Merge "Containerize HAProxy for the non-ha case"
authorJenkins <jenkins@review.openstack.org>
Tue, 6 Jun 2017 18:37:29 +0000 (18:37 +0000)
committerGerrit Code Review <review@openstack.org>
Tue, 6 Jun 2017 18:37:29 +0000 (18:37 +0000)
515 files changed:
README.rst
all-nodes-validation.yaml
bootstrap-config.yaml
capabilities-map.yaml
ci/common/net-config-multinode-os-net-config.yaml
ci/common/net-config-multinode.yaml
ci/environments/multinode-3nodes.yaml
ci/environments/multinode-container-upgrade.yaml
ci/environments/multinode-containers.yaml [new file with mode: 0644]
ci/environments/multinode-core.yaml
ci/environments/multinode.yaml
ci/environments/multinode_major_upgrade.yaml
ci/environments/scenario001-multinode.yaml
ci/environments/scenario002-multinode.yaml
ci/environments/scenario003-multinode.yaml
ci/environments/scenario004-multinode.yaml
ci/pingtests/scenario001-multinode.yaml
ci/pingtests/scenario002-multinode.yaml
ci/pingtests/scenario003-multinode.yaml
ci/pingtests/scenario004-multinode.yaml
ci/pingtests/tenantvm_floatingip.yaml
default_passwords.yaml
deployed-server/ctlplane-port.yaml
deployed-server/deployed-neutron-port.yaml
deployed-server/deployed-server-bootstrap-centos.yaml
deployed-server/deployed-server-bootstrap-rhel.yaml
deployed-server/deployed-server.yaml
deployed-server/scripts/get-occ-config.sh
docker/create-config-dir.sh [deleted file]
docker/docker-puppet.py
docker/docker-steps.j2
docker/firstboot/setup_docker_host.yaml
docker/services/aodh-api.yaml
docker/services/aodh-evaluator.yaml
docker/services/aodh-listener.yaml
docker/services/aodh-notifier.yaml
docker/services/ceilometer-agent-central.yaml [new file with mode: 0644]
docker/services/ceilometer-agent-compute.yaml [new file with mode: 0644]
docker/services/ceilometer-agent-notification.yaml [new file with mode: 0644]
docker/services/containers-common.yaml
docker/services/database/mongodb.yaml
docker/services/database/mysql.yaml
docker/services/database/redis.yaml [new file with mode: 0644]
docker/services/etcd.yaml [new file with mode: 0644]
docker/services/glance-api.yaml
docker/services/gnocchi-api.yaml
docker/services/gnocchi-metricd.yaml
docker/services/gnocchi-statsd.yaml
docker/services/heat-api-cfn.yaml
docker/services/heat-api.yaml
docker/services/heat-engine.yaml
docker/services/ironic-api.yaml
docker/services/ironic-conductor.yaml
docker/services/ironic-pxe.yaml
docker/services/keystone.yaml
docker/services/memcached.yaml
docker/services/mistral-api.yaml
docker/services/mistral-engine.yaml
docker/services/mistral-executor.yaml
docker/services/neutron-api.yaml
docker/services/neutron-dhcp.yaml
docker/services/neutron-l3.yaml
docker/services/neutron-metadata.yaml [new file with mode: 0644]
docker/services/neutron-ovs-agent.yaml
docker/services/neutron-plugin-ml2.yaml
docker/services/nova-api.yaml
docker/services/nova-compute.yaml
docker/services/nova-conductor.yaml
docker/services/nova-ironic.yaml
docker/services/nova-libvirt.yaml
docker/services/nova-metadata.yaml
docker/services/nova-placement.yaml
docker/services/nova-scheduler.yaml
docker/services/pacemaker/clustercheck.yaml [new file with mode: 0644]
docker/services/pacemaker/database/mysql.yaml [new file with mode: 0644]
docker/services/pacemaker/database/redis.yaml [new file with mode: 0644]
docker/services/pacemaker/haproxy.yaml [new file with mode: 0644]
docker/services/pacemaker/rabbitmq.yaml [new file with mode: 0644]
docker/services/panko-api.yaml
docker/services/rabbitmq.yaml
docker/services/services.yaml
docker/services/swift-proxy.yaml
docker/services/swift-ringbuilder.yaml
docker/services/swift-storage.yaml
docker/services/zaqar.yaml
environments/cinder-dellsc-config.yaml
environments/cinder-pure-config.yaml [new file with mode: 0644]
environments/collectd-environment.yaml
environments/contrail/contrail-nic-config-compute.yaml
environments/deployed-server-pacemaker-environment.yaml
environments/disable-telemetry.yaml [new file with mode: 0644]
environments/docker-services-tls-everywhere.yaml
environments/docker.yaml
environments/external-loadbalancer-vip-v6.yaml
environments/external-loadbalancer-vip.yaml
environments/fixed-ip-vips-v6.yaml [new file with mode: 0644]
environments/fixed-ip-vips.yaml [new file with mode: 0644]
environments/hyperconverged-ceph.yaml
environments/low-memory-usage.yaml
environments/major-upgrade-aodh-migration.yaml [deleted file]
environments/major-upgrade-ceilometer-wsgi-mitaka-newton.yaml [deleted file]
environments/major-upgrade-composable-steps-docker.yaml
environments/major-upgrade-composable-steps.yaml
environments/major-upgrade-converge-docker.yaml
environments/major-upgrade-converge.yaml
environments/major-upgrade-pacemaker-converge.yaml [deleted file]
environments/major-upgrade-pacemaker-init.yaml [deleted file]
environments/major-upgrade-pacemaker.yaml [deleted file]
environments/major-upgrade-remove-sahara.yaml [deleted file]
environments/manila-cephfsnative-config.yaml
environments/neutron-bgpvpn-opendaylight.yaml [new file with mode: 0644]
environments/neutron-l2gw-opendaylight.yaml [new file with mode: 0644]
environments/neutron-l2gw.yaml [moved from environments/neutron-l2gw-api.yaml with 54% similarity]
environments/neutron-linuxbridge.yaml [new file with mode: 0644]
environments/neutron-ml2-cisco-nexus-ucsm.yaml
environments/neutron-ml2-vpp.yaml [new file with mode: 0644]
environments/neutron-nsx.yaml [new file with mode: 0644]
environments/neutron-ovs-dpdk.yaml
environments/puppet-ceph-devel.yaml
environments/puppet-pacemaker.yaml
environments/services-docker/etcd.yaml [new file with mode: 0644]
environments/services-docker/undercloud-aodh.yaml [new file with mode: 0644]
environments/services-docker/undercloud-ceilometer.yaml [new file with mode: 0644]
environments/services-docker/undercloud-gnocchi.yaml [new file with mode: 0644]
environments/services-docker/undercloud-panko.yaml [new file with mode: 0644]
environments/services-docker/zaqar.yaml
environments/services/ceilometer-collector.yaml [new file with mode: 0644]
environments/services/ceilometer-expirer.yaml [new file with mode: 0644]
environments/services/ironic.yaml
environments/services/zaqar.yaml
environments/sshd-banner.yaml
environments/tls-endpoints-public-dns.yaml
environments/tls-endpoints-public-ip.yaml
environments/tls-everywhere-endpoints-dns.yaml
environments/undercloud.yaml
extraconfig/all_nodes/mac_hostname.j2.yaml
extraconfig/all_nodes/random_string.j2.yaml
extraconfig/all_nodes/swap-partition.j2.yaml
extraconfig/all_nodes/swap.j2.yaml
extraconfig/nova_metadata/krb-service-principals.yaml
extraconfig/post_deploy/default.yaml
extraconfig/post_deploy/example.yaml
extraconfig/post_deploy/example_run_on_update.yaml
extraconfig/post_deploy/undercloud_post.yaml
extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml
extraconfig/pre_network/config_then_reboot.yaml
extraconfig/pre_network/host_config_and_reboot.role.j2.yaml
extraconfig/tasks/pacemaker_common_functions.sh
extraconfig/tasks/post_puppet_pacemaker.j2.yaml [moved from extraconfig/tasks/post_puppet_pacemaker.yaml with 53% similarity]
extraconfig/tasks/post_puppet_pacemaker_restart.yaml
extraconfig/tasks/pre_puppet_pacemaker.yaml
extraconfig/tasks/run_puppet.sh
extraconfig/tasks/ssh/host_public_key.yaml
extraconfig/tasks/ssh/known_hosts_config.yaml
extraconfig/tasks/tripleo_upgrade_node.sh
extraconfig/tasks/yum_update.sh
extraconfig/tasks/yum_update.yaml
extraconfig/tasks/yum_update_noop.yaml
firstboot/install_vrouter_kmod.yaml
firstboot/os-net-config-mappings.yaml
firstboot/userdata_default.yaml
firstboot/userdata_dev_rsync.yaml
firstboot/userdata_example.yaml
firstboot/userdata_heat_admin.yaml
firstboot/userdata_root_password.yaml
hosts-config.yaml
net-config-bond.yaml
net-config-bridge.yaml
net-config-linux-bridge.yaml
net-config-noop.yaml
net-config-static-bridge-with-external-dhcp.yaml
net-config-static-bridge.yaml
net-config-static.yaml
net-config-undercloud.yaml
network/config/bond-with-vlans/ceph-storage.yaml
network/config/bond-with-vlans/cinder-storage.yaml
network/config/bond-with-vlans/compute-dpdk.yaml
network/config/bond-with-vlans/compute.yaml
network/config/bond-with-vlans/controller-no-external.yaml
network/config/bond-with-vlans/controller-v6.yaml
network/config/bond-with-vlans/controller.yaml
network/config/bond-with-vlans/swift-storage.yaml
network/config/multiple-nics/ceph-storage.yaml
network/config/multiple-nics/cinder-storage.yaml
network/config/multiple-nics/compute-dvr.yaml
network/config/multiple-nics/compute.yaml
network/config/multiple-nics/controller-v6.yaml
network/config/multiple-nics/controller.yaml
network/config/multiple-nics/swift-storage.yaml
network/config/single-nic-linux-bridge-vlans/ceph-storage.yaml
network/config/single-nic-linux-bridge-vlans/cinder-storage.yaml
network/config/single-nic-linux-bridge-vlans/compute.yaml
network/config/single-nic-linux-bridge-vlans/controller-v6.yaml
network/config/single-nic-linux-bridge-vlans/controller.yaml
network/config/single-nic-linux-bridge-vlans/swift-storage.yaml
network/config/single-nic-vlans/ceph-storage.yaml
network/config/single-nic-vlans/cinder-storage.yaml
network/config/single-nic-vlans/compute.yaml
network/config/single-nic-vlans/controller-no-external.yaml
network/config/single-nic-vlans/controller-v6.yaml
network/config/single-nic-vlans/controller.yaml
network/config/single-nic-vlans/swift-storage.yaml
network/endpoints/build_endpoint_map.py
network/endpoints/endpoint_data.yaml
network/endpoints/endpoint_map.yaml
network/external.yaml
network/external_v6.yaml
network/internal_api.yaml
network/internal_api_v6.yaml
network/management.yaml
network/management_v6.yaml
network/networks.j2.yaml [new file with mode: 0644]
network/networks.yaml [deleted file]
network/ports/ctlplane_vip.yaml
network/ports/external.yaml
network/ports/external_from_pool.yaml
network/ports/external_from_pool_v6.yaml
network/ports/external_v6.yaml
network/ports/from_service.yaml
network/ports/from_service_v6.yaml
network/ports/internal_api.yaml
network/ports/internal_api_from_pool.yaml
network/ports/internal_api_from_pool_v6.yaml
network/ports/internal_api_v6.yaml
network/ports/management.yaml
network/ports/management_from_pool.yaml
network/ports/management_from_pool_v6.yaml
network/ports/management_v6.yaml
network/ports/net_ip_list_map.yaml
network/ports/net_ip_map.yaml
network/ports/net_vip_map_external.yaml
network/ports/net_vip_map_external_v6.yaml
network/ports/noop.yaml
network/ports/storage.yaml
network/ports/storage_from_pool.yaml
network/ports/storage_from_pool_v6.yaml
network/ports/storage_mgmt.yaml
network/ports/storage_mgmt_from_pool.yaml
network/ports/storage_mgmt_from_pool_v6.yaml
network/ports/storage_mgmt_v6.yaml
network/ports/storage_v6.yaml
network/ports/tenant.yaml
network/ports/tenant_from_pool.yaml
network/ports/tenant_from_pool_v6.yaml
network/ports/tenant_v6.yaml
network/ports/vip.yaml
network/ports/vip_v6.yaml
network/service_net_map.j2.yaml
network/storage.yaml
network/storage_mgmt.yaml
network/storage_mgmt_v6.yaml
network/storage_v6.yaml
network/tenant.yaml
network/tenant_v6.yaml
network_data.yaml [new file with mode: 0644]
overcloud-resource-registry-puppet.j2.yaml
overcloud.j2.yaml
puppet/all-nodes-config.yaml
puppet/blockstorage-role.yaml
puppet/cephstorage-role.yaml
puppet/compute-role.yaml
puppet/config.role.j2.yaml
puppet/controller-role.yaml
puppet/deploy-artifacts.yaml
puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml
puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml
puppet/extraconfig/pre_deploy/compute/neutron-ml2-bigswitch.yaml
puppet/extraconfig/pre_deploy/compute/nova-nuage.yaml
puppet/extraconfig/pre_deploy/controller/multiple.yaml
puppet/extraconfig/pre_deploy/controller/neutron-ml2-bigswitch.yaml
puppet/extraconfig/pre_deploy/controller/neutron-ml2-cisco-n1kv.yaml
puppet/extraconfig/pre_deploy/default.yaml
puppet/extraconfig/pre_deploy/per_node.yaml
puppet/extraconfig/tls/ca-inject.yaml
puppet/extraconfig/tls/freeipa-enroll.yaml
puppet/extraconfig/tls/tls-cert-inject.yaml
puppet/major_upgrade_steps.j2.yaml
puppet/objectstorage-role.yaml
puppet/post-upgrade.j2.yaml
puppet/post.j2.yaml
puppet/puppet-steps.j2
puppet/role.role.j2.yaml
puppet/services/README.rst
puppet/services/aodh-api.yaml
puppet/services/aodh-base.yaml
puppet/services/aodh-evaluator.yaml
puppet/services/aodh-listener.yaml
puppet/services/aodh-notifier.yaml
puppet/services/apache.yaml
puppet/services/auditd.yaml
puppet/services/barbican-api.yaml
puppet/services/ca-certs.yaml
puppet/services/ceilometer-agent-central.yaml
puppet/services/ceilometer-agent-compute.yaml
puppet/services/ceilometer-agent-ipmi.yaml
puppet/services/ceilometer-agent-notification.yaml
puppet/services/ceilometer-api.yaml
puppet/services/ceilometer-base.yaml
puppet/services/ceilometer-collector.yaml
puppet/services/ceilometer-expirer.yaml
puppet/services/ceph-base.yaml
puppet/services/ceph-client.yaml
puppet/services/ceph-external.yaml
puppet/services/ceph-mds.yaml
puppet/services/ceph-mon.yaml
puppet/services/ceph-osd.yaml
puppet/services/ceph-rgw.yaml
puppet/services/certmonger-user.yaml
puppet/services/cinder-api.yaml
puppet/services/cinder-backend-dellps.yaml
puppet/services/cinder-backend-dellsc.yaml
puppet/services/cinder-backend-netapp.yaml
puppet/services/cinder-backend-pure.yaml [new file with mode: 0644]
puppet/services/cinder-backend-scaleio.yaml
puppet/services/cinder-backup.yaml
puppet/services/cinder-base.yaml
puppet/services/cinder-hpelefthand-iscsi.yaml
puppet/services/cinder-scheduler.yaml
puppet/services/cinder-volume.yaml
puppet/services/congress.yaml
puppet/services/database/mongodb-base.yaml
puppet/services/database/mongodb.yaml
puppet/services/database/mysql-client.yaml
puppet/services/database/mysql.yaml
puppet/services/database/redis-base.yaml
puppet/services/database/redis.yaml
puppet/services/disabled/ceilometer-collector-disabled.yaml [new file with mode: 0644]
puppet/services/disabled/ceilometer-expirer-disabled.yaml [new file with mode: 0644]
puppet/services/disabled/glance-registry-disabled.yaml [moved from puppet/services/disabled/glance-registry.yaml with 75% similarity]
puppet/services/disabled/mongodb-disabled.yaml [new file with mode: 0644]
puppet/services/docker.yaml
puppet/services/ec2-api.yaml
puppet/services/etcd.yaml
puppet/services/external-swift-proxy.yaml
puppet/services/glance-api.yaml
puppet/services/gnocchi-api.yaml
puppet/services/gnocchi-base.yaml
puppet/services/gnocchi-metricd.yaml
puppet/services/gnocchi-statsd.yaml
puppet/services/haproxy-internal-tls-certmonger.yaml
puppet/services/haproxy-public-tls-certmonger.yaml
puppet/services/haproxy.yaml
puppet/services/heat-api-cfn.yaml
puppet/services/heat-api-cloudwatch.yaml
puppet/services/heat-api.yaml
puppet/services/heat-base.yaml
puppet/services/heat-engine.yaml
puppet/services/horizon.yaml
puppet/services/ironic-api.yaml
puppet/services/ironic-base.yaml
puppet/services/ironic-conductor.yaml
puppet/services/keepalived.yaml
puppet/services/kernel.yaml
puppet/services/keystone.yaml
puppet/services/logging/fluentd-base.yaml
puppet/services/logging/fluentd-client.yaml
puppet/services/logging/fluentd-config.yaml
puppet/services/manila-api.yaml
puppet/services/manila-backend-cephfs.yaml
puppet/services/manila-backend-generic.yaml
puppet/services/manila-backend-netapp.yaml
puppet/services/manila-base.yaml
puppet/services/manila-scheduler.yaml
puppet/services/manila-share.yaml
puppet/services/memcached.yaml
puppet/services/metrics/collectd.yaml
puppet/services/mistral-api.yaml
puppet/services/mistral-base.yaml
puppet/services/mistral-engine.yaml
puppet/services/mistral-executor.yaml
puppet/services/monitoring/sensu-base.yaml
puppet/services/monitoring/sensu-client.yaml
puppet/services/network/contrail-analytics-database.yaml
puppet/services/network/contrail-analytics.yaml
puppet/services/network/contrail-base.yaml
puppet/services/network/contrail-config.yaml
puppet/services/network/contrail-control.yaml
puppet/services/network/contrail-database.yaml
puppet/services/network/contrail-heat.yaml
puppet/services/network/contrail-neutron-plugin.yaml
puppet/services/network/contrail-provision.yaml
puppet/services/network/contrail-tsn.yaml
puppet/services/network/contrail-vrouter.yaml
puppet/services/network/contrail-webui.yaml
puppet/services/neutron-api.yaml
puppet/services/neutron-base.yaml
puppet/services/neutron-bgpvpn-api.yaml
puppet/services/neutron-bigswitch-agent.yaml
puppet/services/neutron-compute-plugin-midonet.yaml
puppet/services/neutron-compute-plugin-nuage.yaml
puppet/services/neutron-compute-plugin-ovn.yaml
puppet/services/neutron-compute-plugin-plumgrid.yaml
puppet/services/neutron-dhcp.yaml
puppet/services/neutron-l2gw-agent.yaml [new file with mode: 0644]
puppet/services/neutron-l2gw-api.yaml
puppet/services/neutron-l3-compute-dvr.yaml
puppet/services/neutron-l3.yaml
puppet/services/neutron-linuxbridge-agent.yaml [new file with mode: 0644]
puppet/services/neutron-metadata.yaml
puppet/services/neutron-midonet.yaml
puppet/services/neutron-ovs-agent.yaml
puppet/services/neutron-ovs-dpdk-agent.yaml
puppet/services/neutron-plugin-ml2-fujitsu-cfab.yaml
puppet/services/neutron-plugin-ml2-fujitsu-fossw.yaml
puppet/services/neutron-plugin-ml2-odl.yaml
puppet/services/neutron-plugin-ml2-ovn.yaml
puppet/services/neutron-plugin-ml2.yaml
puppet/services/neutron-plugin-nsx.yaml [new file with mode: 0644]
puppet/services/neutron-plugin-nuage.yaml
puppet/services/neutron-plugin-plumgrid.yaml
puppet/services/neutron-sriov-agent.yaml
puppet/services/neutron-vpp-agent.yaml [new file with mode: 0644]
puppet/services/nova-api.yaml
puppet/services/nova-base.yaml
puppet/services/nova-compute.yaml
puppet/services/nova-conductor.yaml
puppet/services/nova-consoleauth.yaml
puppet/services/nova-ironic.yaml
puppet/services/nova-libvirt.yaml
puppet/services/nova-metadata.yaml
puppet/services/nova-placement.yaml
puppet/services/nova-scheduler.yaml
puppet/services/nova-vnc-proxy.yaml
puppet/services/octavia-api.yaml
puppet/services/octavia-base.yaml
puppet/services/octavia-health-manager.yaml
puppet/services/octavia-housekeeping.yaml
puppet/services/octavia-worker.yaml
puppet/services/opendaylight-api.yaml
puppet/services/opendaylight-ovs.yaml
puppet/services/openvswitch-upgrade.yaml
puppet/services/ovn-dbs.yaml
puppet/services/pacemaker.yaml
puppet/services/pacemaker/ceph-rbdmirror.yaml
puppet/services/pacemaker/cinder-backup.yaml
puppet/services/pacemaker/cinder-volume.yaml
puppet/services/pacemaker/database/mysql.yaml
puppet/services/pacemaker/database/redis.yaml
puppet/services/pacemaker/haproxy.yaml
puppet/services/pacemaker/manila-share.yaml
puppet/services/pacemaker/rabbitmq.yaml
puppet/services/pacemaker_remote.yaml
puppet/services/panko-api.yaml
puppet/services/panko-base.yaml
puppet/services/qdr.yaml
puppet/services/rabbitmq.yaml
puppet/services/releasenotes/notes/mod_ssl-e7fd4db71189242e.yaml [new file with mode: 0644]
puppet/services/sahara-api.yaml
puppet/services/sahara-base.yaml
puppet/services/sahara-engine.yaml
puppet/services/securetty.yaml
puppet/services/services.yaml
puppet/services/snmp.yaml
puppet/services/sshd.yaml
puppet/services/swift-base.yaml
puppet/services/swift-proxy.yaml
puppet/services/swift-ringbuilder.yaml
puppet/services/swift-storage.yaml
puppet/services/tacker.yaml
puppet/services/time/ntp.yaml
puppet/services/time/timezone.yaml
puppet/services/tripleo-firewall.yaml
puppet/services/tripleo-packages.yaml
puppet/services/vpp.yaml
puppet/services/zaqar.yaml
puppet/upgrade_config.yaml
releasenotes/notes/Add-Internal-TLS-CA-File-parameter-c24ee13daaa11dfc.yaml [new file with mode: 0644]
releasenotes/notes/Disable-mongodb-by-default-cce37d3254a77d27.yaml [new file with mode: 0644]
releasenotes/notes/Enable-TLS-for-libvirt-0aab48cd8339da0f.yaml [new file with mode: 0644]
releasenotes/notes/add-all-hosts-to-hostsentry-20a8ee8a1a210ce2.yaml [new file with mode: 0644]
releasenotes/notes/add-cadf-environment-0ce0078348c5333f.yaml [new file with mode: 0644]
releasenotes/notes/add-l2gw-agent-1a2f14a6ceefe362.yaml [new file with mode: 0644]
releasenotes/notes/add-support-for-pure-cinder-1a595f1940d5a06f.yaml [new file with mode: 0644]
releasenotes/notes/change-db-sync-timeout-57abe3e48d741842.yaml [new file with mode: 0644]
releasenotes/notes/change-rabbitmq-ha-mode-policy-default-6c6cd7f02181f0e0.yaml [new file with mode: 0644]
releasenotes/notes/configurable-snmpd-options-3954c5858e2c7656.yaml [new file with mode: 0644]
releasenotes/notes/deprecate-ceilometer-expirer-83b193a07631d89d.yaml [new file with mode: 0644]
releasenotes/notes/deprecate-collector-a16e5d58ae00806d.yaml [new file with mode: 0644]
releasenotes/notes/deprecate-panko-b2bdce647d2b9a6d.yaml [new file with mode: 0644]
releasenotes/notes/disable-manila-cephfs-snapshots-by-default-d5320a05d9b501cf.yaml [new file with mode: 0644]
releasenotes/notes/disable_default_apache_vhost-f41d11fe07605f7f.yaml [new file with mode: 0644]
releasenotes/notes/enable-arp_accept-6296b0113bc56b10.yaml [new file with mode: 0644]
releasenotes/notes/expose-metric-processing-delay-0c098d7ec0af0728.yaml [new file with mode: 0644]
releasenotes/notes/glance-keystonev3-d35182ba9a3778eb.yaml [new file with mode: 0644]
releasenotes/notes/increase-nova-reserved-host-memory-80434e8484a29680.yaml [new file with mode: 0644]
releasenotes/notes/ironic-boot-option-3f3036aa5e82ec7e.yaml [new file with mode: 0644]
releasenotes/notes/ironic-hardware-types-fe5140549d3bb792.yaml [new file with mode: 0644]
releasenotes/notes/match-enable_dvr-with-NeutronEnableDVR-fe8aac6c4ce52bce.yaml [new file with mode: 0644]
releasenotes/notes/mistral-mod-wsgi-24d41a6f427237ff.yaml [new file with mode: 0644]
releasenotes/notes/nsx-support-1254839718d8df8c.yaml [new file with mode: 0644]
releasenotes/notes/octavia-1687026-c01313aab53f55a4.yaml [new file with mode: 0644]
releasenotes/notes/pluggable-server-type-per-role-314f38f8e5d4c84e.yaml [new file with mode: 0644]
releasenotes/notes/redfish-9203af1f7bf02bc5.yaml [new file with mode: 0644]
releasenotes/notes/server-blacklist-support-370c1a1f15a28a41.yaml [new file with mode: 0644]
releasenotes/notes/service-role-name-0b8609d314564885.yaml [new file with mode: 0644]
releasenotes/notes/snmp_listen-2364188f73d43b14.yaml [new file with mode: 0644]
releasenotes/notes/sshd-service-extensions-0c4d0879942a2052.yaml [new file with mode: 0644]
releasenotes/notes/stack-name-input-73f4d4d052f1377e.yaml [new file with mode: 0644]
releasenotes/notes/swap-prepuppet-and-postpuppet-to-preconfig-and-postconfig-debd5f28bc578d51.yaml [new file with mode: 0644]
releasenotes/notes/unset-ceph-default-min-size-0297620ed99dab5b.yaml [new file with mode: 0644]
releasenotes/notes/update-metric-delay-default-963d073026e2cc15.yaml [new file with mode: 0644]
releasenotes/notes/upgrade-stack-action-94598796a9d3511f.yaml [new file with mode: 0644]
releasenotes/notes/vhost_default_dir-cac327a0ac05df90.yaml [new file with mode: 0644]
releasenotes/notes/vpp-ml2-8e115f7763510531.yaml [new file with mode: 0644]
releasenotes/notes/zaqar-httpd-e7d91bf396da28d0.yaml [new file with mode: 0644]
releasenotes/source/conf.py
requirements.txt
roles_data.yaml
roles_data_undercloud.yaml
test-requirements.txt
tools/process-templates.py
tools/yaml-nic-config-2-script.py
tools/yaml-validate.py
tox.ini
validation-scripts/all-nodes.sh

index 4eed715..6a753c0 100644 (file)
@@ -78,6 +78,8 @@ and should be executed according to the following table:
 +----------------+-------------+-------------+-------------+-------------+-----------------+
 | neutron-bgpvpn |             |             |             |      X      |                 |
 +----------------+-------------+-------------+-------------+-------------+-----------------+
+| neutron-l2gw   |             |             |             |      X      |                 |
++----------------+-------------+-------------+-------------+-------------+-----------------+
 | rabbitmq       |      X      |      X      |      X      |      X      |        X        |
 +----------------+-------------+-------------+-------------+-------------+-----------------+
 | mongodb        |      X      |      X      |             |             |                 |
index eea3e40..52cd6ac 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Software Config to drive validations that occur on all nodes.
@@ -14,6 +14,10 @@ parameters:
     default: false
     description: Optional validation to ensure FQDN as set by Nova matches the name set in /etc/hosts.
     type: boolean
+  ValidateNtp:
+    default: true
+    description: Validation to ensure at least one time source is accessible.
+    type: boolean
 
 resources:
   AllNodesValidationsImpl:
@@ -25,6 +29,8 @@ resources:
           default: {get_param: PingTestIps}
         - name: validate_fqdn
           default: {get_param: ValidateFqdn}
+        - name: validate_ntp
+          default: {get_param: ValidateNtp}
       config: {get_file: ./validation-scripts/all-nodes.sh}
 
 outputs:
index a3fdee9..8e8a2a7 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: 'Bootstrap Config'
 
 parameters:
index 0af0e82..1fe7790 100644 (file)
@@ -2,12 +2,6 @@
 # repository for deployment using puppet. It groups configuration by topic,
 # describes possible combinations of environments and resource capabilities.
 
-# root_template: identifies repository's root template
-# root_environment: identifies root_environment, this one is special in terms of
-#   order in which the environments are merged before deploying. This one serves as
-#   a base and it's parameters/resource_registry gets overridden by other environments
-#   if used.
-
 # topics:
 # High Level grouping by purpose of environments
 # Attributes:
@@ -38,8 +32,6 @@
 # only when that given environment is used. (resource_type of that environment can
 # be implemented using multiple templates).
 
-root_template: overcloud.yaml
-root_environment: overcloud-resource-registry-puppet.yaml
 topics:
   - title: Base Resources Configuration
     description:
@@ -370,9 +362,14 @@ topics:
             description: Enable FOS in the overcloud
             requires:
               - overcloud-resource-registry-puppet.yaml
+          - file: environments/neutron-nsx.yaml
+            title: Deploy NSX Services
+            description:
+            requires:
+              - overcloud-resource-registry-puppet.yaml
           - file: environments/neutron-l2gw.yaml
             title: Neutron L2 gateway Service Plugin
-            description: Enables Neutron L2 gateway Service Plugin
+            description: Enables Neutron L2 gateway Service Plugin and Agent
             requires:
               - overcloud-resource-registry-puppet.yaml
 
@@ -407,6 +404,11 @@ topics:
         description: >
           Enable various Cinder backends
         environments:
+          - file: environments/cinder-pure-config.yaml
+            title: Cinder Pure Storage FlashArray backend
+            description:
+            requires:
+              - overcloud-resource-registry-puppet.yaml
           - file: environments/cinder-netapp-config.yaml
             title: Cinder NetApp backend
             description:
index 8c50b64..6f4542b 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Software Config to drive os-net-config for a simple bridge configured
index dc31235..f7e250e 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Software Config to drive os-net-config for a simple bridge configured
index 56013ad..ef51a77 100644 (file)
@@ -56,6 +56,7 @@
     - OS::TripleO::Services::NovaCompute
     - OS::TripleO::Services::NovaLibvirt
     - OS::TripleO::Services::MySQLClient
+    - OS::TripleO::Services::Sshd
 
 - name: Controller
   CountDefault: 1
@@ -77,3 +78,4 @@
     - OS::TripleO::Services::Timezone
     - OS::TripleO::Services::TripleoPackages
     - OS::TripleO::Services::TripleoFirewall
+    - OS::TripleO::Services::Sshd
index 44a0ce7..8997041 100644 (file)
@@ -7,6 +7,13 @@ resource_registry:
   OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml
   OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml
 
+  # NOTE: This is needed because of upgrades from Ocata to Pike. We
+  # deploy the initial environment with Ocata templates, and
+  # overcloud-resource-registry.yaml there doesn't have this Docker
+  # mapping at all. After we stop CI'ing Ocata->Pike upgrade, we can
+  # remove this.
+  OS::TripleO::Services::Docker: OS::Heat::None
+
 parameter_defaults:
   ControllerServices:
     - OS::TripleO::Services::CephMon
@@ -46,8 +53,10 @@ parameter_defaults:
     - OS::TripleO::Services::SwiftRingBuilder
     - OS::TripleO::Services::Snmp
     - OS::TripleO::Services::Timezone
+    - OS::TripleO::Services::TripleoPackages
     - OS::TripleO::Services::NovaCompute
     - OS::TripleO::Services::NovaLibvirt
+    - OS::TripleO::Services::Sshd
   ControllerExtraConfig:
     nova::compute::libvirt::services::libvirt_virt_type: qemu
     nova::compute::libvirt::libvirt_virt_type: qemu
diff --git a/ci/environments/multinode-containers.yaml b/ci/environments/multinode-containers.yaml
new file mode 100644 (file)
index 0000000..8997041
--- /dev/null
@@ -0,0 +1,70 @@
+# NOTE: This is an environment specific for containers upgrade
+# CI. Mainly we deploy non-pacemakerized overcloud, as at the time
+# being containerization of services managed by pacemaker is not
+# complete, so we deploy and upgrade the non-HA services for now.
+
+resource_registry:
+  OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml
+  OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml
+
+  # NOTE: This is needed because of upgrades from Ocata to Pike. We
+  # deploy the initial environment with Ocata templates, and
+  # overcloud-resource-registry.yaml there doesn't have this Docker
+  # mapping at all. After we stop CI'ing Ocata->Pike upgrade, we can
+  # remove this.
+  OS::TripleO::Services::Docker: OS::Heat::None
+
+parameter_defaults:
+  ControllerServices:
+    - OS::TripleO::Services::CephMon
+    - OS::TripleO::Services::CephOSD
+    - OS::TripleO::Services::CinderApi
+    - OS::TripleO::Services::CinderScheduler
+    - OS::TripleO::Services::CinderVolume
+    - OS::TripleO::Services::Docker
+    - OS::TripleO::Services::Kernel
+    - OS::TripleO::Services::Keystone
+    - OS::TripleO::Services::GlanceApi
+    - OS::TripleO::Services::HeatApi
+    - OS::TripleO::Services::HeatApiCfn
+    - OS::TripleO::Services::HeatApiCloudwatch
+    - OS::TripleO::Services::HeatEngine
+    - OS::TripleO::Services::MySQL
+    - OS::TripleO::Services::MySQLClient
+    - OS::TripleO::Services::NeutronDhcpAgent
+    - OS::TripleO::Services::NeutronL3Agent
+    - OS::TripleO::Services::NeutronMetadataAgent
+    - OS::TripleO::Services::NeutronServer
+    - OS::TripleO::Services::NeutronCorePlugin
+    - OS::TripleO::Services::NeutronOvsAgent
+    - OS::TripleO::Services::RabbitMQ
+    - OS::TripleO::Services::HAproxy
+    - OS::TripleO::Services::Keepalived
+    - OS::TripleO::Services::Memcached
+    - OS::TripleO::Services::Pacemaker
+    - OS::TripleO::Services::NovaConductor
+    - OS::TripleO::Services::NovaApi
+    - OS::TripleO::Services::NovaPlacement
+    - OS::TripleO::Services::NovaMetadata
+    - OS::TripleO::Services::NovaScheduler
+    - OS::TripleO::Services::Ntp
+    - OS::TripleO::Services::SwiftProxy
+    - OS::TripleO::Services::SwiftStorage
+    - OS::TripleO::Services::SwiftRingBuilder
+    - OS::TripleO::Services::Snmp
+    - OS::TripleO::Services::Timezone
+    - OS::TripleO::Services::TripleoPackages
+    - OS::TripleO::Services::NovaCompute
+    - OS::TripleO::Services::NovaLibvirt
+    - OS::TripleO::Services::Sshd
+  ControllerExtraConfig:
+    nova::compute::libvirt::services::libvirt_virt_type: qemu
+    nova::compute::libvirt::libvirt_virt_type: qemu
+    # Required for Centos 7.3 and Qemu 2.6.0
+    nova::compute::libvirt::libvirt_cpu_mode: 'none'
+    #NOTE(gfidente): not great but we need this to deploy on ext4
+    #http://docs.ceph.com/docs/jewel/rados/configuration/filesystem-recommendations/
+    ceph::profile::params::osd_max_object_name_len: 256
+    ceph::profile::params::osd_max_object_namespace_len: 64
+  SwiftCeilometerPipelineEnabled: False
+  Debug: True
index 0c07a1b..b5316f1 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Core Service
index d0d6ba9..20e37e3 100644 (file)
@@ -7,8 +7,8 @@ resource_registry:
   OS::TripleO::Services::MySQL: ../../puppet/services/pacemaker/database/mysql.yaml
   OS::TripleO::Services::CinderVolume: ../../puppet/services/pacemaker/cinder-volume.yaml
   OS::TripleO::Services::Keepalived: OS::Heat::None
-  OS::TripleO::Tasks::ControllerPrePuppet: ../../extraconfig/tasks/pre_puppet_pacemaker.yaml
-  OS::TripleO::Tasks::ControllerPostPuppet: ../../extraconfig/tasks/post_puppet_pacemaker.yaml
+  OS::TripleO::Tasks::ControllerPreConfig: ../../extraconfig/tasks/pre_puppet_pacemaker.yaml
+  OS::TripleO::Tasks::ControllerPostConfig: ../../extraconfig/tasks/post_puppet_pacemaker.yaml
   OS::TripleO::Tasks::ControllerPostPuppetRestart: ../../extraconfig/tasks/post_puppet_pacemaker_restart.yaml
 
 parameter_defaults:
@@ -52,6 +52,7 @@ parameter_defaults:
     - OS::TripleO::Services::Timezone
     - OS::TripleO::Services::NovaCompute
     - OS::TripleO::Services::NovaLibvirt
+    - OS::TripleO::Services::Sshd
   ControllerExtraConfig:
     nova::compute::libvirt::services::libvirt_virt_type: qemu
     nova::compute::libvirt::libvirt_virt_type: qemu
index c97080f..609e06f 100644 (file)
@@ -7,8 +7,8 @@ resource_registry:
   OS::TripleO::Services::MySQL: ../../puppet/services/pacemaker/database/mysql.yaml
   OS::TripleO::Services::CinderVolume: ../../puppet/services/pacemaker/cinder-volume.yaml
   OS::TripleO::Services::Keepalived: OS::Heat::None
-  OS::TripleO::Tasks::ControllerPrePuppet: ../../extraconfig/tasks/pre_puppet_pacemaker.yaml
-  OS::TripleO::Tasks::ControllerPostPuppet: ../../extraconfig/tasks/post_puppet_pacemaker.yaml
+  OS::TripleO::Tasks::ControllerPreConfig: ../../extraconfig/tasks/pre_puppet_pacemaker.yaml
+  OS::TripleO::Tasks::ControllerPostConfig: ../../extraconfig/tasks/post_puppet_pacemaker.yaml
   OS::TripleO::Tasks::ControllerPostPuppetRestart: ../../extraconfig/tasks/post_puppet_pacemaker_restart.yaml
 
 parameter_defaults:
@@ -56,6 +56,7 @@ parameter_defaults:
     - OS::TripleO::Services::NovaLibvirt
     - OS::TripleO::Services::Pacemaker
     - OS::TripleO::Services::Horizon
+    - OS::TripleO::Services::Sshd
   ControllerExtraConfig:
     nova::compute::libvirt::services::libvirt_virt_type: qemu
     nova::compute::libvirt::libvirt_virt_type: qemu
index 0282c38..ad4fa10 100644 (file)
@@ -4,6 +4,7 @@ resource_registry:
   OS::TripleO::Services::CephMon: ../../puppet/services/ceph-mon.yaml
   OS::TripleO::Services::CephOSD: ../../puppet/services/ceph-osd.yaml
   OS::TripleO::Services::CephClient: ../../puppet/services/ceph-client.yaml
+  OS::TripleO::Services::PankoApi: ../../puppet/services/panko-api.yaml
   OS::TripleO::Services::Collectd: ../../puppet/services/metrics/collectd.yaml
   OS::TripleO::Services::Tacker: ../../puppet/services/tacker.yaml
   OS::TripleO::Services::Congress: ../../puppet/services/congress.yaml
@@ -15,11 +16,11 @@ resource_registry:
   OS::TripleO::Services::CinderBackup: ../../puppet/services/pacemaker/cinder-backup.yaml
   OS::TripleO::Services::CinderVolume: ../../puppet/services/pacemaker/cinder-volume.yaml
   OS::TripleO::Services::Keepalived: OS::Heat::None
-  OS::TripleO::Tasks::ControllerPrePuppet: ../../extraconfig/tasks/pre_puppet_pacemaker.yaml
-  OS::TripleO::Tasks::ControllerPostPuppet: ../../extraconfig/tasks/post_puppet_pacemaker.yaml
+  OS::TripleO::Tasks::ControllerPreConfig: ../../extraconfig/tasks/pre_puppet_pacemaker.yaml
+  OS::TripleO::Tasks::ControllerPostConfig: ../../extraconfig/tasks/post_puppet_pacemaker.yaml
   OS::TripleO::Tasks::ControllerPostPuppetRestart: ../../extraconfig/tasks/post_puppet_pacemaker_restart.yaml
-  OS::TripleO::Services::FluentdClient: /usr/share/openstack-tripleo-heat-templates/puppet/services/logging/fluentd-client.yaml
-  OS::TripleO::Services::SensuClient: /usr/share/openstack-tripleo-heat-templates/puppet/services/monitoring/sensu-client.yaml
+  OS::TripleO::Services::FluentdClient: ../../puppet/services/logging/fluentd-client.yaml
+  OS::TripleO::Services::SensuClient: ../../puppet/services/monitoring/sensu-client.yaml
 
