment file.
+
## Attempting to deploy DPDK without appropriate values for the below parameters may lead to unstable deployments
## due to CPU contention of DPDK PMD threads.
- OvsEnableDpdk: True
- ## It is highly recommended to to enable isolcpus (via ComputeKernelArgs) on compute overcloud nodes and set the following parameters:
+ ## It is highly recommended to to enable isolcpus (via KernelArgs) on compute overcloud nodes and set the following parameters:
#OvsDpdkSocketMemory: "" # Sets the amount of hugepage memory to assign per NUMA node.
# It is recommended to use the socket closest to the PCIe slot used for the
# desired DPDK NIC. Format should be comma separated per socket string such as:
# A Heat environment that can be used to deploy DPDK with OVS
# Deploying DPDK requires enabling hugepages for the overcloud nodes
resource_registry:
- OS::TripleO::Services::ComputeNeutronOvsAgent: ../puppet/services/neutron-ovs-dpdk-agent.yaml
+ OS::TripleO::Services::ComputeNeutronOvsDpdk: ../puppet/services/neutron-ovs-dpdk-agent.yaml
parameter_defaults:
NeutronDatapathType: "netdev"
NeutronVhostuserSocketDir: "/var/lib/vhost_sockets"
NovaSchedulerDefaultFilters: "RamFilter,ComputeFilter,AvailabilityZoneFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,NUMATopologyFilter"
- ## Deploying DPDK requires enabling hugepages for the overcloud compute nodes.
- ## It also requires enabling IOMMU when using the VFIO (vfio-pci) OvsDpdkDriverType.
- ## This can be done using ComputeKernelArgs as shown below.
- #ComputeParameters:
- #ComputeKernelArgs: "intel_iommu=on default_hugepagesz=2MB hugepagesz=2MB hugepages=2048"
+ OvsDpdkDriverType: "vfio-pci"
+
+ #ComputeOvsDpdkParameters:
+ ## Host configuration Parameters
+ #TunedProfileName: "cpu-partitioning"
+ #IsolCpusList: "" # Logical CPUs list to be isolated from the host process (applied via cpu-partitioning tuned).
+ # It is mandatory to provide isolated cpus for tuned to achive optimal performance.
+ # Example: "3-8,12-15,18"
+ #KernelArgs: "" # Space separated kernel args to configure hugepage and IOMMU.
+ # Deploying DPDK requires enabling hugepages for the overcloud compute nodes.
+ # It also requires enabling IOMMU when using the VFIO (vfio-pci) OvsDpdkDriverType.
+ # This should be done by configuring parameters via host-config-and-reboot.yaml environment file.
+
## Attempting to deploy DPDK without appropriate values for the below parameters may lead to unstable deployments
## due to CPU contention of DPDK PMD threads.
- ## It is highly recommended to to enable isolcpus (via ComputeKernelArgs) on compute overcloud nodes and set the following parameters:
+ ## It is highly recommended to to enable isolcpus (via KernelArgs) on compute overcloud nodes and set the following parameters:
#OvsDpdkSocketMemory: "" # Sets the amount of hugepage memory to assign per NUMA node.
# It is recommended to use the socket closest to the PCIe slot used for the
# desired DPDK NIC. Format should be comma separated per socket string such as:
# "<socket 0 mem MB>,<socket 1 mem MB>", for example: "1024,0".
- #OvsDpdkDriverType: "vfio-pci" # Ensure the Overcloud NIC to be used for DPDK supports this UIO/PMD driver.
#OvsPmdCoreList: "" # List or range of CPU cores for PMD threads to be pinned to. Note, NIC
# location to cores on socket, number of hyper-threaded logical cores, and
# desired number of PMD threads can all play a role in configuring this setting.
HeatMaxJsonBodySize: 2097152
IronicInspectorInterface: br-ctlplane
IronicInspectorIpRange: '192.168.24.100,192.168.24.200'
+ ZaqarMessageStore: 'swift'
+ ZaqarManagementStore: 'sqlalchemy'
--- /dev/null
+# Copyright (c) 2017 Veritas Technologies LLC.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# A Heat environment file which can be used to enable a
+# a Veritas HyperScale backend, configured via puppet
+resource_registry:
+ OS::TripleO::Services::CinderBackendVRTSHyperScale: ../../puppet/services/cinder-backend-veritas-hyperscale.yaml
--- /dev/null
+# Copyright (c) 2017 Veritas Technologies LLC.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# A Heat environment file which can be used to install
+# Veritas HyperScale packages for controller.
+resource_registry:
+ OS::TripleO::Services::VRTSHyperScale: ../../puppet/services/veritas-hyperscale-controller.yaml
+
+parameter_defaults:
+ EnablePackageInstall: true
+ VrtsRabbitPassword: ''
+ VrtsKeystonePassword: ''
+ VrtsMysqlPassword: ''
# otherwise unchanged
DeployIdentifier:
type: string
+ default: ''
+ description: >
+ Setting this to a unique value will re-run any deployment tasks which perform configuration on a Heat stack-update.
resources:
ServiceNames:
type: comma_delimited_list
default: []
- IsolCpusList:
- default: "0"
- description: List of cores to be isolated by tuned
- type: string
- constraints:
- - allowed_pattern: "[0-9,-]+"
OvsEnableDpdk:
default: false
description: Whether or not to configure enable DPDK in OVS
mem>, <socket n mem>", where the value is specified in MB. For example:
"1024,0".
type: string
- OvsDpdkDriverType:
- default: "vfio-pci"
- description: >
- DPDK Driver type. Ensure the Overcloud NIC to be used for DPDK supports
- this UIO/PMD driver.