 parameter_defaults:
   ControllerServices:
@@ -62,9 +63,6 @@ parameter_defaults:
     - OS::TripleO::Services::AodhEvaluator
     - OS::TripleO::Services::AodhNotifier
     - OS::TripleO::Services::AodhListener
-    - OS::TripleO::Services::CeilometerApi
-    - OS::TripleO::Services::CeilometerCollector
-    - OS::TripleO::Services::CeilometerExpirer
     - OS::TripleO::Services::CeilometerAgentCentral
     - OS::TripleO::Services::CeilometerAgentIpmi
     - OS::TripleO::Services::CeilometerAgentNotification
@@ -103,6 +101,7 @@ parameter_defaults:
   CephMonKey: 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ=='
   CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ=='
   CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw=='
+  CephPoolDefaultSize: 1
   NovaEnableRbdBackend: true
   CinderEnableRbdBackend: true
   CinderBackupBackend: ceph
index 38d24ee..ed0f7e2 100644 (file)
@@ -8,11 +8,12 @@ resource_registry:
   OS::TripleO::Services::HAproxy: ../../puppet/services/pacemaker/haproxy.yaml
   OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
   OS::TripleO::Services::MySQL: ../../puppet/services/pacemaker/database/mysql.yaml
+  OS::TripleO::Services::MongoDb: ../../puppet/services/database/mongodb.yaml
   OS::TripleO::Services::CinderBackup: ../../puppet/services/pacemaker/cinder-backup.yaml
   OS::TripleO::Services::CinderVolume: ../../puppet/services/pacemaker/cinder-volume.yaml
   OS::TripleO::Services::Keepalived: OS::Heat::None
-  OS::TripleO::Tasks::ControllerPrePuppet: ../../extraconfig/tasks/pre_puppet_pacemaker.yaml
-  OS::TripleO::Tasks::ControllerPostPuppet: ../../extraconfig/tasks/post_puppet_pacemaker.yaml
+  OS::TripleO::Tasks::ControllerPreConfig: ../../extraconfig/tasks/pre_puppet_pacemaker.yaml
+  OS::TripleO::Tasks::ControllerPostConfig: ../../extraconfig/tasks/post_puppet_pacemaker.yaml
   OS::TripleO::Tasks::ControllerPostPuppetRestart: ../../extraconfig/tasks/post_puppet_pacemaker_restart.yaml
 
 parameter_defaults:
@@ -61,6 +62,7 @@ parameter_defaults:
     - OS::TripleO::Services::Ec2Api
     - OS::TripleO::Services::TripleoPackages
     - OS::TripleO::Services::TripleoFirewall
+    - OS::TripleO::Services::Sshd
   ControllerExtraConfig:
     nova::compute::libvirt::services::libvirt_virt_type: qemu
     nova::compute::libvirt::libvirt_virt_type: qemu
index 5472b49..d1c8bc1 100644 (file)
@@ -11,8 +11,8 @@ resource_registry:
   OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
   OS::TripleO::Services::MySQL: ../../puppet/services/pacemaker/database/mysql.yaml
   OS::TripleO::Services::Keepalived: OS::Heat::None
-  OS::TripleO::Tasks::ControllerPrePuppet: ../../extraconfig/tasks/pre_puppet_pacemaker.yaml
-  OS::TripleO::Tasks::ControllerPostPuppet: ../../extraconfig/tasks/post_puppet_pacemaker.yaml
+  OS::TripleO::Tasks::ControllerPreConfig: ../../extraconfig/tasks/pre_puppet_pacemaker.yaml
+  OS::TripleO::Tasks::ControllerPostConfig: ../../extraconfig/tasks/post_puppet_pacemaker.yaml
   OS::TripleO::Tasks::ControllerPostPuppetRestart: ../../extraconfig/tasks/post_puppet_pacemaker_restart.yaml
 
 parameter_defaults:
@@ -55,6 +55,7 @@ parameter_defaults:
     - OS::TripleO::Services::MistralExecutor
     - OS::TripleO::Services::TripleoPackages
     - OS::TripleO::Services::TripleoFirewall
+    - OS::TripleO::Services::Sshd
   ControllerExtraConfig:
     nova::compute::libvirt::services::libvirt_virt_type: qemu
     nova::compute::libvirt::libvirt_virt_type: qemu
index 25fad4b..e473d0b 100644 (file)
@@ -13,9 +13,11 @@ resource_registry:
   OS::TripleO::Services::ManilaShare: ../../puppet/services/pacemaker/manila-share.yaml
   OS::TripleO::Services::ManilaBackendCephFs: ../../puppet/services/manila-backend-cephfs.yaml
   OS::TripleO::Services::NeutronBgpVpnApi: ../../puppet/services/neutron-bgpvpn-api.yaml
+  OS::TripleO::Services::NeutronL2gwApi: ../../puppet/services/neutron-l2gw-api.yaml
+  OS::TripleO::Services::NeutronL2gwAgent: ../../puppet/services/neutron-l2gw-agent.yaml
   # These enable Pacemaker
-  OS::TripleO::Tasks::ControllerPrePuppet: ../../extraconfig/tasks/pre_puppet_pacemaker.yaml
-  OS::TripleO::Tasks::ControllerPostPuppet: ../../extraconfig/tasks/post_puppet_pacemaker.yaml
+  OS::TripleO::Tasks::ControllerPreConfig: ../../extraconfig/tasks/pre_puppet_pacemaker.yaml
+  OS::TripleO::Tasks::ControllerPostConfig: ../../extraconfig/tasks/post_puppet_pacemaker.yaml
   OS::TripleO::Tasks::ControllerPostPuppetRestart: ../../extraconfig/tasks/post_puppet_pacemaker_restart.yaml
   OS::TripleO::Services::RabbitMQ: ../../puppet/services/pacemaker/rabbitmq.yaml
   OS::TripleO::Services::HAproxy: ../../puppet/services/pacemaker/haproxy.yaml
@@ -44,6 +46,8 @@ parameter_defaults:
     - OS::TripleO::Services::NeutronBgpVpnApi
     - OS::TripleO::Services::NeutronDhcpAgent
     - OS::TripleO::Services::NeutronL3Agent
+    - OS::TripleO::Services::NeutronL2gwApi
+    - OS::TripleO::Services::NeutronL2gwAgent
     - OS::TripleO::Services::NeutronMetadataAgent
     - OS::TripleO::Services::NeutronServer
     - OS::TripleO::Services::NeutronCorePlugin
@@ -69,6 +73,7 @@ parameter_defaults:
     - OS::TripleO::Services::NovaLibvirt
     - OS::TripleO::Services::TripleoPackages
     - OS::TripleO::Services::TripleoFirewall
+    - OS::TripleO::Services::Sshd
   ControllerExtraConfig:
     nova::compute::libvirt::services::libvirt_virt_type: qemu
     nova::compute::libvirt::libvirt_virt_type: qemu
@@ -85,6 +90,8 @@ parameter_defaults:
   CephMonKey: 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ=='
   CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ=='
   CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw=='
+  CephPoolDefaultSize: 1
   SwiftCeilometerPipelineEnabled: false
-  NeutronServicePlugins: 'router, networking_bgpvpn.neutron.services.plugin.BGPVPNPlugin'
+  NeutronServicePlugins: 'router, networking_bgpvpn.neutron.services.plugin.BGPVPNPlugin, networking_l2gw.services.l2gateway.plugin.L2GatewayPlugin'
   BgpvpnServiceProvider: 'BGPVPN:Dummy:networking_bgpvpn.neutron.services.service_drivers.driver_api.BGPVPNDriver:default'
+  L2gwServiceProvider: ['L2GW:l2gw:networking_l2gw.services.l2gateway.service_drivers.L2gwDriver:default']
index 2651c0d..141a389 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   HOT template to created resources deployed by scenario001.
@@ -128,21 +128,19 @@ resources:
       ram: 512
       vcpus: 1
 
-# Disabling this resource now
-# https://bugs.launchpad.net/tripleo/+bug/1646506
-#  gnocchi_res_alarm:
-#    type: OS::Aodh::GnocchiResourcesAlarm
-#    properties:
-#      description: Do stuff with gnocchi
-#      metric: cpu_util
-#      aggregation_method: mean
-#      granularity: 60
-#      evaluation_periods: 1
-#      threshold: 50
-#      alarm_actions: []
-#      resource_type: instance
-#      resource_id: { get_resource: server1 }
-#      comparison_operator: gt
+  gnocchi_res_alarm:
+    type: OS::Aodh::GnocchiResourcesAlarm
+    properties:
+      description: Do stuff with gnocchi
+      metric: cpu_util
+      aggregation_method: mean
+      granularity: 60
+      evaluation_periods: 1
+      threshold: 50
+      alarm_actions: []
+      resource_type: instance
+      resource_id: { get_resource: server1 }
+      comparison_operator: gt
 
   asg:
     type: OS::Heat::AutoScalingGroup
index da1ae60..72aac4c 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   HOT template to created resources deployed by scenario002.
index c3ceada..7685cfa 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   HOT template to created resources deployed by scenario003.
index ebdfea1..8ba60e2 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   HOT template to created resources deployed by scenario004.
@@ -123,10 +123,13 @@ resources:
     properties:
       name: default
       driver_handles_share_servers: false
+      snapshot_support: false
 
   manila_share:
     type: OS::Manila::Share
     properties:
+      name: pingtest
+      share_type: { get_resource: manila_share_type }
       share_protocol: CEPHFS
       size: 1
 
index b910d6c..28b0911 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   This template resides in tripleo-ci for Mitaka CI jobs only.
index c85881e..04828d9 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: Passwords we manage at the top level
 
index 7b5cdf1..8cd22ca 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 parameters:
   network:
index bddf8bc..861ee91 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: "
   A fake OS::Neutron::Port stack which outputs fixed_ips and subnets based on
index c1740d7..5b26823 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: 'Deployed Server Bootstrap Config'
 
index 2d2f515..a901851 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: 'Deployed Server Bootstrap Config'
 
index afdb5d0..0847bfb 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 parameters:
   image:
     type: string
index 28f038c..d79121b 100755 (executable)
@@ -12,6 +12,7 @@ CEPHSTORAGE_HOSTS=${CEPHSTORAGE_HOSTS:-""}
 SUBNODES_SSH_KEY=${SUBNODES_SSH_KEY:-"~/.ssh/id_rsa"}
 SSH_OPTIONS="-tt -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=Verbose -o PasswordAuthentication=no -o ConnectionAttempts=32"
 OVERCLOUD_ROLES=${OVERCLOUD_ROLES:-"Controller Compute BlockStorage ObjectStorage CephStorage"}
+STACK_NAME=${STACK_NAME:-"overcloud"}
 
 # Set the _hosts vars for the default roles based on the old var names that
 # were all caps for backwards compatibility.
@@ -53,14 +54,14 @@ function check_stack {
 
 
 for role in $OVERCLOUD_ROLES; do
-    while ! check_stack overcloud; do
+    while ! check_stack $STACK_NAME; do
         sleep $SLEEP_TIME
     done
 
-    rg_stack=$(openstack stack resource show overcloud $role -c physical_resource_id -f value)
+    rg_stack=$(openstack stack resource show $STACK_NAME $role -c physical_resource_id -f value)
     while ! check_stack $rg_stack; do
         sleep $SLEEP_TIME
-        rg_stack=$(openstack stack resource show overcloud $role -c physical_resource_id -f value)
+        rg_stack=$(openstack stack resource show $STACK_NAME $role -c physical_resource_id -f value)
     done
 
     stacks=$(openstack stack resource list $rg_stack -c resource_name -c physical_resource_id -f json | jq -r "sort_by(.resource_name) | .[] | .physical_resource_id")
diff --git a/docker/create-config-dir.sh b/docker/create-config-dir.sh
deleted file mode 100644 (file)
index 1be1a56..0000000
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/bash
-# This is where we stack puppet configuration (for now)...
-mkdir -p /var/lib/config-data
-
-# This is the docker-puppet configs end in
-mkdir -p /var/lib/docker-puppet
index 909a2c8..49dd00c 100755 (executable)
 # inside of a container.
 
 import json
+import logging
 import os
 import subprocess
 import sys
 import tempfile
 import multiprocessing
 
+log = logging.getLogger()
+log.setLevel(logging.DEBUG)
+ch = logging.StreamHandler(sys.stdout)
+ch.setLevel(logging.DEBUG)
+formatter = logging.Formatter('%(asctime)s %(levelname)s: %(message)s')
+ch.setFormatter(formatter)
+log.addHandler(ch)
 
 # this is to match what we do in deployed-server
 def short_hostname():
@@ -36,42 +44,47 @@ def short_hostname():
 
 
 def pull_image(name):
-    print('Pulling image: %s' % name)
+    log.info('Pulling image: %s' % name)
     subproc = subprocess.Popen(['/usr/bin/docker', 'pull', name],
                                stdout=subprocess.PIPE,
                                stderr=subprocess.PIPE)
     cmd_stdout, cmd_stderr = subproc.communicate()
-    print(cmd_stdout)
-    print(cmd_stderr)
+    if cmd_stdout:
+        log.debug(cmd_stdout)
+    if cmd_stderr:
+        log.debug(cmd_stderr)
 
 
 def rm_container(name):
     if os.environ.get('SHOW_DIFF', None):
-        print('Diffing container: %s' % name)
+        log.info('Diffing container: %s' % name)
         subproc = subprocess.Popen(['/usr/bin/docker', 'diff', name],
                                    stdout=subprocess.PIPE,
                                    stderr=subprocess.PIPE)
         cmd_stdout, cmd_stderr = subproc.communicate()
-        print(cmd_stdout)
-        print(cmd_stderr)
+        if cmd_stdout:
+            log.debug(cmd_stdout)
+        if cmd_stderr:
+            log.debug(cmd_stderr)
 
-    print('Removing container: %s' % name)
+    log.info('Removing container: %s' % name)
     subproc = subprocess.Popen(['/usr/bin/docker', 'rm', name],
                                stdout=subprocess.PIPE,
                                stderr=subprocess.PIPE)
     cmd_stdout, cmd_stderr = subproc.communicate()
-    print(cmd_stdout)
+    if cmd_stdout:
+        log.debug(cmd_stdout)
     if cmd_stderr and \
-            cmd_stderr != 'Error response from daemon: ' \
-            'No such container: {}\n'.format(name):
-        print(cmd_stderr)
+           cmd_stderr != 'Error response from daemon: ' \
+           'No such container: {}\n'.format(name):
+        log.debug(cmd_stderr)
 
 process_count = int(os.environ.get('PROCESS_COUNT',
                                    multiprocessing.cpu_count()))
 
+log.info('Running docker-puppet')
 config_file = os.environ.get('CONFIG', '/var/lib/docker-puppet/docker-puppet.json')
-print('docker-puppet')
-print('CONFIG: %s' % config_file)
+log.debug('CONFIG: %s' % config_file)
 with open(config_file) as f:
     json_data = json.load(f)
 
@@ -108,16 +121,15 @@ for service in (json_data or []):
     if not manifest or not config_image:
         continue
 
-    print('---------')
-    print('config_volume %s' % config_volume)
-    print('puppet_tags %s' % puppet_tags)
-    print('manifest %s' % manifest)
-    print('config_image %s' % config_image)
-    print('volumes %s' % volumes)
+    log.debug('config_volume %s' % config_volume)
+    log.debug('puppet_tags %s' % puppet_tags)
+    log.debug('manifest %s' % manifest)
+    log.debug('config_image %s' % config_image)
+    log.debug('volumes %s' % volumes)
     # We key off of config volume for all configs.
     if config_volume in configs:
         # Append puppet tags and manifest.
-        print("Existing service, appending puppet tags and manifest\n")
+        log.info("Existing service, appending puppet tags and manifest")
         if puppet_tags:
             configs[config_volume][1] = '%s,%s' % (configs[config_volume][1],
                                                    puppet_tags)
@@ -125,24 +137,22 @@ for service in (json_data or []):
             configs[config_volume][2] = '%s\n%s' % (configs[config_volume][2],
                                                     manifest)
         if configs[config_volume][3] != config_image:
-            print("WARNING: Config containers do not match even though"
-                  " shared volumes are the same!\n")
+            log.warn("Config containers do not match even though"
+                     " shared volumes are the same!")
     else:
-        print("Adding new service\n")
+        log.info("Adding new service")
         configs[config_volume] = service
 
-print('Service compilation completed.\n')
+log.info('Service compilation completed.')
 
 def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volumes)):
 
-    print('---------')
-    print('config_volume %s' % config_volume)
-    print('puppet_tags %s' % puppet_tags)
-    print('manifest %s' % manifest)
-    print('config_image %s' % config_image)
-    print('volumes %s' % volumes)
-    hostname = short_hostname()
-    sh_script = '/var/lib/docker-puppet/docker-puppet-%s.sh' % config_volume
+    log.debug('config_volume %s' % config_volume)
+    log.debug('puppet_tags %s' % puppet_tags)
+    log.debug('manifest %s' % manifest)
+    log.debug('config_image %s' % config_image)
+    log.debug('volumes %s' % volumes)
+    sh_script = '/var/lib/docker-puppet/docker-puppet.sh'
 
     with open(sh_script, 'w') as script_file:
         os.chmod(script_file.name, 0755)
@@ -151,43 +161,40 @@ def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volume
         mkdir -p /etc/puppet
         cp -a /tmp/puppet-etc/* /etc/puppet
         rm -Rf /etc/puppet/ssl # not in use and causes permission errors
-        echo '{"step": %(step)s}' > /etc/puppet/hieradata/docker.json
+        echo "{\\"step\\": $STEP}" > /etc/puppet/hieradata/docker.json
         TAGS=""
-        if [ -n "%(puppet_tags)s" ]; then
-            TAGS='--tags "%(puppet_tags)s"'
+        if [ -n "$PUPPET_TAGS" ]; then
+            TAGS="--tags \"$PUPPET_TAGS\""
         fi
-        FACTER_hostname=%(hostname)s FACTER_uuid=docker /usr/bin/puppet apply --verbose $TAGS /etc/config.pp
+        FACTER_hostname=$HOSTNAME FACTER_uuid=docker /usr/bin/puppet apply --verbose $TAGS /etc/config.pp
 
         # Disables archiving
-        if [ -z "%(no_archive)s" ]; then
-            rm -Rf /var/lib/config-data/%(name)s
+        if [ -z "$NO_ARCHIVE" ]; then
+            rm -Rf /var/lib/config-data/${NAME}
 
             # copying etc should be enough for most services
-            mkdir -p /var/lib/config-data/%(name)s/etc
-            cp -a /etc/* /var/lib/config-data/%(name)s/etc/
+            mkdir -p /var/lib/config-data/${NAME}/etc
+            cp -a /etc/* /var/lib/config-data/${NAME}/etc/
 
             if [ -d /root/ ]; then
-              cp -a /root/ /var/lib/config-data/%(name)s/root/
+              cp -a /root/ /var/lib/config-data/${NAME}/root/
             fi
             if [ -d /var/lib/ironic/tftpboot/ ]; then
-              mkdir -p /var/lib/config-data/%(name)s/var/lib/ironic/
-              cp -a /var/lib/ironic/tftpboot/ /var/lib/config-data/%(name)s/var/lib/ironic/tftpboot/
+              mkdir -p /var/lib/config-data/${NAME}/var/lib/ironic/
+              cp -a /var/lib/ironic/tftpboot/ /var/lib/config-data/${NAME}/var/lib/ironic/tftpboot/
             fi
             if [ -d /var/lib/ironic/httpboot/ ]; then
-              mkdir -p /var/lib/config-data/%(name)s/var/lib/ironic/
-              cp -a /var/lib/ironic/httpboot/ /var/lib/config-data/%(name)s/var/lib/ironic/httpboot/
+              mkdir -p /var/lib/config-data/${NAME}/var/lib/ironic/
+              cp -a /var/lib/ironic/httpboot/ /var/lib/config-data/${NAME}/var/lib/ironic/httpboot/
             fi
 
             # apache services may files placed in /var/www/
             if [ -d /var/www/ ]; then
-             mkdir -p /var/lib/config-data/%(name)s/var/www
-             cp -a /var/www/* /var/lib/config-data/%(name)s/var/www/
+             mkdir -p /var/lib/config-data/${NAME}/var/www
+             cp -a /var/www/* /var/lib/config-data/${NAME}/var/www/
             fi
         fi
-        """ % {'puppet_tags': puppet_tags, 'name': config_volume,
-               'hostname': hostname,
-               'no_archive': os.environ.get('NO_ARCHIVE', ''),
-               'step': os.environ.get('STEP', '6')})
+        """)
 
     with tempfile.NamedTemporaryFile() as tmp_man:
         with open(tmp_man.name, 'w') as man_file:
@@ -200,6 +207,11 @@ def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volume
         dcmd = ['/usr/bin/docker', 'run',
                 '--user', 'root',
                 '--name', 'docker-puppet-%s' % config_volume,
+                '--env', 'PUPPET_TAGS=%s' % puppet_tags,
+                '--env', 'NAME=%s' % config_volume,
+                '--env', 'HOSTNAME=%s' % short_hostname(),
+                '--env', 'NO_ARCHIVE=%s' % os.environ.get('NO_ARCHIVE', ''),
+                '--env', 'STEP=%s' % os.environ.get('STEP', '6'),
                 '--volume', '%s:/etc/config.pp:ro' % tmp_man.name,
                 '--volume', '/etc/puppet/:/tmp/puppet-etc/:ro',
                 '--volume', '/usr/share/openstack-puppet/modules/:/usr/share/openstack-puppet/modules/:ro',
@@ -226,19 +238,24 @@ def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volume
             env[k] = os.environ.get(k)
 
         if os.environ.get('NET_HOST', 'false') == 'true':
-            print('NET_HOST enabled')
+            log.debug('NET_HOST enabled')
             dcmd.extend(['--net', 'host', '--volume',
                          '/etc/hosts:/etc/hosts:ro'])
         dcmd.append(config_image)
+        log.debug('Running docker command: %s' % ' '.join(dcmd))
 
         subproc = subprocess.Popen(dcmd, stdout=subprocess.PIPE,
                                    stderr=subprocess.PIPE, env=env)
         cmd_stdout, cmd_stderr = subproc.communicate()
-        print(cmd_stdout)
-        print(cmd_stderr)
+        if cmd_stdout:
+            log.debug(cmd_stdout)
+        if cmd_stderr:
+            log.debug(cmd_stderr)
         if subproc.returncode != 0:
-            print('Failed running docker-puppet.py for %s' % config_volume)
-        rm_container('docker-puppet-%s' % config_volume)
+            log.error('Failed running docker-puppet.py for %s' % config_volume)
+        else:
+            # only delete successful runs, for debugging
+            rm_container('docker-puppet-%s' % config_volume)
         return subproc.returncode
 
 # Holds all the information for each process to consume.
@@ -263,7 +280,7 @@ for config_volume in configs:
     process_map.append([config_volume, puppet_tags, manifest, config_image, volumes])
 
 for p in process_map:
-    print '--\n%s' % p
+    log.debug('- %s' % p)
 
 # Fire off processes to perform each configuration.  Defaults
 # to the number of CPUs on the system.
@@ -273,7 +290,7 @@ config_volumes = [pm[0] for pm in process_map]
 success = True
 for returncode, config_volume in zip(returncodes, config_volumes):
     if returncode != 0:
-        print('ERROR configuring %s' % config_volume)
+        log.error('ERROR configuring %s' % config_volume)
         success = False
 
 if not success:
index f0af8e2..86811b8 100644 (file)
@@ -9,7 +9,9 @@
 {%- endfor -%}
 {%- set primary_role_name = primary_role[0].name -%}
 # primary role is: {{primary_role_name}}
-heat_template_version: ocata
+{% set deploy_steps_max = 6 -%}
+
+heat_template_version: pike
 
 description: >
   Post-deploy configuration steps via puppet for all roles,
@@ -45,26 +47,16 @@ resources:
       value:
         yaql:
           expression:
-            dict($.data.docker_puppet_tasks.where($1 != null).selectMany($.items()).groupBy($[0], $[1]))
+            $.data.default_tasks + dict($.data.docker_puppet_tasks.where($1 != null).selectMany($.items()).groupBy($[0], $[1]))
           data:
             docker_puppet_tasks: {get_param: [role_data, {{primary_role_name}}, docker_puppet_tasks]}
+            default_tasks:
+{%- for step in range(1, deploy_steps_max) %}
+              step_{{step}}: {}
+{%- endfor %}
 
 # BEGIN primary_role_name docker-puppet-tasks (run only on a single node)
-{% for step in range(1, 6) %}
-
-  {{primary_role_name}}DockerPuppetJsonConfig{{step}}:
-      type: OS::Heat::StructuredConfig
-      properties:
-        group: json-file
-        config:
-          /var/lib/docker-puppet/docker-puppet-tasks{{step}}.json:
-            {get_attr: [{{primary_role_name}}DockerPuppetTasks, value, 'step_{{step}}']}
-
-  {{primary_role_name}}DockerPuppetJsonDeployment{{step}}:
-    type: OS::Heat::SoftwareDeployment
-    properties:
-      server: {get_param: [servers, {{primary_role_name}}, '0']}
-      config: {get_resource: {{primary_role_name}}DockerPuppetJsonConfig{{step}}}
+{% for step in range(1, deploy_steps_max) %}
 
   {{primary_role_name}}DockerPuppetTasksConfig{{step}}:
     type: OS::Heat::SoftwareConfig
@@ -84,9 +76,8 @@ resources:
       - {{dep.name}}Deployment_Step{{step}}
       - {{dep.name}}ContainersDeployment_Step{{step}}
       {% endfor %}
-      - {{primary_role_name}}DockerPuppetJsonDeployment{{step}}
     properties:
-      name: {{primary_role_name}}DockerPuppetJsonDeployment{{step}}
+      name: {{primary_role_name}}DockerPuppetTasksDeployment{{step}}
       server: {get_param: [servers, {{primary_role_name}}, '0']}
       config: {get_resource: {{primary_role_name}}DockerPuppetTasksConfig{{step}}}
       input_values:
@@ -111,44 +102,64 @@ resources:
       servers:  {get_param: [servers, {{role.name}}]}
       config: {get_resource: {{role.name}}ArtifactsConfig}
 
-  {{role.name}}PreConfig:
-    type: OS::TripleO::Tasks::{{role.name}}PreConfig
-    properties:
-      servers: {get_param: [servers, {{role.name}}]}
-      input_values:
-        update_identifier: {get_param: DeployIdentifier}
-
-  {{role.name}}CreateConfigDir:
-    type: OS::Heat::SoftwareConfig
-    properties:
-      group: script
-      config: {get_file: create-config-dir.sh}
-
-  {{role.name}}CreateConfigDirDeployment:
-    type: OS::Heat::SoftwareDeploymentGroup
-    properties:
-      servers: {get_param: [servers, {{role.name}}]}
-      config: {get_resource: {{role.name}}CreateConfigDir}
-
-  {{role.name}}HostPrepAnsible:
-    type: OS::Heat::Value
-    properties:
-      value:
-        str_replace:
-          template: CONFIG
-          params:
-            CONFIG:
-              - hosts: localhost
-                connection: local
-                tasks: {get_param: [role_data, {{role.name}}, host_prep_tasks]}
-
   {{role.name}}HostPrepConfig:
     type: OS::Heat::SoftwareConfig
     properties:
       group: ansible
       options:
         modulepath: /usr/share/ansible-modules
-      config: {get_attr: [{{role.name}}HostPrepAnsible, value]}
+      config:
+        str_replace:
+          template: _PLAYBOOK
+          params:
+            _PLAYBOOK:
+              - hosts: localhost
+                connection: local
+                vars:
+                  puppet_config: {get_param: [role_data, {{role.name}}, puppet_config]}
+                  docker_puppet_script: {get_file: docker-puppet.py}
+                  docker_puppet_tasks: {get_attr: [{{primary_role_name}}DockerPuppetTasks, value]}
+                  docker_startup_configs: {get_attr: [{{role.name}}DockerConfig, value]}
+                  kolla_config: {get_param: [role_data, {{role.name}}, kolla_config]}
+                  bootstrap_server_id: {get_param: [servers, {{primary_role_name}}, '0']}
+                tasks:
+                  # Join host_prep_tasks with the other per-host configuration
+                  yaql:
+                    expression: $.data.host_prep_tasks + $.data.template_tasks
+                    data:
+                      host_prep_tasks: {get_param: [role_data, {{role.name}}, host_prep_tasks]}
+                      template_tasks:
+{%- raw %}
+                        # This is where we stack puppet configuration (for now)...
+                        - name: Create /var/lib/config-data
+                          file: path=/var/lib/config-data state=directory
+                        # This is the docker-puppet configs end in
+                        - name: Create /var/lib/docker-puppet
+                          file: path=/var/lib/docker-puppet state=directory
+                        # this creates a JSON config file for our docker-puppet.py script
+                        - name: Write docker-puppet-tasks json files
+                          copy: content="{{puppet_config | to_json}}" dest=/var/lib/docker-puppet/docker-puppet.json force=yes
+                        # FIXME: can we move docker-puppet somewhere so it's installed via a package?
+                        - name: Write docker-puppet.py
+                          copy: content="{{docker_puppet_script}}" dest=/var/lib/docker-puppet/docker-puppet.py force=yes
+                        # Here we are dumping all the docker container startup configuration data
+                        # so that we can have access to how they are started outside of heat
+                        # and docker-cmd.  This lets us create command line tools to test containers.
+                        - name: Write docker-container-startup-configs
+                          copy: content="{{docker_startup_configs | to_json}}" dest=/var/lib/docker-container-startup-configs.json force=yes
+                        - name: Create /var/lib/kolla/config_files directory
+                          file: path=/var/lib/kolla/config_files state=directory
+                        - name: Write kolla config json files
+                          copy: content="{{item.value|to_json}}" dest="{{item.key}}" force=yes
+                          with_dict: "{{kolla_config}}"
+                        ########################################################
+                        # Bootstrap tasks, only performed on bootstrap_server_id
+                        ########################################################
+                        - name: Write docker-puppet-tasks json files
+                          copy: content="{{item.value|to_json}}" dest=/var/lib/docker-puppet/docker-puppet-tasks{{item.key.replace("step_", "")}}.json force=yes
+                          with_dict: "{{docker_puppet_tasks}}"
+                          when: deploy_server_id == bootstrap_server_id
+{%- endraw %}
 
   {{role.name}}HostPrepDeployment:
     type: OS::Heat::SoftwareDeploymentGroup
@@ -156,34 +167,23 @@ resources:
       servers: {get_param: [servers, {{role.name}}]}
       config: {get_resource: {{role.name}}HostPrepConfig}
 
-  # this creates a JSON config file for our docker-puppet.py script
-  {{role.name}}GenPuppetConfig:
-    type: OS::Heat::StructuredConfig
-    properties:
-      group: json-file
-      config:
-        /var/lib/docker-puppet/docker-puppet.json:
-          {get_param: [role_data, {{role.name}}, puppet_config]}
-
-  {{role.name}}GenPuppetDeployment:
-    type: OS::Heat::SoftwareDeploymentGroup
-    properties:
-      servers: {get_param: [servers, {{role.name}}]}
-      config: {get_resource: {{role.name}}GenPuppetConfig}
-
   {{role.name}}GenerateConfig:
     type: OS::Heat::SoftwareConfig
     properties:
       group: script
       config: {get_file: docker-puppet.py}
+      inputs:
+        - name: NET_HOST
 
   {{role.name}}GenerateConfigDeployment:
     type: OS::Heat::SoftwareDeploymentGroup
-    depends_on: [{{role.name}}GenPuppetDeployment, {{role.name}}ArtifactsDeploy, {{role.name}}CreateConfigDirDeployment, {{role.name}}HostPrepDeployment]
+    depends_on: [{{role.name}}ArtifactsDeploy, {{role.name}}HostPrepDeployment]
     properties:
       name: {{role.name}}GenerateConfigDeployment
       servers: {get_param: [servers, {{role.name}}]}
       config: {get_resource: {{role.name}}GenerateConfig}
+      input_values:
+        NET_HOST: 'true'
 
   {{role.name}}PuppetStepConfig:
     type: OS::Heat::Value
@@ -212,55 +212,21 @@ resources:
             service_names: {get_param: [role_data, {{role.name}}, service_names]}
             docker_config: {get_param: [role_data, {{role.name}}, docker_config]}
 
-  # Here we are dumping all the docker container startup configuration data
-  # so that we can have access to how they are started outside of heat
-  # and docker-cmd.  This lets us create command line tools to start and
-  # test these containers.
-  {{role.name}}DockerConfigJsonStartupData:
-    type: OS::Heat::StructuredConfig
-    properties:
-      group: json-file
-      config:
-        /var/lib/docker-container-startup-configs.json:
-          {get_attr: [{{role.name}}DockerConfig, value]}
-
-  {{role.name}}DockerConfigJsonStartupDataDeployment:
-    type: OS::Heat::SoftwareDeploymentGroup
-    properties:
-      config: {get_resource: {{role.name}}DockerConfigJsonStartupData}
-      servers: {get_param: [servers, {{role.name}}]}
-
-  {{role.name}}KollaJsonConfig:
-    type: OS::Heat::StructuredConfig
-    properties:
-      group: json-file
-      config:
-        {get_param: [role_data, {{role.name}}, kolla_config]}
-
-  {{role.name}}KollaJsonDeployment:
-    type: OS::Heat::SoftwareDeploymentGroup
-    properties:
-      name: {{role.name}}KollaJsonDeployment
-      config: {get_resource: {{role.name}}KollaJsonConfig}
-      servers: {get_param: [servers, {{role.name}}]}
-
   # BEGIN BAREMETAL CONFIG STEPS
 
-  {% if role.name == 'Controller' %}
-  ControllerPrePuppet:
-    type: OS::TripleO::Tasks::ControllerPrePuppet
+  {{role.name}}PreConfig:
+    type: OS::TripleO::Tasks::{{role.name}}PreConfig
     properties:
-      servers: {get_param: [servers, Controller]}
+      servers: {get_param: [servers, {{role.name}}]}
       input_values:
         update_identifier: {get_param: DeployIdentifier}
-  {% endif %}
 
   {{role.name}}Config:
     type: OS::TripleO::{{role.name}}Config
     properties:
       StepConfig: {get_attr: [{{role.name}}PuppetStepConfig, value]}
 
-  {% for step in range(1, 6) %}
+  {% for step in range(1, deploy_steps_max) %}
 
   {{role.name}}Deployment_Step{{step}}:
     type: OS::Heat::StructuredDeploymentGroup
@@ -286,7 +252,7 @@ resources:
   # END BAREMETAL CONFIG STEPS
 
   # BEGIN CONTAINER CONFIG STEPS
-  {% for step in range(1, 6) %}
+  {% for step in range(1, deploy_steps_max) %}
 
   {{role.name}}ContainersConfig_Step{{step}}:
     type: OS::Heat::StructuredConfig
@@ -299,9 +265,11 @@ resources:
     type: OS::Heat::StructuredDeploymentGroup
   {% if step == 1 %}
     depends_on:
+        {%- for dep in roles %}
+      - {{dep.name}}Deployment_Step{{step}} # baremetal steps of the same level run first
+        {%- endfor %}
       - {{role.name}}PreConfig
-      - {{role.name}}KollaJsonDeployment
-      - {{role.name}}GenPuppetDeployment
+      - {{role.name}}HostPrepDeployment
       - {{role.name}}GenerateConfigDeployment
   {% else %}
     depends_on:
@@ -343,15 +311,4 @@ resources:
     properties:
         servers: {get_param: [servers, {{role.name}}]}
 
-  {% if role.name == 'Controller' %}
-  ControllerPostPuppet:
-    depends_on:
-      - ControllerExtraConfigPost
-    type: OS::TripleO::Tasks::ControllerPostPuppet
-    properties:
-      servers: {get_param: [servers, Controller]}
-      input_values:
-        update_identifier: {get_param: DeployIdentifier}
-  {% endif %}
-
 {% endfor %}
index 2f25898..4b061e1 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 parameters:
   DockerNamespace:
index 3181fad..f802e4e 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack containerized aodh service
@@ -26,6 +26,21 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+  EnableInternalTLS:
+    type: boolean
+    default: false
+
+conditions:
+
+  internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
 
 resources:
 
@@ -38,6 +53,8 @@ resources:
         EndpointMap: {get_param: EndpointMap}
         ServiceNetMap: {get_param: ServiceNetMap}
         DefaultPasswords: {get_param: DefaultPasswords}
+        RoleName: {get_param: RoleName}
+        RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
@@ -63,30 +80,34 @@ outputs:
       kolla_config:
         /var/lib/kolla/config_files/aodh-api.json:
           command: /usr/sbin/httpd -DFOREGROUND
+          permissions:
+            - path: /var/log/aodh
+              owner: aodh:aodh
+              recurse: true
       docker_config:
+        # db sync runs before permissions set by kolla_config
         step_3:
           aodh_init_log:
             start_order: 0
             image: *aodh_image
             user: root
-            command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd && mkdir -p /var/log/aodh && chown aodh:aodh /var/log/aodh']
             volumes:
-              - logs:/var/log
+              - /var/log/containers/aodh:/var/log/aodh
+            command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R aodh:aodh /var/log/aodh']
           aodh_db_sync:
             start_order: 1
             image: *aodh_image
             net: host
             privileged: false
             detach: false
+            user: root
             volumes:
-              yaql:
-                expression: $.data.common.concat($.data.service)
-                data:
-                  common: {get_attr: [ContainersCommon, volumes]}
-                  service:
-                    - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro
-                    - logs:/var/log
-            command: /usr/bin/aodh-dbsync
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro
+                  - /var/log/containers/aodh:/var/log/aodh
+            command: "/usr/bin/bootstrap_host_exec aodh_api su aodh -s /bin/bash -c /usr/bin/aodh-dbsync"
         step_4:
           aodh_api:
             image: *aodh_image
@@ -94,19 +115,34 @@ outputs:
             privileged: false
             restart: always
             volumes:
-              yaql:
-                expression: $.data.common.concat($.data.service)
-                data:
-                  common: {get_attr: [ContainersCommon, volumes]}
-                  service:
-                    - /var/lib/kolla/config_files/aodh-api.json:/var/lib/kolla/config_files/config.json:ro
-                    - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro
-                    - /var/lib/config-data/aodh/etc/httpd/:/etc/httpd/:ro
-                    - /var/lib/config-data/aodh/var/www/:/var/www/:ro
-                    - logs:/var/log
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/aodh-api.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro
+                  - /var/lib/config-data/aodh/etc/httpd/:/etc/httpd/:ro
+                  - /var/lib/config-data/aodh/var/www/:/var/www/:ro
+                  - /var/log/containers/aodh:/var/log/aodh
+                  -
+                    if:
+                      - internal_tls_enabled
+                      - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
+                      - ''
+                  -
+                    if:
+                      - internal_tls_enabled
+                      - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
+                      - ''
             environment:
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+      host_prep_tasks:
+      - name: create persistent logs directory
+        file:
+          path: /var/log/containers/aodh
+          state: directory
       upgrade_tasks:
         - name: Stop and disable aodh service (running under httpd)
           tags: step2
           service: name=httpd state=stopped enabled=no
+      metadata_settings:
+        get_attr: [AodhApiPuppetBase, role_data, metadata_settings]
index 13d6cf2..9d514d0 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack containerized Aodh Evaluator service
@@ -26,6 +26,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
 
 resources:
 
@@ -38,6 +46,8 @@ resources:
       EndpointMap: {get_param: EndpointMap}
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
@@ -62,6 +72,10 @@ outputs:
       kolla_config:
         /var/lib/kolla/config_files/aodh-evaluator.json:
           command: /usr/bin/aodh-evaluator
+          permissions:
+            - path: /var/log/aodh
+              owner: aodh:aodh
+              recurse: true
       docker_config:
         step_4:
           aodh_evaluator:
@@ -70,15 +84,19 @@ outputs:
             privileged: false
             restart: always
             volumes:
-              yaql:
-                expression: $.data.common.concat($.data.service)
-                data:
-                  common: {get_attr: [ContainersCommon, volumes]}
-                  service:
-                    - /var/lib/kolla/config_files/aodh-evaluator.json:/var/lib/kolla/config_files/config.json:ro
-                    - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/aodh-evaluator.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro
+                  - /var/log/containers/aodh:/var/log/aodh
             environment:
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+      host_prep_tasks:
+        - name: create persistent logs directory
+          file:
+            path: /var/log/containers/aodh
+            state: directory
       upgrade_tasks:
         - name: Stop and disable openstack-aodh-evaluator service
           tags: step2
index 63c45aa..dac6108 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack containerized Aodh Listener service
@@ -26,6 +26,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
 
 resources:
 
@@ -38,6 +46,8 @@ resources:
       EndpointMap: {get_param: EndpointMap}
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
@@ -62,6 +72,10 @@ outputs:
       kolla_config:
         /var/lib/kolla/config_files/aodh-listener.json:
           command: /usr/bin/aodh-listener
+          permissions:
+            - path: /var/log/aodh
+              owner: aodh:aodh
+              recurse: true
       docker_config:
         step_4:
           aodh_listener:
@@ -70,15 +84,19 @@ outputs:
             privileged: false
             restart: always
             volumes:
-              yaql:
-                expression: $.data.common.concat($.data.service)
-                data:
-                  common: {get_attr: [ContainersCommon, volumes]}
-                  service:
-                    - /var/lib/kolla/config_files/aodh-listener.json:/var/lib/kolla/config_files/config.json:ro
-                    - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/aodh-listener.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro
+                  - /var/log/containers/aodh:/var/log/aodh
             environment:
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+      host_prep_tasks:
+        - name: create persistent logs directory
+          file:
+            path: /var/log/containers/aodh
+            state: directory
       upgrade_tasks:
         - name: Stop and disable openstack-aodh-listener service
           tags: step2
index dbe31b6..a22ae85 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack containerized Aodh Notifier service
@@ -26,6 +26,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
 
 resources:
 
@@ -38,6 +46,8 @@ resources:
       EndpointMap: {get_param: EndpointMap}
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
@@ -62,6 +72,10 @@ outputs:
       kolla_config:
         /var/lib/kolla/config_files/aodh-notifier.json:
           command: /usr/bin/aodh-notifier
+          permissions:
+            - path: /var/log/aodh
+              owner: aodh:aodh
+              recurse: true
       docker_config:
         step_4:
           aodh_notifier:
@@ -70,15 +84,19 @@ outputs:
             privileged: false
             restart: always
             volumes:
-              yaql:
-                expression: $.data.common.concat($.data.service)
-                data:
-                  common: {get_attr: [ContainersCommon, volumes]}
-                  service:
-                    - /var/lib/kolla/config_files/aodh-notifier.json:/var/lib/kolla/config_files/config.json:ro
-                    - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/aodh-notifier.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro
+                  - /var/log/containers/aodh:/var/log/aodh
             environment:
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+      host_prep_tasks:
+        - name: create persistent logs directory
+          file:
+            path: /var/log/containers/aodh
+            state: directory
       upgrade_tasks:
         - name: Stop and disable openstack-aodh-notifier service
           tags: step2
diff --git a/docker/services/ceilometer-agent-central.yaml b/docker/services/ceilometer-agent-central.yaml
new file mode 100644 (file)
index 0000000..94caded
--- /dev/null
@@ -0,0 +1,113 @@
+heat_template_version: pike
+
+description: >
+  OpenStack containerized Ceilometer Agent Central service
+
+parameters:
+  DockerNamespace:
+    description: namespace
+    default: 'tripleoupstream'
+    type: string
+  DockerCeilometerCentralImage:
+    description: image
+    default: 'centos-binary-ceilometer-central:latest'
+    type: string
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+
+resources:
+
+  ContainersCommon:
+   type: ./containers-common.yaml
+
+  CeilometerAgentCentralBase:
+    type: ../../puppet/services/ceilometer-agent-central.yaml
+    properties:
+      EndpointMap: {get_param: EndpointMap}
+      ServiceNetMap: {get_param: ServiceNetMap}
+      DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
+
+outputs:
+  role_data:
+    description: Role data for the Ceilometer Agent Central role.
+    value:
+      service_name: {get_attr: [CeilometerAgentCentralBase, role_data, service_name]}
+      config_settings: {get_attr: [CeilometerAgentCentralBase, role_data, config_settings]}
+      step_config: &step_config
+        get_attr: [CeilometerAgentCentralBase, role_data, step_config]
+      service_config_settings: {get_attr: [CeilometerAgentCentralBase, role_data, service_config_settings]}
+      # BEGIN DOCKER SETTINGS
+      puppet_config:
+        config_volume: ceilometer
+        puppet_tags: ceilometer_config
+        step_config: *step_config
+        config_image: &ceilometer_agent_central_image
+          list_join:
+            - '/'
+            - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerCentralImage} ]
+      kolla_config:
+        /var/lib/kolla/config_files/ceilometer-agent-central.json:
+          command: /usr/bin/ceilometer-polling --polling-namespaces central
+      docker_config:
+        step_3:
+          ceilometer_init_log:
+            start_order: 0
+            image: *ceilometer_agent_central_image
+            user: root
+            command: ['/bin/bash', '-c', 'chown -R ceilometer:ceilometer /var/log/ceilometer']
+            volumes:
+              - /var/log/containers/ceilometer:/var/log/ceilometer
+        step_4:
+          ceilometer_agent_central:
+            image: *ceilometer_agent_central_image
+            net: host
+            privileged: false
+            restart: always
+            volumes:
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/ceilometer-agent-central.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro
+            environment:
+              - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+        step_5:
+          ceilometer_gnocchi_upgrade:
+            start_order: 1
+            image: *ceilometer_agent_central_image
+            net: host
+            detach: false
+            privileged: false
+            volumes:
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro
+                  - /var/log/containers/ceilometer:/var/log/ceilometer
+            command: ["/usr/bin/ceilometer-upgrade", "--skip-metering-database"]
+      upgrade_tasks:
+        - name: Stop and disable ceilometer agent central service
+          tags: step2
+          service: name=openstack-ceilometer-agent-central state=stopped enabled=no
diff --git a/docker/services/ceilometer-agent-compute.yaml b/docker/services/ceilometer-agent-compute.yaml
new file mode 100644 (file)
index 0000000..9033cf4
--- /dev/null
@@ -0,0 +1,91 @@
+heat_template_version: pike
+
+description: >
+  OpenStack containerized Ceilometer Agent Compute service
+
+parameters:
+  DockerNamespace:
+    description: namespace
+    default: 'tripleoupstream'
+    type: string
+  DockerCeilometerComputeImage:
+    description: image
+    default: 'centos-binary-ceilometer-compute:latest'
+    type: string
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+
+resources:
+
+  ContainersCommon:
+    type: ./containers-common.yaml
+
+  CeilometerAgentComputeBase:
+    type: ../../puppet/services/ceilometer-agent-compute.yaml
+    properties:
+      EndpointMap: {get_param: EndpointMap}
+      ServiceNetMap: {get_param: ServiceNetMap}
+      DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
+
+outputs:
+  role_data:
+    description: Role data for the Ceilometer Agent Compute role.
+    value:
+      service_name: {get_attr: [CeilometerAgentComputeBase, role_data, service_name]}
+      config_settings: {get_attr: [CeilometerAgentComputeBase, role_data, config_settings]}
+      step_config: &step_config
+        get_attr: [CeilometerAgentComputeBase, role_data, step_config]
+      service_config_settings: {get_attr: [CeilometerAgentComputeBase, role_data, service_config_settings]}
+      # BEGIN DOCKER SETTINGS
+      puppet_config:
+        config_volume: ceilometer
+        puppet_tags: ceilometer_config
+        step_config: *step_config
+        config_image: &ceilometer_agent_compute_image
+          list_join:
+            - '/'
+            - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerComputeImage} ]
+      kolla_config:
+        /var/lib/kolla/config_files/ceilometer-agent-compute.json:
+          command: /usr/bin/ceilometer-polling --polling-namespaces compute
+      docker_config:
+        step_4:
+          ceilometer_agent-compute:
+            image: *ceilometer_agent_compute_image
+            net: host
+            privileged: false
+            restart: always
+            volumes:
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/ceilometer-agent-compute.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro
+            environment:
+              - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+      upgrade_tasks:
+        - name: Stop and disable ceilometer-agent-compute service
+          tags: step2
+          service: name=openstack-ceilometer-agent-compute state=stopped enabled=no
diff --git a/docker/services/ceilometer-agent-notification.yaml b/docker/services/ceilometer-agent-notification.yaml
new file mode 100644 (file)
index 0000000..79df330
--- /dev/null
@@ -0,0 +1,113 @@
+heat_template_version: pike
+
+description: >
+  OpenStack containerized Ceilometer Agent Notification service
+
+parameters:
+  DockerNamespace:
+    description: namespace
+    default: 'tripleoupstream'
+    type: string
+  DockerCeilometerNotificationImage:
+    description: image
+    default: 'centos-binary-ceilometer-notification:latest'
+    type: string
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+
+resources:
+
+  ContainersCommon:
+    type: ./containers-common.yaml
+
+  CeilometerAgentNotificationBase:
+    type: ../../puppet/services/ceilometer-agent-notification.yaml
+    properties:
+      EndpointMap: {get_param: EndpointMap}
+      ServiceNetMap: {get_param: ServiceNetMap}
+      DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
+
+outputs:
+  role_data:
+    description: Role data for the Ceilometer Agent Notification role.
+    value:
+      service_name: {get_attr: [CeilometerAgentNotificationBase, role_data, service_name]}
+      config_settings: {get_attr: [CeilometerAgentNotificationBase, role_data, config_settings]}
+      step_config: &step_config
+        get_attr: [CeilometerAgentNotificationBase, role_data, step_config]
+      service_config_settings: {get_attr: [CeilometerAgentNotificationBase, role_data, service_config_settings]}
+      # BEGIN DOCKER SETTINGS
+      puppet_config:
+        config_volume: ceilometer
+        puppet_tags: ceilometer_config
+        step_config: *step_config
+        config_image: &ceilometer_agent_notification_image
+          list_join:
+            - '/'
+            - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerNotificationImage} ]
+      kolla_config:
+        /var/lib/kolla/config_files/ceilometer-agent-notification.json:
+          command: /usr/bin/ceilometer-agent-notification
+      docker_config:
+        step_3:
+          ceilometer_init_log:
+            start_order: 0
+            image: *ceilometer_agent_notification_image
+            user: root
+            command: ['/bin/bash', '-c', 'chown -R ceilometer:ceilometer /var/log/ceilometer']
+            volumes:
+              - /var/log/containers/ceilometer:/var/log/ceilometer
+        step_4:
+          ceilometer_agent-notification:
+            image: *ceilometer_agent_notification_image
+            net: host
+            privileged: false
+            restart: always
+            volumes:
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/ceilometer-agent-notification.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro
+            environment:
+              - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+        step_5:
+          ceilometer_gnocchi_upgrade:
+            start_order: 1
+            image: *ceilometer_agent_notification_image
+            net: host
+            detach: false
+            privileged: false
+            volumes:
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro
+                  - /var/log/containers/ceilometer:/var/log/ceilometer
+            command: ["/usr/bin/ceilometer-upgrade", "--skip-metering-database"]
+      upgrade_tasks:
+        - name: Stop and disable ceilometer agent notification service
+          tags: step2
+          service: name=openstack-ceilometer-notification state=stopped enabled=no
index d3561f6..a9912a1 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Contains a static list of common things necessary for containers
@@ -9,8 +9,12 @@ outputs:
     value:
       - /etc/hosts:/etc/hosts:ro
       - /etc/localtime:/etc/localtime:ro
+      # required for bootstrap_host_exec
+      - /etc/puppet:/etc/puppet:ro
       # OpenSSL trusted CAs
       - /etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:ro
       - /etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro
       - /etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro
       - /etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro
+      # Syslog socket
+      - /dev/log:/dev/log
index 7d2d1a1..96a02f9 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   MongoDB service deployment using puppet and docker
@@ -26,6 +26,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
 
 resources:
 
@@ -35,6 +43,8 @@ resources:
       EndpointMap: {get_param: EndpointMap}
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
@@ -66,6 +76,9 @@ outputs:
             - path: /var/lib/mongodb
               owner: mongodb:mongodb
               recurse: true
+            - path: /var/log/mongodb
+              owner: mongodb:mongodb
+              recurse: true
       docker_config:
         step_2:
           mongodb:
@@ -76,7 +89,7 @@ outputs:
               - /var/lib/kolla/config_files/mongodb.json:/var/lib/kolla/config_files/config.json
               - /var/lib/config-data/mongodb/etc/:/etc/:ro
               - /etc/localtime:/etc/localtime:ro
-              - logs:/var/log/kolla
+              - /var/log/containers/mongodb:/var/log/mongodb
               - /var/lib/mongodb:/var/lib/mongodb
             environment:
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
@@ -88,13 +101,16 @@ outputs:
           step_config: 'include ::tripleo::profile::base::database::mongodb'
           config_image: *mongodb_image
           volumes:
-          - /var/lib/mongodb:/var/lib/mongodb
-          - logs:/var/log/kolla:ro
+            - /var/lib/mongodb:/var/lib/mongodb
+            - /var/log/containers/mongodb:/var/log/mongodb
       host_prep_tasks:
-        - name: create /var/lib/mongodb
+        - name: create persistent directories
           file:
-            path: /var/lib/mongodb
+            path: "{{ item }}"
             state: directory
+          with_items:
+            - /var/log/containers/mongodb
+            - /var/lib/mongodb
       upgrade_tasks:
         - name: Stop and disable mongodb service
           tags: step2
index cba2070..73578e1 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   MySQL service deployment using puppet
@@ -26,6 +26,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   MysqlRootPassword:
     type: string
     hidden: true
@@ -39,6 +47,8 @@ resources:
       EndpointMap: {get_param: EndpointMap}
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
@@ -76,9 +86,18 @@ outputs:
               owner: mysql:mysql
               recurse: true
       docker_config:
+        # Kolla_bootstrap runs before permissions set by kolla_config
         step_2:
-          mysql_bootstrap:
+          mysql_init_logs:
             start_order: 0
+            image: *mysql_image
+            privileged: false
+            user: root
+            volumes:
+              - /var/log/containers/mysql:/var/log/mariadb
+            command: ['/bin/bash', '-c', 'chown -R mysql:mysql /var/log/mariadb']
+          mysql_bootstrap:
+            start_order: 1
             detach: false
             image: *mysql_image
             net: host
@@ -90,12 +109,13 @@ outputs:
               - /etc/localtime:/etc/localtime:ro
               - /etc/hosts:/etc/hosts:ro
               - /var/lib/mysql:/var/lib/mysql
+              - /var/log/containers/mysql:/var/log/mariadb
             environment:
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
               - KOLLA_BOOTSTRAP=True
               # NOTE(mandre) skip wsrep cluster status check
               - KOLLA_KUBERNETES=True
-              - 
+              -
                 list_join:
                   - '='
                   - - 'DB_ROOT_PASSWORD'
@@ -107,7 +127,7 @@ outputs:
                             - {get_param: MysqlRootPassword}
                             - {get_param: [DefaultPasswords, mysql_root_password]}
           mysql:
-            start_order: 1
+            start_order: 2
             image: *mysql_image
             restart: always
             net: host
@@ -123,12 +143,16 @@ outputs:
           config_image: *mysql_image
           volumes:
             - /var/lib/mysql:/var/lib/mysql/:ro
+            - /var/log/containers/mysql:/var/log/mariadb
             - /var/lib/config-data/mysql/root:/root:ro #provides .my.cnf
       host_prep_tasks:
-        - name: create /var/lib/mysql
+        - name: create persistent directories
           file:
-            path: /var/lib/mysql
+            path: "{{ item }}"
             state: directory
+          with_items:
+            - /var/log/containers/mysql
+            - /var/lib/mysql
       upgrade_tasks:
         - name: Stop and disable mysql service
           tags: step2
diff --git a/docker/services/database/redis.yaml b/docker/services/database/redis.yaml
new file mode 100644 (file)
index 0000000..73df96c
--- /dev/null
@@ -0,0 +1,101 @@
+heat_template_version: pike
+
+description: >
+  OpenStack containerized Redis services
+
+parameters:
+  DockerNamespace:
+    description: namespace
+    default: 'tripleoupstream'
+    type: string
+  DockerRedisImage:
+    description: image
+    default: 'centos-binary-redis:latest'
+    type: string
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+
+resources:
+
+  RedisBase:
+    type: ../../../puppet/services/database/redis.yaml
+    properties:
+      EndpointMap: {get_param: EndpointMap}
+      ServiceNetMap: {get_param: ServiceNetMap}
+      DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+  role_data:
+    description: Role data for the Redis API role.
+    value:
+      service_name: {get_attr: [RedisBase, role_data, service_name]}
+      config_settings:
+        map_merge:
+          - {get_attr: [RedisBase, role_data, config_settings]}
+          - redis::daemonize: false
+      step_config: &step_config
+        get_attr: [RedisBase, role_data, step_config]
+      service_config_settings: {get_attr: [RedisBase, role_data, service_config_settings]}
+      # BEGIN DOCKER SETTINGS
+      puppet_config:
+        config_volume: 'redis'
+        # NOTE: we need the exec tag to copy /etc/redis.conf.puppet to
+        # /etc/redis.conf
+        # https://github.com/arioch/puppet-redis/commit/1c004143223e660cbd433422ff8194508aab9763
+        puppet_tags: 'exec'
+        step_config: *step_config
+        config_image: &redis_image
+          list_join:
+            - '/'
+            - [ {get_param: DockerNamespace}, {get_param: DockerRedisImage} ]
+      kolla_config:
+        /var/lib/kolla/config_files/redis.json:
+          command: /usr/bin/redis-server /etc/redis.conf
+          permissions:
+            - path: /var/run/redis
+              owner: redis:redis
+              recurse: true
+      docker_config:
+        step_1:
+          redis:
+            image: *redis_image
+            net: host
+            privileged: false
+            restart: always
+            volumes:
+              - /run:/run
+              - /var/lib/kolla/config_files/redis.json:/var/lib/kolla/config_files/config.json:ro
+              - /var/lib/config-data/redis/etc/:/etc/:ro
+              - /etc/localtime:/etc/localtime:ro
+              - logs:/var/log/kolla
+            environment:
+              - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+      host_prep_tasks:
+        - name: create /var/run/redis
+          file:
+            path: /var/run/redis
+            state: directory
+      upgrade_tasks:
+        - name: Stop and disable redis service
+          tags: step2
+          service: name=redis state=stopped enabled=no
diff --git a/docker/services/etcd.yaml b/docker/services/etcd.yaml
new file mode 100644 (file)
index 0000000..e5a7096
--- /dev/null
@@ -0,0 +1,113 @@
+heat_template_version: pike
+
+description: >
+  OpenStack containerized etcd services
+
+parameters:
+  DockerNamespace:
+    description: namespace
+    default: 'tripleoupstream'
+    type: string
+  DockerEtcdImage:
+    description: image
+    default: 'centos-binary-etcd:latest'
+    type: string
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+  EtcdInitialClusterToken:
+    description: Initial cluster token for the etcd cluster during bootstrap.
+    type: string
+    hidden: true
+
+resources:
+
+  EtcdPuppetBase:
+    type: ../../puppet/services/etcd.yaml
+    properties:
+      EndpointMap: {get_param: EndpointMap}
+      ServiceNetMap: {get_param: ServiceNetMap}
+      DefaultPasswords: {get_param: DefaultPasswords}
+      EtcdInitialClusterToken: {get_param: EtcdInitialClusterToken}
+
+outputs:
+  role_data:
+    description: Role data for the etcd role.
+    value:
+      service_name: {get_attr: [EtcdPuppetBase, role_data, service_name]}
+      step_config: &step_config
+        list_join:
+          - "\n"
+          - - "['Etcd_key'].each |String $val| { noop_resource($val) }"
+            - get_attr: [EtcdPuppetBase, role_data, step_config]
+      config_settings:
+        map_merge:
+          - {get_attr: [EtcdPuppetBase, role_data, config_settings]}
+          - etcd::manage_service: false
+      # BEGIN DOCKER SETTINGS
+      puppet_config:
+        config_volume: etcd
+        step_config: *step_config
+        config_image: &etcd_image
+          list_join:
+            - '/'
+            - [ {get_param: DockerNamespace}, {get_param: DockerEtcdImage} ]
+      kolla_config:
+        /var/lib/kolla/config_files/etcd.json:
+          command: /usr/bin/etcd --config-file /etc/etcd/etcd.yml
+          permissions:
+            - path: /var/lib/etcd
+              owner: etcd:etcd
+              recurse: true
+      docker_config:
+        step_2:
+          etcd:
+            image: *etcd_image
+            net: host
+            privileged: false
+            restart: always
+            volumes:
+              - /var/lib/etcd:/var/lib/etcd
+              - /etc/localtime:/etc/localtime:ro
+              - /var/lib/kolla/config_files/etcd.json:/var/lib/kolla/config_files/config.json:ro
+              - /var/lib/config-data/etcd/etc/etcd/etcd.yml:/etc/etcd/etcd.yml:ro
+            environment:
+              - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+      docker_puppet_tasks:
+        # Etcd keys initialization occurs only on single node
+        step_2:
+          config_volume: 'etcd_init_tasks'
+          puppet_tags: 'etcd_key'
+          step_config: 'include ::tripleo::profile::base::etcd'
+          config_image: *etcd_image
+          volumes:
+            - /var/lib/config-data/etcd/etc/:/etc
+            - /var/lib/etcd:/var/lib/etcd:ro
+      host_prep_tasks:
+        - name: create /var/lib/etcd
+          file:
+            path: /var/lib/etcd
+            state: directory
+      upgrade_tasks:
+        - name: Stop and disable etcd service
+          tags: step2
+          service: name=etcd state=stopped enabled=no
index 0b4f81e..df8186d 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Glance service configured with Puppet
@@ -26,6 +26,22 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+  EnableInternalTLS:
+    type: boolean
+    default: false
+
+conditions:
+
+  internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
+
 
 resources:
 
@@ -38,6 +54,8 @@ resources:
       EndpointMap: {get_param: EndpointMap}
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
@@ -63,37 +81,75 @@ outputs:
       kolla_config:
         /var/lib/kolla/config_files/glance-api.json:
           command: /usr/bin/glance-api --config-file /usr/share/glance/glance-api-dist.conf --config-file /etc/glance/glance-api.conf
+        /var/lib/kolla/config_files/glance_api_tls_proxy.json:
+          command: /usr/sbin/httpd -DFOREGROUND
       docker_config:
+        # Kolla_bootstrap/db_sync runs before permissions set by kolla_config
         step_3:
+          glance_init_logs:
+            start_order: 0
+            image: *glance_image
+            privileged: false
+            user: root
+            volumes:
+              - /var/log/containers/glance:/var/log/glance
+            command: ['/bin/bash', '-c', 'chown -R glance:glance /var/log/glance']
           glance_api_db_sync:
+            start_order: 1
             image: *glance_image
             net: host
             privileged: false
             detach: false
+            user: root
             volumes: &glance_volumes
-              yaql:
-                expression: $.data.common.concat($.data.service)
-                data:
-                  common: {get_attr: [ContainersCommon, volumes]}
-                  service:
-                    - /var/lib/kolla/config_files/glance-api.json:/var/lib/kolla/config_files/config.json
-                    - /var/lib/config-data/glance_api/etc/glance/:/etc/glance/:ro
-                    - /lib/modules:/lib/modules:ro
-                    - /run:/run
-                    - /dev:/dev
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/glance-api.json:/var/lib/kolla/config_files/config.json
+                  - /var/lib/config-data/glance_api/etc/glance/:/etc/glance/:ro
+                  - /var/log/containers/glance:/var/log/glance
             environment:
               - KOLLA_BOOTSTRAP=True
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+            command: "/usr/bin/bootstrap_host_exec glance_api su glance -s /bin/bash -c '/usr/local/bin/kolla_start'"
         step_4:
-          glance_api:
-            image: *glance_image
-            net: host
-            privileged: false
-            restart: always
-            volumes: *glance_volumes
-            environment:
-              - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+          map_merge:
+            - glance_api:
+                start_order: 2
+                image: *glance_image
+                net: host
+                privileged: false
+                restart: always
+                volumes: *glance_volumes
+                environment:
+                  - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+            - if:
+                - internal_tls_enabled
+                - glance_api_tls_proxy:
+                    start_order: 2
+                    image: *glance_image
+                    net: host
+                    user: root
+                    restart: always
+                    volumes:
+                      list_concat:
+                        - {get_attr: [ContainersCommon, volumes]}
+                        -
+                          - /var/lib/kolla/config_files/glance_api_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro
+                          - /var/lib/config-data/glance_api/etc/httpd/:/etc/httpd/:ro
+                          - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
+                          - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
+                    environment:
+                      - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+                - {}
+      host_prep_tasks:
+        - name: create persistent logs directory
+          file:
+            path: /var/log/containers/glance
+            state: directory
       upgrade_tasks:
         - name: Stop and disable glance_api service
           tags: step2
           service: name=openstack-glance-api state=stopped enabled=no
+      metadata_settings:
+        get_attr: [GlanceApiPuppetBase, role_data, metadata_settings]
index 1c61fa3..e59d609 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack containerized gnocchi service
@@ -26,6 +26,21 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+  EnableInternalTLS:
+    type: boolean
+    default: false
+
+conditions:
+
+  internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
 
 resources:
 
@@ -38,6 +53,8 @@ resources:
         EndpointMap: {get_param: EndpointMap}
         ServiceNetMap: {get_param: ServiceNetMap}
         DefaultPasswords: {get_param: DefaultPasswords}
+        RoleName: {get_param: RoleName}
+        RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
@@ -63,30 +80,34 @@ outputs:
       kolla_config:
         /var/lib/kolla/config_files/gnocchi-api.json:
           command: /usr/sbin/httpd -DFOREGROUND
+          permissions:
+            - path: /var/log/gnocchi
+              owner: gnocchi:gnocchi
+              recurse: true
       docker_config:
+        # db sync runs before permissions set by kolla_config
         step_3:
           gnocchi_init_log:
             start_order: 0
             image: *gnocchi_image
             user: root
-            command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd && mkdir -p /var/log/gnocchi && chown gnocchi:gnocchi /var/log/gnocchi']
             volumes:
-              - logs:/var/log
+              - /var/log/containers/gnocchi:/var/log/gnocchi
+            command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R gnocchi:gnocchi /var/log/gnocchi']
           gnocchi_db_sync:
             start_order: 1
             image: *gnocchi_image
             net: host
             detach: false
             privileged: false
+            user: root
             volumes:
-              yaql:
-                expression: $.data.common.concat($.data.service)
-                data:
-                  common: {get_attr: [ContainersCommon, volumes]}
-                  service:
-                    - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro
-                    - logs:/var/log
-            command: ["/usr/bin/gnocchi-upgrade", "--skip-storage"]
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro
+                  - /var/log/containers/gnocchi:/var/log/gnocchi
+            command: "/usr/bin/bootstrap_host_exec gnocchi_api su gnocchi -s /bin/bash -c '/usr/bin/gnocchi-upgrade --skip-storage'"
         step_4:
           gnocchi_api:
             image: *gnocchi_image
@@ -94,18 +115,34 @@ outputs:
             privileged: false
             restart: always
             volumes:
-              yaql:
-                expression: $.data.common.concat($.data.service)
-                data:
-                  common: {get_attr: [ContainersCommon, volumes]}
-                  service:
-                    - /var/lib/kolla/config_files/gnocchi-api.json:/var/lib/kolla/config_files/config.json:ro
-                    - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro
-                    - /var/lib/config-data/gnocchi/etc/httpd/:/etc/httpd/:ro
-                    - /var/lib/config-data/gnocchi/var/www/:/var/www/:ro
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/gnocchi-api.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro
+                  - /var/lib/config-data/gnocchi/etc/httpd/:/etc/httpd/:ro
+                  - /var/lib/config-data/gnocchi/var/www/:/var/www/:ro
+                  - /var/log/containers/gnocchi:/var/log/gnocchi
+                  -
+                    if:
+                      - internal_tls_enabled
+                      - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
+                      - ''
+                  -
+                    if:
+                      - internal_tls_enabled
+                      - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
+                      - ''
             environment:
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+      host_prep_tasks:
+        - name: create persistent logs directory
+          file:
+            path: /var/log/containers/gnocchi
+            state: directory
       upgrade_tasks:
         - name: Stop and disable httpd service
           tags: step2
           service: name=httpd state=stopped enabled=no
+      metadata_settings:
+        get_attr: [GnocchiApiPuppetBase, role_data, metadata_settings]
index 5ce7e12..2724805 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack containerized Gnocchi Metricd service
@@ -26,6 +26,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
 
 resources:
 
@@ -38,6 +46,8 @@ resources:
       EndpointMap: {get_param: EndpointMap}
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
@@ -60,6 +70,10 @@ outputs:
       kolla_config:
         /var/lib/kolla/config_files/gnocchi-metricd.json:
           command: /usr/bin/gnocchi-metricd
+          permissions:
+            - path: /var/log/gnocchi
+              owner: gnocchi:gnocchi
+              recurse: true
       docker_config:
         step_4:
           gnocchi_metricd:
@@ -68,15 +82,19 @@ outputs:
             privileged: false
             restart: always
             volumes:
-              yaql:
-                expression: $.data.common.concat($.data.service)
-                data:
-                  common: {get_attr: [ContainersCommon, volumes]}
-                  service:
-                    - /var/lib/kolla/config_files/gnocchi-metricd.json:/var/lib/kolla/config_files/config.json:ro
-                    - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/gnocchi-metricd.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro
+                  - /var/log/containers/gnocchi:/var/log/gnocchi
             environment:
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+      host_prep_tasks:
+        - name: create persistent logs directory
+          file:
+            path: /var/log/containers/gnocchi
+            state: directory
       upgrade_tasks:
         - name: Stop and disable openstack-gnocchi-metricd service
           tags: step2
index 40023a6..305971f 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack containerized Gnocchi Statsd service
@@ -26,6 +26,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
 
 resources:
 
@@ -38,6 +46,8 @@ resources:
       EndpointMap: {get_param: EndpointMap}
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
@@ -60,6 +70,10 @@ outputs:
       kolla_config:
         /var/lib/kolla/config_files/gnocchi-statsd.json:
           command: /usr/bin/gnocchi-statsd
+          permissions:
+            - path: /var/log/gnocchi
+              owner: gnocchi:gnocchi
+              recurse: true
       docker_config:
         step_4:
           gnocchi_statsd:
@@ -68,15 +82,19 @@ outputs:
             privileged: false
             restart: always
             volumes:
-              yaql:
-                expression: $.data.common.concat($.data.service)
-                data:
-                  common: {get_attr: [ContainersCommon, volumes]}
-                  service:
-                    - /var/lib/kolla/config_files/gnocchi-statsd.json:/var/lib/kolla/config_files/config.json:ro
-                    - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/gnocchi-statsd.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro
+                  - /var/log/containers/gnocchi:/var/log/gnocchi
             environment:
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+      host_prep_tasks:
+        - name: create persistent logs directory
+          file:
+            path: /var/log/containers/gnocchi
+            state: directory
       upgrade_tasks:
         - name: Stop and disable openstack-gnocchi-statsd service
           tags: step2
index 8f7bb14..37fa4c8 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack containerized Heat API CFN service
@@ -12,10 +12,10 @@ parameters:
     description: image
     default: 'centos-binary-heat-api-cfn:latest'
     type: string
-  # we configure all heat services in the same heat engine container
+  # puppet needs the heat-wsgi-api-cfn binary from centos-binary-heat-api-cfn
   DockerHeatConfigImage:
     description: image
-    default: 'centos-binary-heat-engine:latest'
+    default: 'centos-binary-heat-api-cfn:latest'
     type: string
   EndpointMap:
     default: {}
@@ -31,7 +31,21 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+  EnableInternalTLS:
+    type: boolean
+    default: false
+
+conditions:
 
+  internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
 
 resources:
 
@@ -44,6 +58,8 @@ resources:
       EndpointMap: {get_param: EndpointMap}
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
@@ -59,7 +75,7 @@ outputs:
       service_config_settings: {get_attr: [HeatBase, role_data, service_config_settings]}
       # BEGIN DOCKER SETTINGS
       puppet_config:
-        config_volume: heat
+        config_volume: heat_api_cfn
         puppet_tags: heat_config,file,concat,file_line
         step_config: *step_config
         config_image:
@@ -68,7 +84,11 @@ outputs:
             - [ {get_param: DockerNamespace}, {get_param: DockerHeatConfigImage} ]
       kolla_config:
         /var/lib/kolla/config_files/heat_api_cfn.json:
-          command: /usr/bin/heat-api-cfn --config-file /usr/share/heat/heat-dist.conf --config-file /etc/heat/heat.conf
+          command: /usr/sbin/httpd -DFOREGROUND
+          permissions:
+            - path: /var/log/heat
+              owner: heat:heat
+              recurse: true
       docker_config:
         step_4:
           heat_api_cfn:
@@ -79,19 +99,38 @@ outputs:
             net: host
             privileged: false
             restart: always
+            # NOTE(mandre) kolla image changes the user to 'heat', we need it
+            # to be root to run httpd
+            user: root
             volumes:
-              yaql:
-                expression: $.data.common.concat($.data.service)
-                data:
-                  common: {get_attr: [ContainersCommon, volumes]}
-                  service:
-                    - /var/lib/kolla/config_files/heat_api_cfn.json:/var/lib/kolla/config_files/config.json:ro
-                    - /var/lib/config-data/heat/etc/heat/:/etc/heat/:ro
-                    - /dev:/dev
-                    - /run:/run
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/heat_api_cfn.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/heat_api_cfn/etc/heat/:/etc/heat/:ro
+                  - /var/lib/config-data/heat_api_cfn/etc/httpd/:/etc/httpd/:ro
+                  - /var/lib/config-data/heat_api_cfn/var/www/:/var/www/:ro
+                  - /var/log/containers/heat:/var/log/heat
+                  -
+                    if:
+                      - internal_tls_enabled
+                      - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
+                      - ''
+                  -
+                    if:
+                      - internal_tls_enabled
+                      - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
+                      - ''
             environment:
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+      host_prep_tasks:
+        - name: create persistent logs directory
+          file:
+            path: /var/log/containers/heat
+            state: directory
       upgrade_tasks:
         - name: Stop and disable heat_api_cfn service
           tags: step2
-          service: name=openstack-heat-api-cfn state=stopped enabled=no
+          service: name=httpd state=stopped enabled=no
+      metadata_settings:
+        get_attr: [HeatBase, role_data, metadata_settings]
index 0e668ce..5043aed 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack containerized Heat API service
@@ -12,10 +12,10 @@ parameters:
     description: image
     default: 'centos-binary-heat-api:latest'
     type: string
-  # we configure all heat services in the same heat engine container
+  # puppet needs the heat-wsgi-api binary from centos-binary-heat-api
   DockerHeatConfigImage:
     description: image
-    default: 'centos-binary-heat-engine:latest'
+    default: 'centos-binary-heat-api:latest'
     type: string
   EndpointMap:
     default: {}
@@ -31,7 +31,21 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+  EnableInternalTLS:
+    type: boolean
+    default: false
+
+conditions:
 
+  internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
 
 resources:
 
@@ -44,6 +58,8 @@ resources:
       EndpointMap: {get_param: EndpointMap}
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
@@ -59,7 +75,7 @@ outputs:
       service_config_settings: {get_attr: [HeatBase, role_data, service_config_settings]}
       # BEGIN DOCKER SETTINGS
       puppet_config:
-        config_volume: heat
+        config_volume: heat_api
         puppet_tags: heat_config,file,concat,file_line
         step_config: *step_config
         config_image:
@@ -68,7 +84,11 @@ outputs:
             - [ {get_param: DockerNamespace}, {get_param: DockerHeatConfigImage} ]
       kolla_config:
         /var/lib/kolla/config_files/heat_api.json:
-          command: /usr/bin/heat-api --config-file /usr/share/heat/heat-dist.conf --config-file /etc/heat/heat.conf
+          command: /usr/sbin/httpd -DFOREGROUND
+          permissions:
+            - path: /var/log/heat
+              owner: heat:heat
+              recurse: true
       docker_config:
         step_4:
           heat_api:
@@ -79,19 +99,38 @@ outputs:
             net: host
             privileged: false
             restart: always
+            # NOTE(mandre) kolla image changes the user to 'heat', we need it
+            # to be root to run httpd
+            user: root
             volumes:
-              yaql:
-                expression: $.data.common.concat($.data.service)
-                data:
-                  common: {get_attr: [ContainersCommon, volumes]}
-                  service:
-                    - /var/lib/kolla/config_files/heat_api.json:/var/lib/kolla/config_files/config.json:ro
-                    - /var/lib/config-data/heat/etc/heat/:/etc/heat/:ro
-                    - /dev:/dev
-                    - /run:/run
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/heat_api.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/heat_api/etc/heat/:/etc/heat/:ro
+                  - /var/lib/config-data/heat_api/etc/httpd/:/etc/httpd/:ro
+                  - /var/lib/config-data/heat_api/var/www/:/var/www/:ro
+                  - /var/log/containers/heat:/var/log/heat
+                  -
+                    if:
+                      - internal_tls_enabled
+                      - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
+                      - ''
+                  -
+                    if:
+                      - internal_tls_enabled
+                      - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
+                      - ''
             environment:
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+      host_prep_tasks:
+        - name: create persistent logs directory
+          file:
+            path: /var/log/containers/heat
+            state: directory
       upgrade_tasks:
         - name: Stop and disable heat_api service
           tags: step2
-          service: name=openstack-heat-api state=stopped enabled=no
+          service: name=httpd state=stopped enabled=no
+      metadata_settings:
+        get_attr: [HeatBase, role_data, metadata_settings]
index 5a1f011..0adad53 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack containerized Heat Engine service
@@ -26,6 +26,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
 
 
 resources:
@@ -39,6 +47,8 @@ resources:
       EndpointMap: {get_param: EndpointMap}
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
@@ -64,21 +74,34 @@ outputs:
       kolla_config:
         /var/lib/kolla/config_files/heat_engine.json:
           command: /usr/bin/heat-engine --config-file /usr/share/heat/heat-dist.conf --config-file /etc/heat/heat.conf
+          permissions:
+            - path: /var/log/heat
+              owner: heat:heat
+              recurse: true
       docker_config:
+        # db sync runs before permissions set by kolla_config
         step_3:
+          heat_init_log:
+            start_order: 0
+            image: *heat_engine_image
+            user: root
+            volumes:
+              - /var/log/containers/heat:/var/log/heat
+            command: ['/bin/bash', '-c', 'chown -R heat:heat /var/log/heat']
           heat_engine_db_sync:
+            start_order: 1
             image: *heat_engine_image
             net: host
             privileged: false
             detach: false
+            user: root
             volumes:
-              yaql:
-                expression: $.data.common.concat($.data.service)
-                data:
-                  common: {get_attr: [ContainersCommon, volumes]}
-                  service:
-                    - /var/lib/config-data/heat/etc/heat/:/etc/heat/:ro
-            command: ['heat-manage', 'db_sync']
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/config-data/heat/etc/heat/:/etc/heat/:ro
+                  - /var/log/containers/heat:/var/log/heat
+            command: "/usr/bin/bootstrap_host_exec heat_engine su heat -s /bin/bash -c 'heat-manage db_sync'"
         step_4:
           heat_engine:
             image: *heat_engine_image
@@ -86,16 +109,19 @@ outputs:
             privileged: false
             restart: always
             volumes:
-              yaql:
-                expression: $.data.common.concat($.data.service)
-                data:
-                  common: {get_attr: [ContainersCommon, volumes]}
-                  service:
-                    - /var/lib/kolla/config_files/heat_engine.json:/var/lib/kolla/config_files/config.json:ro
-                    - /var/lib/config-data/heat/etc/heat/:/etc/heat/:ro
-                    - /run:/run
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/heat_engine.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/heat/etc/heat/:/etc/heat/:ro
+                  - /var/log/containers/heat:/var/log/heat
             environment:
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+      host_prep_tasks:
+        - name: create persistent logs directory
+          file:
+            path: /var/log/containers/heat
+            state: directory
       upgrade_tasks:
         - name: Stop and disable heat_engine service
           tags: step2
index a019a61..c8978aa 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack containerized Ironic API service
@@ -30,6 +30,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
 
 resources:
 
@@ -42,6 +50,8 @@ resources:
       EndpointMap: {get_param: EndpointMap}
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
@@ -66,24 +76,38 @@ outputs:
       kolla_config:
         /var/lib/kolla/config_files/ironic_api.json:
           command: /usr/bin/ironic-api
+          permissions:
+            - path: /var/log/ironic
+              owner: ironic:ironic
+              recurse: true
       docker_config:
+        # db sync runs before permissions set by kolla_config
         step_3:
-          ironic_db_sync:
+          ironic_init_logs:
+            start_order: 0
             image: &ironic_image
               list_join:
                 - '/'
                 - [ {get_param: DockerNamespace}, {get_param: DockerIronicApiImage} ]
+            privileged: false
+            user: root
+            volumes:
+              - /var/log/containers/ironic:/var/log/ironic
+            command: ['/bin/bash', '-c', 'chown -R ironic:ironic /var/log/ironic']
+          ironic_db_sync:
+            start_order: 1
+            image: *ironic_image
             net: host
             privileged: false
             detach: false
+            user: root
             volumes:
-              yaql:
-                expression: $.data.common.concat($.data.service)
-                data:
-                  common: {get_attr: [ContainersCommon, volumes]}
-                  service:
-                    - /var/lib/config-data/ironic/etc/:/etc/:ro
-            command: ['ironic-dbsync', '--config-file', '/etc/ironic/ironic.conf']
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/config-data/ironic/etc/:/etc/:ro
+                  - /var/log/containers/ironic:/var/log/ironic
+            command: "/usr/bin/bootstrap_host_exec ironic_api su ironic -s /bin/bash -c 'ironic-dbsync --config-file /etc/ironic/ironic.conf'"
         step_4:
           ironic_api:
             start_order: 10
@@ -92,15 +116,19 @@ outputs:
             privileged: false
             restart: always
             volumes:
-              yaql:
-                expression: $.data.common.concat($.data.service)
-                data:
-                  common: {get_attr: [ContainersCommon, volumes]}
-                  service:
-                    - /var/lib/kolla/config_files/ironic_api.json:/var/lib/kolla/config_files/config.json:ro
-                    - /var/lib/config-data/ironic/etc/:/etc/:ro
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/ironic_api.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/ironic/etc/:/etc/:ro
+                  - /var/log/containers/ironic:/var/log/ironic
             environment:
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+      host_prep_tasks:
+        - name: create persistent logs directory
+          file:
+            path: /var/log/containers/ironic
+            state: directory
       upgrade_tasks:
         - name: Stop and disable ironic_api service
           tags: step2
index 1e1316f..360eb66 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack containerized Ironic Conductor service
@@ -30,6 +30,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
 
 resources:
 
@@ -42,6 +50,8 @@ resources:
       EndpointMap: {get_param: EndpointMap}
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
@@ -78,6 +88,9 @@ outputs:
             - path: /var/lib/ironic
               owner: ironic:ironic
               recurse: true
+            - path: /var/log/ironic
+              owner: ironic:ironic
+              recurse: true
       docker_config:
         step_4:
           ironic_conductor:
@@ -90,25 +103,27 @@ outputs:
             privileged: true
             restart: always
             volumes:
-              yaql:
-                expression: $.data.common.concat($.data.service)
-                data:
-                  common: {get_attr: [ContainersCommon, volumes]}
-                  service:
-                    - /var/lib/kolla/config_files/ironic_conductor.json:/var/lib/kolla/config_files/config.json:ro
-                    - /var/lib/config-data/ironic/etc/ironic/:/etc/ironic/:ro
-                    - /lib/modules:/lib/modules:ro
-                    - /sys:/sys
-                    - /dev:/dev
-                    - /run:/run #shared?
-                    - /var/lib/ironic:/var/lib/ironic
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/ironic_conductor.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/ironic/etc/ironic/:/etc/ironic/:ro
+                  - /lib/modules:/lib/modules:ro
+                  - /sys:/sys
+                  - /dev:/dev
+                  - /run:/run #shared?
+                  - /var/lib/ironic:/var/lib/ironic
+                  - /var/log/containers/ironic:/var/log/ironic
             environment:
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
       host_prep_tasks:
-        - name: create ironic persistent data directory
+        - name: create persistent directories
           file:
-            path: /var/lib/ironic
+            path: "{{ item }}"
             state: directory
+          with_items:
+            - /var/log/containers/ironic
+            - /var/lib/ironic
         - name: stat /httpboot
           stat: path=/httpboot
           register: stat_httpboot
index 6ec8039..bc828e6 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack containerized Ironic PXE service
@@ -30,6 +30,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
 
 resources:
 