- type: string
OvsPmdCoreList:
description: >
A list or range of CPU cores for PMD threads to be pinned to. Note, NIC
default: ''
description: Memory allocated for each socket
type: string
- NeutronDpdkDriverType:
- default: "vfio-pci"
- description: DPDK Driver type
- type: string
deployment_actions:
default: ['CREATE', 'UPDATE']
type: comma_delimited_list
conditions:
is_host_config_required: {not: {equals: [{get_param: [RoleParameters, KernelArgs]}, ""]}}
- # YAQL is enabled in conditions with https://review.openstack.org/#/c/467506/
is_dpdk_config_required:
or:
- yaql:
- expression: $.data.service_names.contains('neutron_ovs_dpdk_agent')
- data:
- service_names: {get_param: ServiceNames}
- - {get_param: OvsEnableDpdk}
- - {get_param: [RoleParameters, OvsEnableDpdk]}
+ expression: $.data.service_names.contains('neutron_ovs_dpdk_agent')
+ data:
+ service_names: {get_param: ServiceNames}
+ - {equals: [{get_param: [RoleParameters, OvsEnableDpdk]}, true]}
is_reboot_config_required:
or:
- is_host_config_required
pmd_cores_empty: {equals: [{get_param: OvsPmdCoreList}, '']}
mem_channels_empty: {equals: [{get_param: OvsDpdkMemoryChannels}, '']}
socket_mem_empty: {equals: [{get_param: OvsDpdkSocketMemory}, '']}
- driver_not_set: {equals: [{get_param: OvsDpdkDriverType}, 'vfio-pci']}
- isol_cpus_empty: {equals: [{get_param: IsolCpusList}, '0']}
deployment_actions_empty:
equals:
- {get_param: deployment_actions}
value:
map_replace:
- map_replace:
- - IsolCpusList: IsolCpusList
- OvsDpdkCoreList: OvsDpdkCoreList
+ - OvsDpdkCoreList: OvsDpdkCoreList
OvsDpdkMemoryChannels: OvsDpdkMemoryChannels
OvsDpdkSocketMemory: OvsDpdkSocketMemory
- OvsDpdkDriverType: OvsDpdkDriverType
- OvsPmdCoreList: OvsDpdkCoreList
+ OvsPmdCoreList: OvsPmdCoreList
- values: {get_param: [RoleParameters]}
- values:
- IsolCpusList: {if: [isol_cpus_empty, {get_param: HostCpusList}, {get_param: IsolCpusList}]}
OvsDpdkCoreList: {if: [l_cores_empty, {get_param: HostCpusList}, {get_param: OvsDpdkCoreList}]}
OvsDpdkMemoryChannels: {if: [mem_channels_empty, {get_param: NeutronDpdkMemoryChannels}, {get_param: OvsDpdkMemoryChannels}]}
OvsDpdkSocketMemory: {if: [socket_mem_empty, {get_param: NeutronDpdkSocketMemory}, {get_param: OvsDpdkSocketMemory}]}
- OvsDpdkDriverType: {if: [driver_not_set, {get_param: NeutronDpdkDriverType}, {get_param: OvsDpdkDriverType}]}
OvsPmdCoreList: {if: [pmd_cores_empty, {get_param: NeutronDpdkCoreList}, {get_param: OvsPmdCoreList}]}
HostParametersConfig:
name: EnableDpdkDeployment
server: {get_param: server}
config: {get_resource: EnableDpdkConfig}
- actions: ['CREATE'] # Only do this on CREATE
+ actions:
+ if:
+ - deployment_actions_empty
+ - []
+ - ['CREATE'] # Only do this on CREATE
RebootConfig:
type: OS::Heat::SoftwareConfig
{{role.name}}PostPuppetMaintenanceModeDeployment:
type: OS::Heat::SoftwareDeployments
properties:
+ name: {{role.name}}PostPuppetMaintenanceModeDeployment
servers: {get_param: [servers, {{role.name}}]}
config: {get_resource: {{role.name}}PostPuppetMaintenanceModeConfig}
input_values: {get_param: input_values}
ControllerPostPuppetRestartDeployment:
type: OS::Heat::SoftwareDeployments
properties:
+ name: ControllerPostPuppetRestartDeployment
servers: {get_param: servers}
config: {get_resource: ControllerPostPuppetRestartConfig}
input_values: {get_param: input_values}
config: {get_resource: SshHostPubKeyConfig}
server: {get_param: server}
actions: {get_param: deployment_actions}
+ name: SshHostPubKeyDeployment
outputs:
OS::TripleO::Services::NeutronOvsAgent: puppet/services/neutron-ovs-agent.yaml
OS::TripleO::Services::NeutronLinuxbridgeAgent: OS::Heat::None
OS::TripleO::Services::ComputeNeutronOvsAgent: puppet/services/neutron-ovs-agent.yaml
+ OS::TripleO::Services::ComputeNeutronOvsDpdk: OS::Heat::None
OS::TripleO::Services::Pacemaker: OS::Heat::None
OS::TripleO::Services::PacemakerRemote: OS::Heat::None
OS::TripleO::Services::NeutronSriovAgent: OS::Heat::None
OS::TripleO::Services::HAproxy: puppet/services/haproxy.yaml
OS::TripleO::Services::HAProxyPublicTLS: OS::Heat::None
OS::TripleO::Services::HAProxyInternalTLS: OS::Heat::None
+ OS::TripleO::Services::Iscsid: puppet/services/iscsid.yaml
OS::TripleO::Services::Keepalived: puppet/services/keepalived.yaml
OS::TripleO::Services::Memcached: puppet/services/memcached.yaml
OS::TripleO::Services::SaharaApi: OS::Heat::None
OS::TripleO::Services::NovaVncProxy: puppet/services/nova-vnc-proxy.yaml
OS::TripleO::Services::NovaCompute: puppet/services/nova-compute.yaml
OS::TripleO::Services::NovaLibvirt: puppet/services/nova-libvirt.yaml
+ OS::TripleO::Services::NovaMigrationTarget: puppet/services/nova-migration-target.yaml
OS::TripleO::Services::Ntp: puppet/services/time/ntp.yaml
OS::TripleO::Services::SwiftProxy: puppet/services/swift-proxy.yaml
OS::TripleO::Services::ExternalSwiftProxy: OS::Heat::None
OS::TripleO::Services::CinderBackendDellSc: OS::Heat::None
OS::TripleO::Services::CinderBackendNetApp: OS::Heat::None
OS::TripleO::Services::CinderBackendScaleIO: OS::Heat::None
+ OS::TripleO::Services::CinderBackendVRTSHyperScale: OS::Heat::None
OS::TripleO::Services::CinderHPELeftHandISCSI: OS::Heat::None
OS::TripleO::Services::Etcd: OS::Heat::None
OS::TripleO::Services::Ec2Api: OS::Heat::None
OS::TripleO::Services::CertmongerUser: OS::Heat::None
OS::TripleO::Services::Iscsid: OS::Heat::None
OS::TripleO::Services::Clustercheck: OS::Heat::None
+ OS::TripleO::Services::VRTSHyperScale: OS::Heat::None
parameter_defaults:
EnablePackageInstall: false
perform configuration on a Heat stack-update.