@@ -58,6 +66,10 @@ outputs:
           command: /usr/sbin/httpd -DFOREGROUND
         /var/lib/kolla/config_files/ironic_pxe_tftp.json:
           command: /usr/sbin/in.tftpd --foreground --user root --address 0.0.0.0:69 --map-file /var/lib/ironic/tftpboot/map-file /var/lib/ironic/tftpboot
+          permissions:
+            - path: /var/log/ironic
+              owner: ironic:ironic
+              recurse: true
       docker_config:
         step_4:
           ironic_pxe_tftp:
@@ -70,24 +82,23 @@ outputs:
             privileged: false
             restart: always
             volumes:
-              yaql:
-                expression: $.data.common.concat($.data.service)
-                data:
-                  common: {get_attr: [ContainersCommon, volumes]}
-                  service:
-                    - /var/lib/kolla/config_files/ironic_pxe_tftp.json:/var/lib/kolla/config_files/config.json:ro
-                    - /var/lib/config-data/ironic/etc/ironic/:/etc/ironic/:ro
-                    # TODO(mandre) check how docker like mounting in a bind-mounted tree
-                    # This directory may contain migrated data from BM
-                    - /var/lib/ironic:/var/lib/ironic/
-                    # These files were generated by puppet inside the config container
-                    # TODO(mandre) check the mount permission (ro/rw)
-                    - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/chain.c32:/var/lib/ironic/tftpboot/chain.c32
-                    - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/pxelinux.0:/var/lib/ironic/tftpboot/pxelinux.0
-                    - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/ipxe.efi:/var/lib/ironic/tftpboot/ipxe.efi
-                    - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/undionly.kpxe:/var/lib/ironic/tftpboot/undionly.kpxe
-                    - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/map-file:/var/lib/ironic/tftpboot/map-file
-                    - /dev/log:/dev/log
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/ironic_pxe_tftp.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/ironic/etc/ironic/:/etc/ironic/:ro
+                  # TODO(mandre) check how docker like mounting in a bind-mounted tree
+                  # This directory may contain migrated data from BM
+                  - /var/lib/ironic:/var/lib/ironic/
+                  # These files were generated by puppet inside the config container
+                  # TODO(mandre) check the mount permission (ro/rw)
+                  - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/chain.c32:/var/lib/ironic/tftpboot/chain.c32
+                  - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/pxelinux.0:/var/lib/ironic/tftpboot/pxelinux.0
+                  - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/ipxe.efi:/var/lib/ironic/tftpboot/ipxe.efi
+                  - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/undionly.kpxe:/var/lib/ironic/tftpboot/undionly.kpxe
+                  - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/map-file:/var/lib/ironic/tftpboot/map-file
+                  - /dev/log:/dev/log
+                  - /var/log/containers/ironic:/var/log/ironic
             environment:
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
           ironic_pxe_http:
@@ -97,19 +108,22 @@ outputs:
             privileged: false
             restart: always
             volumes:
-              yaql:
-                expression: $.data.common.concat($.data.service)
-                data:
-                  common: {get_attr: [ContainersCommon, volumes]}
-                  service:
-                    - /var/lib/kolla/config_files/ironic_pxe_http.json:/var/lib/kolla/config_files/config.json:ro
-                    - /var/lib/config-data/ironic/etc/ironic/:/etc/ironic/:ro
-                    - /var/lib/config-data/ironic/etc/httpd/:/etc/httpd/:ro
-                    - /var/lib/ironic:/var/lib/ironic/
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/ironic_pxe_http.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/ironic/etc/ironic/:/etc/ironic/:ro
+                  - /var/lib/config-data/ironic/etc/httpd/:/etc/httpd/:ro
+                  - /var/lib/config-data/ironic/var/www/:/var/www/:ro
+                  - /var/lib/ironic:/var/lib/ironic/
+                  - /var/log/containers/ironic:/var/log/ironic
             environment:
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
       host_prep_tasks:
-        - name: create ironic persistent data directory
+        - name: create persistent directories
           file:
-            path: /var/lib/ironic
+            path: "{{ item }}"
             state: directory
+          with_items:
+            - /var/lib/ironic
+            - /var/log/containers/ironic
index e7717ab..772859e 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack containerized Keystone service
@@ -26,6 +26,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   AdminPassword:
     description: The password for the keystone admin account, used for monitoring, querying neutron etc.
     type: string
@@ -51,6 +59,8 @@ resources:
       EndpointMap: {get_param: EndpointMap}
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 conditions:
 
@@ -84,14 +94,15 @@ outputs:
         /var/lib/kolla/config_files/keystone.json:
           command: /usr/sbin/httpd -DFOREGROUND
       docker_config:
+        # Kolla_bootstrap/db sync runs before permissions set by kolla_config
         step_3:
-          keystone-init-log:
+          keystone_init_log:
             start_order: 0
             image: *keystone_image
             user: root
-            command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd && mkdir -p /var/log/keystone && chown keystone:keystone /var/log/keystone']
+            command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R keystone:keystone /var/log/keystone']
             volumes:
-              - logs:/var/log
+              - /var/log/containers/keystone:/var/log/keystone
           keystone_db_sync:
             start_order: 1
             image: *keystone_image
@@ -99,31 +110,30 @@ outputs:
             privileged: false
             detach: false
             volumes: &keystone_volumes
-              yaql:
-                expression: $.data.common.concat($.data.service)
-                data:
-                  common: {get_attr: [ContainersCommon, volumes]}
-                  service:
-                    - /var/lib/kolla/config_files/keystone.json:/var/lib/kolla/config_files/config.json:ro
-                    - /var/lib/config-data/keystone/var/www/:/var/www/:ro
-                    - /var/lib/config-data/keystone/etc/keystone/:/etc/keystone/:ro
-                    - /var/lib/config-data/keystone/etc/httpd/:/etc/httpd/:ro
-                    - logs:/var/log
-                    -
-                      if:
-                        - internal_tls_enabled
-                        - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
-                        - ''
-                    -
-                      if:
-                        - internal_tls_enabled
-                        - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
-                        - ''
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/keystone.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/keystone/var/www/:/var/www/:ro
+                  - /var/lib/config-data/keystone/etc/keystone/:/etc/keystone/:ro
+                  - /var/lib/config-data/keystone/etc/httpd/:/etc/httpd/:ro
+                  - /var/log/containers/keystone:/var/log/keystone
+                  -
+                    if:
+                      - internal_tls_enabled
+                      - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
+                      - ''
+                  -
+                    if:
+                      - internal_tls_enabled
+                      - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
+                      - ''
             environment:
               - KOLLA_BOOTSTRAP=True
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+            command: ['/usr/bin/bootstrap_host_exec', 'keystone', '/usr/local/bin/kolla_start']
           keystone:
-            start_order: 1
+            start_order: 2
             image: *keystone_image
             net: host
             privileged: false
@@ -132,10 +142,10 @@ outputs:
             environment:
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
           keystone_bootstrap:
-            start_order: 2
+            start_order: 3
             action: exec
             command:
-              [ 'keystone', 'keystone-manage', 'bootstrap', '--bootstrap-password', {get_param: AdminPassword} ]
+              [ 'keystone', '/usr/bin/bootstrap_host_exec', 'keystone' ,'keystone-manage', 'bootstrap', '--bootstrap-password', {get_param: AdminPassword} ]
       docker_puppet_tasks:
         # Keystone endpoint creation occurs only on single node
         step_3:
@@ -143,6 +153,11 @@ outputs:
           puppet_tags: 'keystone_config,keystone_domain_config,keystone_endpoint,keystone_identity_provider,keystone_paste_ini,keystone_role,keystone_service,keystone_tenant,keystone_user,keystone_user_role,keystone_domain'
           step_config: 'include ::tripleo::profile::base::keystone'
           config_image: *keystone_image
+      host_prep_tasks:
+        - name: create persistent logs directory
+          file:
+            path: /var/log/containers/keystone
+            state: directory
       upgrade_tasks:
         - name: Stop and disable keystone service (running under httpd)
           tags: step2
index 87b5f40..d85a087 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack containerized Memcached services
@@ -26,6 +26,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
 
 resources:
 
@@ -38,6 +46,8 @@ resources:
       EndpointMap: {get_param: EndpointMap}
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
@@ -60,18 +70,27 @@ outputs:
       kolla_config: {}
       docker_config:
         step_1:
+          memcached_init_logs:
+            start_order: 0
+            image: *memcached_image
+            privileged: false
+            user: root
+            volumes:
+               - /var/lib/config-data/memcached/etc/sysconfig/memcached:/etc/sysconfig/memcached:ro
+               - /var/log/memcached.log:/var/log/memcached.log
+            command: ['/bin/bash', '-c', 'source /etc/sysconfig/memcached; chown ${USER} /var/log/memcached.log']
           memcached:
+            start_order: 1
             image: *memcached_image
             net: host
             privileged: false
             restart: always
             volumes:
-              yaql:
-                expression: $.data.common.concat($.data.service)
-                data:
-                  common: {get_attr: [ContainersCommon, volumes]}
-                  service:
-                    - /var/lib/config-data/memcached/etc/sysconfig/memcached:/etc/sysconfig/memcached:ro
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/config-data/memcached/etc/sysconfig/memcached:/etc/sysconfig/memcached:ro
+            # TODO(bogdando) capture memcached syslog logs from a container
             command: ['/bin/bash', '-c', 'source /etc/sysconfig/memcached; /usr/bin/memcached -p ${PORT} -u ${USER} -m ${CACHESIZE} -c ${MAXCONN} $OPTIONS']
             environment:
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
index 7c2413d..5586d41 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack containerized Mistral API service
@@ -30,6 +30,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
 
 resources:
 
@@ -42,6 +50,8 @@ resources:
       EndpointMap: {get_param: EndpointMap}
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
@@ -66,41 +76,54 @@ outputs:
       kolla_config:
         /var/lib/kolla/config_files/mistral_api.json:
           command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/api.log --server=api
+          permissions:
+            - path: /var/log/mistral
+              owner: mistral:mistral
+              recurse: true
       docker_config:
+        # db sync runs before permissions set by kolla_config
         step_3:
-          mistral_db_sync:
-            start_order: 1
+          mistral_init_logs:
+            start_order: 0
             image: &mistral_image
               list_join:
                 - '/'
                 - [ {get_param: DockerNamespace}, {get_param: DockerMistralApiImage} ]
+            privileged: false
+            user: root
+            volumes:
+              - /var/log/containers/mistral:/var/log/mistral
+            command: ['/bin/bash', '-c', 'chown -R mistral:mistral /var/log/mistral']
+          mistral_db_sync:
+            start_order: 1
+            image: *mistral_image
             net: host
             privileged: false
             detach: false
+            user: root
             volumes:
-              yaql:
-                expression: $.data.common.concat($.data.service)
-                data:
-                  common: {get_attr: [ContainersCommon, volumes]}
-                  service:
-                    - /var/lib/config-data/mistral/etc/:/etc/:ro
-            command: ['mistral-db-manage', '--config-file', '/etc/mistral/mistral.conf', 'upgrade', 'head']
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/config-data/mistral/etc/:/etc/:ro
+                  - /var/log/containers/mistral:/var/log/mistral
+            command: "/usr/bin/bootstrap_host_exec mistral_api su mistral -s /bin/bash -c 'mistral-db-manage --config-file /etc/mistral/mistral.conf upgrade head'"
           mistral_db_populate:
             start_order: 2
             image: *mistral_image
             net: host
             privileged: false
             detach: false
+            user: root
             volumes:
-              yaql:
-                expression: $.data.common.concat($.data.service)
-                data:
-                  common: {get_attr: [ContainersCommon, volumes]}
-                  service:
-                    - /var/lib/config-data/mistral/etc/:/etc/:ro
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/config-data/mistral/etc/:/etc/:ro
+                  - /var/log/containers/mistral:/var/log/mistral
             # NOTE: dprince this requires that we install openstack-tripleo-common into
             # the Mistral API image so that we get tripleo* actions
-            command: ['mistral-db-manage', '--config-file', '/etc/mistral/mistral.conf', 'populate']
+            command: "/usr/bin/bootstrap_host_exec mistral_api su mistral -s /bin/bash -c 'mistral-db-manage --config-file /etc/mistral/mistral.conf populate'"
         step_4:
           mistral_api:
             start_order: 15
@@ -109,15 +132,19 @@ outputs:
             privileged: false
             restart: always
             volumes:
-              yaql:
-                expression: $.data.common.concat($.data.service)
-                data:
-                  common: {get_attr: [ContainersCommon, volumes]}
-                  service:
-                    - /var/lib/kolla/config_files/mistral_api.json:/var/lib/kolla/config_files/config.json:ro
-                    - /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/mistral_api.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro
+                  - /var/log/containers/mistral:/var/log/mistral
             environment:
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+      host_prep_tasks:
+        - name: create persistent logs directory
+          file:
+            path: /var/log/containers/mistral
+            state: directory
       upgrade_tasks:
         - name: Stop and disable mistral_api service
           tags: step2
index 01ca3f0..d60d847 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack containerized Mistral Engine service
@@ -30,6 +30,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
 
 
 resources:
@@ -43,6 +51,8 @@ resources:
       EndpointMap: {get_param: EndpointMap}
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
@@ -67,6 +77,10 @@ outputs:
       kolla_config:
         /var/lib/kolla/config_files/mistral_engine.json:
           command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/engine.log --server=engine
+          permissions:
+            - path: /var/log/mistral
+              owner: mistral:mistral
+              recurse: true
       docker_config:
         step_4:
           mistral_engine:
@@ -78,16 +92,20 @@ outputs:
             privileged: false
             restart: always
             volumes:
-              yaql:
-                expression: $.data.common.concat($.data.service)
-                data:
-                  common: {get_attr: [ContainersCommon, volumes]}
-                  service:
-                    - /run:/run
-                    - /var/lib/kolla/config_files/mistral_engine.json:/var/lib/kolla/config_files/config.json:ro
-                    - /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /run:/run
+                  - /var/lib/kolla/config_files/mistral_engine.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro
+                  - /var/log/containers/mistral:/var/log/mistral
             environment:
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+      host_prep_tasks:
+        - name: create persistent logs directory
+          file:
+            path: /var/log/containers/mistral
+            state: directory
       upgrade_tasks:
         - name: Stop and disable mistral_engine service
           tags: step2
index 374b0be..76ae052 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack containerized Mistral Executor service
@@ -30,6 +30,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
 
 
 resources:
@@ -43,6 +51,8 @@ resources:
       EndpointMap: {get_param: EndpointMap}
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
@@ -67,6 +77,10 @@ outputs:
       kolla_config:
         /var/lib/kolla/config_files/mistral_executor.json:
           command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/executor.log --server=executor
+          permissions:
+            - path: /var/log/mistral
+              owner: mistral:mistral
+              recurse: true
       docker_config:
         step_4:
           mistral_executor:
@@ -78,20 +92,24 @@ outputs:
             privileged: false
             restart: always
             volumes:
-              yaql:
-                expression: $.data.common.concat($.data.service)
-                data:
-                  common: {get_attr: [ContainersCommon, volumes]}
-                  service:
-                    - /var/lib/kolla/config_files/mistral_executor.json:/var/lib/kolla/config_files/config.json:ro
-                    - /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro
-                    - /run:/run
-                    # FIXME: this is required in order for Nova cells
-                    # initialization workflows on the Undercloud. Need to
-                    # exclude this on the overcloud for security reasons.
-                    - /var/lib/config-data/nova/etc/nova:/etc/nova:ro
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/mistral_executor.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro
+                  - /run:/run
+                  # FIXME: this is required in order for Nova cells
+                  # initialization workflows on the Undercloud. Need to
+                  # exclude this on the overcloud for security reasons.
+                  - /var/lib/config-data/nova/etc/nova:/etc/nova:ro
+                  - /var/log/containers/mistral:/var/log/mistral
             environment:
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+      host_prep_tasks:
+        - name: create persistent logs directory
+          file:
+            path: /var/log/containers/mistral
+            state: directory
       upgrade_tasks:
         - name: Stop and disable mistral_executor service
           tags: step2
index 00b1f85..7ce47a1 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack containerized Neutron API service
@@ -15,7 +15,7 @@ parameters:
   # we configure all neutron services in the same neutron
   DockerNeutronConfigImage:
     description: image
-    default: 'centos-binary-neutron-openvswitch-agent:latest'
+    default: 'centos-binary-neutron-server:latest'
     type: string
   EndpointMap:
     default: {}
@@ -31,6 +31,21 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+  EnableInternalTLS:
+    type: boolean
+    default: false
+
+conditions:
+
+  internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
 
 resources:
 
@@ -43,6 +58,8 @@ resources:
       EndpointMap: {get_param: EndpointMap}
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
@@ -67,45 +84,86 @@ outputs:
       kolla_config:
         /var/lib/kolla/config_files/neutron_api.json:
           command: /usr/bin/neutron-server --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini
+          permissions:
+            - path: /var/log/neutron
+              owner: neutron:neutron
+              recurse: true
+        /var/lib/kolla/config_files/neutron_server_tls_proxy.json:
+          command: /usr/sbin/httpd -DFOREGROUND
       docker_config:
+        # db sync runs before permissions set by kolla_config
         step_3:
-          neutron_db_sync:
+          neutron_init_logs:
+            start_order: 0
             image: &neutron_api_image
               list_join:
                 - '/'
                 - [ {get_param: DockerNamespace}, {get_param: DockerNeutronApiImage} ]
-            net: host
             privileged: false
-            detach: false
-            # FIXME: we should make config file permissions right
-            # and run as neutron user
             user: root
             volumes:
-              yaql:
-                expression: $.data.common.concat($.data.service)
-                data:
-                  common: {get_attr: [ContainersCommon, volumes]}
-                  service:
-                    - /var/lib/config-data/neutron/etc/neutron:/etc/neutron:ro
-                    - /var/lib/config-data/neutron/usr/share/neutron:/usr/share/neutron:ro
-            command: ['neutron-db-manage', 'upgrade', 'heads']
-        step_4:
-          neutron_api:
+              - /var/log/containers/neutron:/var/log/neutron
+            command: ['/bin/bash', '-c', 'chown -R neutron:neutron /var/log/neutron']
+          neutron_db_sync:
+            start_order: 1
             image: *neutron_api_image
             net: host
             privileged: false
-            restart: always
+            detach: false
+            user: root
             volumes:
-              yaql:
-                expression: $.data.common.concat($.data.service)
-                data:
-                  common: {get_attr: [ContainersCommon, volumes]}
-                  service:
-                    - /var/lib/kolla/config_files/neutron_api.json:/var/lib/kolla/config_files/config.json:ro
-                    - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro
-            environment:
-              - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/config-data/neutron/etc/neutron:/etc/neutron:ro
+                  - /var/lib/config-data/neutron/usr/share/neutron:/usr/share/neutron:ro
+                  - /var/log/containers/neutron:/var/log/neutron
+            command: ['/usr/bin/bootstrap_host_exec', 'neutron_api', 'neutron-db-manage', 'upgrade', 'heads']
+            # FIXME: we should make config file permissions right
+            # and run as neutron user
+            #command: "/usr/bin/bootstrap_host_exec neutron_api su neutron -s /bin/bash -c 'neutron-db-manage upgrade heads'"
+        step_4:
+          map_merge:
+            - neutron_api:
+                image: *neutron_api_image
+                net: host
+                privileged: false
+                restart: always
+                volumes:
+                  list_concat:
+                    - {get_attr: [ContainersCommon, volumes]}
+                    -
+                      - /var/lib/kolla/config_files/neutron_api.json:/var/lib/kolla/config_files/config.json:ro
+                      - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro
+                      - /var/log/containers/neutron:/var/log/neutron
+                environment:
+                  - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+            - if:
+                - internal_tls_enabled
+                - neutron_server_tls_proxy:
+                    image: *neutron_api_image
+                    net: host
+                    user: root
+                    restart: always
+                    volumes:
+                      list_concat:
+                        - {get_attr: [ContainersCommon, volumes]}
+                        -
+                          - /var/lib/kolla/config_files/neutron_server_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro
+                          - /var/lib/config-data/neutron/etc/httpd/:/etc/httpd/:ro
+                          - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
+                          - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
+                    environment:
+                      - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+                - {}
+      host_prep_tasks:
+        - name: create persistent logs directory
+          file:
+            path: /var/log/containers/neutron
+            state: directory
       upgrade_tasks:
         - name: Stop and disable neutron_api service
           tags: step2
           service: name=neutron-server state=stopped enabled=no
+      metadata_settings:
+        get_attr: [NeutronBase, role_data, metadata_settings]
index e48f53b..d14f525 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack containerized Neutron DHCP service
@@ -15,7 +15,7 @@ parameters:
   # we configure all neutron services in the same neutron
   DockerNeutronConfigImage:
     description: image
-    default: 'centos-binary-neutron-openvswitch-agent:latest'
+    default: 'centos-binary-neutron-server:latest'
     type: string
   EndpointMap:
     default: {}
@@ -31,6 +31,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
 
 resources:
 
@@ -43,6 +51,8 @@ resources:
       EndpointMap: {get_param: EndpointMap}
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
@@ -67,6 +77,10 @@ outputs:
       kolla_config:
         /var/lib/kolla/config_files/neutron_dhcp.json:
           command: /usr/bin/neutron-dhcp-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/dhcp_agent.ini --log-file /var/log/neutron/dhcp-agent.log
+          permissions:
+            - path: /var/log/neutron
+              owner: neutron:neutron
+              recurse: true
       docker_config:
         step_4:
           neutron_dhcp:
@@ -79,17 +93,21 @@ outputs:
             privileged: true
             restart: always
             volumes:
-              yaql:
-                expression: $.data.common.concat($.data.service)
-                data:
-                  common: {get_attr: [ContainersCommon, volumes]}
-                  service:
-                    - /var/lib/kolla/config_files/neutron_dhcp.json:/var/lib/kolla/config_files/config.json:ro
-                    - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro
-                    - /lib/modules:/lib/modules:ro
-                    - /run/:/run
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/neutron_dhcp.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro
+                  - /lib/modules:/lib/modules:ro
+                  - /run/:/run
+                  - /var/log/containers/neutron:/var/log/neutron
             environment:
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+      host_prep_tasks:
+        - name: create persistent logs directory
+          file:
+            path: /var/log/containers/neutron
+            state: directory
       upgrade_tasks:
         - name: Stop and disable neutron_dhcp service
           tags: step2
index 90fe65f..97901bc 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack containerized Neutron L3 agent
@@ -15,7 +15,7 @@ parameters:
   # we configure all neutron services in the same neutron
   DockerNeutronConfigImage:
     description: image
-    default: 'centos-binary-neutron-openvswitch-agent:latest'
+    default: 'centos-binary-neutron-server:latest'
     type: string
   ServiceNetMap:
     default: {}
@@ -26,6 +26,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -43,6 +51,8 @@ resources:
       EndpointMap: {get_param: EndpointMap}
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
@@ -63,6 +73,10 @@ outputs:
       kolla_config:
         /var/lib/kolla/config_files/neutron-l3-agent.json:
           command: /usr/bin/neutron-l3-agent --config-file /usr/share/neutron/neutron-dist.conf --config-dir /usr/share/neutron/l3_agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/l3_agent.ini
+          permissions:
+            - path: /var/log/neutron
+              owner: neutron:neutron
+              recurse: true
       docker_config:
         step_4:
           neutronl3agent:
@@ -75,14 +89,18 @@ outputs:
             privileged: true
             restart: always
             volumes:
-              yaql:
-                expression: $.data.common.concat($.data.service)
-                data:
-                  common: {get_attr: [ContainersCommon, volumes]}
-                  service:
-                    - /var/lib/kolla/config_files/neutron-l3-agent.json:/var/lib/kolla/config_files/config.json:ro
-                    - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro
-                    - /lib/modules:/lib/modules:ro
-                    - /run:/run
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/neutron-l3-agent.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro
+                  - /lib/modules:/lib/modules:ro
+                  - /run:/run
+                  - /var/log/containers/neutron:/var/log/neutron
             environment:
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+      host_prep_tasks:
+        - name: create persistent logs directory
+          file:
+            path: /var/log/containers/neutron
+            state: directory
diff --git a/docker/services/neutron-metadata.yaml b/docker/services/neutron-metadata.yaml
new file mode 100644 (file)
index 0000000..88b2ca5
--- /dev/null
@@ -0,0 +1,110 @@
+heat_template_version: pike
+
+description: >
+  OpenStack containerized Neutron Metadata agent
+
+parameters:
+  DockerNamespace:
+    description: namespace
+    default: 'tripleoupstream'
+    type: string
+  DockerNeutronMetadataImage:
+    description: image
+    default: 'centos-binary-neutron-metadata-agent:latest'
+    type: string
+  # we configure all neutron services in the same neutron
+  DockerNeutronConfigImage:
+    description: image
+    default: 'centos-binary-neutron-server:latest'
+    type: string
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+
+resources:
+
+  ContainersCommon:
+    type: ./containers-common.yaml
+
+  NeutronMetadataBase:
+    type: ../../puppet/services/neutron-metadata.yaml
+    properties:
+      EndpointMap: {get_param: EndpointMap}
+      ServiceNetMap: {get_param: ServiceNetMap}
+      DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
+
+outputs:
+  role_data:
+    description: Role data for Neutron Metadata agent
+    value:
+      service_name: {get_attr: [NeutronMetadataBase, role_data, service_name]}
+      config_settings: {get_attr: [NeutronMetadataBase, role_data, config_settings]}
+      step_config: &step_config
+        get_attr: [NeutronMetadataBase, role_data, step_config]
+      puppet_config:
+        puppet_tags: neutron_config,neutron_metadata_agent_config
+        config_volume: neutron
+        step_config: *step_config
+        config_image:
+          list_join:
+            - '/'
+            - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ]
+      kolla_config:
+        /var/lib/kolla/config_files/neutron-metadata-agent.json:
+          command: /usr/bin/neutron-metadata-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/metadata_agent.ini --config-dir /etc/neutron/conf.d/common --config-dir /etc/neutron/conf.d/neutron-metadata-agent
+          permissions:
+            - path: /var/log/neutron
+              owner: neutron:neutron
+              recurse: true
+      docker_config:
+        step_4:
+          neutron_metadata_agent:
+            image:
+              list_join:
+                - '/'
+                - [ {get_param: DockerNamespace}, {get_param: DockerNeutronMetadataImage} ]
+            net: host
+            pid: host
+            privileged: true
+            restart: always
+            volumes:
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/neutron-metadata-agent.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro
+                  - /lib/modules:/lib/modules:ro
+                  - /run:/run
+                  - /var/log/containers/neutron:/var/log/neutron
+            environment:
+              - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+      host_prep_tasks:
+        - name: create persistent logs directory
+          file:
+            path: /var/log/containers/neutron
+            state: directory
+      upgrade_tasks:
+        - name: Stop and disable neutron_metadata service
+          tags: step2
+          service: name=neutron-metadata-agent state=stopped enabled=no
index c40ef8b..89bf866 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Neutron openvswitch service
@@ -12,6 +12,10 @@ parameters:
     description: image
     default: 'centos-binary-neutron-openvswitch-agent:latest'
     type: string
+  DockerNeutronConfigImage:
+    description: image
+    default: 'centos-binary-neutron-server:latest'
+    type: string
   ServiceNetMap:
     default: {}
     description: Mapping of service_name -> network name. Typically set
@@ -21,6 +25,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -38,6 +50,8 @@ resources:
       EndpointMap: {get_param: EndpointMap}
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
@@ -51,33 +65,44 @@ outputs:
         config_volume: neutron
         puppet_tags: neutron_config,neutron_agent_ovs,neutron_plugin_ml2
         step_config: *step_config
-        config_image: &neutron_ovs_agent_image
+        config_image:
           list_join:
           - '/'
-          - [ {get_param: DockerNamespace}, {get_param: DockerOpenvswitchImage} ]
+          - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ]
       kolla_config:
         /var/lib/kolla/config_files/neutron-openvswitch-agent.json:
-           command: /usr/bin/neutron-openvswitch-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini --config-file /etc/neutron/plugins/ml2/ml2_conf.ini
+          command: /usr/bin/neutron-openvswitch-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini --config-file /etc/neutron/plugins/ml2/ml2_conf.ini
+          permissions:
+            - path: /var/log/neutron
+              owner: neutron:neutron
+              recurse: true
       docker_config:
         step_4:
           neutronovsagent:
-            image: *neutron_ovs_agent_image
+            image: &neutron_ovs_agent_image
+              list_join:
+              - '/'
+              - [ {get_param: DockerNamespace}, {get_param: DockerOpenvswitchImage} ]
             net: host
             pid: host
             privileged: true
             restart: always
             volumes:
-              yaql:
-                expression: $.data.common.concat($.data.service)
-                data:
-                  common: {get_attr: [ContainersCommon, volumes]}
-                  service:
-                    - /var/lib/kolla/config_files/neutron-openvswitch-agent.json:/var/lib/kolla/config_files/config.json:ro
-                    - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro
-                    - /lib/modules:/lib/modules:ro
-                    - /run:/run
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/neutron-openvswitch-agent.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro
+                  - /lib/modules:/lib/modules:ro
+                  - /run:/run
+                  - /var/log/containers/neutron:/var/log/neutron
             environment:
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+      host_prep_tasks:
+        - name: create persistent logs directory
+          file:
+            path: /var/log/containers/neutron
+            state: directory
       upgrade_tasks:
         - name: Stop and disable neutron_ovs_agent service
           tags: step2
index 34864d3..1739a5b 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack containerized Neutron ML2 Plugin configured with Puppet
@@ -21,11 +21,19 @@ parameters:
     type: string
   DockerNeutronConfigImage:
     description: image
-    default: 'centos-binary-neutron-openvswitch-agent:latest'
+    default: 'centos-binary-neutron-server:latest'
     type: string
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
 
 resources:
 
@@ -35,6 +43,8 @@ resources:
       EndpointMap: {get_param: EndpointMap}
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index 8621bb6..2375dad 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack containerized Nova API service
@@ -30,6 +30,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
 
 resources:
 
@@ -42,6 +50,8 @@ resources:
       EndpointMap: {get_param: EndpointMap}
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
@@ -70,21 +80,38 @@ outputs:
       kolla_config:
         /var/lib/kolla/config_files/nova_api.json:
           command: /usr/bin/nova-api
+          permissions:
+            - path: /var/log/nova
+              owner: nova:nova
+              recurse: true
       docker_config:
+        # db sync runs before permissions set by kolla_config
         step_3:
-          nova_api_db_sync:
-            start_order: 1
+          nova_init_logs:
+            start_order: 0
             image: &nova_api_image
               list_join:
                 - '/'
                 - [ {get_param: DockerNamespace}, {get_param: DockerNovaApiImage} ]
+            privileged: false
+            user: root
+            volumes:
+              - /var/log/containers/nova:/var/log/nova
+            command: ['/bin/bash', '-c', 'chown -R nova:nova /var/log/nova']
+          nova_api_db_sync:
+            start_order: 1
+            image: *nova_api_image
             net: host
             detach: false
+            user: root
             volumes: &nova_api_volumes
-              - /var/lib/config-data/nova/etc/:/etc/:ro
-              - /etc/hosts:/etc/hosts:ro
-              - /etc/localtime:/etc/localtime:ro
-            command: ['/usr/bin/nova-manage', 'api_db', 'sync']
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/nova_api.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro
+                  - /var/log/containers/nova:/var/log/nova
+            command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage api_db sync'"
           # FIXME: we probably want to wait on the 'cell_v2 update' in order for this
           # to be capable of upgrading a baremetal setup. This is to ensure the name
           # of the cell is 'default'
@@ -93,11 +120,9 @@ outputs:
             image: *nova_api_image
             net: host
             detach: false
+            user: root
             volumes: *nova_api_volumes
-            command:
-              - '/usr/bin/nova-manage'
-              - 'cell_v2'
-              - 'map_cell0'
+            command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 map_cell0'"
           nova_api_create_default_cell:
             start_order: 3
             image: *nova_api_image
@@ -108,18 +133,16 @@ outputs:
             # this idempotent (if the resource already exists a conflict
             # is raised)
             exit_codes: [0,2]
-            command:
-              - '/usr/bin/nova-manage'
-              - 'cell_v2'
-              - 'create_cell'
-              - '--name="default"'
+            user: root
+            command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 create_cell --name=default'"
           nova_db_sync:
             start_order: 4
             image: *nova_api_image
             net: host
             detach: false
             volumes: *nova_api_volumes
-            command: ['/usr/bin/nova-manage', 'db', 'sync']
+            user: root
+            command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage db sync'"
         step_4:
           nova_api:
             start_order: 2
@@ -128,14 +151,7 @@ outputs:
             user: nova
             privileged: true
             restart: always
-            volumes:
-              yaql:
-                expression: $.data.common.concat($.data.service)
-                data:
-                  common: {get_attr: [ContainersCommon, volumes]}
-                  service:
-                    - /var/lib/kolla/config_files/nova_api.json:/var/lib/kolla/config_files/config.json:ro
-                    - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro
+            volumes: *nova_api_volumes
             environment:
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
         step_5:
@@ -145,10 +161,13 @@ outputs:
             net: host
             detach: false
             volumes: *nova_api_volumes
-            command:
-              - '/usr/bin/nova-manage'
-              - 'cell_v2'
-              - 'discover_hosts'
+            user: root
+            command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 discover_hosts'"
+      host_prep_tasks:
+        - name: create persistent logs directory
+          file:
+            path: /var/log/containers/nova
+            state: directory
       upgrade_tasks:
         - name: Stop and disable nova_api service
           tags: step2
index c347b11..4f10a1a 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack containerized Nova Compute service
@@ -21,6 +21,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -38,13 +46,23 @@ resources:
       EndpointMap: {get_param: EndpointMap}
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
     description: Role data for the Nova Compute service.
     value:
       service_name: {get_attr: [NovaComputeBase, role_data, service_name]}
-      config_settings: {get_attr: [NovaComputeBase, role_data, config_settings]}
+      config_settings:
+        map_merge:
+          - get_attr: [NovaComputeBase, role_data, config_settings]
+          # FIXME: we need to disable migration for now as the
+          # hieradata is common for all services, and this means nova
+          # and nova_placement puppet runs also try to configure
+          # libvirt, and they fail. We can remove this override when
+          # we have hieradata separation between containers.
+          - tripleo::profile::base::nova::manage_migration: false
       step_config: &step_config
         get_attr: [NovaComputeBase, role_data, step_config]
       puppet_config:
@@ -58,6 +76,13 @@ outputs:
       kolla_config:
         /var/lib/kolla/config_files/nova-compute.json:
           command: /usr/bin/nova-compute --config-file /etc/nova/nova.conf --config-file /etc/nova/rootwrap.conf
+          permissions:
+            - path: /var/log/nova
+              owner: nova:nova
+              recurse: true
+            - path: /var/lib/nova
+              owner: nova:nova
+              recurse: true
       docker_config:
         # FIXME: run discover hosts here
         step_4:
@@ -68,26 +93,29 @@ outputs:
             user: root
             restart: always
             volumes:
-              yaql:
-                expression: $.data.common.concat($.data.service)
-                data:
-                  common: {get_attr: [ContainersCommon, volumes]}
-                  service:
-                    - /var/lib/kolla/config_files/nova-compute.json:/var/lib/kolla/config_files/config.json:ro
-                    - /var/lib/config-data/nova_libvirt/etc/nova/:/etc/nova/:ro
-                    - /dev:/dev
-                    - /etc/iscsi:/etc/iscsi
-                    - /lib/modules:/lib/modules:ro
-                    - /run:/run
-                    - /var/lib/nova:/var/lib/nova
-                    - /var/lib/libvirt:/var/lib/libvirt
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/nova-compute.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/nova_libvirt/etc/nova/:/etc/nova/:ro
+                  - /dev:/dev
+                  - /etc/iscsi:/etc/iscsi
+                  - /lib/modules:/lib/modules:ro
+                  - /run:/run
+                  - /var/lib/nova:/var/lib/nova
+                  - /var/lib/libvirt:/var/lib/libvirt
+                  - /var/log/containers/nova:/var/log/nova
             environment:
              - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
       host_prep_tasks:
-        - name: create /var/lib/libvirt
+        - name: create persistent directories
           file:
-            path: /var/lib/libvirt
+            path: "{{ item }}"
             state: directory
+          with_items:
+            - /var/log/containers/nova
+            - /var/lib/nova
+            - /var/lib/libvirt
       upgrade_tasks:
         - name: Stop and disable nova-compute service
           tags: step2
index e414b21..131355d 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack containerized Nova Conductor service
@@ -30,6 +30,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
 
 
 resources:
@@ -43,6 +51,8 @@ resources:
       EndpointMap: {get_param: EndpointMap}
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
@@ -65,6 +75,10 @@ outputs:
       kolla_config:
         /var/lib/kolla/config_files/nova_conductor.json:
           command: /usr/bin/nova-conductor
+          permissions:
+            - path: /var/log/nova
+              owner: nova:nova
+              recurse: true
       docker_config:
         step_4:
           nova_conductor:
@@ -76,16 +90,19 @@ outputs:
             privileged: false
             restart: always
             volumes:
-              yaql:
-                expression: $.data.common.concat($.data.service)
-                data:
-                  common: {get_attr: [ContainersCommon, volumes]}
-                  service:
-                    - /var/lib/kolla/config_files/nova_conductor.json:/var/lib/kolla/config_files/config.json:ro
-                    - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro
-                    - /run:/run
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/nova_conductor.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro
+                  - /var/log/containers/nova:/var/log/nova
             environment:
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+      host_prep_tasks:
+        - name: create persistent logs directory
+          file:
+            path: /var/log/containers/nova
+            state: directory
       upgrade_tasks:
         - name: Stop and disable nova_conductor service
           tags: step2
index 2f4da6c..be0dd11 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack containerized Nova Ironic Compute service
@@ -25,6 +25,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -39,7 +47,11 @@ resources:
   NovaIronicBase:
     type: ../../puppet/services/nova-ironic.yaml
     properties:
+      ServiceNetMap: {get_param: ServiceNetMap}
+      DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
@@ -59,7 +71,14 @@ outputs:
           - [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ]
       kolla_config:
         /var/lib/kolla/config_files/nova_ironic.json:
-           command: /usr/bin/nova-compute --config-file /etc/nova/nova.conf --config-file /etc/nova/rootwrap.conf
+          command: /usr/bin/nova-compute --config-file /etc/nova/nova.conf --config-file /etc/nova/rootwrap.conf
+          permissions:
+            - path: /var/log/nova
+              owner: nova:nova
+              recurse: true
+            - path: /var/lib/nova
+              owner: nova:nova
+              recurse: true
       docker_config:
         step_5:
           novacompute:
@@ -72,19 +91,26 @@ outputs:
             user: root
             restart: always
             volumes:
-              yaql:
-                expression: $.data.common.concat($.data.service)
-                data:
-                  common: {get_attr: [ContainersCommon, volumes]}
-                  service:
-                    - /var/lib/kolla/config_files/nova_ironic.json:/var/lib/kolla/config_files/config.json:ro
-                    - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro
-                    - /run:/run
-                    - /dev:/dev
-                    - /etc/iscsi:/etc/iscsi
-                    - /var/lib/nova/:/var/lib/nova
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/nova_ironic.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro
+                  - /run:/run
+                  - /dev:/dev
+                  - /etc/iscsi:/etc/iscsi
+                  - /var/lib/nova/:/var/lib/nova
+                  - /var/log/containers/nova:/var/log/nova
             environment:
              - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+      host_prep_tasks:
+        - name: create persistent directories
+          file:
+            path: "{{ item }}"
+            state: directory
+          with_items:
+            - /var/log/containers/nova
+            - /var/lib/nova
       upgrade_tasks:
         - name: Stop and disable nova-compute service
           tags: step2
index ba63760..9779d67 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Libvirt Service
@@ -18,6 +18,10 @@ parameters:
     description: image
     default: 'centos-binary-nova-compute:latest'
     type: string
+  EnablePackageInstall:
+    default: 'false'
+    description: Set to true to enable package installation
+    type: boolean
   ServiceNetMap:
     default: {}
     description: Mapping of service_name -> network name. Typically set
@@ -27,6 +31,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -44,13 +56,23 @@ resources:
       EndpointMap: {get_param: EndpointMap}
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
     description: Role data for the Libvirt service.
     value:
       service_name: {get_attr: [NovaLibvirtBase, role_data, service_name]}
-      config_settings: {get_attr: [NovaLibvirtBase, role_data, config_settings]}
+      config_settings:
+        map_merge:
+          - get_attr: [NovaLibvirtBase, role_data, config_settings]
+          # FIXME: we need to disable migration for now as the
+          # hieradata is common for all services, and this means nova
+          # and nova_placement puppet runs also try to configure
+          # libvirt, and they fail. We can remove this override when
+          # we have hieradata separation between containers.
+          - tripleo::profile::base::nova::manage_migration: false
       step_config: &step_config
         get_attr: [NovaLibvirtBase, role_data, step_config]
       puppet_config:
@@ -64,6 +86,10 @@ outputs:
       kolla_config:
         /var/lib/kolla/config_files/nova-libvirt.json:
           command: /usr/sbin/libvirtd --config /etc/libvirt/libvirtd.conf
+          permissions:
+            - path: /var/log/nova
+              owner: nova:nova
+              recurse: true
       docker_config:
         step_3:
           nova_libvirt:
@@ -76,22 +102,22 @@ outputs:
             privileged: true
             restart: always
             volumes:
-              yaql:
-                expression: $.data.common.concat($.data.service)
-                data:
-                  common: {get_attr: [ContainersCommon, volumes]}
-                  service:
-                    - /var/lib/kolla/config_files/nova-libvirt.json:/var/lib/kolla/config_files/config.json:ro
-                    - /var/lib/config-data/nova_libvirt/etc/libvirt/:/etc/libvirt/:ro
-                    - /lib/modules:/lib/modules:ro
-                    - /dev:/dev
-                    - /run:/run
-                    - /sys/fs/cgroup:/sys/fs/cgroup
-                    - /var/lib/nova:/var/lib/nova
-                    # Needed to use host's virtlogd
-                    - /var/run/libvirt:/var/run/libvirt
-                    - /var/lib/libvirt:/var/lib/libvirt
-                    - /etc/libvirt/qemu:/etc/libvirt/qemu
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/nova-libvirt.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/nova_libvirt/etc/libvirt/:/etc/libvirt/:ro
+                  - /lib/modules:/lib/modules:ro
+                  - /dev:/dev
+                  - /run:/run
+                  - /sys/fs/cgroup:/sys/fs/cgroup
+                  - /var/lib/nova:/var/lib/nova
+                  # Needed to use host's virtlogd
+                  - /var/run/libvirt:/var/run/libvirt
+                  - /var/lib/libvirt:/var/lib/libvirt
+                  - /etc/libvirt/qemu:/etc/libvirt/qemu
+                  - /var/log/libvirt/qemu:/var/log/libvirt/qemu:ro
+                  - /var/log/containers/nova:/var/log/nova
             environment:
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
       host_prep_tasks:
@@ -102,6 +128,23 @@ outputs:
           with_items:
             - /etc/libvirt/qemu
             - /var/lib/libvirt
+            - /var/log/containers/nova
+        - name: set enable_package_install fact
+          set_fact:
+            enable_package_install: {get_param: EnablePackageInstall}
+        # We use virtlogd on host, so when using Deployed Server
+        # feature, we need to ensure libvirt is installed.
+        - name: install libvirt-daemon
+          package:
+            name: libvirt-daemon
+            state: present
+          when: enable_package_install
+        - name: start virtlogd socket
+          service:
+            name: virtlogd.socket
+            state: started
+            enabled: yes
+          when: enable_package_install
       upgrade_tasks:
         - name: Stop and disable libvirtd service
           tags: step2
index b452c61..e158d3b 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack containerized Nova Metadata service
@@ -18,7 +18,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
-
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
 
 resources:
 
@@ -28,6 +35,8 @@ resources:
       EndpointMap: {get_param: EndpointMap}
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index 53460a8..ae4ccf6 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack containerized Nova Placement API service
@@ -10,7 +10,7 @@ parameters:
     type: string
   DockerNovaPlacementImage:
     description: image
-    default: 'centos-binary-nova-placement-api'
+    default: 'centos-binary-nova-placement-api:latest'
     type: string
   EndpointMap:
     default: {}
@@ -26,6 +26,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
 
 resources:
 
@@ -38,6 +46,8 @@ resources:
       EndpointMap: {get_param: EndpointMap}
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
@@ -63,6 +73,10 @@ outputs:
       kolla_config:
         /var/lib/kolla/config_files/nova_placement.json:
           command: /usr/sbin/httpd -DFOREGROUND
+          permissions:
+            - path: /var/log/nova
+              owner: nova:nova
+              recurse: true
       docker_config:
         # start this early so it is up before computes start reporting
         step_3:
@@ -73,17 +87,21 @@ outputs:
             user: root
             restart: always
             volumes:
-              yaql:
-                expression: $.data.common.concat($.data.service)
-                data:
-                  common: {get_attr: [ContainersCommon, volumes]}
-                  service:
-                    - /var/lib/kolla/config_files/nova_placement.json:/var/lib/kolla/config_files/config.json:ro
-                    - /var/lib/config-data/nova_placement/etc/nova/:/etc/nova/:ro
-                    - /var/lib/config-data/nova_placement/etc/httpd/:/etc/httpd/:ro
-                    - /var/lib/config-data/nova_placement/var/www/:/var/www/:ro
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/nova_placement.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/nova_placement/etc/nova/:/etc/nova/:ro
+                  - /var/lib/config-data/nova_placement/etc/httpd/:/etc/httpd/:ro
+                  - /var/lib/config-data/nova_placement/var/www/:/var/www/:ro
+                  - /var/log/containers/nova:/var/log/nova
             environment:
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+      host_prep_tasks:
+        - name: create persistent logs directory
+          file:
+            path: /var/log/containers/nova
+            state: directory
       upgrade_tasks:
         - name: Stop and disable nova_placement service (running under httpd)
           tags: step2
index 54f30ab..6285e98 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack containerized Nova Scheduler service
@@ -30,6 +30,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
 
 resources:
 
@@ -42,6 +50,8 @@ resources:
       EndpointMap: {get_param: EndpointMap}
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
@@ -64,6 +74,10 @@ outputs:
       kolla_config:
         /var/lib/kolla/config_files/nova_scheduler.json:
           command: /usr/bin/nova-scheduler
+          permissions:
+            - path: /var/log/nova
+              owner: nova:nova
+              recurse: true
       docker_config:
         step_4:
           nova_scheduler:
@@ -75,16 +89,20 @@ outputs:
             privileged: false
             restart: always
             volumes:
-              yaql:
-                expression: $.data.common.concat($.data.service)
-                data:
-                  common: {get_attr: [ContainersCommon, volumes]}
-                  service:
-                    - /var/lib/kolla/config_files/nova_scheduler.json:/var/lib/kolla/config_files/config.json:ro
-                    - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro
-                    - /run:/run
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/nova_scheduler.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro
+                  - /run:/run
+                  - /var/log/containers/nova:/var/log/nova
             environment:
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+      host_prep_tasks:
+        - name: create persistent logs directory
+          file:
+            path: /var/log/containers/nova
+            state: directory
       upgrade_tasks:
         - name: Stop and disable nova_scheduler service
           tags: step2
diff --git a/docker/services/pacemaker/clustercheck.yaml b/docker/services/pacemaker/clustercheck.yaml
new file mode 100644 (file)
index 0000000..bad2acf
--- /dev/null
@@ -0,0 +1,103 @@
+heat_template_version: pike
+
+description: >
+  MySQL HA clustercheck service deployment using puppet
+  This service is used by HAProxy in a HA scenario to report whether
+  the local galera node is synced
+
+parameters:
+  DockerNamespace:
+    description: namespace
+    default: 'tripleoupstream'
+    type: string
+  DockerClustercheckImage:
+    description: image
+    default: 'centos-binary-mariadb:latest'
+    type: string
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+
+resources:
+
+  ContainersCommon:
+    type: ../containers-common.yaml
+
+  MysqlPuppetBase:
+    type: ../../../puppet/services/pacemaker/database/mysql.yaml
+    properties:
+      EndpointMap: {get_param: EndpointMap}
+      ServiceNetMap: {get_param: ServiceNetMap}
+      DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
+
+outputs:
+  role_data:
+    description: Containerized service clustercheck using composable services.
+    value:
+      service_name: clustercheck
+      config_settings: {get_attr: [MysqlPuppetBase, role_data, config_settings]}
+      step_config: "include ::tripleo::profile::pacemaker::clustercheck"
+      # BEGIN DOCKER SETTINGS #
+      puppet_config:
+        config_volume: clustercheck
+        puppet_tags: file # set this even though file is the default
+        step_config: "include ::tripleo::profile::pacemaker::clustercheck"
+        config_image: &clustercheck_image
+          list_join:
+            - '/'
+            - [ {get_param: DockerNamespace}, {get_param: DockerClustercheckImage} ]
+      kolla_config:
+        /var/lib/kolla/config_files/clustercheck.json:
+          command: /usr/sbin/xinetd -dontfork
+          config_files:
+          - dest: /etc/xinetd.conf
+            source: /var/lib/kolla/config_files/src/etc/xinetd.conf
+            owner: mysql
+            perm: '0644'
+          - dest: /etc/xinetd.d/galera-monitor
+            source: /var/lib/kolla/config_files/src/etc/xinetd.d/galera-monitor
+            owner: mysql
+            perm: '0644'
+          - dest: /etc/sysconfig/clustercheck
+            source: /var/lib/kolla/config_files/src/etc/sysconfig/clustercheck
+            owner: mysql
+            perm: '0600'
+      docker_config:
+        step_2:
+          clustercheck:
+            start_order: 1
+            image: *clustercheck_image
+            restart: always
+            net: host
+            volumes:
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/clustercheck.json:/var/lib/kolla/config_files/config.json
+                  - /var/lib/config-data/clustercheck/:/var/lib/kolla/config_files/src:ro
+                  - /var/lib/mysql:/var/lib/mysql
+            environment:
+              - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+      host_prep_tasks:
+      upgrade_tasks:
diff --git a/docker/services/pacemaker/database/mysql.yaml b/docker/services/pacemaker/database/mysql.yaml
new file mode 100644 (file)
index 0000000..d64845f
--- /dev/null
@@ -0,0 +1,180 @@
+heat_template_version: pike
+
+description: >
+  MySQL service deployment with pacemaker bundle
+
+parameters:
+  DockerNamespace:
+    description: namespace
+    default: 'tripleoupstream'
+    type: string
+  DockerMysqlImage:
+    description: image
+    default: 'centos-binary-mariadb:latest'
+    type: string
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  MysqlRootPassword:
+    type: string
+    hidden: true
+    default: ''
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+
+resources:
+
+  ContainersCommon:
+    type: ../../containers-common.yaml
+
+  MysqlPuppetBase:
+    type: ../../../../puppet/services/pacemaker/database/mysql.yaml
+    properties:
+      EndpointMap: {get_param: EndpointMap}
+      ServiceNetMap: {get_param: ServiceNetMap}
+      DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
+
+outputs:
+  role_data:
+    description: Containerized service MySQL using composable services.
+    value:
+      service_name: {get_attr: [MysqlPuppetBase, role_data, service_name]}
+      config_settings:
+        map_merge:
+          - {get_attr: [MysqlPuppetBase, role_data, config_settings]}
+          - tripleo::profile::pacemaker::database::mysql_bundle::mysql_docker_image: &mysql_image
+              list_join:
+                - '/'
+                - - {get_param: DockerNamespace}
+                  - {get_param: DockerMysqlImage}
+      step_config: ""
+      # BEGIN DOCKER SETTINGS #
+      puppet_config:
+        config_volume: mysql
+        puppet_tags: file # set this even though file is the default
+        step_config:
+          list_join:
+            - "\n"
+            - - "['Mysql_datadir', 'Mysql_user', 'Mysql_database', 'Mysql_grant', 'Mysql_plugin'].each |String $val| { noop_resource($val) }"
+              - "exec {'wait-for-settle': command => '/bin/true' }"
+              - "include ::tripleo::profile::pacemaker::database::mysql_bundle"
+        config_image: *mysql_image
+      kolla_config:
+        /var/lib/kolla/config_files/mysql.json:
+          command: /usr/sbin/pacemaker_remoted
+          config_files:
+          - dest: /etc/libqb/force-filesystem-sockets
+            source: /dev/null
+            owner: root
+            perm: '0644'
+          - dest: /etc/my.cnf
+            source: /var/lib/kolla/config_files/src/etc/my.cnf
+            owner: mysql
+            perm: '0644'
+          - dest: /etc/my.cnf.d/galera.cnf
+            source: /var/lib/kolla/config_files/src/etc/my.cnf.d/galera.cnf
+            owner: mysql
+            perm: '0644'
+          - dest: /etc/sysconfig/clustercheck
+            source: /var/lib/kolla/config_files/src/etc/sysconfig/clustercheck
+            owner: root
+            perm: '0600'
+      docker_config:
+        step_1:
+          mysql_data_ownership:
+            start_order: 0
+            detach: false
+            image: *mysql_image
+            net: host
+            user: root
+            # Kolla does only non-recursive chown
+            command: ['chown', '-R', 'mysql:', '/var/lib/mysql']
+            volumes:
+              - /var/lib/mysql:/var/lib/mysql
+          mysql_bootstrap:
+            start_order: 1
+            detach: false
+            image: *mysql_image
+            net: host
+            # Kolla bootstraps aren't idempotent, explicitly checking if bootstrap was done
+            command: ['bash', '-c', 'test -e /var/lib/mysql/mysql || kolla_start']
+            volumes: &mysql_volumes
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/mysql.json:/var/lib/kolla/config_files/config.json
+                  - /var/lib/config-data/mysql/:/var/lib/kolla/config_files/src:ro
+                  - /var/lib/mysql:/var/lib/mysql
+            environment:
+              - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+              - KOLLA_BOOTSTRAP=True
+              # NOTE(mandre) skip wsrep cluster status check
+              - KOLLA_KUBERNETES=True
+              -
+                list_join:
+                  - '='
+                  - - 'DB_ROOT_PASSWORD'
+                    -
+                      yaql:
+                        expression: $.data.passwords.where($ != '').first()
+                        data:
+                          passwords:
+                            - {get_param: MysqlRootPassword}
+                            - {get_param: [DefaultPasswords, mysql_root_password]}
+        step_2:
+          mysql_init_bundle:
+            start_order: 1
+            detach: false
+            net: host
+            user: root
+            command:
+              - '/bin/bash'
+              - '-c'
+              - str_replace:
+                  template:
+                    list_join:
+                      - '; '
+                      - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 2}' > /etc/puppet/hieradata/docker.json"
+                        - "FACTER_uuid=docker puppet apply --tags file,file_line,concat,augeas,TAGS -v -e 'CONFIG'"
+                  params:
+                    TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation,galera_ready,mysql_database,mysql_grant,mysql_user'
+                    CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::database::mysql_bundle'
+            image: *mysql_image
+            volumes:
+              - /etc/hosts:/etc/hosts:ro
+              - /etc/localtime:/etc/localtime:ro
+              - /etc/puppet:/tmp/puppet-etc:ro
+              - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
+              - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro
+              - /dev/shm:/dev/shm:rw
+              - /var/lib/config-data/mysql/etc/my.cnf:/etc/my.cnf:ro
+              - /var/lib/config-data/mysql/etc/my.cnf.d:/etc/my.cnf.d:ro
+              - /var/lib/mysql:/var/lib/mysql:rw
+      host_prep_tasks:
+        - name: create /var/lib/mysql
+          file:
+            path: /var/lib/mysql
+            state: directory
+      upgrade_tasks:
+        - name: Stop and disable mysql service
+          tags: step2
+          service: name=mariadb state=stopped enabled=no
diff --git a/docker/services/pacemaker/database/redis.yaml b/docker/services/pacemaker/database/redis.yaml
new file mode 100644 (file)
index 0000000..ef27f7e
--- /dev/null
@@ -0,0 +1,140 @@
+heat_template_version: pike
+
+description: >
+  OpenStack containerized Redis services
+
+parameters:
+  DockerNamespace:
+    description: namespace
+    default: 'tripleoupstream'
+    type: string
+  DockerRedisImage:
+    description: image
+    default: 'centos-binary-redis:latest'
+    type: string
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+
+resources:
+
+  RedisBase:
+    type: ../../../../puppet/services/database/redis.yaml
+    properties:
+      EndpointMap: {get_param: EndpointMap}
+      ServiceNetMap: {get_param: ServiceNetMap}
+      DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
+
+outputs:
+  role_data:
+    description: Role data for the Redis API role.
+    value:
+      service_name: {get_attr: [RedisBase, role_data, service_name]}
+      config_settings:
+        map_merge:
+          - {get_attr: [RedisBase, role_data, config_settings]}
+          - redis::service_manage: false
+            redis::notify_service: false
+            redis::managed_by_cluster_manager: true
+            tripleo::profile::pacemaker::database::redis_bundle::redis_docker_image: &redis_image
+              list_join:
+                - '/'
+                - - {get_param: DockerNamespace}
+                  - {get_param: DockerRedisImage}
+
+      step_config: ""
+      service_config_settings: {get_attr: [RedisBase, role_data, service_config_settings]}
+      # BEGIN DOCKER SETTINGS
+      puppet_config:
+        config_volume: 'redis'
+        # NOTE: we need the exec tag to copy /etc/redis.conf.puppet to
+        # /etc/redis.conf
+        # https://github.com/arioch/puppet-redis/commit/1c004143223e660cbd433422ff8194508aab9763
+        puppet_tags: 'exec'
+        step_config:
+          get_attr: [RedisBase, role_data, step_config]
+        config_image: *redis_image
+      kolla_config:
+        /var/lib/kolla/config_files/redis.json:
+          command: /usr/sbin/pacemaker_remoted
+          config_files:
+            - dest: /etc/libqb/force-filesystem-sockets
+              source: /dev/null
+              owner: root
+              perm: '0644'
+          permissions:
+            - path: /var/run/redis
+              owner: redis:redis
+              recurse: true
+            - path: /var/lib/redis
+              owner: redis:redis
+              recurse: true
+            - path: /var/log/redis
+              owner: redis:redis
+              recurse: true
+      docker_config:
+        step_2:
+          redis_init_bundle:
+            start_order: 2
+            detach: false
+            net: host
+            user: root
+            config_volume: 'redis_init_bundle'
+            command:
+              - '/bin/bash'
+              - '-c'
+              - str_replace:
+                  template:
+                    list_join:
+                      - '; '
+                      - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 2}' > /etc/puppet/hieradata/docker.json"
+                        - "FACTER_uuid=docker puppet apply --tags file,file_line,concat,augeas,TAGS -v -e 'CONFIG'"
+                  params:
+                    TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation'
+                    CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::database::redis_bundle'
+            image: *redis_image
+            volumes:
+              - /etc/hosts:/etc/hosts:ro
+              - /etc/localtime:/etc/localtime:ro
+              - /etc/puppet:/tmp/puppet-etc:ro
+              - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
+              - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro
+              - /dev/shm:/dev/shm:rw
+      host_prep_tasks:
+        - name: create /var/run/redis
+          file:
+            path: /var/run/redis
+            state: directory
+        - name: create /var/log/redis
+          file:
+            path: /var/log/redis
+            state: directory
+        - name: create /var/lib/redis
+          file:
+            path: /var/lib/redis
+            state: directory
+      upgrade_tasks:
+        - name: Stop and disable redis service
+          tags: step2
+          service: name=redis state=stopped enabled=no
diff --git a/docker/services/pacemaker/haproxy.yaml b/docker/services/pacemaker/haproxy.yaml
new file mode 100644 (file)
index 0000000..ae19652
--- /dev/null
@@ -0,0 +1,116 @@
+heat_template_version: pike
+
+description: >
+  OpenStack containerized HAproxy service for pacemaker
+
+parameters:
+  DockerNamespace:
+    description: namespace
+    default: 'tripleoupstream'
+    type: string
+  DockerHAProxyImage:
+    description: image
+    default: 'centos-binary-haproxy:latest'
+    type: string
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+
+resources:
+
+  HAProxyBase:
+    type: ../../../puppet/services/pacemaker/haproxy.yaml
+    properties:
+      EndpointMap: {get_param: EndpointMap}
+      ServiceNetMap: {get_param: ServiceNetMap}
+      DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
+
+outputs:
+  role_data:
+    description: Role data for the HAproxy role.
+    value:
+      service_name: {get_attr: [HAProxyBase, role_data, service_name]}
+      config_settings:
+        map_merge:
+          - get_attr: [HAProxyBase, role_data, config_settings]
+          - tripleo::haproxy::haproxy_daemon: false
+            haproxy_docker: true
+            tripleo::profile::pacemaker::haproxy_bundle::haproxy_docker_image: &haproxy_image
+              list_join:
+                - '/'
+                - [ {get_param: DockerNamespace}, {get_param: DockerHAProxyImage} ]
+      step_config:
+          list_join:
+            - "\n"
+            - - &noop_pcmk "['pcmk_bundle', 'pcmk_resource', 'pcmk_property', 'pcmk_constraint', 'pcmk_resource_default'].each |String $val| { noop_resource($val) }"
+              - 'include ::tripleo::profile::pacemaker::haproxy_bundle'
+      service_config_settings: {get_attr: [HAProxyBase, role_data, service_config_settings]}
+      # BEGIN DOCKER SETTINGS
+      puppet_config:
+        config_volume: haproxy
+        puppet_tags: haproxy_config
+        step_config:
+          list_join:
+            - "\n"
+            - - "exec {'wait-for-settle': command => '/bin/true' }"
+              - &noop_firewall "class tripleo::firewall(){}; define tripleo::firewall::rule( $port = undef, $dport = undef, $sport = undef, $proto = undef, $action = undef, $state = undef, $source = undef, $iniface = undef, $chain = undef, $destination = undef, $extras = undef){}"
+              - *noop_pcmk
+              - 'include ::tripleo::profile::pacemaker::haproxy_bundle'
+        config_image: *haproxy_image
+      kolla_config:
+        /var/lib/kolla/config_files/haproxy.json:
+          command: haproxy -f /etc/haproxy/haproxy.cfg
+      docker_config:
+        step_2:
+          haproxy_init_bundle:
+            start_order: 3
+            detach: false
+            net: host
+            user: root
+            command:
+              - '/bin/bash'
+              - '-c'
+              - str_replace:
+                  template:
+                    list_join:
+                      - '; '
+                      - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 2}' > /etc/puppet/hieradata/docker.json"
+                        - "FACTER_uuid=docker puppet apply --tags file,file_line,concat,augeas,TAGS -v -e 'CONFIG'"
+                  params:
+                    TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ip,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation'
+                    CONFIG:
+                      list_join:
+                        - ';'
+                        - - *noop_firewall
+                          - 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::haproxy_bundle'
+            image: *haproxy_image
+            volumes:
+              - /etc/hosts:/etc/hosts:ro
+              - /etc/localtime:/etc/localtime:ro
+              - /etc/puppet:/tmp/puppet-etc:ro
+              - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
+              - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro
+              - /dev/shm:/dev/shm:rw
+      metadata_settings:
+        get_attr: [HAProxyBase, role_data, metadata_settings]
diff --git a/docker/services/pacemaker/rabbitmq.yaml b/docker/services/pacemaker/rabbitmq.yaml
new file mode 100644 (file)
index 0000000..7f6ac70
--- /dev/null
@@ -0,0 +1,159 @@
+heat_template_version: pike
+
+description: >
+  OpenStack containerized Rabbitmq service
+
+parameters:
+  DockerNamespace:
+    description: namespace
+    default: 'tripleoupstream'
+    type: string
+  DockerRabbitmqImage:
+    description: image
+    default: 'centos-binary-rabbitmq:latest'
+    type: string
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  RabbitCookie:
+    type: string
+    default: ''
+    hidden: true
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+
+resources:
+
+  RabbitmqBase:
+    type: ../../../puppet/services/rabbitmq.yaml
+    properties:
+      EndpointMap: {get_param: EndpointMap}
+      ServiceNetMap: {get_param: ServiceNetMap}
+      DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
+
+outputs:
+  role_data:
+    description: Role data for the Rabbitmq API role.
+    value:
+      service_name: {get_attr: [RabbitmqBase, role_data, service_name]}
+      config_settings:
+        map_merge:
+          - {get_attr: [RabbitmqBase, role_data, config_settings]}
+          - rabbitmq::service_manage: false
+            tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image: &rabbitmq_image
+              list_join:
+                - '/'
+                - - {get_param: DockerNamespace}
+                  - {get_param: DockerRabbitmqImage}
+      step_config: &step_config
+        get_attr: [RabbitmqBase, role_data, step_config]
+      service_config_settings: {get_attr: [RabbitmqBase, role_data, service_config_settings]}
+      # BEGIN DOCKER SETTINGS
+      puppet_config:
+        config_volume: rabbitmq
+        puppet_tags: file
+        step_config: *step_config
+        config_image: *rabbitmq_image
+      kolla_config:
+        /var/lib/kolla/config_files/rabbitmq.json:
+          command: /usr/sbin/pacemaker_remoted
+          config_files:
+          - dest: /etc/libqb/force-filesystem-sockets
+            source: /dev/null
+            owner: root
+            perm: '0644'
+          permissions:
+           - path: /var/lib/rabbitmq
+             owner: rabbitmq:rabbitmq
+             recurse: true
+           - path: /var/log/rabbitmq
+             owner: rabbitmq:rabbitmq
+             recurse: true
+      # When using pacemaker we don't launch the container, instead that is done by pacemaker
+      # itself.
+      docker_config:
+        step_1:
+          rabbitmq_bootstrap:
+            start_order: 0
+            image: *rabbitmq_image
+            net: host
+            privileged: false
+            volumes:
+              - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro
+              - /var/lib/config-data/rabbitmq/etc/rabbitmq:/etc/rabbitmq:ro
+              - /etc/hosts:/etc/hosts:ro
+              - /etc/localtime:/etc/localtime:ro
+              - /var/lib/rabbitmq:/var/lib/rabbitmq
+            environment:
+              - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+              - KOLLA_BOOTSTRAP=True
+              -
+                list_join:
+                  - '='
+                  - - 'RABBITMQ_CLUSTER_COOKIE'
+                    -
+                      yaql:
+                        expression: $.data.passwords.where($ != '').first()
+                        data:
+                          passwords:
+                            - {get_param: RabbitCookie}
+                            - {get_param: [DefaultPasswords, rabbit_cookie]}
+        step_2:
+          rabbitmq_init_bundle:
+            start_order: 0
+            detach: false
+            net: host
+            user: root
+            command:
+              - '/bin/bash'
+              - '-c'
+              - str_replace:
+                  template:
+                    list_join:
+                      - '; '
+                      - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 2}' > /etc/puppet/hieradata/docker.json"
+                        - "FACTER_uuid=docker puppet apply --tags file,file_line,concat,augeas,TAGS -v -e 'CONFIG'"
+                  params:
+                    TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation'
+                    CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::rabbitmq_bundle'
+            image: *rabbitmq_image
+            volumes:
+              - /etc/hosts:/etc/hosts:ro
+              - /etc/localtime:/etc/localtime:ro
+              - /etc/puppet:/tmp/puppet-etc:ro
+              - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
+              - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro
+              - /dev/shm:/dev/shm:rw
+      host_prep_tasks:
+        - name: create /var/lib/rabbitmq
+          file:
+            path: /var/lib/rabbitmq
+            state: directory
+        - name: stop the Erlang port mapper on the host and make sure it cannot bind to the port used by container
+          shell: |
+            echo 'export ERL_EPMD_ADDRESS=127.0.0.1' > /etc/rabbitmq/rabbitmq-env.conf
+            echo 'export ERL_EPMD_PORT=4370' >> /etc/rabbitmq/rabbitmq-env.conf
+            for pid in $(pgrep epmd); do if [ "$(lsns -o NS -p $pid)" == "$(lsns -o NS -p 1)" ]; then kill $pid; break; fi; done
+      upgrade_tasks:
+        - name: Stop and disable rabbitmq service
+          tags: step2
+          service: name=rabbitmq-server state=stopped enabled=no
index 61bdf7a..b9e6e93 100644 (file)
@@ -1,7 +1,9 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
-  OpenStack Panko service configured with docker
+  OpenStack Panko service configured with docker.
+  Note, this service is deprecated in Pike release and
+  will be disabled in future releases.
 
 parameters:
   DockerNamespace:
@@ -26,6 +28,21 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+  EnableInternalTLS:
+    type: boolean
+    default: false
+
+conditions:
+
+  internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
 
 resources:
 
@@ -38,6 +55,8 @@ resources:
       EndpointMap: {get_param: EndpointMap}
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
@@ -63,30 +82,33 @@ outputs:
       kolla_config:
         /var/lib/kolla/config_files/panko-api.json:
           command: /usr/sbin/httpd -DFOREGROUND
+          permissions:
+            - path: /var/log/panko
+              owner: panko:panko
+              recurse: true
       docker_config:
         step_3:
           panko-init-log:
             start_order: 0
             image: *panko_image
             user: root
-            command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd && mkdir -p /var/log/panko && chown panko:panko /var/log/panko']
             volumes:
-              - logs:/var/log
+              - /var/log/containers/panko:/var/log/panko
+            command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R panko:panko /var/log/panko']
           panko_db_sync:
             start_order: 1
             image: *panko_image
             net: host
             detach: false
             privileged: false
+            user: root
             volumes:
-              yaql:
-                expression: $.data.common.concat($.data.service)
-                data:
-                  common: {get_attr: [ContainersCommon, volumes]}
-                  service:
-                    - /var/lib/config-data/panko/etc/panko:/etc/panko:ro
-                    - logs:/var/log
-            command: /usr/bin/panko-dbsync
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/config-data/panko/etc/panko:/etc/panko:ro
+                  - /var/log/containers/panko:/var/log/panko
+            command: "/usr/bin/bootstrap_host_exec panko_api su panko -s /bin/bash -c '/usr/bin/panko-dbsync'"
         step_4:
           panko_api:
             start_order: 2
@@ -95,14 +117,30 @@ outputs:
             privileged: false
             restart: always
             volumes:
-              yaql:
-                expression: $.data.common.concat($.data.service)
-                data:
-                  common: {get_attr: [ContainersCommon, volumes]}
-                  service:
-                    - /var/lib/kolla/config_files/panko-api.json:/var/lib/kolla/config_files/config.json:ro
-                    - /var/lib/config-data/panko/etc/panko/:/etc/panko/:ro
-                    - /var/lib/config-data/panko/etc/httpd/:/etc/httpd/:ro
-                    - /var/lib/config-data/panko/var/www/:/var/www/:ro
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/panko-api.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/panko/etc/panko/:/etc/panko/:ro
+                  - /var/lib/config-data/panko/etc/httpd/:/etc/httpd/:ro
+                  - /var/lib/config-data/panko/var/www/:/var/www/:ro
+                  - /var/log/containers/panko:/var/log/panko
+                  -
+                    if:
+                      - internal_tls_enabled
+                      - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
+                      - ''
+                  -
+                    if:
+                      - internal_tls_enabled
+                      - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
+                      - ''
             environment:
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+      host_prep_tasks:
+        - name: create persistent logs directory
+          file:
+            path: /var/log/containers/panko
+            state: directory
+      metadata_settings:
+        get_attr: [PankoApiPuppetBase, role_data, metadata_settings]
index a04893e..e2f8228 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack containerized Rabbitmq service
@@ -26,6 +26,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   RabbitCookie:
     type: string
     default: ''
@@ -42,20 +50,28 @@ resources:
       EndpointMap: {get_param: EndpointMap}
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
     description: Role data for the Rabbitmq API role.
     value:
       service_name: {get_attr: [RabbitmqBase, role_data, service_name]}
-      config_settings: {get_attr: [RabbitmqBase, role_data, config_settings]}
+      # RabbitMQ plugins initialization occurs on every node
+      config_settings:
+        map_merge:
+          - {get_attr: [RabbitmqBase, role_data, config_settings]}
+          - rabbitmq::admin_enable: false
       step_config: &step_config
-        get_attr: [RabbitmqBase, role_data, step_config]
+        list_join:
+          - "\n"
+          - - "['Rabbitmq_policy', 'Rabbitmq_user'].each |String $val| { noop_resource($val) }"
+            - get_attr: [RabbitmqBase, role_data, step_config]
       service_config_settings: {get_attr: [RabbitmqBase, role_data, service_config_settings]}
       # BEGIN DOCKER SETTINGS
       puppet_config:
         config_volume: rabbitmq
-        puppet_tags: file
         step_config: *step_config
         config_image: &rabbitmq_image
           list_join:
@@ -64,26 +80,38 @@ outputs:
       kolla_config:
         /var/lib/kolla/config_files/rabbitmq.json:
           command: /usr/lib/rabbitmq/bin/rabbitmq-server
+          permissions:
+            - path: /var/lib/rabbitmq
+              owner: rabbitmq:rabbitmq
+              recurse: true
       docker_config:
+        # Kolla_bootstrap runs before permissions set by kolla_config
         step_1:
-          rabbitmq_bootstrap:
+          rabbitmq_init_logs:
             start_order: 0
             image: *rabbitmq_image
+            privileged: false
+            user: root
+            volumes:
+              - /var/log/containers/rabbitmq:/var/log/rabbitmq
+            command: ['/bin/bash', '-c', 'chown -R rabbitmq:rabbitmq /var/log/rabbitmq']
+          rabbitmq_bootstrap:
+            start_order: 1
+            image: *rabbitmq_image
             net: host
             privileged: false
             volumes:
-              yaql:
-                expression: $.data.common.concat($.data.service)
-                data:
-                  common: {get_attr: [ContainersCommon, volumes]}
-                  service:
-                    - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro
-                    - /var/lib/config-data/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/:ro
-                    - /var/lib/rabbitmq:/var/lib/rabbitmq
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/:ro
+                  - /var/lib/rabbitmq:/var/lib/rabbitmq
+                  - /var/log/containers/rabbitmq:/var/log/rabbitmq
             environment:
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
               - KOLLA_BOOTSTRAP=True
-              - 
+              -
                 list_join:
                   - '='
                   - - 'RABBITMQ_CLUSTER_COOKIE'
@@ -95,27 +123,39 @@ outputs:
                             - {get_param: RabbitCookie}
                             - {get_param: [DefaultPasswords, rabbit_cookie]}
           rabbitmq:
-            start_order: 1
+            start_order: 2
             image: *rabbitmq_image
             net: host
             privileged: false
             restart: always
             volumes:
-              yaql:
-                expression: $.data.common.concat($.data.service)
-                data:
-                  common: {get_attr: [ContainersCommon, volumes]}
-                  service:
-                    - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro
-                    - /var/lib/config-data/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/:ro
-                    - /var/lib/rabbitmq:/var/lib/rabbitmq
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/:ro
+                  - /var/lib/rabbitmq:/var/lib/rabbitmq
+                  - /var/log/containers/rabbitmq:/var/log/rabbitmq
             environment:
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+      docker_puppet_tasks:
+        # RabbitMQ users and policies initialization occurs only on single node
+        step_1:
+          config_volume: 'rabbit_init_tasks'
+          puppet_tags: 'rabbitmq_policy,rabbitmq_user'
+          step_config: 'include ::tripleo::profile::base::rabbitmq'
+          config_image: *rabbitmq_image
+          volumes:
+            - /var/lib/config-data/rabbitmq/etc/:/etc/
+            - /var/lib/rabbitmq:/var/lib/rabbitmq:ro
       host_prep_tasks:
-        - name: create /var/lib/rabbitmq
+        - name: create persistent directories
           file:
-            path: /var/lib/rabbitmq
+            path: "{{ item }}"
             state: directory
+          with_items:
+            - /var/log/containers/rabbitmq
+            - /var/lib/rabbitmq
       upgrade_tasks:
         - name: Stop and disable rabbitmq service
           tags: step2
index 21387c9..2ad3b63 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Utility stack to convert an array of services into a set of combined
@@ -26,6 +26,14 @@ parameters:
     description: Mapping of service -> default password. Used to help
                  pass top level passwords managed by Heat into services.
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
 
 resources:
 
@@ -36,6 +44,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       EndpointMap: {get_param: EndpointMap}
       DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
   ServiceChain:
     type: OS::Heat::ResourceChain
@@ -46,6 +56,8 @@ resources:
         ServiceNetMap: {get_param: ServiceNetMap}
         EndpointMap: {get_param: EndpointMap}
         DefaultPasswords: {get_param: DefaultPasswords}
+        RoleName: {get_param: RoleName}
+        RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index 6e8d6eb..04c4ba1 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack containerized swift proxy service
@@ -26,6 +26,21 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+  EnableInternalTLS:
+    type: boolean
+    default: false
+
+conditions:
+
+  internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
 
 resources:
 
@@ -38,6 +53,8 @@ resources:
       EndpointMap: {get_param: EndpointMap}
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
@@ -60,34 +77,63 @@ outputs:
       kolla_config:
         /var/lib/kolla/config_files/swift_proxy.json:
           command: /usr/bin/swift-proxy-server /etc/swift/proxy-server.conf
+          permissions:
+            - path: /var/log/swift
+              owner: swift:swift
+              recurse: true
+        /var/lib/kolla/config_files/swift_proxy_tls_proxy.json:
+          command: /usr/sbin/httpd -DFOREGROUND
       docker_config:
         step_4:
-          swift_proxy:
-            image: *swift_proxy_image
-            net: host
-            user: swift
-            restart: always
-            volumes:
-              yaql:
-                expression: $.data.common.concat($.data.service)
-                data:
-                  common: {get_attr: [ContainersCommon, volumes]}
-                  service:
-                    - /var/lib/kolla/config_files/swift_proxy.json:/var/lib/kolla/config_files/config.json:ro
-                    # FIXME I'm mounting /etc/swift as rw.  Are the rings written to
-                    # at all during runtime?
-                    - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
-                    - /run:/run
-                    - /srv/node:/srv/node
-                    - /dev:/dev
-            environment:
-              - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+          map_merge:
+            - swift_proxy:
+                image: *swift_proxy_image
+                net: host
+                user: swift
+                restart: always
+                volumes:
+                  list_concat:
+                    - {get_attr: [ContainersCommon, volumes]}
+                    -
+                      - /var/lib/kolla/config_files/swift_proxy.json:/var/lib/kolla/config_files/config.json:ro
+                      # FIXME I'm mounting /etc/swift as rw.  Are the rings written to
+                      # at all during runtime?
+                      - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+                      - /run:/run
+                      - /srv/node:/srv/node
+                      - /dev:/dev
+                      - /var/log/containers/swift:/var/log/swift
+                environment:
+                  - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+            - if:
+                - internal_tls_enabled
+                - swift_proxy_tls_proxy:
+                    image: *swift_proxy_image
+                    net: host
+                    user: root
+                    restart: always
+                    volumes:
+                      list_concat:
+                        - {get_attr: [ContainersCommon, volumes]}
+                        -
+                          - /var/lib/kolla/config_files/swift_proxy_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro
+                          - /var/lib/config-data/swift/etc/httpd/:/etc/httpd/:ro
+                          - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
+                          - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
+                    environment:
+                      - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+                - {}
       host_prep_tasks:
-        - name: create /srv/node
+        - name: create persistent directories
           file:
-            path: /srv/node
+            path: "{{ item }}"
             state: directory
+          with_items:
+            - /var/log/containers/swift
+            - /srv/node
       upgrade_tasks:
         - name: Stop and disable swift_proxy service
           tags: step2
           service: name=openstack-swift-proxy state=stopped enabled=no
+      metadata_settings:
+        get_attr: [SwiftProxyBase, role_data, metadata_settings]
index 2110250..bfd445d 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Swift Ringbuilder
@@ -21,6 +21,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -59,6 +67,8 @@ resources:
       EndpointMap: {get_param: EndpointMap}
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index 5044c54..017fb12 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack containerized Swift Storage services.
@@ -32,6 +32,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   ServiceNetMap:
     default: {}
     description: Mapping of service_name -> network name. Typically set
@@ -50,6 +58,8 @@ resources:
       EndpointMap: {get_param: EndpointMap}
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
@@ -96,6 +106,10 @@ outputs:
           command: /usr/bin/swift-object-updater /etc/swift/object-server.conf
         /var/lib/kolla/config_files/swift_object_server.json:
           command: /usr/bin/swift-object-server /etc/swift/object-server.conf
+          permissions:
+            - path: /var/log/swift
+              owner: swift:swift
+              recurse: true
       docker_config:
         step_3:
           # The puppet config sets this up but we don't have a way to mount the named
@@ -117,16 +131,15 @@ outputs:
             user: swift
             restart: always
             volumes:
-              yaql:
-                expression: $.data.common.concat($.data.service)
-                data:
-                  common: {get_attr: [ContainersCommon, volumes]}
-                  service:
-                    - /var/lib/kolla/config_files/swift_account_auditor.json:/var/lib/kolla/config_files/config.json:ro
-                    - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
-                    - /run:/run
-                    - /srv/node:/srv/node
-                    - /dev:/dev
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/swift_account_auditor.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+                  - /run:/run
+                  - /srv/node:/srv/node
+                  - /dev:/dev
+                  - /var/log/containers/swift:/var/log/swift
             environment: &kolla_env
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
           swift_account_reaper:
@@ -135,16 +148,15 @@ outputs:
             user: swift
             restart: always
             volumes:
-              yaql:
-                expression: $.data.common.concat($.data.service)
-                data:
-                  common: {get_attr: [ContainersCommon, volumes]}
-                  service:
-                    - /var/lib/kolla/config_files/swift_account_reaper.json:/var/lib/kolla/config_files/config.json:ro
-                    - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
-                    - /run:/run
-                    - /srv/node:/srv/node
-                    - /dev:/dev
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/swift_account_reaper.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+                  - /run:/run
+                  - /srv/node:/srv/node
+                  - /dev:/dev
+                  - /var/log/containers/swift:/var/log/swift
             environment: *kolla_env
           swift_account_replicator:
             image: *swift_account_image
@@ -152,16 +164,15 @@ outputs:
             user: swift
             restart: always
             volumes:
-              yaql:
-                expression: $.data.common.concat($.data.service)
-                data:
-                  common: {get_attr: [ContainersCommon, volumes]}
-                  service:
-                    - /var/lib/kolla/config_files/swift_account_replicator.json:/var/lib/kolla/config_files/config.json:ro
-                    - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
-                    - /run:/run
-                    - /srv/node:/srv/node
-                    - /dev:/dev
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/swift_account_replicator.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+                  - /run:/run
+                  - /srv/node:/srv/node
+                  - /dev:/dev
+                  - /var/log/containers/swift:/var/log/swift
             environment: *kolla_env
           swift_account_server:
             image: *swift_account_image
@@ -169,16 +180,15 @@ outputs:
             user: swift
             restart: always
             volumes:
-              yaql:
-                expression: $.data.common.concat($.data.service)
-                data:
-                  common: {get_attr: [ContainersCommon, volumes]}
-                  service:
-                    - /var/lib/kolla/config_files/swift_account_server.json:/var/lib/kolla/config_files/config.json:ro
-                    - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
-                    - /run:/run
-                    - /srv/node:/srv/node
-                    - /dev:/dev
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/swift_account_server.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+                  - /run:/run
+                  - /srv/node:/srv/node
+                  - /dev:/dev
+                  - /var/log/containers/swift:/var/log/swift
             environment: *kolla_env
           swift_container_auditor:
             image: &swift_container_image
@@ -189,16 +199,15 @@ outputs:
             user: swift
             restart: always
             volumes:
-              yaql:
-                expression: $.data.common.concat($.data.service)
-                data:
-                  common: {get_attr: [ContainersCommon, volumes]}
-                  service:
-                    - /var/lib/kolla/config_files/swift_container_auditor.json:/var/lib/kolla/config_files/config.json:ro
-                    - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
-                    - /run:/run
-                    - /srv/node:/srv/node
-                    - /dev:/dev
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/swift_container_auditor.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+                  - /run:/run
+                  - /srv/node:/srv/node
+                  - /dev:/dev
+                  - /var/log/containers/swift:/var/log/swift
             environment: *kolla_env
           swift_container_replicator:
             image: *swift_container_image
@@ -206,16 +215,15 @@ outputs:
             user: swift
             restart: always
             volumes:
-              yaql:
-                expression: $.data.common.concat($.data.service)
-                data:
-                  common: {get_attr: [ContainersCommon, volumes]}
-                  service:
-                    - /var/lib/kolla/config_files/swift_container_replicator.json:/var/lib/kolla/config_files/config.json:ro
-                    - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
-                    - /run:/run
-                    - /srv/node:/srv/node
-                    - /dev:/dev
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/swift_container_replicator.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+                  - /run:/run
+                  - /srv/node:/srv/node
+                  - /dev:/dev
+                  - /var/log/containers/swift:/var/log/swift
             environment: *kolla_env
           swift_container_updater:
             image: *swift_container_image
@@ -223,16 +231,15 @@ outputs:
             user: swift
             restart: always
             volumes:
-              yaql:
-                expression: $.data.common.concat($.data.service)
-                data:
-                  common: {get_attr: [ContainersCommon, volumes]}
-                  service:
-                    - /var/lib/kolla/config_files/swift_container_updater.json:/var/lib/kolla/config_files/config.json:ro
-                    - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
-                    - /run:/run
-                    - /srv/node:/srv/node
-                    - /dev:/dev
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/swift_container_updater.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+                  - /run:/run
+                  - /srv/node:/srv/node
+                  - /dev:/dev
+                  - /var/log/containers/swift:/var/log/swift
             environment: *kolla_env
           swift_container_server:
             image: *swift_container_image
@@ -240,16 +247,15 @@ outputs:
             user: swift
             restart: always
             volumes:
-              yaql:
-                expression: $.data.common.concat($.data.service)
-                data:
-                  common: {get_attr: [ContainersCommon, volumes]}
-                  service:
-                    - /var/lib/kolla/config_files/swift_container_server.json:/var/lib/kolla/config_files/config.json:ro
-                    - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
-                    - /run:/run
-                    - /srv/node:/srv/node
-                    - /dev:/dev
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/swift_container_server.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+                  - /run:/run
+                  - /srv/node:/srv/node
+                  - /dev:/dev
+                  - /var/log/containers/swift:/var/log/swift
             environment: *kolla_env
           swift_object_auditor:
             image: &swift_object_image
@@ -260,16 +266,15 @@ outputs:
             user: swift
             restart: always
             volumes:
-              yaql:
-                expression: $.data.common.concat($.data.service)
-                data:
-                  common: {get_attr: [ContainersCommon, volumes]}
-                  service:
-                    - /var/lib/kolla/config_files/swift_object_auditor.json:/var/lib/kolla/config_files/config.json:ro
-                    - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
-                    - /run:/run
-                    - /srv/node:/srv/node
-                    - /dev:/dev
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/swift_object_auditor.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+                  - /run:/run
+                  - /srv/node:/srv/node
+                  - /dev:/dev
+                  - /var/log/containers/swift:/var/log/swift
             environment: *kolla_env
           swift_object_expirer:
             image: *swift_proxy_image
@@ -277,16 +282,15 @@ outputs:
             user: swift
             restart: always
             volumes:
-              yaql:
-                expression: $.data.common.concat($.data.service)
-                data:
-                  common: {get_attr: [ContainersCommon, volumes]}
-                  service:
-                    - /var/lib/kolla/config_files/swift_object_expirer.json:/var/lib/kolla/config_files/config.json:ro
-                    - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
-                    - /run:/run
-                    - /srv/node:/srv/node
-                    - /dev:/dev
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/swift_object_expirer.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+                  - /run:/run
+                  - /srv/node:/srv/node
+                  - /dev:/dev
+                  - /var/log/containers/swift:/var/log/swift
             environment: *kolla_env
           swift_object_replicator:
             image: *swift_object_image
@@ -294,16 +298,15 @@ outputs:
             user: swift
             restart: always
             volumes:
-              yaql:
-                expression: $.data.common.concat($.data.service)
-                data:
-                  common: {get_attr: [ContainersCommon, volumes]}
-                  service:
-                    - /var/lib/kolla/config_files/swift_object_replicator.json:/var/lib/kolla/config_files/config.json:ro
-                    - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
-                    - /run:/run
-                    - /srv/node:/srv/node
-                    - /dev:/dev
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/swift_object_replicator.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+                  - /run:/run
+                  - /srv/node:/srv/node
+                  - /dev:/dev
+                  - /var/log/containers/swift:/var/log/swift
             environment: *kolla_env
           swift_object_updater:
             image: *swift_object_image
@@ -311,16 +314,15 @@ outputs:
             user: swift
             restart: always
             volumes:
-              yaql:
-                expression: $.data.common.concat($.data.service)
-                data:
-                  common: {get_attr: [ContainersCommon, volumes]}
-                  service:
-                    - /var/lib/kolla/config_files/swift_object_updater.json:/var/lib/kolla/config_files/config.json:ro
-                    - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
-                    - /run:/run
-                    - /srv/node:/srv/node
-                    - /dev:/dev
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/swift_object_updater.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+                  - /run:/run
+                  - /srv/node:/srv/node
+                  - /dev:/dev
+                  - /var/log/containers/swift:/var/log/swift
             environment: *kolla_env
           swift_object_server:
             image: *swift_object_image
@@ -328,22 +330,24 @@ outputs:
             user: swift
             restart: always
             volumes:
-              yaql:
-                expression: $.data.common.concat($.data.service)
-                data:
-                  common: {get_attr: [ContainersCommon, volumes]}
-                  service:
-                    - /var/lib/kolla/config_files/swift_object_server.json:/var/lib/kolla/config_files/config.json:ro
-                    - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
-                    - /run:/run
-                    - /srv/node:/srv/node
-                    - /dev:/dev
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/swift_object_server.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/swift/etc/swift:/etc/swift:rw
+                  - /run:/run
+                  - /srv/node:/srv/node
+                  - /dev:/dev
+                  - /var/log/containers/swift:/var/log/swift
             environment: *kolla_env
       host_prep_tasks:
-        - name: create /srv/node
+        - name: create persistent directories
           file:
-            path: /srv/node
+            path: "{{ item }}"
             state: directory
+          with_items:
+            - /var/log/containers/swift
+            - /srv/node
       upgrade_tasks:
         - name: Stop and disable swift storage services
           tags: step2
index fdb353b..594df69 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack containerized Zaqar services
@@ -26,6 +26,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
 
 resources:
 