UpdateIdentifier:
type: string
+ default: ''
description: >
Setting to a previously unused value during stack-update will trigger
package update on all nodes
echo "$HOST_FQDN $MACS"
fi
- CollectMacDeploymentsController:
+{% for role in roles %}
+ CollectMacDeployments{{role.name}}:
type: OS::Heat::SoftwareDeployments
properties:
- name: CollectMacDeploymentsController
- servers: {get_param: [servers, Controller]}
- config: {get_resource: CollectMacConfig}
- actions: ['CREATE'] # Only do this on CREATE
-
- CollectMacDeploymentsCompute:
- type: OS::Heat::SoftwareDeployments
- properties:
- name: CollectMacDeploymentsCompute
- servers: {get_param: [servers, Compute]}
- config: {get_resource: CollectMacConfig}
- actions: ['CREATE'] # Only do this on CREATE
-
- CollectMacDeploymentsBlockStorage:
- type: OS::Heat::SoftwareDeployments
- properties:
- name: CollectMacDeploymentsBlockStorage
- servers: {get_param: [servers, BlockStorage]}
- config: {get_resource: CollectMacConfig}
- actions: ['CREATE'] # Only do this on CREATE
-
- CollectMacDeploymentsObjectStorage:
- type: OS::Heat::SoftwareDeployments
- properties:
- name: CollectMacDeploymentsObjectStorage
- servers: {get_param: [servers, ObjectStorage]}
- config: {get_resource: CollectMacConfig}
- actions: ['CREATE'] # Only do this on CREATE
-
- CollectMacDeploymentsCephStorage:
- type: OS::Heat::SoftwareDeployments
- properties:
- name: CollectMacDeploymentsCephStorage
- servers: {get_param: [servers, CephStorage]}
+ name: CollectMacDeployments{{role.name}}
+ servers: {get_param: [servers, {{role.name}}]}
config: {get_resource: CollectMacConfig}
actions: ['CREATE'] # Only do this on CREATE
+{% endfor %}
# Now we calculate the additional nexus config based on the mappings
MappingToNexusConfig:
properties:
group: script
inputs:
- - name: controller_mappings
- - name: compute_mappings
- - name: blockstorage_mappings
- - name: objectstorage_mappings
- - name: cephstorage_mappings
+ {%- for role in roles %}
+ - name: {{role.name}}_mappings
+ {%- endfor %}
- name: nexus_config
config: |
#!/bin/python
import os
from copy import deepcopy
- mappings = ['controller_mappings',
- 'compute_mappings',
- 'blockstorage_mappings',
- 'objectstorage_mappings',
- 'cephstorage_mappings',
+ mappings = [{%- for role in roles %}
+ '{{role.name}}_mappings',
+ {%- endfor %}
'nexus_config']
mapdict_list = []
nexus = {}
# FIXME(shardy): It'd be more convenient if we could join these
# items together but because the returned format is a map (not a list)
# we can't use list_join or str_replace. Possible Heat TODO.
- controller_mappings: {get_attr: [CollectMacDeploymentsController, deploy_stdouts]}
- compute_mappings: {get_attr: [CollectMacDeploymentsCompute, deploy_stdouts]}
- blockstorage_mappings: {get_attr: [CollectMacDeploymentsBlockStorage, deploy_stdouts]}
- objectstorage_mappings: {get_attr: [CollectMacDeploymentsObjectStorage, deploy_stdouts]}
- cephstorage_mappings: {get_attr: [CollectMacDeploymentsCephStorage, deploy_stdouts]}
+ {%- for role in roles %}
+ {{role.name}}_mappings: {get_attr: [CollectMacDeployments{{role.name}}, deploy_stdouts]}
+ {%- endfor %}
nexus_config: {get_param: NetworkNexusConfig}
actions: ['CREATE'] # Only do this on CREATE
type: json
UpdateIdentifier:
type: string
+ default: ''
description: >
Setting to a previously unused value during stack-update will trigger
the Upgrade resources to re-run on all roles.
{{role.name}}ArtifactsDeploy:
type: OS::Heat::StructuredDeployments
properties:
+ name: {{role.name}}ArtifactsDeploy
servers: {get_param: [servers, {{role.name}}]}
config: {get_resource: {{role.name}}ArtifactsConfig}
{{role.name}}Config:
type: OS::TripleO::{{role.name}}Config
properties:
- StepConfig: {list_join: ["\n", {get_param: [role_data, {{role.name}}, step_config]}]}
+ StepConfig: {get_param: [role_data, {{role.name}}, step_config]}
# Step through a series of configuration steps
{% for step in range(1, deploy_steps_max) %}
{%- for r in roles %}
{{r.name}}: {get_param: [role_data, {{r.name}}, merged_config_settings]}
{%- endfor %}
+ evaluate_env: false
UPDATE:
workflow: { get_resource: WorkflowTasks_Step{{step}} }
params:
{%- for r in roles %}
{{r.name}}: {get_param: [role_data, {{r.name}}, merged_config_settings]}
{%- endfor %}
+ evaluate_env: false
always_update: true
{% endfor %}
# END service_workflow_tasks handling
until: ceph_quorum_nodecheck.rc == 0
retries: {get_param: CephValidationRetries}
delay: {get_param: CephValidationDelay}
- - name: set crush tunables
+ - name: ceph osd crush tunables default
tags: step0
- shell: ceph osd crush tunables optimal
+ shell: ceph osd crush tunables default
--- /dev/null
+# Copyright (c) 2017 Veritas Technologies LLC.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+heat_template_version: ocata
+
+description: >
+ Openstack Veritas HyperScale backend
+
+parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ EndpointMap:
+ default: {}
+ type: json
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+
+outputs:
+ role_data:
+ description: Role data for the Cinder Veritas HyperScale backend.
+ value:
+ service_name: cinder_backend_veritas_hyperscale
+ config_settings:
+ tripleo::profile::base::cinder::volume::cinder_enable_vrts_hs_backend: true
+ step_config: |
+ include ::tripleo::profile::base::cinder::volume
Debug:
type: string
default: ''
+ description: Set to True to enable debugging on all services.
CongressDebug:
default: ''
description: Set to True to enable debugging Glance service.
mongodb::server::journal: false
mongodb::server::ipv6: {get_param: MongoDbIPv6}
mongodb::server::replset: {get_param: MongoDbReplset}
- # for now, we don't want to manage these services which are enabled
- # by default with recent changes in puppet-systemd.