@@ -38,6 +46,8 @@ resources:
       EndpointMap: {get_param: EndpointMap}
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
@@ -59,9 +69,13 @@ outputs:
             - [ {get_param: DockerNamespace}, {get_param: DockerZaqarImage} ]
       kolla_config:
         /var/lib/kolla/config_files/zaqar.json:
-          command: /usr/bin/zaqar-server --config-file /etc/zaqar/zaqar.conf
+          command: /usr/sbin/httpd -DFOREGROUND
         /var/lib/kolla/config_files/zaqar_websocket.json:
           command: /usr/bin/zaqar-server --config-file /etc/zaqar/zaqar.conf --config-file /etc/zaqar/1.conf
+          permissions:
+            - path: /var/log/zaqar
+              owner: zaqar:zaqar
+              recurse: true
       docker_config:
         step_4:
           zaqar:
@@ -69,14 +83,18 @@ outputs:
             net: host
             privileged: false
             restart: always
+            # NOTE(mandre) kolla image changes the user to 'zaqar', we need it
+            # to be root to run httpd
+            user: root
             volumes:
-              yaql:
-                expression: $.data.common.concat($.data.service)
-                data:
-                  common: {get_attr: [ContainersCommon, volumes]}
-                  service:
-                    - /var/lib/kolla/config_files/zaqar.json:/var/lib/kolla/config_files/config.json:ro
-                    - /var/lib/config-data/zaqar/etc/zaqar/:/etc/zaqar/:ro
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/zaqar.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/zaqar/etc/zaqar/:/etc/zaqar/:ro
+                  - /var/lib/config-data/zaqar/var/www/:/var/www/:ro
+                  - /var/lib/config-data/zaqar/etc/httpd/:/etc/httpd/:ro
+                  - /var/log/containers/zaqar:/var/log/zaqar
             environment:
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
           zaqar_websocket:
@@ -85,17 +103,22 @@ outputs:
             privileged: false
             restart: always
             volumes:
-              yaql:
-                expression: $.data.common.concat($.data.service)
-                data:
-                  common: {get_attr: [ContainersCommon, volumes]}
-                  service:
-                    - /var/lib/kolla/config_files/zaqar_websocket.json:/var/lib/kolla/config_files/config.json:ro
-                    - /var/lib/config-data/zaqar/etc/zaqar/:/etc/zaqar/:ro
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/zaqar_websocket.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/zaqar/etc/zaqar/:/etc/zaqar/:ro
+                  - /var/lib/config-data/zaqar/var/www/:/var/www/:ro
+                  - /var/lib/config-data/zaqar/etc/httpd/:/etc/httpd/:ro
+                  - /var/log/containers/zaqar:/var/log/zaqar
             environment:
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+      host_prep_tasks:
+        - name: create persistent logs directory
+          file:
+            path: /var/log/containers/zaqar
+            state: directory
       upgrade_tasks:
         - name: Stop and disable zaqar service
           tags: step2
-          service: name=openstack-zaqar.service state=stopped enabled=no
-
+          service: name=httpd state=stopped enabled=no
index 617d640..99e517b 100644 (file)
@@ -9,9 +9,13 @@ parameter_defaults:
   CinderDellScSanIp: ''
   CinderDellScSanLogin: 'Admin'
   CinderDellScSanPassword: ''
-  CinderDellScSsn: '64702'
+  CinderDellScSsn: 64702
   CinderDellScIscsiIpAddress: ''
-  CinderDellScIscsiPort: '3260'
-  CinderDellScApiPort: '3033'
+  CinderDellScIscsiPort: 3260
+  CinderDellScApiPort: 3033
   CinderDellScServerFolder: 'dellsc_server'
   CinderDellScVolumeFolder: 'dellsc_volume'
+  CinderDellScSecondarySanIp: ''
+  CinderDellScSecondarySanLogin: 'Admin'
+  CinderDellScSecondarySanPassword: ''
+  CinderDellScSecondaryScApiPort: 3033
diff --git a/environments/cinder-pure-config.yaml b/environments/cinder-pure-config.yaml
new file mode 100644 (file)
index 0000000..84820d1
--- /dev/null
@@ -0,0 +1,13 @@
+# A Heat environment file which can be used to enable a
+# Cinder Pure Storage FlashArray iSCSI backend, configured via puppet
+resource_registry:
+  OS::TripleO::Services::CinderBackendPure: ../puppet/services/cinder-backend-pure.yaml
+
+parameter_defaults:
+  CinderEnablePureBackend: true
+  CinderPureBackendName: 'tripleo_pure'
+  CinderPureStorageProtocol: 'iSCSI'
+  CinderPureSanIp: ''
+  CinderPureAPIToken: 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
+  CinderPureUseChap: false
+  CinderPureMultipathXfer: true
index 7780530..e40aedf 100644 (file)
@@ -3,8 +3,36 @@ resource_registry:
 
 # parameter_defaults:
 #
-## You can specify additional plugins to load using the
-## CollectdExtraPlugins key:
+## Collectd server configuration
+#   CollectdServer: collectd0.example.com
+#
+################
+#### Other config parameters, the values shown here are the defaults
+################ 
+#
+#   CollectdServerPort: 25826 
+#   CollectdSecurityLevel: None
+#
+################
+#### If CollectdSecurityLevel is set to Encrypt or Sign
+#### the following parameters are also needed
+###############
+#
+#   CollectdUsername: user
+#   CollectdPassword: password
+#
+## CollectdDefaultPlugins, These are the default plugins used by collectd 
+#
+#   CollectdDefaultPlugins:
+#     - disk
+#     - interface
+#     - load
+#     - memory
+#     - processes
+#     - tcpconns
+# 
+## Extra plugins can be enabled by the CollectdExtraPlugins parameter:
+## All the plugins availables are:
 #
 #   CollectdExtraPlugins:
 #     - disk
index 3007638..a5f0eca 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Software Config to drive os-net-config to configure multiple interfaces
index 85fa7d2..cc9ea99 100644 (file)
@@ -1,4 +1,4 @@
 resource_registry:
-  OS::TripleO::Tasks::ControllerDeployedServerPrePuppet: ../extraconfig/tasks/pre_puppet_pacemaker.yaml
-  OS::TripleO::Tasks::ControllerDeployedServerPostPuppet: ../extraconfig/tasks/post_puppet_pacemaker.yaml
+  OS::TripleO::Tasks::ControllerDeployedServerPreConfig: ../extraconfig/tasks/pre_puppet_pacemaker.yaml
+  OS::TripleO::Tasks::ControllerDeployedServerPostConfig: ../extraconfig/tasks/post_puppet_pacemaker.yaml
   OS::TripleO::Tasks::ControllerDeployedServerPostPuppetRestart: ../extraconfig/tasks/post_puppet_pacemaker_restart.yaml
diff --git a/environments/disable-telemetry.yaml b/environments/disable-telemetry.yaml
new file mode 100644 (file)
index 0000000..6249c28
--- /dev/null
@@ -0,0 +1,20 @@
+# This heat environment can be used to disable all of the telemetry services.
+# It is most useful in a resource constrained environment or one in which
+# telemetry is not needed.
+
+resource_registry:
+  OS::TripleO::Services::CeilometerApi: OS::Heat::None
+  OS::TripleO::Services::CeilometerCollector: OS::Heat::None
+  OS::TripleO::Services::CeilometerExpirer: OS::Heat::None
+  OS::TripleO::Services::CeilometerAgentCentral: OS::Heat::None
+  OS::TripleO::Services::CeilometerAgentNotification: OS::Heat::None
+  OS::TripleO::Services::CeilometerAgentIpmi: OS::Heat::None
+  OS::TripleO::Services::ComputeCeilometerAgent: OS::Heat::None
+  OS::TripleO::Services::GnocchiApi: OS::Heat::None
+  OS::TripleO::Services::GnocchiMetricd: OS::Heat::None
+  OS::TripleO::Services::GnocchiStatsd: OS::Heat::None
+  OS::TripleO::Services::AodhApi: OS::Heat::None
+  OS::TripleO::Services::AodhEvaluator: OS::Heat::None
+  OS::TripleO::Services::AodhNotifier: OS::Heat::None
+  OS::TripleO::Services::AodhListener: OS::Heat::None
+  OS::TripleO::Services::PankoApi: OS::Heat::None
index ec39951..2740664 100644 (file)
@@ -8,7 +8,29 @@ resource_registry:
   OS::TripleO::Compute::NodeUserData: ../docker/firstboot/setup_docker_host.yaml
 
   # NOTE: add roles to be docker enabled as we support them.
+  OS::TripleO::Services::AodhApi: ../docker/services/aodh-api.yaml
+  OS::TripleO::Services::AodhEvaluator: ../docker/services/aodh-evaluator.yaml
+  OS::TripleO::Services::AodhListener: ../docker/services/aodh-listener.yaml
+  OS::TripleO::Services::AodhNotifier: ../docker/services/aodh-notifier.yaml
+  OS::TripleO::Services::ComputeNeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml
+  OS::TripleO::Services::GlanceApi: ../docker/services/glance-api.yaml
+  OS::TripleO::Services::GnocchiApi: ../docker/services/gnocchi-api.yaml
+  OS::TripleO::Services::GnocchiMetricd: ../docker/services/gnocchi-metricd.yaml
+  OS::TripleO::Services::GnocchiStatsd: ../docker/services/gnocchi-statsd.yaml
+  OS::TripleO::Services::HeatApi: ../docker/services/heat-api.yaml
+  OS::TripleO::Services::HeatApiCfn: ../docker/services/heat-api-cfn.yaml
+  OS::TripleO::Services::HeatEngine: ../docker/services/heat-engine.yaml
   OS::TripleO::Services::Keystone: ../docker/services/keystone.yaml
+  OS::TripleO::Services::NeutronApi: ../docker/services/neutron-api.yaml
+  OS::TripleO::Services::NeutronCorePlugin: ../docker/services/neutron-plugin-ml2.yaml
+  OS::TripleO::Services::NeutronDhcpAgent: ../docker/services/neutron-dhcp.yaml
+  OS::TripleO::Services::NeutronL3Agent: ../docker/services/neutron-l3.yaml
+  OS::TripleO::Services::NeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml
+  OS::TripleO::Services::NeutronServer: ../docker/services/neutron-api.yaml
+  OS::TripleO::Services::PankoApi: ../docker/services/panko-api.yaml
+  OS::TripleO::Services::SwiftProxy: ../docker/services/swift-proxy.yaml
+  OS::TripleO::Services::SwiftRingBuilder: ../docker/services/swift-ringbuilder.yaml
+  OS::TripleO::Services::SwiftStorage: ../docker/services/swift-storage.yaml
 
   OS::TripleO::PostDeploySteps: ../docker/post.yaml
   OS::TripleO::PostUpgradeSteps: ../docker/post-upgrade.yaml
@@ -22,7 +44,10 @@ parameter_defaults:
   DockerNamespaceIsRegistry: false
 
   ComputeServices:
+    - OS::TripleO::Services::CACerts
+    - OS::TripleO::Services::CertmongerUser
     - OS::TripleO::Services::NovaCompute
     - OS::TripleO::Services::NovaLibvirt
     - OS::TripleO::Services::ComputeNeutronOvsAgent
     - OS::TripleO::Services::Docker
+    - OS::TripleO::Services::Sshd
index 07f704e..5b03b08 100644 (file)
@@ -22,6 +22,7 @@ resource_registry:
   OS::TripleO::Services::NeutronServer: ../docker/services/neutron-api.yaml
   OS::TripleO::Services::NeutronApi: ../docker/services/neutron-api.yaml
   OS::TripleO::Services::NeutronCorePlugin: ../docker/services/neutron-plugin-ml2.yaml
+  OS::TripleO::Services::NeutronMetadataAgent: ../docker/services/neutron-metadata.yaml
   OS::TripleO::Services::NeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml
   OS::TripleO::Services::NeutronDhcpAgent: ../docker/services/neutron-dhcp.yaml
   OS::TripleO::Services::NeutronL3Agent: ../docker/services/neutron-l3.yaml
@@ -29,6 +30,7 @@ resource_registry:
   OS::TripleO::Services::HAProxy: ../docker/services/haproxy.yaml
   OS::TripleO::Services::RabbitMQ: ../docker/services/rabbitmq.yaml
   OS::TripleO::Services::MongoDb: ../docker/services/database/mongodb.yaml
+  OS::TripleO::Services::Redis: ../docker/services/database/redis.yaml
   OS::TripleO::Services::Memcached: ../docker/services/memcached.yaml
   OS::TripleO::Services::SwiftProxy: ../docker/services/swift-proxy.yaml
   OS::TripleO::Services::SwiftStorage: ../docker/services/swift-storage.yaml
@@ -41,6 +43,9 @@ resource_registry:
   OS::TripleO::Services::AodhNotifier: ../docker/services/aodh-notifier.yaml
   OS::TripleO::Services::AodhListener: ../docker/services/aodh-listener.yaml
   OS::TripleO::Services::PankoApi: ../docker/services/panko-api.yaml
+  OS::TripleO::Services::CeilometerAgentCentral: ../docker/services/ceilometer-agent-central.yaml
+  OS::TripleO::Services::CeilometerAgentCompute: ../docker/services/ceilometer-agent-compute.yaml
+  OS::TripleO::Services::CeilometerAgentNotification: ../docker/services/ceilometer-agent-notification.yaml
 
   OS::TripleO::PostDeploySteps: ../docker/post.yaml
   OS::TripleO::PostUpgradeSteps: ../docker/post-upgrade.yaml
@@ -48,13 +53,15 @@ resource_registry:
   OS::TripleO::Services: ../docker/services/services.yaml
 
 parameter_defaults:
-  # Defaults to 'tripleoupstream'.  Specify a local docker registry
-  # Example: 192.168.24.1:8787/tripleoupstream
-  DockerNamespace: tripleoupstream
-  DockerNamespaceIsRegistry: false
+  # To specify a local docker registry, enable these
+  # where 192.168.24.1 is the host running docker-distribution
+  #DockerNamespace: 192.168.24.1:8787/tripleoupstream
+  #DockerNamespaceIsRegistry: true
 
   ComputeServices:
     - OS::TripleO::Services::NovaCompute
     - OS::TripleO::Services::NovaLibvirt
     - OS::TripleO::Services::ComputeNeutronOvsAgent
     - OS::TripleO::Services::Docker
+    - OS::TripleO::Services::CeilometerAgentCompute
+    - OS::TripleO::Services::Sshd
index bd45517..c8375fc 100644 (file)
@@ -1,4 +1,9 @@
 resource_registry:
+  OS::TripleO::Network::Ports::ExternalVipPort: ../network/ports/external_v6.yaml
+  OS::TripleO::Network::Ports::InternalApiVipPort: ../network/ports/internal_api_v6.yaml
+  OS::TripleO::Network::Ports::StorageVipPort: ../network/ports/storage_v6.yaml
+  OS::TripleO::Network::Ports::StorageMgmtVipPort: ../network/ports/storage_mgmt_v6.yaml
+  OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/vip_v6.yaml
   OS::TripleO::Controller::Ports::ExternalPort: ../network/ports/external_from_pool_v6.yaml
   OS::TripleO::Controller::Ports::InternalApiPort: ../network/ports/internal_api_from_pool_v6.yaml
   OS::TripleO::Controller::Ports::StoragePort: ../network/ports/storage_from_pool_v6.yaml
index dec9b83..33f145d 100644 (file)
@@ -1,4 +1,9 @@
 resource_registry:
+  OS::TripleO::Network::Ports::ExternalVipPort: ../network/ports/external.yaml
+  OS::TripleO::Network::Ports::InternalApiVipPort: ../network/ports/internal_api.yaml
+  OS::TripleO::Network::Ports::StorageVipPort: ../network/ports/storage.yaml
+  OS::TripleO::Network::Ports::StorageMgmtVipPort: ../network/ports/storage_mgmt.yaml
+  OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/vip.yaml
   OS::TripleO::Controller::Ports::ExternalPort: ../network/ports/external_from_pool.yaml
   OS::TripleO::Controller::Ports::InternalApiPort: ../network/ports/internal_api_from_pool.yaml
   OS::TripleO::Controller::Ports::StoragePort: ../network/ports/storage_from_pool.yaml
diff --git a/environments/fixed-ip-vips-v6.yaml b/environments/fixed-ip-vips-v6.yaml
new file mode 100644 (file)
index 0000000..c288d7b
--- /dev/null
@@ -0,0 +1,21 @@
+# This template allows the IPs to be preselected for each VIP. Note that
+# this template should be included after other templates which affect the
+# network such as network-isolation.yaml.
+
+resource_registry:
+  OS::TripleO::Network::Ports::ExternalVipPort: ../network/ports/external_v6.yaml
+  OS::TripleO::Network::Ports::InternalApiVipPort: ../network/ports/internal_api_v6.yaml
+  OS::TripleO::Network::Ports::StorageVipPort: ../network/ports/storage_v6.yaml
+  OS::TripleO::Network::Ports::StorageMgmtVipPort: ../network/ports/storage_mgmt_v6.yaml
+  OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/vip.yaml
+
+parameter_defaults:
+  # Set the IP addresses of the VIPs here.
+  # NOTE: we will eventually move to one VIP per service
+  #
+  ControlFixedIPs: [{'ip_address':'192.168.24.240'}]
+  PublicVirtualFixedIps: [{'ip_address':'2001:db8:fd00:1000:0000:0000:0000:0005'}]
+  InternalApiVirtualFixedIPs: [{'ip_address':'fd00:fd00:fd00:2000:0000:0000:0000:0005'}]
+  StorageVirtualFixedIPs: [{'ip_address':'fd00:fd00:fd00:3000:0000:0000:0000:000'}]
+  StorageMgmtVirtualFixedIPs: [{'ip_address':'fd00:fd00:fd00:4000:0000:0000:0000:0005'}]
+  RedisVirtualFixedIPs: [{'ip_address':'fd00:fd00:fd00:2000:0000:0000:0000:0006'}]
diff --git a/environments/fixed-ip-vips.yaml b/environments/fixed-ip-vips.yaml
new file mode 100644 (file)
index 0000000..3860f41
--- /dev/null
@@ -0,0 +1,21 @@
+# This template allows the IPs to be preselected for each VIP. Note that
+# this template should be included after other templates which affect the
+# network such as network-isolation.yaml.
+
+resource_registry:
+  OS::TripleO::Network::Ports::ExternalVipPort: ../network/ports/external.yaml
+  OS::TripleO::Network::Ports::InternalApiVipPort: ../network/ports/internal_api.yaml
+  OS::TripleO::Network::Ports::StorageVipPort: ../network/ports/storage.yaml
+  OS::TripleO::Network::Ports::StorageMgmtVipPort: ../network/ports/storage_mgmt.yaml
+  OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/vip.yaml
+
+parameter_defaults:
+  # Set the IP addresses of the VIPs here.
+  # NOTE: we will eventually move to one VIP per service
+  #
+  ControlFixedIPs: [{'ip_address':'192.168.24.240'}]
+  PublicVirtualFixedIps: [{'ip_address':'10.0.0.240'}]
+  InternalApiVirtualFixedIPs: [{'ip_address':'172.16.2.240'}]
+  StorageVirtualFixedIPs: [{'ip_address':'172.16.1.240'}]
+  StorageMgmtVirtualFixedIPs: [{'ip_address':'172.16.3.240'}]
+  RedisVirtualFixedIPs: [{'ip_address':'172.16.2.241'}]
index f1c90e2..0f7e114 100644 (file)
@@ -19,6 +19,7 @@ parameter_defaults:
     - OS::TripleO::Services::Kernel
     - OS::TripleO::Services::ComputeNeutronCorePlugin
     - OS::TripleO::Services::ComputeNeutronOvsAgent
+    - OS::TripleO::Services::NeutronLinuxbridgeAgent
     - OS::TripleO::Services::ComputeCeilometerAgent
     - OS::TripleO::Services::ComputeNeutronL3Agent
     - OS::TripleO::Services::ComputeNeutronMetadataAgent
@@ -32,5 +33,6 @@ parameter_defaults:
     - OS::TripleO::Services::Collectd
     - OS::TripleO::Services::CephOSD
     - OS::TripleO::Services::Vpp
+    - OS::TripleO::Services::NeutronVppAgent
     - OS::TripleO::Services::MySQLClient
     - OS::TripleO::Services::Docker
index 3a60633..547dc31 100644 (file)
@@ -16,3 +16,5 @@ parameter_defaults:
 
   ControllerExtraConfig:
       'nova::network::neutron::neutron_url_timeout': '60'
+
+  DatabaseSyncTimeout: 900
diff --git a/environments/major-upgrade-aodh-migration.yaml b/environments/major-upgrade-aodh-migration.yaml
deleted file mode 100644 (file)
index 9d6ce73..0000000
+++ /dev/null
@@ -1,6 +0,0 @@
-resource_registry:
-  # aodh data migration
-  OS::TripleO::Tasks::UpdateWorkflow: ../extraconfig/tasks/mitaka_to_newton_aodh_data_migration.yaml
-
-  # no-op the rest
-  OS::TripleO::PostDeploySteps: OS::Heat::None
diff --git a/environments/major-upgrade-ceilometer-wsgi-mitaka-newton.yaml b/environments/major-upgrade-ceilometer-wsgi-mitaka-newton.yaml
deleted file mode 100644 (file)
index 6798c25..0000000
+++ /dev/null
@@ -1,7 +0,0 @@
-resource_registry:
-
-  # This initiates the upgrades for ceilometer api to run under apache wsgi
-  OS::TripleO::Tasks::UpdateWorkflow: ../extraconfig/tasks/major_upgrade_ceilometer_wsgi_mitaka_newton.yaml
-
-  # no-op the rest
-  OS::TripleO::PostDeploySteps: OS::Heat::None
index 40da726..24eedf8 100644 (file)
@@ -5,6 +5,7 @@ resource_registry:
   OS::TripleO::PostDeploySteps: ../puppet/major_upgrade_steps.yaml
 parameter_defaults:
   EnableConfigPurge: false
+  StackUpdateType: UPGRADE
   UpgradeLevelNovaCompute: auto
   UpgradeInitCommonCommand: |
     #!/bin/bash
index 8b1617f..5a69517 100644 (file)
@@ -2,6 +2,7 @@ resource_registry:
   OS::TripleO::PostDeploySteps: ../puppet/major_upgrade_steps.yaml
 parameter_defaults:
   EnableConfigPurge: true
+  StackUpdateType: UPGRADE
   UpgradeLevelNovaCompute: auto
   UpgradeInitCommonCommand: |
     #!/bin/bash
index a3816b5..163d1de 100644 (file)
@@ -4,5 +4,7 @@ resource_registry:
   OS::TripleO::PostDeploySteps: ../docker/post.yaml
 parameter_defaults:
   EnableConfigPurge: false
+  StackUpdateType: ''
   UpgradeLevelNovaCompute: ''
   UpgradeInitCommonCommand: ''
+  UpgradeInitCommand: ''
index 4e8bf46..d222fb8 100644 (file)
@@ -4,5 +4,7 @@ resource_registry:
   OS::TripleO::PostDeploySteps: ../puppet/post.yaml
 parameter_defaults:
   EnableConfigPurge: false
+  StackUpdateType: ''
   UpgradeLevelNovaCompute: ''
   UpgradeInitCommonCommand: ''
+  UpgradeInitCommand: ''
diff --git a/environments/major-upgrade-pacemaker-converge.yaml b/environments/major-upgrade-pacemaker-converge.yaml
deleted file mode 100644 (file)
index e9a5f9b..0000000
+++ /dev/null
@@ -1,6 +0,0 @@
-parameter_defaults:
-  UpgradeLevelNovaCompute: ''
-
-resource_registry:
-  OS::TripleO::Services::SaharaApi: ../puppet/services/sahara-api.yaml
-  OS::TripleO::Services::SaharaEngine: ../puppet/services/sahara-engine.yaml
diff --git a/environments/major-upgrade-pacemaker-init.yaml b/environments/major-upgrade-pacemaker-init.yaml
deleted file mode 100644 (file)
index f4f361d..0000000
+++ /dev/null
@@ -1,6 +0,0 @@
-parameter_defaults:
-  UpgradeLevelNovaCompute: mitaka
-
-resource_registry:
-  OS::TripleO::Tasks::UpdateWorkflow: ../extraconfig/tasks/major_upgrade_pacemaker_init.yaml
-  OS::TripleO::PostDeploySteps: OS::Heat::None
diff --git a/environments/major-upgrade-pacemaker.yaml b/environments/major-upgrade-pacemaker.yaml
deleted file mode 100644 (file)
index 9fb51a4..0000000
+++ /dev/null
@@ -1,6 +0,0 @@
-parameter_defaults:
-  UpgradeLevelNovaCompute: mitaka
-
-resource_registry:
-  OS::TripleO::Tasks::UpdateWorkflow: ../extraconfig/tasks/major_upgrade_pacemaker.yaml
-  OS::TripleO::PostDeploySteps: OS::Heat::None
diff --git a/environments/major-upgrade-remove-sahara.yaml b/environments/major-upgrade-remove-sahara.yaml
deleted file mode 100644 (file)
index e0aaf13..0000000
+++ /dev/null
@@ -1,6 +0,0 @@
-parameter_defaults:
-  KeepSaharaServicesOnUpgrade: false
-resource_registry:
-  OS::TripleO::Services::SaharaApi: OS::Heat::None
-  OS::TripleO::Services::SaharaEngine: OS::Heat::None
-
index 5632d8d..0cc8fb7 100644 (file)
@@ -14,4 +14,4 @@ parameter_defaults:
   ManilaCephFSNativeCephFSConfPath: '/etc/ceph/ceph.conf'
   ManilaCephFSNativeCephFSAuthId: 'manila'
   ManilaCephFSNativeCephFSClusterName: 'ceph'
-  ManilaCephFSNativeCephFSEnableSnapshots: true
+  ManilaCephFSNativeCephFSEnableSnapshots: false
diff --git a/environments/neutron-bgpvpn-opendaylight.yaml b/environments/neutron-bgpvpn-opendaylight.yaml
new file mode 100644 (file)
index 0000000..1d2e077
--- /dev/null
@@ -0,0 +1,12 @@
+# A Heat environment file that can be used to deploy Neutron BGPVPN service
+#
+#  This environment file deploys Neutron BGPVPN service and configures
+#  Opendaylight as its service provider.
+#
+# - OpenDaylight: BGPVPN:OpenDaylight:networking_bgpvpn.neutron.services.service_drivers.opendaylight.odl.OpenDaylightBgpvpnDriver:default
+resource_registry:
+  OS::TripleO::Services::NeutronBgpVpnApi: ../puppet/services/neutron-bgpvpn-api.yaml
+
+parameter_defaults:
+  NeutronServicePlugins: 'router, networking_bgpvpn.neutron.services.plugin.BGPVPNPlugin'
+  BgpvpnServiceProvider: 'BGPVPN:OpenDaylight:networking_bgpvpn.neutron.services.service_drivers.opendaylight.odl.OpenDaylightBgpvpnDriver:default'
diff --git a/environments/neutron-l2gw-opendaylight.yaml b/environments/neutron-l2gw-opendaylight.yaml
new file mode 100644 (file)
index 0000000..2168dbc
--- /dev/null
@@ -0,0 +1,18 @@
+# A Heat environment file that can be used to deploy Neutron L2 Gateway service
+#
+# Currently there are only two service provider for Neutron L2 Gateway
+# This file enables L2GW service with OpenDaylight as driver.
+#
+# - OpenDaylight: L2GW:OpenDaylight:networking_odl.l2gateway.driver.OpenDaylightL2gwDriver:default
+resource_registry:
+  OS::TripleO::Services::NeutronL2gwApi: ../puppet/services/neutron-l2gw-api.yaml
+
+parameter_defaults:
+  NeutronServicePlugins: "networking_l2gw.services.l2gateway.plugin.L2GatewayPlugin"
+  L2gwServiceProvider: ['L2GW:OpenDaylight:networking_odl.l2gateway.driver.OpenDaylightL2gwDriver:default']
+
+  # Optional
+  # L2gwServiceDefaultInterfaceName: "FortyGigE1/0/1"
+  # L2gwServiceDefaultDeviceName: "Switch1"
+  # L2gwServiceQuotaL2Gateway: 10
+  # L2gwServicePeriodicMonitoringInterval: 5
similarity index 54%
rename from environments/neutron-l2gw-api.yaml
rename to environments/neutron-l2gw.yaml
index 0989467..bba0968 100644 (file)
@@ -8,13 +8,20 @@
 # - OpenDaylight: L2GW:OpenDaylight:networking_odl.l2gateway.driver.OpenDaylightL2gwDriver:default
 resource_registry:
   OS::TripleO::Services::NeutronL2gwApi: ../puppet/services/neutron-l2gw-api.yaml
+  OS::TripleO::Services::NeutronL2gwAgent: ../puppet/services/neutron-l2gw-agent.yaml
 
 parameter_defaults:
   NeutronServicePlugins: "networking_l2gw.services.l2gateway.plugin.L2GatewayPlugin"
-  L2gwServiceProvider: ["L2GW:l2gw:networking_l2gw.services.l2gateway.service_drivers.L2gwDriver:default"]
+  L2gwServiceProvider: ['L2GW:l2gw:networking_l2gw.services.l2gateway.service_drivers.L2gwDriver:default']
 
   # Optional
-  # L2gwServiceDefaultInterfaceName:
-  # L2gwServiceDefaultDeviceName:
-  # L2gwServiceQuotaL2Gateway:
-  # L2gwServicePeriodicMonitoringInterval:
+  # L2gwServiceDefaultInterfaceName: "FortyGigE1/0/1"
+  # L2gwServiceDefaultDeviceName: "Switch1"
+  # L2gwServiceQuotaL2Gateway: 10
+  # L2gwServicePeriodicMonitoringInterval: 5
+  # L2gwAgentOvsdbHosts: ["ovsdb1:127.0.0.1:6632"]
+  # L2gwAgentEnableManager: False
+  # L2gwAgentManagerTableListeningPort: "6633"
+  # L2gwAgentPeriodicInterval: 20
+  # L2gwAgentMaxConnectionRetries: 10
+  # L2gwAgentSocketTimeout: 30
diff --git a/environments/neutron-linuxbridge.yaml b/environments/neutron-linuxbridge.yaml
new file mode 100644 (file)
index 0000000..c8045cc
--- /dev/null
@@ -0,0 +1,8 @@
+## A Heat environment that can be used to deploy linuxbridge
+resource_registry:
+  OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
+  OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
+  OS::TripleO::Services::NeutronLinuxbridgeAgent: ../puppet/services/neutron-linuxbridge-agent.yaml
+
+parameter_defaults:
+  NeutronMechanismDrivers: ['linuxbridge']
index ad11175..f5a0a39 100644 (file)
@@ -2,6 +2,8 @@
 # a Cisco Neutron plugin.
 resource_registry:
   OS::TripleO::AllNodesExtraConfig: ../puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml
+  OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
+  OS::TripleO::Services::ComputeNeutronCorePlugin: OS::Heat::None
 
 parameter_defaults:
   NetworkUCSMIp: '127.0.0.1'
diff --git a/environments/neutron-ml2-vpp.yaml b/environments/neutron-ml2-vpp.yaml
new file mode 100644 (file)
index 0000000..1dec395
--- /dev/null
@@ -0,0 +1,22 @@
+# Environment file used to enable networking-vpp ML2 mechanism driver
+
+resource_registry:
+  OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
+  OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
+  OS::TripleO::Services::NeutronVppAgent: ../puppet/services/neutron-vpp-agent.yaml
+  OS::TripleO::Services::Etcd: ../puppet/services/etcd.yaml
+  OS::TripleO::Services::Vpp: ../puppet/services/vpp.yaml
+
+parameter_defaults:
+  #Comma delimited list of <physical_network>:<VPP Interface>.
+  #Example: "datacentre:GigabitEthernet2/2/0"
+  #NeutronVPPAgentPhysnets: ""
+
+  NeutronMechanismDrivers: vpp
+  NeutronNetworkType: vlan
+  NeutronServicePlugins: router
+  NeutronTypeDrivers: vlan,flat
+  ExtraConfig:
+    # Use Linux Bridge driver for DHCP and L3 agent.
+    neutron::agents::dhcp::interface_driver: "neutron.agent.linux.interface.BridgeInterfaceDriver"
+    neutron::agents::l3::interface_driver: "neutron.agent.linux.interface.BridgeInterfaceDriver"
diff --git a/environments/neutron-nsx.yaml b/environments/neutron-nsx.yaml
new file mode 100644 (file)
index 0000000..eb1dcec
--- /dev/null
@@ -0,0 +1,15 @@
+# A Heat environment that can be used to deploy NSX Services
+# extensions, configured via puppet
+resource_registry:
+  # NSX doesn't require dhcp, l3, metadata, and ovs agents
+  OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None
+  OS::TripleO::Services::NeutronL3Agent: OS::Heat::None
+  OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None
+  OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
+  OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
+  # Override the Neutron core plugin to use NSX
+  OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginNSX
+  OS::TripleO::Services::ComputeNeutronCorePlugin: OS::Heat::None
+
+parameter_defaults:
+  NeutronCorePlugin: vmware_nsx.plugin.NsxV3Plugin
index 004b8ac..6706bcc 100644 (file)
@@ -9,7 +9,7 @@ parameter_defaults:
   #NeutronDpdkMemoryChannels: ""
 
   NeutronDatapathType: "netdev"
-  NeutronVhostuserSocketDir: "/var/run/openvswitch"
+  NeutronVhostuserSocketDir: "/var/lib/vhost_sockets"
 
   #NeutronDpdkSocketMemory: ""
   #NeutronDpdkDriverType: "vfio-pci"
index 9c8abbb..8fc4bf2 100644 (file)
@@ -20,3 +20,5 @@ parameter_defaults:
   GlanceBackend: rbd
   GnocchiBackend: rbd
   CinderEnableIscsiBackend: false
+  CephPoolDefaultSite: 1
+
index da607a7..21a51f6 100644 (file)
@@ -1,8 +1,8 @@
 # An environment which enables configuration of an
 # Overcloud controller with Pacemaker.
 resource_registry:
-  OS::TripleO::Tasks::ControllerPrePuppet: ../extraconfig/tasks/pre_puppet_pacemaker.yaml
-  OS::TripleO::Tasks::ControllerPostPuppet: ../extraconfig/tasks/post_puppet_pacemaker.yaml
+  OS::TripleO::Tasks::ControllerPreConfig: ../extraconfig/tasks/pre_puppet_pacemaker.yaml
+  OS::TripleO::Tasks::ControllerPostConfig: ../extraconfig/tasks/post_puppet_pacemaker.yaml
   OS::TripleO::Tasks::ControllerPostPuppetRestart: ../extraconfig/tasks/post_puppet_pacemaker_restart.yaml
 
   # custom pacemaker services
diff --git a/environments/services-docker/etcd.yaml b/environments/services-docker/etcd.yaml
new file mode 100644 (file)
index 0000000..c4201cf
--- /dev/null
@@ -0,0 +1,2 @@
+resource_registry:
+  OS::TripleO::Services::Etcd: ../../docker/services/etcd.yaml
diff --git a/environments/services-docker/undercloud-aodh.yaml b/environments/services-docker/undercloud-aodh.yaml
new file mode 100644 (file)
index 0000000..95d4a87
--- /dev/null
@@ -0,0 +1,5 @@
+resource_registry:
+  OS::TripleO::Services::UndercloudAodhApi: ../../docker/services/aodh-api.yaml
+  OS::TripleO::Services::UndercloudAodhEvaluator: ../../docker/services/aodh-evaluator.yaml
+  OS::TripleO::Services::UndercloudAodhNotifier: ../../docker/services/aodh-notifier.yaml
+  OS::TripleO::Services::UndercloudAodhListener: ../../docker/services/aodh-listener.yaml
diff --git a/environments/services-docker/undercloud-ceilometer.yaml b/environments/services-docker/undercloud-ceilometer.yaml
new file mode 100644 (file)
index 0000000..07a61c2
--- /dev/null
@@ -0,0 +1,3 @@
+resource_registry:
+  OS::TripleO::Services::UndercloudCeilometerAgentCentral: ../../docker/services/ceilometer-agent-central.yaml
+  OS::TripleO::Services::UndercloudCeilometerAgentNotification: ../../docker/services/ceilometer-agent-notification.yaml
diff --git a/environments/services-docker/undercloud-gnocchi.yaml b/environments/services-docker/undercloud-gnocchi.yaml
new file mode 100644 (file)
index 0000000..4b898cb
--- /dev/null
@@ -0,0 +1,4 @@
+resource_registry:
+  OS::TripleO::Services::UndercloudGnocchiApi: ../../docker/services/gnocchi-api.yaml
+  OS::TripleO::Services::UndercloudGnocchiMetricd: ../../docker/services/gnocchi-metricd.yaml
+  OS::TripleO::Services::UndercloudGnocchiStatsd: ../../docker/services/gnocchi-statsd.yaml
diff --git a/environments/services-docker/undercloud-panko.yaml b/environments/services-docker/undercloud-panko.yaml
new file mode 100644 (file)
index 0000000..8384f31
--- /dev/null
@@ -0,0 +1,2 @@
+resource_registry:
+  OS::TripleO::Services::UndercloudPankoApi: ../../docker/services/panko-api.yaml
index ca0b3b1..08033d9 100644 (file)
@@ -1,2 +1,3 @@
 resource_registry:
   OS::TripleO::Services::Zaqar: ../../docker/services/zaqar.yaml
+  OS::TripleO::Services::MongoDb: ../../docker/services/database/mongodb.yaml
diff --git a/environments/services/ceilometer-collector.yaml b/environments/services/ceilometer-collector.yaml
new file mode 100644 (file)
index 0000000..f97d3e0
--- /dev/null
@@ -0,0 +1,3 @@
+resource_registry:
+  OS::TripleO::Services::CeilometerCollector: ../../puppet/services/ceilometer-collector.yaml
+  OS::TripleO::Services::MongoDb: ../../puppet/services/database/mongodb.yaml
diff --git a/environments/services/ceilometer-expirer.yaml b/environments/services/ceilometer-expirer.yaml
new file mode 100644 (file)
index 0000000..d20ee25
--- /dev/null
@@ -0,0 +1,2 @@
+resource_registry:
+  OS::TripleO::Services::CeilometerExpirer: ../../puppet/services/ceilometer-expirer.yaml
index 8359f4a..b131738 100644 (file)
@@ -1,4 +1,5 @@
 resource_registry:
   OS::TripleO::Services::IronicApi: ../../puppet/services/ironic-api.yaml
   OS::TripleO::Services::IronicConductor: ../../puppet/services/ironic-conductor.yaml
+  OS::TripleO::Services::IronicPxe: ../../puppet/services/ironic-pxe.yaml
   OS::TripleO::Services::NovaIronic: ../../puppet/services/nova-ironic.yaml
index ee13792..e501b69 100644 (file)
@@ -1,2 +1,3 @@
 resource_registry:
   OS::TripleO::Services::Zaqar: ../../puppet/services/zaqar.yaml
+  OS::TripleO::Services::MongoDb: ../../puppet/services/database/mongodb.yaml
index 041c099..894bf1c 100644 (file)
@@ -1,6 +1,3 @@
-resource_registry:
-  OS::TripleO::Services::Sshd: ../puppet/services/sshd.yaml
-
 parameter_defaults:
   BannerText: |
     ******************************************************************
@@ -11,3 +8,6 @@ parameter_defaults:
     * evidence of criminal activity, system personnel may provide    *
     * the evidence from such monitoring to law enforcement officials.*
     ******************************************************************
+  MessageOfTheDay: |
+    ALERT! You are entering into a secured area!
+    This service is restricted to authorized users only.
index 1b666c5..4443221 100644 (file)
@@ -72,6 +72,9 @@ parameter_defaults:
     IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
     IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
     IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'}
+    IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
+    IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
+    IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'CLOUDNAME'}
     KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'}
     KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'}
     KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'}
index 7311a1f..5ac2918 100644 (file)
@@ -72,6 +72,9 @@ parameter_defaults:
     IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
     IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
     IronicPublic: {protocol: 'https', port: '13385', host: 'IP_ADDRESS'}
+    IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
+    IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
+    IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'IP_ADDRESS'}
     KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'}
     KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'}
     KeystonePublic: {protocol: 'https', port: '13000', host: 'IP_ADDRESS'}
index e6608b5..865ed4c 100644 (file)
@@ -72,6 +72,9 @@ parameter_defaults:
     IronicAdmin: {protocol: 'https', port: '6385', host: 'CLOUDNAME'}
     IronicInternal: {protocol: 'https', port: '6385', host: 'CLOUDNAME'}
     IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'}
+    IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'CLOUDNAME'}
+    IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'CLOUDNAME'}
+    IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'CLOUDNAME'}
     KeystoneAdmin: {protocol: 'https', port: '35357', host: 'CLOUDNAME'}
     KeystoneInternal: {protocol: 'https', port: '5000', host: 'CLOUDNAME'}
     KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'}
index 2540fbe..7a2716d 100644 (file)
@@ -11,6 +11,7 @@ parameter_defaults:
   NeutronBridgeMappings: ctlplane:br-ctlplane
   NeutronAgentExtensions: []
   NeutronFlatNetworks: '*'
+  NeutronDnsDomain: ''
   NovaSchedulerAvailableFilters: 'tripleo_common.filters.list.tripleo_filters'
   NovaSchedulerDefaultFilters: ['RetryFilter', 'TripleOCapabilitiesFilter', 'ComputeCapabilitiesFilter', 'AvailabilityZoneFilter', 'RamFilter', 'DiskFilter', 'ComputeFilter', 'ImagePropertiesFilter', 'ServerGroupAntiAffinityFilter', 'ServerGroupAffinityFilter']
   NeutronDhcpAgentsPerNetwork: 2
index fcf022a..79794f9 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Example extra config for cluster config
index 77d4b38..b954e72 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Example extra config for cluster config
index b6fef79..9e3713b 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: Template file to add a swap partition to a node.
 
index 044f817..e19fc21 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: Template file to add a swap file to a node.
 
index 56d3cbc..59b8e7f 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: 'Generates the relevant service principals for a server'
 
 parameters:
index 4da54ea..4a0e06e 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: 'Extra Post Deployment Config'
 parameters:
   servers:
index 8ac7eb7..ee5a830 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Example extra config for post-deployment
index 738e263..346a1d7 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Example extra config for post-deployment, this re-runs every update
index 38a9181..ff1556f 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Post-deployment for the TripleO undercloud
@@ -81,13 +81,13 @@ resources:
         auth_url:
           if:
           - ssl_disabled
-          - list_join:
-            - ''
-            - - 'http://'
-              - {get_param: [DeployedServerPortMap, 'control_virtual_ip', fixed_ips, 0, ip_address]}
-              - ':5000/v2.0'
-          - list_join:
-            - ''
-            - - 'https://'
-              - {get_param: [DeployedServerPortMap, 'public_virtual_ip', fixed_ips, 0, ip_address]}
-              - ':13000/v2.0'
+          - make_url:
+              scheme: http
+              host: {get_param: [DeployedServerPortMap, 'control_virtual_ip', fixed_ips, 0, ip_address]}
+              port: 5000
+              path: /v2.0
+          - make_url:
+              scheme: https
+              host: {get_param: [DeployedServerPortMap, 'public_virtual_ip', fixed_ips, 0, ip_address]}
+              port: 13000
+              path: /v2.0
index 30a8355..96632bc 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   RHEL Registration and unregistration software deployments.
index bb0b951..48ba526 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Do some configuration, then reboot - sometimes needed for early-boot
index 4ad53cb..658fea7 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Do some configuration, then reboot - sometimes needed for early-boot
index 4480f74..f17a073 100755 (executable)
@@ -322,3 +322,52 @@ function special_case_ovs_upgrade_if_needed {
 
 }
 
+# This code is meant to fix https://bugs.launchpad.net/tripleo/+bug/1686357 on
+# existing setups via a minor update workflow and be idempotent. We need to
+# run this before the yum update because we fix this up even when there are no
+# packages to update on the system (in which case the script exits).
+# This code must be called with set +eu (due to the ocf scripts being sourced)
+function fixup_wrong_ipv6_vip {
+    # This XPath query identifies of all the VIPs in pacemaker with netmask /64. Those are IPv6 only resources that have the wrong netmask
+    # This gives the address of the resource in the CIB, one address per line. For example:
+    # /cib/configuration/resources/primitive[@id='ip-2001.db8.ca2.4..10']/instance_attributes[@id='ip-2001.db8.ca2.4..10-instance_attributes']\
+    # /nvpair[@id='ip-2001.db8.ca2.4..10-instance_attributes-cidr_netmask']
+    vip_xpath_query="//resources/primitive[@type='IPaddr2']/instance_attributes/nvpair[@name='cidr_netmask' and @value='64']"
+    vip_xpath_xml_addresses=$(cibadmin --query --xpath "$vip_xpath_query" -e 2>/dev/null)
+    # The following extracts the @id value of the resource
+    vip_resources_to_fix=$(echo -e "$vip_xpath_xml_addresses" | sed -n "s/.*primitive\[@id='\([^']*\)'.*/\1/p")
+    # Runnning this in a subshell so that sourcing files cannot possibly affect the running script
+    (
+        OCF_PATH="/usr/lib/ocf/lib/heartbeat"
+        if [ -n "$vip_resources_to_fix" -a -f $OCF_PATH/ocf-shellfuncs -a -f $OCF_PATH/findif.sh ]; then
+            source $OCF_PATH/ocf-shellfuncs
+            source $OCF_PATH/findif.sh
+            for resource in $vip_resources_to_fix; do
+                echo "Updating IPv6 VIP $resource with a /128 and a correct addrlabel"
+                # The following will give us something like:
+                # <nvpair id="ip-2001.db8.ca2.4..10-instance_attributes-ip" name="ip" value="2001:db8:ca2:4::10"/>
+                ip_cib_nvpair=$(cibadmin --query --xpath "//resources/primitive[@type='IPaddr2' and @id='$resource']/instance_attributes/nvpair[@name='ip']")
+                # Let's filter out the value of the nvpair to get the ip address
+                ip_address=$(echo $ip_cib_nvpair | xmllint --xpath 'string(//nvpair/@value)' -)
+                OCF_RESKEY_cidr_netmask="64"
+                OCF_RESKEY_ip="$ip_address"
+                # Unfortunately due to https://bugzilla.redhat.com/show_bug.cgi?id=1445628
+                # we need to find out the appropiate nic given the ip address.
+                nic=$(findif $ip_address | awk '{ print $1 }')
+                ret=$?
+                if [ -z "$nic" -o $ret -ne 0 ]; then
+                    echo "NIC autodetection failed for VIP $ip_address, not updating VIPs"
+                    # Only exits the subshell
+                    exit 1
+                fi
+                ocf_run -info pcs resource update --wait "$resource" ip="$ip_address" cidr_netmask=128 nic="$nic" lvs_ipv6_addrlabel=true lvs_ipv6_addrlabel_value=99
+                ret=$?
+                if [ $ret -ne 0 ]; then
+                    echo "pcs resource update for VIP $resource failed, not updating VIPs"
+                    # Only exits the subshell
+                    exit 1
+                fi
+            done
+        fi
+    )
+}
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: 'Post-Puppet Config for Pacemaker deployments'
 
 parameters:
@@ -10,7 +10,9 @@ parameters:
 
 resources:
 
-  ControllerPostPuppetMaintenanceModeConfig:
+{%- for role in roles -%}
+{% if "controller" in role.tags %}
+  {{role.name}}PostPuppetMaintenanceModeConfig:
     type: OS::Heat::SoftwareConfig
     properties:
       group: script
@@ -22,16 +24,19 @@ resources:
             pcs property set maintenance-mode=false
         fi
 
-  ControllerPostPuppetMaintenanceModeDeployment:
+  {{role.name}}PostPuppetMaintenanceModeDeployment:
     type: OS::Heat::SoftwareDeployments
     properties:
-      servers:  {get_param: servers}
-      config: {get_resource: ControllerPostPuppetMaintenanceModeConfig}
+      servers: {get_param: [servers, {{role.name}}]}
+      config: {get_resource: {{role.name}}PostPuppetMaintenanceModeConfig}
       input_values: {get_param: input_values}
 
-  ControllerPostPuppetRestart:
-    type: OS::TripleO::Tasks::ControllerPostPuppetRestart
-    depends_on: ControllerPostPuppetMaintenanceModeDeployment
+  {{role.name}}PostPuppetRestart:
+    type: OS::TripleO::Tasks::{{role.name}}PostPuppetRestart
+    depends_on: {{role.name}}PostPuppetMaintenanceModeDeployment
     properties:
-      servers:  {get_param: servers}
+      servers: {get_param: [servers, {{role.name}}]}
       input_values: {get_param: input_values}
+{%- endif -%}
+{% endfor %}
+
index 475a668..203ca1f 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: 'Post-Puppet restart config for Pacemaker deployments'
 
 parameters:
@@ -23,6 +23,6 @@ resources:
   ControllerPostPuppetRestartDeployment:
     type: OS::Heat::SoftwareDeployments
     properties:
-      servers:  {get_param: servers}
+      servers: {get_param: servers}
       config: {get_resource: ControllerPostPuppetRestartConfig}
       input_values: {get_param: input_values}
index aa7514f..98b37be 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: 'Pre-Puppet Config for Pacemaker deployments'
 
 parameters:
@@ -20,6 +20,6 @@ resources:
   ControllerPrePuppetMaintenanceModeDeployment:
     type: OS::Heat::SoftwareDeployments
     properties:
-      servers:  {get_param: servers}
+      servers: {get_param: servers}
       config: {get_resource: ControllerPrePuppetMaintenanceModeConfig}
       input_values: {get_param: input_values}
index b7771e3..e3f6c49 100755 (executable)
@@ -10,7 +10,10 @@ function run_puppet {
     export FACTER_deploy_config_name="${role}Deployment_Step${step}"
     if [ -e "/etc/puppet/hieradata/heat_config_${FACTER_deploy_config_name}.json" ]; then
         set +e
-        puppet apply --detailed-exitcodes "${manifest}"
+        puppet apply --detailed-exitcodes \
+               --modulepath \
+               /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules \
+               "${manifest}"
         rc=$?
         echo "puppet apply exited with exit code $rc"
     else
index 847c877..e4ba0cc 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   This is a template which will fetch the ssh host public key.
index 2ebcb63..50bde65 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: 'SSH Known Hosts Config'
 
 parameters:
index a5a312d..1114897 100644 (file)
@@ -50,6 +50,7 @@ fi
 if [[ -n \$NOVA_COMPUTE ]]; then
     log_debug "Restarting openstack ceilometer agent compute"
     systemctl restart openstack-ceilometer-compute
+    yum install -y openstack-nova-migration
 fi
 
 # Apply puppet manifest to converge just right after the ${ROLE} upgrade
index 20a5b65..cb9cc5b 100755 (executable)
@@ -38,6 +38,30 @@ if [[ -a "$timestamp_file" ]]; then
 fi
 touch "$timestamp_file"
 
+pacemaker_status=""
+# We include word boundaries in order to not match pacemaker_remote
+if hiera -c /etc/puppet/hiera.yaml service_names | grep -q '\bpacemaker\b'; then
+    pacemaker_status=$(systemctl is-active pacemaker)
+fi
+
+# (NB: when backporting this s/pacemaker_short_bootstrap_node_name/bootstrap_nodeid)
+# This runs before the yum_update so we are guaranteed to run it even in the absence
+# of packages to update (the check for -z "$update_identifier" guarantees that this
+# is run only on overcloud stack update -i)
+if [[ "$pacemaker_status" == "active" && \
+        "$(hiera -c /etc/puppet/hiera.yaml pacemaker_short_bootstrap_node_name)" == "$(facter hostname)" ]] ; then \
+    # OCF scripts don't cope with -eu
+    echo "Verifying if we need to fix up any IPv6 VIPs"
+    set +eu
+    fixup_wrong_ipv6_vip
+    ret=$?
+    set -eu
+    if [ $ret -ne 0 ]; then
+        echo "Fixing up IPv6 VIPs failed. Stopping here. (See https://bugs.launchpad.net/tripleo/+bug/1686357 for more info)"
+        exit 1
+    fi
+fi
+
 command_arguments=${command_arguments:-}
 
 # yum check-update exits 100 if updates are available
@@ -55,29 +79,6 @@ elif [[ "$check_update_exit" != "100" ]]; then
     exit 0
 fi
 
-pacemaker_status=""
-if hiera -c /etc/puppet/hiera.yaml service_names | grep -q pacemaker; then
-    pacemaker_status=$(systemctl is-active pacemaker)
-fi
-
-# Fix the redis/rabbit resource start/stop timeouts. See https://bugs.launchpad.net/tripleo/+bug/1633455
-# and https://bugs.launchpad.net/tripleo/+bug/1634851
-if [[ "$pacemaker_status" == "active" && \
-      "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname)" ]] ; then
-    if pcs resource show rabbitmq | grep -E "start.*timeout=100"; then
-        pcs resource update rabbitmq op start timeout=200s
-    fi
-    if pcs resource show rabbitmq | grep -E "stop.*timeout=90"; then
-        pcs resource update rabbitmq op stop timeout=200s
-    fi
-    if pcs resource show redis | grep -E "start.*timeout=120"; then
-        pcs resource update redis op start timeout=200s
-    fi
-    if pcs resource show redis | grep -E "stop.*timeout=120"; then
-        pcs resource update redis op stop timeout=200s
-    fi
-fi
-
 # special case https://bugs.launchpad.net/tripleo/+bug/1635205 +bug/1669714
 special_case_ovs_upgrade_if_needed
 
@@ -147,6 +148,7 @@ if [[ "$pacemaker_status" == "active" ]] ; then
     pcs status
 fi
 
-echo "Finished yum_update.sh on server $deploy_server_id at `date`"
+
+echo "Finished yum_update.sh on server $deploy_server_id at `date` with return code: $return_code"
 
 exit $return_code
index 8cff838..9daa835 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Software-config for performing package updates using yum
index 9400c1d..2ede5be 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: 'No-op yum update task'
 
 resources:
index e936e60..65e93fe 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 parameters:
   ContrailRepo:
index f82bc19..8bd1c9d 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Configure os-net-config mappings for specific nodes
index bc379f4..0951b84 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   This is a default no-op template which provides empty user-data
index d412b93..43e966d 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   This is first boot configuration for development purposes. It allows
index a352093..2f03c83 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 # NOTE: You don't need to pass the parameter explicitly from the
 # parent template, it can be specified via the parameter_defaults
index ed8302d..5223f93 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 parameters:
   # Can be overridden via parameter_defaults in the environment
index 63dd5a9..d32f223 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Uses cloud-init to enable root logins and set the root password.
index 5a21171..f0d3c6a 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: 'All Hosts Config'
 
 parameters:
@@ -31,7 +31,7 @@ outputs:
       The content that should be appended to your /etc/hosts if you want to get
       hostname-based access to the deployed nodes (useful for testing without
       setting up a DNS).
-    value: {get_attr: [hostsConfigImpl, config, hosts]}
+    value: {get_param: hosts}
   OS::stack_id:
     description: The ID of the hostsConfigImpl resource.
     value: {get_resource: hostsConfigImpl}
index 3ae09c9..f92f9a1 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config with 2 bonded nics on a bridge.
 parameters:
index 10d5388..29646ab 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config for a simple bridge.
 parameters:
index a544d54..6c44e60 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config for a simple bridge.
 parameters:
index be05cc1..57f1a19 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Software Config to no-op for os-net-config. Using this will allow you
index 12374a2..cbf282e 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config for a simple bridge configured with a static IP address for the ctlplane network.
 parameters:
index 50e541b..c778bd8 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config for a simple bridge configured with a static IP address for the ctlplane network.
 parameters:
index a52e22b..e864be0 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config for a simple bridge.
 parameters:
index 9be51c0..881fbfd 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config for a simple bridge configured with a static IP address for the ctlplane network.
 parameters:
index 703fea0..97177c4 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the ceph storage role.
 parameters:
index df15cd6..5456c2c 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the cinder storage role.
 parameters:
index 4677241..607d346 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the compute role.
 parameters:
index f9c926d..448d4e2 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the compute role.
 parameters:
index ce1e865..8ac5cda 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the controller role.
 parameters:
index bb4ac27..2579648 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the controller role with IPv6
   on the External network. The IPv6 default route is on the External network, and the IPv4 default route is on the Control
index 9151538..e4b3012 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the controller role.
 parameters:
index 6d4e368..6371ceb 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the swift storage role.
 parameters:
index 6a78806..3cc4361 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config to configure multiple interfaces for the ceph storage role.
 parameters:
index d238444..fa7d49e 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config to configure multiple interfaces for the cinder storage role.
 parameters:
index abfd323..a793912 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config to configure multiple interfaces for the
   compute role with external bridge for DVR.
index 101a08d..5549368 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config to configure multiple interfaces for the compute role.
 parameters:
index 4fae435..477eeaa 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config to configure multiple interfaces for the controller role with IPv6 on the External
   network. The IPv6 default route is on the External network, and the IPv4 default route is on the Control Plane.
index ba9f8fd..59f16b9 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config to configure multiple interfaces for the controller role.
 parameters:
index 4019012..180f553 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config to configure multiple interfaces for the swift storage role.
 parameters:
index 448df69..6685f2b 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config to configure VLANs for the ceph storage role.
 parameters:
index 465555d..ecc57ad 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config to configure VLANs for the cinder storage role.
 parameters:
index a21bc8f..e36afd3 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config to configure VLANs for the compute role.
 parameters:
index bb8bb9c..d405807 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config to configure VLANs for the controller role with IPv6 on the External network. The
   IPv6 default route is on the External network, and the IPv4 default route is on the Control Plane.
index a9689ce..a52a8b8 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config to configure VLANs for the controller role.
 parameters:
index c8e4db2..ad154fa 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config to configure VLANs for the swift storage role.
 parameters:
index 0b5eb0c..790e8a7 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config to configure VLANs for the ceph storage role.
 parameters:
index 882d6eb..6dee3be 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config to configure VLANs for the cinder storage role.
 parameters:
index 42cfd78..2201b0b 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config to configure VLANs for the compute role.
 parameters:
index 9e0680e..d26de32 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config to configure VLANs for the controller role. No external IP is configured.
 parameters:
index 1f9a67d..8f68760 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config to configure VLANs for the controller role with IPv6 on the External network. The
   IPv6 default route is on the External network, and the IPv4 default route is on the Control Plane.
index 4ac1831..8530118 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config to configure VLANs for the controller role.
 parameters:
index 605b8ee..b4587e0 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: >
   Software Config to drive os-net-config to configure VLANs for the swift storage role.
 parameters:
index 990cbab..42eb118 100755 (executable)
@@ -191,7 +191,7 @@ def template_endpoint_items(config):
 
 def generate_endpoint_map_template(config):
     return collections.OrderedDict([
-        ('heat_template_version', 'ocata'),
+        ('heat_template_version', 'pike'),
         ('description', 'A map of OpenStack endpoints. Since the endpoints '
          'are URLs, we need to have brackets around IPv6 IP addresses. The '
          'inputs to these parameters come from net_ip_uri_map, which will '
index c92ce37..f5f2b97 100644 (file)
@@ -394,6 +394,15 @@ Ironic:
             '': /v1
     port: 6385
 
+IronicInspector:
+    Internal:
+        net_param: IronicInspector
+    Public:
+        net_param: Public
+    Admin:
+        net_param: IronicInspector
+    port: 5050
+
 Zaqar:
     Internal:
         net_param: ZaqarApi
index b4fcbb1..4509bca 100644 (file)
@@ -2,7 +2,7 @@
 ### This file is automatically generated from endpoint_data.yaml
 ### by the script build_endpoint_map.py
 
-heat_template_version: ocata
+heat_template_version: pike
 description: A map of OpenStack endpoints. Since the endpoints are URLs,
   we need to have brackets around IPv6 IP addresses. The inputs to these
   parameters come from net_ip_uri_map, which will include these brackets
@@ -89,6 +89,9 @@ parameters:
       IronicAdmin: {protocol: http, port: '6385', host: IP_ADDRESS}
       IronicInternal: {protocol: http, port: '6385', host: IP_ADDRESS}
       IronicPublic: {protocol: http, port: '6385', host: IP_ADDRESS}
+      IronicInspectorAdmin: {protocol: http, port: '5050', host: IP_ADDRESS}
+      IronicInspectorInternal: {protocol: http, port: '5050', host: IP_ADDRESS}
+      IronicInspectorPublic: {protocol: http, port: '5050', host: IP_ADDRESS}
       KeystoneAdmin: {protocol: http, port: '35357', host: IP_ADDRESS}
       KeystoneInternal: {protocol: http, port: '5000', host: IP_ADDRESS}
       KeystonePublic: {protocol: http, port: '5000', host: IP_ADDRESS}
@@ -5930,6 +5933,249 @@ outputs:
                         template: NETWORK_uri
             - ':'
             - get_param: [EndpointMap, IronicPublic, port]
+      IronicInspectorAdmin:
+        host:
+          str_replace:
+            template:
+              get_param: [EndpointMap, IronicInspectorAdmin, host]
+            params:
+              CLOUDNAME:
+                get_param:
+                - CloudEndpoints
+                - get_param: [ServiceNetMap, IronicInspectorNetwork]
+              IP_ADDRESS:
+                get_param:
+                - NetIpMap
+                - str_replace:
+                    params:
+                      NETWORK:
+                        get_param: [ServiceNetMap, IronicInspectorNetwork]
+                    template: NETWORK_uri
+        host_nobrackets:
+          str_replace:
+            template:
+              get_param: [EndpointMap, IronicInspectorAdmin, host]
+            params:
+              CLOUDNAME:
+                get_param:
+                - CloudEndpoints
+                - get_param: [ServiceNetMap, IronicInspectorNetwork]
+              IP_ADDRESS:
+                get_param:
+                - NetIpMap
+                - get_param: [ServiceNetMap, IronicInspectorNetwork]
+        port:
+          get_param: [EndpointMap, IronicInspectorAdmin, port]
+        protocol:
+          get_param: [EndpointMap, IronicInspectorAdmin, protocol]
+        uri:
+          list_join:
+          - ''
+          - - get_param: [EndpointMap, IronicInspectorAdmin, protocol]
+            - ://
+            - str_replace:
+                template:
+                  get_param: [EndpointMap, IronicInspectorAdmin, host]
+                params:
+                  CLOUDNAME:
+                    get_param:
+                    - CloudEndpoints
+                    - get_param: [ServiceNetMap, IronicInspectorNetwork]
+                  IP_ADDRESS:
+                    get_param:
+                    - NetIpMap
+                    - str_replace:
+                        params:
+                          NETWORK:
+                            get_param: [ServiceNetMap, IronicInspectorNetwork]
+                        template: NETWORK_uri
+            - ':'
+            - get_param: [EndpointMap, IronicInspectorAdmin, port]
+        uri_no_suffix:
+          list_join:
+          - ''
+          - - get_param: [EndpointMap, IronicInspectorAdmin, protocol]
+            - ://
+            - str_replace:
+                template:
+                  get_param: [EndpointMap, IronicInspectorAdmin, host]
+                params:
+                  CLOUDNAME:
+                    get_param:
+                    - CloudEndpoints
+                    - get_param: [ServiceNetMap, IronicInspectorNetwork]
+                  IP_ADDRESS:
+                    get_param:
+                    - NetIpMap
+                    - str_replace:
+                        params:
+                          NETWORK:
+                            get_param: [ServiceNetMap, IronicInspectorNetwork]
+                        template: NETWORK_uri
+            - ':'
+            - get_param: [EndpointMap, IronicInspectorAdmin, port]
+      IronicInspectorInternal:
+        host:
+          str_replace:
+            template:
+              get_param: [EndpointMap, IronicInspectorInternal, host]
+            params:
+              CLOUDNAME:
+                get_param:
+                - CloudEndpoints
+                - get_param: [ServiceNetMap, IronicInspectorNetwork]
+              IP_ADDRESS:
+                get_param:
+                - NetIpMap
+                - str_replace:
+                    params:
+                      NETWORK:
+                        get_param: [ServiceNetMap, IronicInspectorNetwork]
+                    template: NETWORK_uri
+        host_nobrackets:
+          str_replace:
+            template:
+              get_param: [EndpointMap, IronicInspectorInternal, host]
+            params:
+              CLOUDNAME:
+                get_param:
+                - CloudEndpoints
+                - get_param: [ServiceNetMap, IronicInspectorNetwork]
+              IP_ADDRESS:
+                get_param:
+                - NetIpMap
+                - get_param: [ServiceNetMap, IronicInspectorNetwork]
+        port:
+          get_param: [EndpointMap, IronicInspectorInternal, port]
+        protocol:
+          get_param: [EndpointMap, IronicInspectorInternal, protocol]
+        uri:
+          list_join:
+          - ''
+          - - get_param: [EndpointMap, IronicInspectorInternal, protocol]
+            - ://
+            - str_replace:
+                template:
+                  get_param: [EndpointMap, IronicInspectorInternal, host]
+                params:
+                  CLOUDNAME:
+                    get_param:
+                    - CloudEndpoints
+                    - get_param: [ServiceNetMap, IronicInspectorNetwork]
+                  IP_ADDRESS:
+                    get_param:
+                    - NetIpMap
+                    - str_replace:
+                        params:
+                          NETWORK:
+                            get_param: [ServiceNetMap, IronicInspectorNetwork]
+                        template: NETWORK_uri
+            - ':'
+            - get_param: [EndpointMap, IronicInspectorInternal, port]
+        uri_no_suffix:
+          list_join:
+          - ''
+          - - get_param: [EndpointMap, IronicInspectorInternal, protocol]
+            - ://
+            - str_replace:
+                template:
+                  get_param: [EndpointMap, IronicInspectorInternal, host]
+                params:
+                  CLOUDNAME:
+                    get_param:
+                    - CloudEndpoints
+                    - get_param: [ServiceNetMap, IronicInspectorNetwork]
+                  IP_ADDRESS:
+                    get_param:
+                    - NetIpMap
+                    - str_replace:
+                        params:
+                          NETWORK:
+                            get_param: [ServiceNetMap, IronicInspectorNetwork]
+                        template: NETWORK_uri
+            - ':'
+            - get_param: [EndpointMap, IronicInspectorInternal, port]
+      IronicInspectorPublic:
+        host:
+          str_replace:
+            template:
+              get_param: [EndpointMap, IronicInspectorPublic, host]
+            params:
+              CLOUDNAME:
+                get_param:
+                - CloudEndpoints
+                - get_param: [ServiceNetMap, PublicNetwork]
+              IP_ADDRESS:
+                get_param:
+                - NetIpMap
+                - str_replace:
+                    params:
+                      NETWORK:
+                        get_param: [ServiceNetMap, PublicNetwork]
+                    template: NETWORK_uri
+        host_nobrackets:
+          str_replace:
+            template:
+              get_param: [EndpointMap, IronicInspectorPublic, host]
+            params:
+              CLOUDNAME:
+                get_param:
+                - CloudEndpoints
+                - get_param: [ServiceNetMap, PublicNetwork]
+              IP_ADDRESS:
+                get_param:
+                - NetIpMap
+                - get_param: [ServiceNetMap, PublicNetwork]
+        port:
+          get_param: [EndpointMap, IronicInspectorPublic, port]
+        protocol:
+          get_param: [EndpointMap, IronicInspectorPublic, protocol]
+        uri:
+          list_join:
+          - ''
+          - - get_param: [EndpointMap, IronicInspectorPublic, protocol]
+            - ://
+            - str_replace:
+                template:
+                  get_param: [EndpointMap, IronicInspectorPublic, host]
+                params:
+                  CLOUDNAME:
+                    get_param:
+                    - CloudEndpoints
+                    - get_param: [ServiceNetMap, PublicNetwork]
+                  IP_ADDRESS:
+                    get_param:
+                    - NetIpMap
+                    - str_replace:
+                        params:
+                          NETWORK:
+                            get_param: [ServiceNetMap, PublicNetwork]
+                        template: NETWORK_uri
+            - ':'
+            - get_param: [EndpointMap, IronicInspectorPublic, port]
+        uri_no_suffix:
+          list_join:
+          - ''
+          - - get_param: [EndpointMap, IronicInspectorPublic, protocol]
+            - ://
+            - str_replace:
+                template:
+                  get_param: [EndpointMap, IronicInspectorPublic, host]
+                params:
+                  CLOUDNAME:
+                    get_param:
+                    - CloudEndpoints
+                    - get_param: [ServiceNetMap, PublicNetwork]
+                  IP_ADDRESS:
+                    get_param:
+                    - NetIpMap
+                    - str_replace:
+                        params:
+                          NETWORK:
+                            get_param: [ServiceNetMap, PublicNetwork]
+                        template: NETWORK_uri
+            - ':'
+            - get_param: [EndpointMap, IronicInspectorPublic, port]
       KeystoneAdmin:
         host:
           str_replace:
index 21260d3..277c761 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   External network. Public traffic, Neutron l3router for floating IPs/SNAT, etc.
index 51000bb..e577c1c 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   External network. Public traffic, Neutron l3router for floating IPs/SNAT, etc.
index 793535c..563e6d4 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Internal API network. Used for most APIs, Database, RPC.
index 5395065..05a740b 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Internal API network. Used for most APIs, Database, RPC.
index 77fcd4e..41ede5c 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Management network. System administration, SSH, DNS, NTP, etc. This network
index e1391ad..a44d34d 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Management network. System administration, SSH, DNS, NTP, etc. This network
diff --git a/network/networks.j2.yaml b/network/networks.j2.yaml
new file mode 100644 (file)
index 0000000..f19e2c0
--- /dev/null
@@ -0,0 +1,17 @@
+heat_template_version: pike
+
+description: Create networks to split out Overcloud traffic
+
+resources:
+
+  {%- for network in networks %}
+    {%- if network.name != 'InternalApi' %}
+  {{network.name}}Network:
+    {%- else  %}
+  InternalNetwork:
+    {%- endif %}
+    type: OS::TripleO::Network::{{network.name}}
+  {%- endfor %}
+
+  NetworkExtraConfig:
+    type: OS::TripleO::Network::ExtraConfig
diff --git a/network/networks.yaml b/network/networks.yaml
deleted file mode 100644 (file)
index 26033ee..0000000
+++ /dev/null
@@ -1,26 +0,0 @@
-heat_template_version: ocata
-
-description: Create networks to split out Overcloud traffic
-
-resources:
-
-  ExternalNetwork:
-    type: OS::TripleO::Network::External
-
-  InternalNetwork:
-    type: OS::TripleO::Network::InternalApi
-
-  StorageMgmtNetwork:
-    type: OS::TripleO::Network::StorageMgmt
-
-  StorageNetwork:
-    type: OS::TripleO::Network::Storage
-
-  TenantNetwork:
-    type: OS::TripleO::Network::Tenant
-
-  ManagementNetwork:
-    type: OS::TripleO::Network::Management
-
-  NetworkExtraConfig:
-    type: OS::TripleO::Network::ExtraConfig
index 0f21e3e..386520c 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Creates a port for a VIP on the undercloud ctlplane network.
index c33643e..a02cc28 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Creates a port on the external network. The IP address will be chosen
index 893b26d..d2610c6 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Returns an IP from a network mapped list of IPs
index c67789a..e5fe8d7 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Returns an IP from a network mapped list of IPs. This version is for IPv6
index 905974f..12d61cc 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Creates a port on the external network. The IP address will be chosen
index 69a887e..64fdce6 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Returns an IP from a service mapped list of IPs
index c9673dd..2735a69 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Returns an IP from a service mapped list of IPv6 IPs
index 1f96e3f..f258080 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Creates a port on the internal_api network.
index 3f16f30..cb87fd5 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Returns an IP from a network mapped list of IPs
index b36ef23..12a0731 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Returns an IP from a network mapped list of IPs. This version is for IPv6
index e236156..46e6e18 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Creates a port on the internal_api network.
index b626bc2..dd62033 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Creates a port on the management network. The IP address will be chosen
index 05fedb9..188be68 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Returns an IP from a network mapped list of IPs
index 64758bf..b5d4425 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Returns an IP from a network mapped list of IPs. This version is for IPv6
index 9e6a35b..977502a 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Creates a port on the management network. The IP address will be chosen
index 83d875e..c3734af 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 parameters:
   ControlPlaneIpList:
index c974d72..75818bf 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 parameters:
   ControlPlaneIp:
index 58f96e6..018bf2b 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 parameters:
   # Set these via parameter defaults to configure external VIPs
index 12db8d2..aa40cf1 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 parameters:
   # Set these via parameter defaults to configure external VIPs
index e2004cb..8030bfc 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Returns the control plane port (provisioning network) as the ip_address.
index 8040041..5c1aba1 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Creates a port on the storage network.
index dfab49a..ca5993f 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Returns an IP from a network mapped list of IPs
index a6cde5f..ec7cd2f 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Returns an IP from a network mapped list of IPs. This version is for IPv6
index b96fbd0..94b058a 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Creates a port on the storage_mgmt API network.
index 6ec3dba..63b2e15 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Returns an IP from a network mapped list of IPs
index 2f3ea19..6d0b879 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Returns an IP from a network mapped list of IPs This version is for IPv6
index 01e4c31..3d70c69 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Creates a port on the storage_mgmt API network.
index 1dd7619..6137d24 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Creates a port on the storage network.
index f6929b8..a56b0f4 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Creates a port on the tenant network.
index c72b227..03ff6d1 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Returns an IP from a network mapped list of IPs
index bc056fa..d45faf0 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Returns an IP from a network mapped list of IPs
index 8410182..d23e91f 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Creates a port on the tenant network.
index d996d03..70b4482 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Creates a port for a VIP on the isolated network NetworkName.
index 7a45756..09f646a 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Creates a port for a VIP on the isolated network NetworkName.
index 7fb9420..d3d8cbd 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Mapping of service_name_network -> network name
@@ -45,6 +45,7 @@ parameters:
       GlanceApiNetwork: storage
       IronicApiNetwork: ctlplane
       IronicNetwork: ctlplane
+      IronicInspectorNetwork: ctlplane
       KeystoneAdminApiNetwork: ctlplane # allows undercloud to config endpoints
       KeystonePublicApiNetwork: internal_api
       ManilaApiNetwork: internal_api
@@ -54,6 +55,7 @@ parameters:
       HeatApiCfnNetwork: internal_api
       HeatApiCloudwatchNetwork: internal_api
       NovaApiNetwork: internal_api
+      NovaColdMigrationNetwork: ctlplane
       NovaPlacementNetwork: internal_api
       NovaMetadataNetwork: internal_api
       NovaVncProxyNetwork: internal_api
index 0a704ea..0fb9cc0 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Storage network.
index c711716..9869f0d 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Storage management network. Storage replication, etc.
index 2b06519..d6b1652 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Storage management network. Storage replication, etc.
index 777e616..0ec34ad 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Storage network.
index 33055fe..4881308 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Tenant network.
index 0bf5d2f..bbc2b6b 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Tenant IPv6 network.
diff --git a/network_data.yaml b/network_data.yaml
new file mode 100644 (file)
index 0000000..6d62605
--- /dev/null
@@ -0,0 +1,30 @@
+# List of networks, used for j2 templating of enabled networks
+#
+# Supported values:
+#
+# name: Name of the network (mandatory)
+# name_lower: lowercase version of name used for filenames
+#             (optional, defaults to name.lower())
+# vlan: vlan for the network (optional)
+# gateway: gateway for the network (optional)
+# enabled: Is the network enabled (optional, defaults to true)
+# vip: Enable creation of a virtual IP on this network
+# [TODO] (dsneddon@redhat.com) - Enable dynamic creation of VIP ports, to support
+# VIPs on non-default networks. See https://bugs.launchpad.net/tripleo/+bug/1667104
+#
+- name: External
+  vip: true
+- name: InternalApi
+  name_lower: internal_api
+  vip: true
+- name: Storage
+  vip: true
+- name: StorageMgmt
+  name_lower: storage_mgmt
+  vip: true
+- name: Tenant
+  vip: false  # Tenant network does not use VIPs
+- name: Management
+  # Management network is disabled by default
+  enabled: false
+  vip: false  # Management network does not use VIPs
index ee75de6..d4c301b 100644 (file)
@@ -22,22 +22,16 @@ resource_registry:
   OS::TripleO::Tasks::{{role.name}}PostConfig: OS::Heat::None
   OS::TripleO::{{role.name}}ExtraConfigPre: puppet/extraconfig/pre_deploy/default.yaml
   # Port assignments for the {{role.name}} role
+  {%- if role.name != 'ObjectStorage' %}
+    {%- for network in networks %}
+  OS::TripleO::{{role.name}}::Ports::{{network.name}}Port: network/ports/noop.yaml
+    {%- endfor %}
+  {%- else %}
   # Note we have to special-case ObjectStorage for backwards compatibility
-  {% if role.name != 'ObjectStorage' %}
-  OS::TripleO::{{role.name}}::Ports::ExternalPort: network/ports/noop.yaml
-  OS::TripleO::{{role.name}}::Ports::InternalApiPort: network/ports/noop.yaml
-  OS::TripleO::{{role.name}}::Ports::StoragePort: network/ports/noop.yaml
-  OS::TripleO::{{role.name}}::Ports::StorageMgmtPort: network/ports/noop.yaml
-  OS::TripleO::{{role.name}}::Ports::TenantPort: network/ports/noop.yaml
-  OS::TripleO::{{role.name}}::Ports::ManagementPort: network/ports/noop.yaml
-  {% else %}
-  OS::TripleO::SwiftStorage::Ports::ExternalPort: network/ports/noop.yaml
-  OS::TripleO::SwiftStorage::Ports::InternalApiPort: network/ports/noop.yaml
-  OS::TripleO::SwiftStorage::Ports::StoragePort: network/ports/noop.yaml
-  OS::TripleO::SwiftStorage::Ports::StorageMgmtPort: network/ports/noop.yaml
-  OS::TripleO::SwiftStorage::Ports::TenantPort: network/ports/noop.yaml
-  OS::TripleO::SwiftStorage::Ports::ManagementPort: network/ports/noop.yaml
-  {% endif %}
+    {%- for network in networks %}
+  OS::TripleO::SwiftStorage::Ports::{{network.name}}Port: network/ports/noop.yaml
+    {%- endfor %}
+  {%- endif %}
   OS::TripleO::{{role.name}}::Net::SoftwareConfig: net-config-noop.yaml
 {% endfor %}
 
@@ -48,6 +42,9 @@ resource_registry:
   OS::TripleO::ServiceServerMetadataHook: OS::Heat::None
 
   OS::TripleO::Server: OS::Nova::Server
+{% for role in roles %}
+  OS::TripleO::{{role.name}}Server: OS::TripleO::Server
+{% endfor %}
 
   # This creates the "heat-admin" user for all OS images by default
   # To disable, replace with firstboot/userdata_default.yaml
@@ -68,11 +65,6 @@ resource_registry:
   OS::TripleO::NodeExtraConfig: puppet/extraconfig/pre_deploy/default.yaml
   OS::TripleO::NodeExtraConfigPost: extraconfig/post_deploy/default.yaml
 