- systemd::manage_networkd: false
- systemd::manage_resolved: false
- {get_param: [DefaultPasswords, mysql_root_password]}
mysql_clustercheck_password: {get_param: MysqlClustercheckPassword}
enable_galera: {get_param: EnableGalera}
- # for now, we don't want to manage these services which are enabled
- # by default with recent changes in puppet-systemd.
- systemd::manage_networkd: false
- systemd::manage_resolved: false
# NOTE: bind IP is found in Heat replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
Configures docker on the host
parameters:
- DockerNamespace:
- description: namespace
- default: tripleoupstream
+ DockerInsecureRegistryAddress:
+ description: Optional. The IP Address and Port of an insecure docker
+ namespace that will be configured in /etc/sysconfig/docker.
type: string
- DockerNamespaceIsRegistry:
- type: boolean
- default: false
+ default: ''
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
description: Parameters specific to the role
type: json
+conditions:
+ insecure_registry_is_empty: {equals : [{get_param: DockerInsecureRegistryAddress}, '']}
+
outputs:
role_data:
description: Role data for the docker service
value:
service_name: docker
config_settings:
- tripleo::profile::base::docker::docker_namespace: {get_param: DockerNamespace}
- tripleo::profile::base::docker::insecure_registry: {get_param: DockerNamespaceIsRegistry}
+ if:
+ - insecure_registry_is_empty
+ - {}
+ - tripleo::profile::base::docker::insecure_registry_address: {get_param: DockerInsecureRegistryAddress}
step_config: |
include ::tripleo::profile::base::docker
upgrade_tasks:
path: /var/log/ec2api/ec2api.log
EnablePackageInstall:
default: 'false'
- description: Set to true to enable package installation via Puppet
+ description: Set to true to enable package installation at deploy time
type: boolean
Ec2ApiPolicies:
description: |
heat::keystone::auth_cfn::admin_url: {get_param: [EndpointMap, HeatCfnAdmin, uri]}
heat::keystone::auth_cfn::password: {get_param: HeatPassword}
heat::keystone::auth_cfn::region: {get_param: KeystoneRegion}
+ metadata_settings:
+ get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks:
- name: Check if heat_api_cfn is deployed
command: systemctl is-enabled openstack-heat-api-cfn
- heat::wsgi::apache_api_cloudwatch::workers: {get_param: HeatWorkers}
step_config: |
include ::tripleo::profile::base::heat::api_cloudwatch
+ metadata_settings:
+ get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks:
- name: Check if heat_api_cloudwatch is deployed
command: systemctl is-enabled openstack-heat-api-cloudwatch
heat::keystone::auth::admin_url: {get_param: [EndpointMap, HeatAdmin, uri]}
heat::keystone::auth::password: {get_param: HeatPassword}
heat::keystone::auth::region: {get_param: KeystoneRegion}
+ metadata_settings:
+ get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks:
- name: Check is heat_api is deployed
command: systemctl is-enabled openstack-heat-api
--- /dev/null
+heat_template_version: pike
+
+description: >
+ Configure iscsid
+
+parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+outputs:
+ role_data:
+ description: Role data for iscsid
+ value:
+ service_name: iscsid
+ config_setting: {}
+ step_config: |
+ include ::tripleo::profile::base::iscsid
Debug:
type: string
default: ''
+ description: Set to True to enable debugging on all services.
KeystoneDebug:
default: ''
description: Set to True to enable debugging Keystone service.
to the RabbitMQ host. Set MonitoringRabbitUseSSL to true without
specifying a private key or cert chain to use SSL transport,
but not cert auth.
- type: string
+ type: boolean
MonitoringRabbitSSLPrivateKey:
default: ''
description: Private key to be used by Sensu to connect to RabbitMQ host.
Debug:
type: string
default: ''
+ description: Set to True to enable debugging on all services.
MonitoringSubscriptionNeutronL3Dvr:
default: 'overcloud-neutron-l3-dvr'
type: string
Debug:
type: string
default: ''
+ description: Set to True to enable debugging on all services.
NeutronL3AgentMode:
description: |
Agent mode for L3 agent. Must be one of legacy or dvr_snat.
default: 'datacentre:1:1000'
description: >
The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
- Neutron documentation for permitted values. Defaults to permitting any
- VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
+ Neutron documentation for permitted values. Defaults to permitting VLANs
+ 1 to 1000 on the 'datacentre' physical network (See NeutronBridgeMappings).
type: comma_delimited_list
NeutronTunnelIdRanges:
description: |
SSH key for migration.
Expects a dictionary with keys 'public_key' and 'private_key'.
Values should be identical to SSH public/private key files.
- default: {}
+ default:
+ public_key: ''
+ private_key: ''
+ MigrationSshPort:
+ default: 22
+ description: Target port for migration over ssh
+ type: number
resources:
NovaBase:
NovaPCIPassthrough: {get_param: NovaPCIPassthrough}
# we manage migration in nova common puppet profile
nova::compute::libvirt::migration_support: false
- tripleo::profile::base::nova::manage_migration: true
- tripleo::profile::base::nova::migration_ssh_key: {get_param: MigrationSshKey}
- tripleo::profile::base::nova::migration_ssh_localaddrs:
- - "%{hiera('cold_migration_ssh_inbound_addr')}"
- - "%{hiera('live_migration_ssh_inbound_addr')}"
- live_migration_ssh_inbound_addr: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
- cold_migration_ssh_inbound_addr: {get_param: [ServiceNetMap, NovaColdMigrationNetwork]}
- tripleo::profile::base::nova::nova_compute_enabled: true
+ tripleo::profile::base::nova::migration::client::nova_compute_enabled: true
+ tripleo::profile::base::nova::migration::client::ssh_private_key: {get_param: [ MigrationSshKey, private_key ]}
+ tripleo::profile::base::nova::migration::client::ssh_port: {get_param: MigrationSshPort}
nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName}
nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName}
tripleo::profile::base::nova::compute::cinder_nfs_backend: {get_param: CinderEnableNfsBackend}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ CephClientUserName:
+ default: openstack
+ type: string
+ CephClientKey:
+ description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring.
+ type: string
+ hidden: true
+ CephClusterFSID:
+ type: string
+ description: The Ceph cluster FSID. Must be a UUID.
+ CinderEnableRbdBackend:
+ default: false
+ description: Whether to enable or not the Rbd backend for Cinder
+ type: boolean
NovaComputeLibvirtType:
type: string
default: kvm
the InternalTLSCAFile parameter) is not desired. The current
default reflects TripleO's default CA, which is FreeIPA.
It will only be used if internal TLS is enabled.
+ MigrationSshKey:
+ type: json
+ description: >
+ SSH key for migration.
+ Expects a dictionary with keys 'public_key' and 'private_key'.
+ Values should be identical to SSH public/private key files.
+ default:
+ public_key: ''
+ private_key: ''
+ MigrationSshPort:
+ default: 22
+ description: Target port for migration over ssh
+ type: number
conditions:
- nova::compute::libvirt::manage_libvirt_services: false
# we manage migration in nova common puppet profile
nova::compute::libvirt::migration_support: false
- tripleo::profile::base::nova::manage_migration: true
- tripleo::profile::base::nova::libvirt_enabled: true
+ nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName}
+ nova::compute::rbd::libvirt_rbd_secret_key: {get_param: CephClientKey}
+ nova::compute::rbd::libvirt_rbd_secret_uuid: {get_param: CephClusterFSID}
+ tripleo::profile::base::nova::migration::client::libvirt_enabled: true
+ tripleo::profile::base::nova::migration::client::ssh_private_key: {get_param: [ MigrationSshKey, private_key ]}
+ tripleo::profile::base::nova::migration::client::ssh_port: {get_param: MigrationSshPort}
nova::compute::libvirt::services::libvirt_virt_type: {get_param: NovaComputeLibvirtType}
nova::compute::libvirt::libvirt_virt_type: {get_param: NovaComputeLibvirtType}
nova::compute::libvirt::libvirt_enabled_perf_events: {get_param: LibvirtEnabledPerfEvents}
nova::compute::libvirt::qemu::max_files: 32768
nova::compute::libvirt::qemu::max_processes: 131072
nova::compute::libvirt::vncserver_listen: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
+ rbd_persistent_storage: {get_param: CinderEnableRbdBackend}
tripleo.nova_libvirt.firewall_rules:
'200 nova_libvirt':
dport:
- use_tls_for_live_migration
-
generate_service_certificates: true
- tripleo::profile::base::nova::libvirt_tls: true
+ tripleo::profile::base::nova::migration::client::libvirt_tls: true
nova::migration::libvirt::live_migration_inbound_addr:
str_replace:
template:
--- /dev/null
+heat_template_version: ocata
+
+description: >
+ OpenStack Nova migration target configured with Puppet
+
+parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MigrationSshKey:
+ type: json
+ description: >
+ SSH key for migration.
+ Expects a dictionary with keys 'public_key' and 'private_key'.
+ Values should be identical to SSH public/private key files.
+ default:
+ public_key: ''
+ private_key: ''
+
+outputs:
+ role_data:
+ description: Role data for the Nova migration target service.
+ value:
+ service_name: nova_migration_target
+ config_settings:
+ tripleo::profile::base::nova::migration::target::ssh_authorized_keys:
+ - {get_param: [ MigrationSshKey, public_key ]}
+ tripleo::profile::base::nova::migration::target::ssh_localaddrs:
+ - "%{hiera('cold_migration_ssh_inbound_addr')}"
+ - "%{hiera('live_migration_ssh_inbound_addr')}"
+ live_migration_ssh_inbound_addr: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
+ cold_migration_ssh_inbound_addr: {get_param: [ServiceNetMap, NovaColdMigrationNetwork]}
+ step_config: |
+ include tripleo::profile::base::nova::migration::target
default: {}
description: Parameters specific to the role
type: json
+ OpenDaylightManageRepositories:
+ description: Whether to manage the OpenDaylight repository
+ type: boolean
+ default: false
outputs:
role_data:
opendaylight::enable_dhcp: {get_param: OpenDaylightEnableDHCP}
opendaylight::odl_bind_ip: {get_param: [ServiceNetMap, OpendaylightApiNetwork]}
opendaylight::nb_connection_protocol: {get_param: OpenDaylightConnectionProtocol}
+ opendaylight::manage_repositories: {get_param: OpenDaylightManageRepositories}
tripleo.opendaylight_api.firewall_rules:
'137 opendaylight api':
dport:
- opendaylight::odl_rest_port: {get_param: OpenDaylightPort}
opendaylight::username: {get_param: OpenDaylightUsername}
opendaylight::password: {get_param: OpenDaylightPassword}
+ neutron::plugins::ovs::opendaylight::odl_username: {get_param: OpenDaylightUsername}
+ neutron::plugins::ovs::opendaylight::odl_password: {get_param: OpenDaylightPassword}
opendaylight_check_url: {get_param: OpenDaylightCheckURL}
opendaylight::nb_connection_protocol: {get_param: OpenDaylightConnectionProtocol}
neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
description: Whether to deploy a LoadBalancer on the Controller
type: boolean
- PacemakerResources:
- type: comma_delimited_list
- description: List of resources managed by pacemaker
- default: ['rabbitmq', 'galera']
-
outputs:
role_data:
description: Role data for the Pacemaker role.
async: 30
poll: 4
- name: Stop pacemaker cluster
- tags: step2
+ tags: step3
pacemaker_cluster: state=offline
- name: Start pacemaker cluster
tags: step4
pacemaker_cluster: state=online
- - name: Check pacemaker resource
- tags: step4
- pacemaker_is_active:
- resource: "{{ item }}"
- max_wait: 500
- with_items: {get_param: PacemakerResources}
- - name: Check pacemaker haproxy resource
- tags: step4
- pacemaker_is_active:
- resource: haproxy
- max_wait: 500
- when: {get_param: EnableLoadBalancer}
NODE_PORT: ''
NODE_IP_ADDRESS: ''
RABBITMQ_NODENAME: "rabbit@%{::hostname}"
- RABBITMQ_SERVER_ERL_ARGS: '"+K true +P 1048576 -kernel inet_default_connect_options [{nodelay,true},{raw,6,18,<<5000:64/native>>}] -kernel inet_default_listen_options [{raw,6,18,<<5000:64/native>>}]"'
+ RABBITMQ_SERVER_ERL_ARGS: '"+K true +P 1048576 -kernel inet_default_connect_options [{nodelay,true},{raw,6,18,<<15000:64/native>>}] -kernel inet_default_listen_options [{raw,6,18,<<15000:64/native>>}]"'
'export ERL_EPMD_ADDRESS': "%{hiera('rabbitmq::interface')}"
rabbitmq_kernel_variables:
inet_dist_listen_min: '25672'
Debug:
type: string
default: ''
+ description: Set to True to enable debugging on all services.
TackerDebug:
default: ''
description: Set to True to enable debugging Tacker service.
type: json
EnablePackageInstall:
default: 'false'
- description: Set to true to enable package installation via Puppet
+ description: Set to true to enable package installation at deploy time
type: boolean
outputs:
--- /dev/null
+# Copyright (c) 2017 Veritas Technologies LLC.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+heat_template_version: ocata
+
+description: >
+ Openstack Veritas HyperScale backend
+
+parameters:
+ VrtsRabbitPassword:
+ type: string
+ default: ''
+ VrtsKeystonePassword:
+ type: string
+ default: ''
+ VrtsMysqlPassword:
+ type: string
+ default: ''
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ EndpointMap:
+ default: {}
+ type: json
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+
+outputs:
+ role_data:
+ description: Install Veritas HyperScale packages for controller.
+ value:
+ service_name: veritas_hyperscale_controller
+ config_settings:
+ step_config: |
+ include ::veritas_hyperscale::controller_pkg_inst
+ service_config_settings:
+ rabbitmq:
+ vrts_rabbitmq_passwd: {get_param: VrtsRabbitPassword}
+ keystone:
+ vrts_keystone_passwd: {get_param: VrtsKeystonePassword}
+ mysql:
+ vrts_mysql_passwd: {get_param: VrtsMysqlPassword}
type: string
description: Set the number of workers for zaqar::wsgi::apache
default: '%{::os_workers}'
+ ZaqarMessageStore:
+ type: string
+ description: The messaging store for Zaqar
+ default: mongodb
+ ZaqarManagementStore:
+ type: string
+ description: The management store for Zaqar
+ default: mongodb
EnableInternalTLS:
type: boolean
default: false
conditions:
zaqar_workers_zero: {equals : [{get_param: ZaqarWorkers}, 0]}
service_debug_unset: {equals : [{get_param: ZaqarDebug}, '']}
+ zaqar_messaging_store_swift: {equals : [{get_param: ZaqarMessageStore}, 'swift']}
+ zaqar_management_store_sqlalchemy: {equals : [{get_param: ZaqarManagementStore}, 'sqlalchemy']}
resources:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
+ zaqar::message_store: {get_param: ZaqarMessageStore}
+ zaqar::management_store: {get_param: ZaqarManagementStore}
+ -
+ if:
+ - zaqar_messaging_store_swift
+ -
+ zaqar::messaging::swift::uri:
+ list_join:
+ - ''
+ - ['swift://zaqar:', {get_param: ZaqarPassword}, '@/service']
+ zaqar::messaging::swift::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
+ tripleo::profile::base::zaqar::messaging_store: 'swift'
+ - {}
+ -
+ if:
+ - zaqar_management_store_sqlalchemy
+ -
+ tripleo::profile::base::zaqar::management_store: 'sqlalchemy'
+ zaqar::management::sqlalchemy::uri:
+ make_url:
+ scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
+ username: zaqar
+ password: {get_param: ZaqarPassword}
+ host: {get_param: [EndpointMap, MysqlInternal, host]}
+ path: /zaqar
+ query:
+ read_default_file: /etc/my.cnf.d/tripleo.cnf
+ read_default_group: tripleo
+ - {}
-
if:
- zaqar_workers_zero
- {}
- zaqar::wsgi::apache::workers: {get_param: ZaqarWorkers}
service_config_settings:
- keystone:
- zaqar::keystone::auth::password: {get_param: ZaqarPassword}
- zaqar::keystone::auth::public_url: {get_param: [EndpointMap, ZaqarPublic, uri]}
- zaqar::keystone::auth::admin_url: {get_param: [EndpointMap, ZaqarAdmin, uri]}
- zaqar::keystone::auth::internal_url: {get_param: [EndpointMap, ZaqarInternal, uri]}
- zaqar::keystone::auth::region: {get_param: KeystoneRegion}
- zaqar::keystone::auth::tenant: 'service'
- zaqar::keystone::auth_websocket::password: {get_param: ZaqarPassword}
- zaqar::keystone::auth_websocket::public_url: {get_param: [EndpointMap, ZaqarWebSocketPublic, uri]}
- zaqar::keystone::auth_websocket::admin_url: {get_param: [EndpointMap, ZaqarWebSocketAdmin, uri]}
- zaqar::keystone::auth_websocket::internal_url: {get_param: [EndpointMap, ZaqarWebSocketInternal, uri]}
- zaqar::keystone::auth_websocket::region: {get_param: KeystoneRegion}
- zaqar::keystone::auth_websocket::tenant: 'service'
-
+ map_merge:
+ - keystone:
+ zaqar::keystone::auth::password: {get_param: ZaqarPassword}
+ zaqar::keystone::auth::public_url: {get_param: [EndpointMap, ZaqarPublic, uri]}
+ zaqar::keystone::auth::admin_url: {get_param: [EndpointMap, ZaqarAdmin, uri]}
+ zaqar::keystone::auth::internal_url: {get_param: [EndpointMap, ZaqarInternal, uri]}
+ zaqar::keystone::auth::region: {get_param: KeystoneRegion}
+ zaqar::keystone::auth::tenant: 'service'
+ zaqar::keystone::auth_websocket::password: {get_param: ZaqarPassword}
+ zaqar::keystone::auth_websocket::public_url: {get_param: [EndpointMap, ZaqarWebSocketPublic, uri]}
+ zaqar::keystone::auth_websocket::admin_url: {get_param: [EndpointMap, ZaqarWebSocketAdmin, uri]}
+ zaqar::keystone::auth_websocket::internal_url: {get_param: [EndpointMap, ZaqarWebSocketInternal, uri]}
+ zaqar::keystone::auth_websocket::region: {get_param: KeystoneRegion}
+ zaqar::keystone::auth_websocket::tenant: 'service'
+ -
+ if:
+ - zaqar_management_store_sqlalchemy
+ - mysql:
+ zaqar::db::mysql::user: zaqar
+ zaqar::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
+ zaqar::db::mysql::dbname: zaqar
+ zaqar::db::mysql::password: {get_param: ZaqarPassword}
+ zaqar::db::mysql::allowed_hosts:
+ - '%'
+ - "%{hiera('mysql_bind_host')}"
+ - {}
step_config: |
include ::tripleo::profile::base::zaqar
upgrade_tasks:
--- /dev/null
+---
+deprecations:
+ - Deprecate and remove configuring clustering for
+ OpenDaylight container using an exec.
+ Configuration is now handled via puppet-opendaylight
+ using file resources.
--- /dev/null
+---
+features:
+ - Add support for Veritas HyperScale Cinder backend.
--- /dev/null
+---
+features:
+ - A new role ComputeOvsDpdk has been added to enable dynamic roles_data
+ creation with OVS-DPDK role.
--- /dev/null
+---
+fixes:
+ - Fixing an issue where a custom password for the
+ OpenDaylight controller caused the TripleO deployment
+ to fail
--- /dev/null
+---
+fixes:
+ - |
+ Adding the ability to disable the OpenDaylight upstream repository.
+ Introducing the OpenDaylightManageRepositories parameter.
+++ /dev/null
----
-fixes:
- - |
- Latest commits in puppet-systemd enabled by default systemd-networkd and
- systemd-resolved but we don't want to manage them for now in TripleO.
- MySQL and MongoDB services were managing some systemd resources so now
- we ensure that these 2 systemd services are disabled. In the future, we
- might want and activate these services and revert that patch but for now
- we want to disable them.
--- /dev/null
+---
+features:
+ - |
+ Add Heat parameters which allow the end user to configure custom
+ management and messaging backends for MySQL and Swift.
--- /dev/null
+---
+features:
+ - |
+ Update undercloud default Heat parameters so we use the Zaqar swift/mysql
+ backends. This allows us to drop MongoDB from the undercloud.
# built documents.
#
# The full version, including alpha/beta/rc tags.
-release = '7.0.0.0b2'
+release = '7.0.0.0b3'
# The short X.Y version.
version = '7.0.0'
- OS::TripleO::Services::BlockStorageCinderVolume
- OS::TripleO::Services::CACerts
- OS::TripleO::Services::CertmongerUser
+ - OS::TripleO::Services::CinderBackendVRTSHyperScale
- OS::TripleO::Services::Collectd
- OS::TripleO::Services::Docker
- OS::TripleO::Services::FluentdClient
- OS::TripleO::Services::NeutronVppAgent
- OS::TripleO::Services::NovaCompute
- OS::TripleO::Services::NovaLibvirt
+ - OS::TripleO::Services::NovaMigrationTarget
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::OpenDaylightOvs
- OS::TripleO::Services::Securetty
- OS::TripleO::Services::NeutronVppAgent
- OS::TripleO::Services::NovaCompute
- OS::TripleO::Services::NovaLibvirt
+ - OS::TripleO::Services::NovaMigrationTarget
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::OpenDaylightOvs
- OS::TripleO::Services::Securetty
--- /dev/null
+###############################################################################
+# Role: ComputeOvsDpdk #
+###############################################################################
+- name: ComputeOvsDpdk
+ description: |
+ Compute OvS DPDK Role
+ CountDefault: 1
+ networks:
+ - InternalApi
+ - Tenant
+ - Storage
+ HostnameFormatDefault: '%stackname%-computeovsdpdk-%index%'
+ disable_upgrade_deployment: True
+ ServicesDefault:
+ - OS::TripleO::Services::AuditD
+ - OS::TripleO::Services::CACerts
+ - OS::TripleO::Services::CephClient
+ - OS::TripleO::Services::CephExternal
+ - OS::TripleO::Services::CertmongerUser
+ - OS::TripleO::Services::Collectd
+ - OS::TripleO::Services::ComputeCeilometerAgent
+ - OS::TripleO::Services::ComputeNeutronCorePlugin
+ - OS::TripleO::Services::ComputeNeutronL3Agent
+ - OS::TripleO::Services::ComputeNeutronMetadataAgent
+ - OS::TripleO::Services::ComputeNeutronOvsDpdk
+ - OS::TripleO::Services::Docker
+ - OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::Iscsid
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::MySQLClient
+ - OS::TripleO::Services::NovaCompute
+ - OS::TripleO::Services::NovaLibvirt
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::OpenDaylightOvs
+ - OS::TripleO::Services::Securetty
+ - OS::TripleO::Services::SensuClient
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Sshd
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::CinderBackendDellSc
- OS::TripleO::Services::CinderBackendNetApp
- OS::TripleO::Services::CinderBackendScaleIO
+ - OS::TripleO::Services::CinderBackendVRTSHyperScale
- OS::TripleO::Services::CinderBackup
- OS::TripleO::Services::CinderHPELeftHandISCSI
- OS::TripleO::Services::CinderScheduler
- OS::TripleO::Services::Horizon
- OS::TripleO::Services::IronicApi
- OS::TripleO::Services::IronicConductor
+ - OS::TripleO::Services::Iscsid
- OS::TripleO::Services::Keepalived
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Keystone
BlockStorage
CephStorage
Compute
+ ComputeOvsDpdk
Controller
ControllerOpenstack
Database
* OS::TripleO::Services::ComputeNeutronOvsAgent
* OS::TripleO::Services::Docker
* OS::TripleO::Services::FluentdClient
+ * OS::TripleO::Services::Iscsid
* OS::TripleO::Services::Kernel
* OS::TripleO::Services::MySQLClient
* OS::TripleO::Services::NeutronSriovAgent
* OS::TripleO::Services::NeutronVppAgent
* OS::TripleO::Services::NovaCompute
* OS::TripleO::Services::NovaLibvirt
+ * OS::TripleO::Services::NovaMigrationTarget
* OS::TripleO::Services::Ntp
* OS::TripleO::Services::OpenDaylightOvs
* OS::TripleO::Services::Securetty
- OS::TripleO::Services::MistralApi
- OS::TripleO::Services::MistralEngine
- OS::TripleO::Services::MistralExecutor
- - OS::TripleO::Services::MongoDb
- OS::TripleO::Services::MySQL
- OS::TripleO::Services::NeutronApi
- OS::TripleO::Services::NeutronCorePlugin
- OS::TripleO::Services::CinderBackendDellSc
- OS::TripleO::Services::CinderBackendNetApp
- OS::TripleO::Services::CinderBackendScaleIO
+ - OS::TripleO::Services::CinderBackendVRTSHyperScale
- OS::TripleO::Services::CinderBackup
- OS::TripleO::Services::CinderHPELeftHandISCSI
- OS::TripleO::Services::CinderScheduler
- OS::TripleO::Services::NeutronVppAgent
- OS::TripleO::Services::NovaCompute
- OS::TripleO::Services::NovaLibvirt
+ - OS::TripleO::Services::NovaMigrationTarget
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::OpenDaylightOvs
- OS::TripleO::Services::Securetty
- OS::TripleO::Services::BlockStorageCinderVolume
- OS::TripleO::Services::CACerts
- OS::TripleO::Services::CertmongerUser
+ - OS::TripleO::Services::CinderBackendVRTSHyperScale
- OS::TripleO::Services::Collectd
- OS::TripleO::Services::Docker
- OS::TripleO::Services::FluentdClient
- OS::TripleO::Services::MistralApi
- OS::TripleO::Services::MistralEngine
- OS::TripleO::Services::MistralExecutor
- - OS::TripleO::Services::MongoDb
- OS::TripleO::Services::MySQL
- OS::TripleO::Services::NeutronApi
- OS::TripleO::Services::NeutronCorePlugin
# The order of packages is significant, because pip processes them in the order
# of appearance. Changing the order has an impact on the overall integration
# process, which may cause wedges in the gate later.
-openstackdocstheme>=1.11.0 # Apache-2.0
+openstackdocstheme>=1.11.0 # Apache-2.0
PyYAML>=3.10.0 # MIT
Jinja2!=2.9.0,!=2.9.1,!=2.9.2,!=2.9.3,!=2.9.4,>=2.8 # BSD License (3 clause)
six>=1.9.0 # MIT
'ExternalAllocationPools': ['default'],
'StorageNetCidr': ['default'],
'StorageAllocationPools': ['default'],
- 'StorageMgmtNetCidr': ['default'],
+ 'StorageMgmtNetCidr': ['default',
+ # FIXME
+ 'description'],
'StorageMgmtAllocationPools': ['default'],
+ 'TenantNetCidr': ['default'],
+ 'TenantAllocationPools': ['default'],
+ 'InternalApiNetCidr': ['default'],
+ 'UpdateIdentifier': ['description'],
+ # TODO(bnemec): Address these existing
+ # inconsistencies.
+ 'NeutronMetadataProxySharedSecret': [
+ 'description', 'hidden'],
+ 'ServiceNetMap': ['description', 'default'],
+ 'RedisPassword': ['description'],
+ 'EC2MetadataIp': ['default'],
+ 'network': ['default'],
+ 'ControlPlaneIP': ['default',
+ 'description'],
+ 'ControlPlaneIp': ['default',
+ 'description'],
+ 'NeutronBigswitchLLDPEnabled': ['default'],
+ 'NeutronEnableL2Pop': ['description'],
+ 'NeutronWorkers': ['description'],
+ 'TenantIpSubnet': ['description'],
+ 'ExternalNetName': ['description'],
+ 'AdminToken': ['description'],
+ 'ControlPlaneDefaultRoute': ['default'],
+ 'StorageMgmtNetName': ['description'],
+ 'ServerMetadata': ['description'],
+ 'InternalApiIpUri': ['description'],
+ 'UpgradeLevelNovaCompute': ['default'],
+ 'StorageMgmtIpUri': ['description'],
+ 'server': ['description'],
+ 'servers': ['description'],
+ 'FixedIPs': ['description'],
+ 'ExternalIpSubnet': ['description'],
+ 'NeutronBridgeMappings': ['description'],
+ 'ExtraConfig': ['description'],
+ 'InternalApiIpSubnet': ['description'],
+ 'DefaultPasswords': ['description',
+ 'default'],
+ 'BondInterfaceOvsOptions': ['description',
+ 'default',
+ 'constraints'],
+ 'KeyName': ['constraints'],
+ 'TenantNetName': ['description'],
+ 'StorageIpSubnet': ['description'],
+ 'OVNSouthboundServerPort': ['description'],
+ 'ExternalInterfaceDefaultRoute':
+ ['description', 'default'],
+ 'ExternalIpUri': ['description'],
+ 'IPPool': ['description'],
+ 'ControlPlaneNetwork': ['description'],
+ 'SSLCertificate': ['description',
+ 'default',
+ 'hidden'],
+ 'HostCpusList': ['default', 'constraints'],
+ 'InternalApiAllocationPools': ['default'],
+ 'NodeIndex': ['description'],
+ 'SwiftPassword': ['description'],
+ 'name': ['description', 'default'],
+ 'StorageNetName': ['description'],
+ 'ManagementNetName': ['description'],
+ 'NeutronPublicInterface': ['description'],
+ 'RoleParameters': ['description'],
+ 'AdminPassword': ['description', 'hidden'],
+ 'ManagementInterfaceDefaultRoute':
+ ['default'],
+ 'NovaPassword': ['description'],
+ 'image': ['description', 'default'],
+ 'NeutronBigswitchAgentEnabled': ['default'],
+ 'EndpointMap': ['description', 'default'],
+ 'DockerManilaConfigImage': ['description',
+ 'default'],
+ 'NetworkName': ['default', 'description'],
+ 'StorageIpUri': ['description'],
+ 'InternalApiNetName': ['description'],
+ 'NeutronTunnelTypes': ['description'],
+ 'replacement_policy': ['default'],
+ 'StorageMgmtIpSubnet': ['description'],
+ 'CloudDomain': ['description', 'default'],
+ 'key_name': ['default', 'description'],
+ 'EnableLoadBalancer': ['description'],
+ 'ControllerExtraConfig': ['description'],
+ 'NovaComputeExtraConfig': ['description'],
+ 'controllerExtraConfig': ['description'],
+ 'DockerSwiftConfigImage': ['default'],
}
PREFERRED_CAMEL_CASE = {
if 'docker_config' in role_data:
docker_config = role_data['docker_config']
for _, step in docker_config.items():
+ if not isinstance(step, dict):
+ # NOTE(mandre) this skips everything that is not a dict
+ # so we may ignore some containers definitions if they
+ # are in a map_merge for example
+ continue
for _, container in step.items():
if not isinstance(container, dict):
- # NOTE(mandre) this skips everything that is not a dict
- # so we may ignore some containers definitions if they
- # are in a map_merge for example
continue
command = container.get('command', '')
if isinstance(command, list):
# If all items in the list are not == the first, then the check fails
if check_data.count(check_data[0]) != len(check_data):
mismatch_count += 1
- # TODO(bnemec): Make this a hard failure once all the templates have
- # been fixed.
- #exit_val |= 1
- #failed_files.extend([d['filename'] for d in defs])
+ exit_val |= 1
+ failed_files.extend([d['filename'] for d in defs])
print('Mismatched parameter definitions found for "%s"' % p)
print('Definitions found:')
for d in defs:
Code Review / apex-tripleo-heat-templates.git / commitdiff