-{% for role in roles %}
-  OS::TripleO::Tasks::{{role.name}}PrePuppet: OS::Heat::None
-  OS::TripleO::Tasks::{{role.name}}PostPuppet: OS::Heat::None
-{% endfor %}
-
   # "AllNodes" Extra cluster config, runs on all nodes prior to the post_deploy
   # phase, e.g when puppet is applied, but after the pre_deploy phase.  Useful when
   # configuration with knowledge of all nodes in the cluster is required vs single
@@ -83,12 +75,9 @@ resource_registry:
   # TripleO overcloud networks
   OS::TripleO::Network: network/networks.yaml
 
-  OS::TripleO::Network::External: OS::Heat::None
-  OS::TripleO::Network::InternalApi: OS::Heat::None
-  OS::TripleO::Network::StorageMgmt: OS::Heat::None
-  OS::TripleO::Network::Storage: OS::Heat::None
-  OS::TripleO::Network::Tenant: OS::Heat::None
-  OS::TripleO::Network::Management: OS::Heat::None
+  {%- for network in networks %}
+  OS::TripleO::Network::{{network.name}}: OS::Heat::None
+  {%- endfor %}
 
   OS::TripleO::Network::ExtraConfig: OS::Heat::None
 
@@ -97,10 +86,10 @@ resource_registry:
   OS::TripleO::Network::Ports::NetIpListMap: network/ports/net_ip_list_map.yaml
 
   # Port assignments for the VIPs
-  OS::TripleO::Network::Ports::ExternalVipPort: network/ports/noop.yaml
-  OS::TripleO::Network::Ports::InternalApiVipPort: network/ports/noop.yaml
-  OS::TripleO::Network::Ports::StorageVipPort: network/ports/noop.yaml
-  OS::TripleO::Network::Ports::StorageMgmtVipPort: network/ports/noop.yaml
+  {%- for network in networks if network.vip|default(false) %}
+  OS::TripleO::Network::Ports::{{network.name}}VipPort: network/ports/noop.yaml
+  {%- endfor %}
+
   OS::TripleO::Network::Ports::RedisVipPort: network/ports/ctlplane_vip.yaml
   OS::TripleO::Network::Ports::ControlPlaneVipPort: OS::Neutron::Port
 
@@ -135,7 +124,7 @@ resource_registry:
   OS::TripleO::Services::Congress: OS::Heat::None
   OS::TripleO::Services::Keystone: puppet/services/keystone.yaml
   OS::TripleO::Services::GlanceApi: puppet/services/glance-api.yaml
-  OS::TripleO::Services::GlanceRegistry: puppet/services/disabled/glance-registry.yaml
+  OS::TripleO::Services::GlanceRegistry: puppet/services/disabled/glance-registry-disabled.yaml
   OS::TripleO::Services::HeatApi: puppet/services/heat-api.yaml
   OS::TripleO::Services::HeatApiCfn: puppet/services/heat-api-cfn.yaml
   OS::TripleO::Services::HeatApiCloudwatch: puppet/services/heat-api-cloudwatch.yaml
@@ -146,6 +135,7 @@ resource_registry:
   OS::TripleO::Services::NeutronDhcpAgent: puppet/services/neutron-dhcp.yaml
   OS::TripleO::Services::NeutronL2gwApi: OS::Heat::None
   OS::TripleO::Services::NeutronL3Agent: puppet/services/neutron-l3.yaml
+  OS::TripleO::Services::NeutronL2gwAgent: OS::Heat::None
   OS::TripleO::Services::NeutronMetadataAgent: puppet/services/neutron-metadata.yaml
   # FIXME(shardy) the duplicate NeutronServer line can be removed when we've updated
   # the multinode job ControllerServices after this patch merges
@@ -159,10 +149,12 @@ resource_registry:
   OS::TripleO::Services::NeutronCorePluginML2OVN: puppet/services/neutron-plugin-ml2-ovn.yaml
   OS::TripleO::Services::NeutronCorePluginPlumgrid: puppet/services/neutron-plugin-plumgrid.yaml
   OS::TripleO::Services::NeutronCorePluginNuage: puppet/services/neutron-plugin-nuage.yaml
+  OS::TripleO::Services::NeutronCorePluginNSX: puppet/services/neutron-plugin-nsx.yaml
   OS::TripleO::Services::OVNDBs: OS::Heat::None
 
   OS::TripleO::Services::NeutronCorePluginMidonet: puppet/services/neutron-midonet.yaml
   OS::TripleO::Services::NeutronOvsAgent: puppet/services/neutron-ovs-agent.yaml
+  OS::TripleO::Services::NeutronLinuxbridgeAgent: OS::Heat::None
   OS::TripleO::Services::ComputeNeutronOvsAgent: puppet/services/neutron-ovs-agent.yaml
   OS::TripleO::Services::Pacemaker: OS::Heat::None
   OS::TripleO::Services::PacemakerRemote: OS::Heat::None
@@ -176,11 +168,11 @@ resource_registry:
   OS::TripleO::Services::Memcached: puppet/services/memcached.yaml
   OS::TripleO::Services::SaharaApi: OS::Heat::None
   OS::TripleO::Services::SaharaEngine: OS::Heat::None
-  OS::TripleO::Services::Sshd: OS::Heat::None
   OS::TripleO::Services::Securetty: OS::Heat::None
+  OS::TripleO::Services::Sshd: puppet/services/sshd.yaml
   OS::TripleO::Services::Redis: puppet/services/database/redis.yaml
   OS::TripleO::Services::NovaConductor: puppet/services/nova-conductor.yaml
-  OS::TripleO::Services::MongoDb: puppet/services/database/mongodb.yaml
+  OS::TripleO::Services::MongoDb: puppet/services/disabled/mongodb-disabled.yaml
   OS::TripleO::Services::NovaApi: puppet/services/nova-api.yaml
   OS::TripleO::Services::NovaPlacement: puppet/services/nova-placement.yaml
   OS::TripleO::Services::NovaMetadata: puppet/services/nova-metadata.yaml
@@ -198,17 +190,24 @@ resource_registry:
   OS::TripleO::Services::Tacker: OS::Heat::None
   OS::TripleO::Services::Timezone: puppet/services/time/timezone.yaml
   OS::TripleO::Services::CeilometerApi: puppet/services/ceilometer-api.yaml
-  OS::TripleO::Services::CeilometerCollector: puppet/services/ceilometer-collector.yaml
-  OS::TripleO::Services::CeilometerExpirer: puppet/services/ceilometer-expirer.yaml
+  OS::TripleO::Services::CeilometerCollector: puppet/services/disabled/ceilometer-collector-disabled.yaml
+  OS::TripleO::Services::CeilometerExpirer: puppet/services/disabled/ceilometer-expirer-disabled.yaml
   OS::TripleO::Services::CeilometerAgentCentral: puppet/services/ceilometer-agent-central.yaml
   OS::TripleO::Services::CeilometerAgentNotification: puppet/services/ceilometer-agent-notification.yaml
   OS::TripleO::Services::ComputeCeilometerAgent: puppet/services/ceilometer-agent-compute.yaml
   OS::TripleO::Services::CeilometerAgentIpmi: puppet/services/ceilometer-agent-ipmi.yaml
   OS::TripleO::Services::Horizon: puppet/services/horizon.yaml
+  # Undercloud Telemetry services
+  OS::TripleO::Services::UndercloudCeilometerAgentCentral: OS::Heat::None
+  OS::TripleO::Services::UndercloudCeilometerAgentNotification: OS::Heat::None
+
   #Gnocchi services
   OS::TripleO::Services::GnocchiApi: puppet/services/gnocchi-api.yaml
   OS::TripleO::Services::GnocchiMetricd: puppet/services/gnocchi-metricd.yaml
   OS::TripleO::Services::GnocchiStatsd: puppet/services/gnocchi-statsd.yaml
+  OS::TripleO::Services::UndercloudGnocchiApi: OS::Heat::None
+  OS::TripleO::Services::UndercloudGnocchiMetricd: OS::Heat::None
+  OS::TripleO::Services::UndercloudGnocchiStatsd: OS::Heat::None
   # Services that are disabled by default (use relevant environment files):
   OS::TripleO::Services::FluentdClient: OS::Heat::None
   OS::TripleO::Services::Collectd: OS::Heat::None
@@ -226,7 +225,12 @@ resource_registry:
   OS::TripleO::Services::AodhEvaluator: puppet/services/aodh-evaluator.yaml
   OS::TripleO::Services::AodhNotifier: puppet/services/aodh-notifier.yaml
   OS::TripleO::Services::AodhListener: puppet/services/aodh-listener.yaml
+  OS::TripleO::Services::UndercloudAodhApi: OS::Heat::None
+  OS::TripleO::Services::UndercloudAodhEvaluator: OS::Heat::None
+  OS::TripleO::Services::UndercloudAodhNotifier: OS::Heat::None
+  OS::TripleO::Services::UndercloudAodhListener: OS::Heat::None
   OS::TripleO::Services::PankoApi: puppet/services/panko-api.yaml
+  OS::TripleO::Services::UndercloudPankoApi: OS::Heat::None
   OS::TripleO::Services::MistralEngine: OS::Heat::None
   OS::TripleO::Services::MistralApi: OS::Heat::None
   OS::TripleO::Services::MistralExecutor: OS::Heat::None
@@ -256,6 +260,7 @@ resource_registry:
   OS::TripleO::Services::OctaviaWorker: OS::Heat::None
   OS::TripleO::Services::MySQLClient: puppet/services/database/mysql-client.yaml
   OS::TripleO::Services::Vpp: OS::Heat::None
+  OS::TripleO::Services::NeutronVppAgent: OS::Heat::None
   OS::TripleO::Services::Docker: OS::Heat::None
   OS::TripleO::Services::CertmongerUser: OS::Heat::None
 
index a2d501d..f8655b1 100644 (file)
@@ -7,7 +7,7 @@
 {%- endfor -%}
 {%- set primary_role_name = primary_role[0].name -%}
 # primary role is: {{primary_role_name}}
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Deploy an OpenStack environment, consisting of several node types (roles),
@@ -51,7 +51,9 @@ parameters:
     type: string
   ControlFixedIPs:
     default: []
-    description: Should be used for arbitrary ips.
+    description: >
+        Control the IP allocation for the ControlVirtualIP port. E.g.
+        [{'ip_address':'1.2.3.4'}]
     type: json
   InternalApiVirtualFixedIPs:
     default: []
@@ -169,6 +171,11 @@ parameters:
     type: json
     description: Optional scheduler hints to pass to nova
     default: {}
+
+  {{role.name}}Parameters:
+    type: json
+    description: Optional Role Specific parameters to be provided to service
+    default: {}
 {% endfor %}
 
   # Identifiers to trigger tasks on nodes
@@ -190,6 +197,12 @@ parameters:
     description: >
       Set to true to append per network Vips to /etc/hosts on each node.
 
+  DeploymentServerBlacklist:
+    default: []
+    type: comma_delimited_list
+    description: >
+      List of server hostnames to blacklist from any triggered deployments.
+
 conditions:
   add_vips_to_etc_hosts: {equals : [{get_param: AddVipsToEtcHosts}, True]}
 
@@ -283,6 +296,16 @@ resources:
       ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]}
       EndpointMap: {get_attr: [EndpointMap, endpoint_map]}
       DefaultPasswords: {get_attr: [DefaultPasswords, passwords]}
+      RoleName: {{role.name}}
+      RoleParameters: {get_param: {{role.name}}Parameters}
+
+  # Lookup of role_data via heat outputs is slow, so workaround this by caching
+  # the value in an OS::Heat::Value resource
+  {{role.name}}ServiceChainRoleData:
+    type: OS::Heat::Value
+    properties:
+      type: json
+      value: {get_attr: [{{role.name}}ServiceChain, role_data]}
 
   # Filter any null/None service_names which may be present due to mapping
   # of services to OS::Heat::None
@@ -294,21 +317,21 @@ resources:
       value:
         yaql:
           expression: coalesce($.data, []).where($ != null)
-          data: {get_attr: [{{role.name}}ServiceChain, role_data, service_names]}
+          data: {get_attr: [{{role.name}}ServiceChainRoleData, value, service_names]}
 
   {{role.name}}HostsDeployment:
     type: OS::Heat::StructuredDeployments
     properties:
       name: {{role.name}}HostsDeployment
       config: {get_attr: [hostsConfig, config_id]}
-      servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
+      servers: {get_attr: [{{role.name}}Servers, value]}
 
   {{role.name}}SshKnownHostsDeployment:
     type: OS::Heat::StructuredDeployments
     properties:
       name: {{role.name}}SshKnownHostsDeployment
       config: {get_resource: SshKnownHostsConfig}
-      servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
+      servers: {get_attr: [{{role.name}}Servers, value]}
 
   {{role.name}}AllNodesDeployment:
     type: OS::Heat::StructuredDeployments
@@ -319,7 +342,7 @@ resources:
     properties:
       name: {{role.name}}AllNodesDeployment
       config: {get_attr: [allNodesConfig, config_id]}
-      servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
+      servers: {get_attr: [{{role.name}}Servers, value]}
       input_values:
         # Note we have to use yaql to look up the first hostname/ip in the
         # list because heat path based attributes operate on the attribute
@@ -341,7 +364,7 @@ resources:
     properties:
       name: {{role.name}}AllNodesValidationDeployment
       config: {get_resource: AllNodesValidationConfig}
-      servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
+      servers: {get_attr: [{{role.name}}Servers, value]}
 
   {{role.name}}IpListMap:
     type: OS::TripleO::Network::Ports::NetIpListMap
@@ -356,7 +379,13 @@ resources:
       EnabledServices: {get_attr: [{{role.name}}ServiceNames, value]}
       ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map_lower]}
       ServiceHostnameList: {get_attr: [{{role.name}}, hostname]}
-      NetworkHostnameMap:
+      NetworkHostnameMap: {get_attr: [{{role.name}}NetworkHostnameMap, value]}
+
+  {{role.name}}NetworkHostnameMap:
+    type: OS::Heat::Value
+    properties:
+      type: json
+      value:
         # Note (shardy) this somewhat complex yaql may be replaced
         # with a map_deep_merge function in ocata.  It merges the
         # list of maps, but appends to colliding lists so we can
@@ -394,7 +423,7 @@ resources:
   {% endif %}
           ServiceConfigSettings:
             map_merge:
-              -  get_attr: [{{role.name}}ServiceChain, role_data, config_settings]
+              -  get_attr: [{{role.name}}ServiceChainRoleData, value, config_settings]
           {% for r in roles %}
               - get_attr: [{{r.name}}ServiceChain, role_data, global_config_settings]
           {% endfor %}
@@ -414,10 +443,41 @@ resources:
                         {% endfor %}
                     services: {get_attr: [{{role.name}}ServiceNames, value]}
           ServiceNames: {get_attr: [{{role.name}}ServiceNames, value]}
-          MonitoringSubscriptions: {get_attr: [{{role.name}}ServiceChain, role_data, monitoring_subscriptions]}
-          ServiceMetadataSettings: {get_attr: [{{role.name}}ServiceChain, role_data, service_metadata_settings]}
+          MonitoringSubscriptions: {get_attr: [{{role.name}}ServiceChainRoleData, value, monitoring_subscriptions]}
+          ServiceMetadataSettings: {get_attr: [{{role.name}}ServiceChainRoleData, value, service_metadata_settings]}
+          DeploymentServerBlacklistDict: {get_attr: [DeploymentServerBlacklistDict, value]}
 {% endfor %}
 
+{% for role in roles %}
+  {{role.name}}Servers:
+    type: OS::Heat::Value
+    depends_on: {{role.name}}
+    properties:
+      type: json
+      value:
+        yaql:
+          expression: let(servers=>switch(isDict($.data.servers) => $.data.servers, true => {})) -> $servers.deleteAll($servers.keys().where($servers[$] = null))
+          data:
+            servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
+{% endfor %}
+
+  # This resource just creates a dict out of the DeploymentServerBlacklist,
+  # which is a list. The dict is used in the role templates to set a condition
+  # on whether to create the deployment resources. We can't use the list
+  # directly because there is no way to ask Heat if a list contains a specific
+  # value.
+  DeploymentServerBlacklistDict:
+    type: OS::Heat::Value
+    properties:
+      type: json
+      value:
+        map_merge:
+          repeat:
+            template:
+              hostname: 1
+            for_each:
+              hostname: {get_param: DeploymentServerBlacklist}
+
   hostsConfig:
     type: OS::TripleO::Hosts::SoftwareConfig
     properties:
@@ -456,7 +516,7 @@ resources:
           data:
             groups:
 {% for role in roles %}
-              - {get_attr: [{{role.name}}ServiceChain, role_data, logging_groups]}
+              - {get_attr: [{{role.name}}ServiceChainRoleData, value, logging_groups]}
 {% endfor %}
       logging_sources:
         yaql:
@@ -465,7 +525,7 @@ resources:
           data:
             sources:
 {% for role in roles %}
-              - {get_attr: [{{role.name}}ServiceChain, role_data, logging_sources]}
+              - {get_attr: [{{role.name}}ServiceChainRoleData, value, logging_sources]}
 {% endfor %}
       controller_ips: {get_attr: [{{primary_role_name}}, ip_address]}
       controller_names: {get_attr: [{{primary_role_name}}, hostname]}
@@ -640,7 +700,7 @@ resources:
     properties:
       servers:
 {% for role in roles %}
-        {{role.name}}: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
+        {{role.name}}: {get_attr: [{{role.name}}Servers, value]}
 {% endfor %}
       input_values:
         deploy_identifier: {get_param: DeployIdentifier}
@@ -658,25 +718,26 @@ resources:
     properties:
       servers:
 {% for role in roles %}
-        {{role.name}}: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
+        {{role.name}}: {get_attr: [{{role.name}}Servers, value]}
 {% endfor %}
 
   # Post deployment steps for all roles
   AllNodesDeploySteps:
     type: OS::TripleO::PostDeploySteps
     depends_on:
+      - AllNodesExtraConfig
 {% for role in roles %}
       - {{role.name}}AllNodesDeployment
 {% endfor %}
     properties:
       servers:
 {% for role in roles %}
-        {{role.name}}: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
+        {{role.name}}: {get_attr: [{{role.name}}Servers, value]}
 {% endfor %}
       EndpointMap: {get_attr: [EndpointMap, endpoint_map]}
       role_data:
 {% for role in roles %}
-        {{role.name}}: {get_attr: [{{role.name}}ServiceChain, role_data]}
+        {{role.name}}: {get_attr: [{{role.name}}ServiceChainRoleData, value]}
 {% endfor %}
 
 outputs:
@@ -715,11 +776,17 @@ outputs:
     description: The configuration data associated with each role
     value:
 {% for role in roles %}
-      {{role.name}}: {get_attr: [{{role.name}}ServiceChain, role_data]}
+      {{role.name}}: {get_attr: [{{role.name}}ServiceChainRoleData, value]}
 {% endfor %}
   RoleNetIpMap:
     description: Mapping of each network to a list of IPs for each role
     value:
 {% for role in roles %}
       {{role.name}}: {get_attr: [{{role.name}}IpListMap, net_ip_map]}
+{% endfor %}
+  RoleNetHostnameMap:
+    description: Mapping of each network to a list of hostnames for each role
+    value:
+{% for role in roles %}
+      {{role.name}}: {get_attr: [{{role.name}}NetworkHostnameMap, value]}
 {% endfor %}
index 7edf17a..baafe03 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: 'All Nodes Config for Puppet'
 
 parameters:
@@ -55,9 +55,18 @@ parameters:
   StackAction:
     type: string
     description: >
-      Heat action on performed top-level stack.
+      Heat action on performed top-level stack.  Note StackUpdateType is
+      set to UPGRADE when a major-version upgrade is in progress.
     constraints:
     - allowed_values: ['CREATE', 'UPDATE']
+  StackUpdateType:
+    type: string
+    description: >
+      Type of update, to differentiate between UPGRADE and UPDATE cases
+      when StackAction is UPDATE (both are the same stack action).
+    constraints:
+    - allowed_values: ['', 'UPGRADE']
+    default: ''
   # NOTE(jaosorior): This is being set as IPA as it's the first
   # CA we'll actually be testing out. But we can change this if
   # people request it.
@@ -170,6 +179,7 @@ resources:
                 deploy_identifier: {get_param: DeployIdentifier}
                 update_identifier: {get_param: UpdateIdentifier}
                 stack_action: {get_param: StackAction}
+                stack_update_type: {get_param: StackUpdateType}
           vip_data:
             map_merge:
               # Dynamically generate per-service VIP data based on enabled_services
index 16fb4b9..d66cbd9 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: 'OpenStack cinder storage configured by Puppet'
 parameters:
   BlockStorageImage:
@@ -109,6 +109,15 @@ parameters:
     type: string
     description: Command which will be run whenever configuration data changes
     default: os-refresh-config --timeout 14400
+  ConfigCollectSplay:
+    type: number
+    default: 30
+    description: |
+      Maximum amount of time to possibly to delay configuation collection
+      polling. Defaults to 30 seconds. Set to 0 to disable it which will cause
+      the configuration collection to occur as soon as the collection process
+      starts.  This setting is used to prevent the configuration collection
+      processes from polling all at the exact same time.
   UpgradeInitCommand:
     type: string
     description: |
@@ -123,13 +132,28 @@ parameters:
       major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
       environment files.
     default: ''
+  DeploymentServerBlacklistDict:
+    default: {}
+    type: json
+    description: >
+      Map of server hostnames to blacklist from any triggered
+      deployments. If the value is 1, the server will be blacklisted. This
+      parameter is generated from the parent template.
+
+conditions:
+  server_not_blacklisted:
+    not:
+      equals:
+        - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
+        - 1
 
 resources:
   BlockStorage:
-    type: OS::TripleO::Server
+    type: OS::TripleO::BlockStorageServer
     metadata:
       os-collect-config:
         command: {get_param: ConfigCommand}
+        splay: {get_param: ConfigCollectSplay}
     properties:
       image:
         {get_param: BlockStorageImage}
@@ -352,6 +376,7 @@ resources:
   NetworkDeployment:
     type: OS::TripleO::SoftwareDeployment
     depends_on: PreNetworkConfig
+    condition: server_not_blacklisted
     properties:
       name: NetworkDeployment
       config: {get_resource: NetworkConfig}
@@ -375,6 +400,7 @@ resources:
   BlockStorageUpgradeInitDeployment:
     type: OS::Heat::SoftwareDeployment
     depends_on: NetworkDeployment
+    condition: server_not_blacklisted
     properties:
       name: BlockStorageUpgradeInitDeployment
       server: {get_resource: BlockStorage}
@@ -383,6 +409,7 @@ resources:
   BlockStorageDeployment:
     type: OS::Heat::StructuredDeployment
     depends_on: BlockStorageUpgradeInitDeployment
+    condition: server_not_blacklisted
     properties:
       name: BlockStorageDeployment
       server: {get_resource: BlockStorage}
@@ -449,6 +476,7 @@ resources:
   UpdateDeployment:
     type: OS::Heat::SoftwareDeployment
     depends_on: NetworkDeployment
+    condition: server_not_blacklisted
     properties:
       name: UpdateDeployment
       config: {get_resource: UpdateConfig}
@@ -545,6 +573,7 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
     description: Heat resource handle for the block storage server
     value:
       {get_resource: BlockStorage}
+    condition: server_not_blacklisted
   external_ip_address:
     description: IP address of the server in the external network
     value: {get_attr: [ExternalPort, ip_address]}
index 4b02245..d4dfa71 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: 'OpenStack ceph storage node configured by Puppet'
 parameters:
   OvercloudCephStorageFlavor:
@@ -115,6 +115,15 @@ parameters:
     type: string
     description: Command which will be run whenever configuration data changes
     default: os-refresh-config --timeout 14400
+  ConfigCollectSplay:
+    type: number
+    default: 30
+    description: |
+      Maximum amount of time to possibly to delay configuation collection
+      polling. Defaults to 30 seconds. Set to 0 to disable it which will cause
+      the configuration collection to occur as soon as the collection process
+      starts.  This setting is used to prevent the configuration collection
+      processes from polling all at the exact same time.
   UpgradeInitCommand:
     type: string
     description: |
@@ -129,13 +138,28 @@ parameters:
       major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
       environment files.
     default: ''
+  DeploymentServerBlacklistDict:
+    default: {}
+    type: json
+    description: >
+      Map of server hostnames to blacklist from any triggered
+      deployments. If the value is 1, the server will be blacklisted. This
+      parameter is generated from the parent template.
+
+conditions:
+  server_not_blacklisted:
+    not:
+      equals:
+        - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
+        - 1
 
 resources:
   CephStorage:
-    type: OS::TripleO::Server
+    type: OS::TripleO::CephStorageServer
     metadata:
       os-collect-config:
         command: {get_param: ConfigCommand}
+        splay: {get_param: ConfigCollectSplay}
     properties:
       image: {get_param: CephStorageImage}
       image_update_policy: {get_param: ImageUpdatePolicy}
@@ -358,6 +382,7 @@ resources:
   NetworkDeployment:
     type: OS::TripleO::SoftwareDeployment
     depends_on: PreNetworkConfig
+    condition: server_not_blacklisted
     properties:
       name: NetworkDeployment
       config: {get_resource: NetworkConfig}
@@ -381,6 +406,7 @@ resources:
   CephStorageUpgradeInitDeployment:
     type: OS::Heat::SoftwareDeployment
     depends_on: NetworkDeployment
+    condition: server_not_blacklisted
     properties:
       name: CephStorageUpgradeInitDeployment
       server: {get_resource: CephStorage}
@@ -389,6 +415,7 @@ resources:
   CephStorageDeployment:
     type: OS::Heat::StructuredDeployment
     depends_on: CephStorageUpgradeInitDeployment
+    condition: server_not_blacklisted
     properties:
       name: CephStorageDeployment
       config: {get_resource: CephStorageConfig}
@@ -461,6 +488,7 @@ resources:
   UpdateDeployment:
     type: OS::Heat::SoftwareDeployment
     depends_on: NetworkDeployment
+    condition: server_not_blacklisted
     properties:
       config: {get_resource: UpdateConfig}
       server: {get_resource: CephStorage}
@@ -556,6 +584,7 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
     description: Heat resource handle for the ceph storage server
     value:
       {get_resource: CephStorage}
+    condition: server_not_blacklisted
   external_ip_address:
     description: IP address of the server in the external network
     value: {get_attr: [ExternalPort, ip_address]}
index 37331f3..ff1f6d2 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack hypervisor node configured via Puppet.
@@ -127,6 +127,15 @@ parameters:
     type: string
     description: Command which will be run whenever configuration data changes
     default: os-refresh-config --timeout 14400
+  ConfigCollectSplay:
+    type: number
+    default: 30
+    description: |
+      Maximum amount of time to possibly to delay configuation collection
+      polling. Defaults to 30 seconds. Set to 0 to disable it which will cause
+      the configuration collection to occur as soon as the collection process
+      starts.  This setting is used to prevent the configuration collection
+      processes from polling all at the exact same time.
   UpgradeInitCommand:
     type: string
     description: |
@@ -141,14 +150,29 @@ parameters:
       major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
       environment files.
     default: ''
+  DeploymentServerBlacklistDict:
+    default: {}
+    type: json
+    description: >
+      Map of server hostnames to blacklist from any triggered
+      deployments. If the value is 1, the server will be blacklisted. This
+      parameter is generated from the parent template.
+
+conditions:
+  server_not_blacklisted:
+    not:
+      equals:
+        - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
+        - 1
 
 resources:
 
   NovaCompute:
-    type: OS::TripleO::Server
+    type: OS::TripleO::ComputeServer
     metadata:
       os-collect-config:
         command: {get_param: ConfigCommand}
+        splay: {get_param: ConfigCollectSplay}
     properties:
       image: {get_param: NovaImage}
       image_update_policy:
@@ -372,6 +396,7 @@ resources:
   NetworkDeployment:
     type: OS::TripleO::SoftwareDeployment
     depends_on: PreNetworkConfig
+    condition: server_not_blacklisted
     properties:
       name: NetworkDeployment
       config: {get_resource: NetworkConfig}
@@ -398,6 +423,7 @@ resources:
   NovaComputeUpgradeInitDeployment:
     type: OS::Heat::SoftwareDeployment
     depends_on: NetworkDeployment
+    condition: server_not_blacklisted
     properties:
       name: NovaComputeUpgradeInitDeployment
       server: {get_resource: NovaCompute}
@@ -449,6 +475,7 @@ resources:
   NovaComputeDeployment:
     type: OS::TripleO::SoftwareDeployment
     depends_on: NovaComputeUpgradeInitDeployment
+    condition: server_not_blacklisted
     properties:
       name: NovaComputeDeployment
       config: {get_resource: NovaComputeConfig}
@@ -484,6 +511,7 @@ resources:
   UpdateDeployment:
     type: OS::Heat::SoftwareDeployment
     depends_on: NetworkDeployment
+    condition: server_not_blacklisted
     properties:
       name: UpdateDeployment
       config: {get_resource: UpdateConfig}
@@ -599,4 +627,5 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
   nova_server_resource:
     description: Heat resource handle for the Nova compute server
     value:
-      {get_resource: NovaCompute}
\ No newline at end of file
+      {get_resource: NovaCompute}
+    condition: server_not_blacklisted
index cdbc76f..832656b 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   A software config which runs puppet on the {{role}} role
index 68623e2..9bf110d 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack controller node configured by Puppet.
@@ -141,6 +141,15 @@ parameters:
     type: string
     description: Command which will be run whenever configuration data changes
     default: os-refresh-config --timeout 14400
+  ConfigCollectSplay:
+    type: number
+    default: 30
+    description: |
+      Maximum amount of time to possibly to delay configuation collection
+      polling. Defaults to 30 seconds. Set to 0 to disable it which will cause
+      the configuration collection to occur as soon as the collection process
+      starts.  This setting is used to prevent the configuration collection
+      processes from polling all at the exact same time.
   UpgradeInitCommand:
     type: string
     description: |
@@ -155,6 +164,13 @@ parameters:
       major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
       environment files.
     default: ''
+  DeploymentServerBlacklistDict:
+    default: {}
+    type: json
+    description: >
+      Map of server hostnames to blacklist from any triggered
+      deployments. If the value is 1, the server will be blacklisted. This
+      parameter is generated from the parent template.
 
 parameter_groups:
 - label: deprecated
@@ -162,13 +178,22 @@ parameter_groups:
   parameters:
   - controllerExtraConfig
 
+conditions:
+  server_not_blacklisted:
+    not:
+      equals:
+        - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
+        - 1
+
+
 resources:
 
   Controller:
-    type: OS::TripleO::Server
+    type: OS::TripleO::ControllerServer
     metadata:
       os-collect-config:
         command: {get_param: ConfigCommand}
+        splay: {get_param: ConfigCollectSplay}
     properties:
       image: {get_param: controllerImage}
       image_update_policy: {get_param: ImageUpdatePolicy}
@@ -390,6 +415,7 @@ resources:
 
   NetworkDeployment:
     type: OS::TripleO::SoftwareDeployment
+    condition: server_not_blacklisted
     depends_on: PreNetworkConfig
     properties:
       name: NetworkDeployment
@@ -431,6 +457,7 @@ resources:
   # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first
   ControllerUpgradeInitDeployment:
     type: OS::Heat::SoftwareDeployment
+    condition: server_not_blacklisted
     depends_on: NetworkDeployment
     properties:
       name: ControllerUpgradeInitDeployment
@@ -439,6 +466,7 @@ resources:
 
   ControllerDeployment:
     type: OS::TripleO::SoftwareDeployment
+    condition: server_not_blacklisted
     depends_on: ControllerUpgradeInitDeployment
     properties:
       name: ControllerDeployment
@@ -522,6 +550,7 @@ resources:
 
   UpdateDeployment:
     type: OS::Heat::SoftwareDeployment
+    condition: server_not_blacklisted
     depends_on: NetworkDeployment
     properties:
       name: UpdateDeployment
@@ -639,6 +668,7 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
     description: Heat resource handle for the Nova compute server
     value:
       {get_resource: Controller}
+    condition: server_not_blacklisted
   tls_key_modulus_md5:
     description: MD5 checksum of the TLS Key Modulus
     value: {get_attr: [NodeTLSData, key_modulus_md5]}
index 5e89405..3a7a73c 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Software Config to install deployment artifacts (tarball's and/or
index b6d1239..e1c464b 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: Configure hieradata for all MidoNet nodes
 
index b05fa63..313c126 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: Configure hieradata for Network Cisco configuration
 
index e3f4cce..93408dd 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: Configure hieradata for Big Switch agents on compute node
 
index 1d16e90..ea2fd71 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: Configure hieradata for Nuage configuration on the Compute
 
index d3d546d..69cd703 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: 'Extra Pre-Deployment Config, multiple'
 parameters:
   server:
index e7d0b83..71a915d 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: Configure hieradata for Neutron Big Switch configuration
 
index 5da07f8..f14e13f 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: 'Noop Extra Pre-Deployment Config'
 parameters:
   server:
index 65113f6..7fb67d8 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: Configure hieradata overrides for specific nodes
 
index 04b5ccf..11f2769 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   This is a template which will inject the trusted anchor.
index 7ce1506..9c6a402 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: Enroll nodes to FreeIPA
 
index 2a61afc..8cba435 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   This is a template which will build the TLS Certificates necessary
index c0a0778..b44095b 100644 (file)
@@ -2,7 +2,7 @@
 {% set batch_upgrade_steps_max = 3 -%}
 {% set upgrade_steps_max = 6 -%}
 {% set deliver_script = {'deliver': False} -%}
-heat_template_version: ocata
+heat_template_version: pike
 description: 'Upgrade steps for all roles'
 
 parameters:
@@ -32,7 +32,6 @@ parameters:
     type: string
     hidden: true
 
-
 resources:
 
 {% for role in roles if role.disable_upgrade_deployment|default(false) %}
@@ -45,23 +44,6 @@ resources:
         - ''
         - - "#!/bin/bash\n\n"
           - "set -eu\n\n"
-          - "if hiera -c /etc/puppet/hiera.yaml service_names | grep nova_compute ; then\n\n"
-          - "  crudini --set /etc/nova/nova.conf placement auth_type password\n\n"
-          - "  crudini --set /etc/nova/nova.conf placement username placement\n\n"
-          - "  crudini --set /etc/nova/nova.conf placement project_domain_name Default\n\n"
-          - "  crudini --set /etc/nova/nova.conf placement user_domain_name Default\n\n"
-          - "  crudini --set /etc/nova/nova.conf placement project_name service\n\n"
-          - str_replace:
-              template: |
-                crudini --set /etc/nova/nova.conf placement password 'SERVICE_PASSWORD'
-                crudini --set /etc/nova/nova.conf placement region_name 'REGION_NAME'
-                crudini --set /etc/nova/nova.conf placement auth_url 'AUTH_URL'
-              params:
-                SERVICE_PASSWORD: { get_param: NovaPassword }
-                REGION_NAME: { get_param: KeystoneRegion }
-                AUTH_URL: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
-          - "  systemctl restart openstack-nova-compute\n\n"
-          - "fi\n\n"
           - str_replace:
               template: |
                 ROLE='ROLE_NAME'
@@ -88,22 +70,22 @@ resources:
   {%- for role in roles %}
   {{role.name}}UpgradeBatchConfig_Step{{step}}:
     type: OS::TripleO::UpgradeConfig
-  {%- if step > 0 %}
-    {%- if role in enabled_roles %}
+    {%- if step > 0 %}
     depends_on:
-      - {{role.name}}UpgradeBatch_Step{{step -1}}
-    {%- endif %}
-  {%- else %}
+      {%- for role_inside in enabled_roles %}
+      - {{role_inside.name}}UpgradeBatch_Step{{step -1}}
+      {%- endfor %}
+    {% else %}
     {% for role in roles if role.disable_upgrade_deployment|default(false) %}
       {% if deliver_script.update({'deliver': True}) %} {% endif %}
     {% endfor %}
     {% if deliver_script.deliver %}
     depends_on:
-    {% endif %}
       {% for dep in roles if dep.disable_upgrade_deployment|default(false) %}
       - {{dep.name}}DeliverUpgradeScriptDeployment
       {% endfor %}
-  {% endif %}
+    {% endif %}
+    {% endif %}
     properties:
       UpgradeStepConfig: {get_param: [role_data, {{role.name}}, upgrade_batch_tasks]}
       step: {{step}}
@@ -118,14 +100,23 @@ resources:
       {%- for role_inside in enabled_roles %}
       - {{role_inside.name}}UpgradeBatch_Step{{step -1}}
       {%- endfor %}
-    {%- endif %}
+    {% else %}
+    {% for role in roles if role.disable_upgrade_deployment|default(false) %}
+      {% if deliver_script.update({'deliver': True}) %} {% endif %}
+    {% endfor %}
+    {% if deliver_script.deliver %}
+    depends_on:
+      {% for dep in roles if dep.disable_upgrade_deployment|default(false) %}
+      - {{dep.name}}DeliverUpgradeScriptDeployment
+      {% endfor %}
+    {% endif %}
+    {% endif %}
     update_policy:
       batch_create:
         max_batch_size: {{role.upgrade_batch_size|default(1)}}
       rolling_update:
         max_batch_size: {{role.upgrade_batch_size|default(1)}}
     properties:
-      name: {{role.name}}UpgradeBatch_Step{{step}}
       servers: {get_param: [servers, {{role.name}}]}
       config: {get_resource: {{role.name}}UpgradeBatchConfig_Step{{step}}}
       input_values:
@@ -166,16 +157,18 @@ resources:
   {%- for role in roles %}
   {{role.name}}UpgradeConfig_Step{{step}}:
     type: OS::TripleO::UpgradeConfig
-  # The UpgradeConfig resources could actually be created without
-  # serialization, but the event output is easier to follow if we
-  # do, and there should be minimal performance hit (creating the
-  # config is cheap compared to the time to apply the deployment).
-  {%- if step > 0 %}
-    {%- if role in enabled_roles %}
+    # The UpgradeConfig resources could actually be created without
+    # serialization, but the event output is easier to follow if we
+    # do, and there should be minimal performance hit (creating the
+    # config is cheap compared to the time to apply the deployment).
     depends_on:
-      - {{role.name}}Upgrade_Step{{step -1}}
-    {%- endif %}
-  {%- endif %}
+      {%- for role_inside in enabled_roles %}
+      {%- if step > 0 %}
+      - {{role_inside.name}}Upgrade_Step{{step -1}}
+      {%- else %}
+      - {{role_inside.name}}UpgradeBatch_Step{{batch_upgrade_steps_max -1}}
+      {%- endif %}
+      {%- endfor %}
     properties:
       UpgradeStepConfig: {get_param: [role_data, {{role.name}}, upgrade_tasks]}
       step: {{step}}
@@ -185,22 +178,15 @@ resources:
   {%- for role in enabled_roles %}
   {{role.name}}Upgrade_Step{{step}}:
     type: OS::Heat::SoftwareDeploymentGroup
-    {%- if step > 0 %}
-    # Make sure we wait that all roles have finished their own
-    # previous step before going to the next, so we can guarantee
-    # state for each steps.
     depends_on:
       {%- for role_inside in enabled_roles %}
+      {%- if step > 0 %}
       - {{role_inside.name}}Upgrade_Step{{step -1}}
-      {%- endfor %}
-    {%- else %}
-    depends_on:
-      {%- for role_inside in enabled_roles %}
+      {%- else %}
       - {{role_inside.name}}UpgradeBatch_Step{{batch_upgrade_steps_max -1}}
+      {%- endif %}
       {%- endfor %}
-    {%- endif %}
     properties:
-      name: {{role.name}}Upgrade_Step{{step}}
       servers: {get_param: [servers, {{role.name}}]}
       config: {get_resource: {{role.name}}UpgradeConfig_Step{{step}}}
       input_values:
index a329d13..2f7056c 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: 'OpenStack swift storage node configured by Puppet'
 parameters:
   OvercloudSwiftStorageFlavor:
@@ -109,6 +109,15 @@ parameters:
     type: string
     description: Command which will be run whenever configuration data changes
     default: os-refresh-config --timeout 14400
+  ConfigCollectSplay:
+    type: number
+    default: 30
+    description: |
+      Maximum amount of time to possibly to delay configuation collection
+      polling. Defaults to 30 seconds. Set to 0 to disable it which will cause
+      the configuration collection to occur as soon as the collection process
+      starts.  This setting is used to prevent the configuration collection
+      processes from polling all at the exact same time.
   UpgradeInitCommand:
     type: string
     description: |
@@ -123,14 +132,29 @@ parameters:
       major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
       environment files.
     default: ''
+  DeploymentServerBlacklistDict:
+    default: {}
+    type: json
+    description: >
+      Map of server hostnames to blacklist from any triggered
+      deployments. If the value is 1, the server will be blacklisted. This
+      parameter is generated from the parent template.
+
+conditions:
+  server_not_blacklisted:
+    not:
+      equals:
+        - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
+        - 1
 
 resources:
 
   SwiftStorage:
-    type: OS::Nova::Server
+    type: OS::TripleO::ObjectStorageServer
     metadata:
       os-collect-config:
         command: {get_param: ConfigCommand}
+        splay: {get_param: ConfigCollectSplay}
     properties:
       image: {get_param: SwiftStorageImage}
       flavor: {get_param: OvercloudSwiftStorageFlavor}
@@ -352,6 +376,7 @@ resources:
   NetworkDeployment:
     type: OS::TripleO::SoftwareDeployment
     depends_on: PreNetworkConfig
+    condition: server_not_blacklisted
     properties:
       name: NetworkDeployment
       config: {get_resource: NetworkConfig}
@@ -375,6 +400,7 @@ resources:
   SwiftStorageUpgradeInitDeployment:
     type: OS::Heat::SoftwareDeployment
     depends_on: NetworkDeployment
+    condition: server_not_blacklisted
     properties:
       name: SwiftStorageUpgradeInitDeployment
       server: {get_resource: SwiftStorage}
@@ -420,6 +446,7 @@ resources:
   SwiftStorageHieraDeploy:
     type: OS::Heat::StructuredDeployment
     depends_on: SwiftStorageUpgradeInitDeployment
+    condition: server_not_blacklisted
     properties:
       name: SwiftStorageHieraDeploy
       server: {get_resource: SwiftStorage}
@@ -448,6 +475,7 @@ resources:
   UpdateDeployment:
     type: OS::Heat::SoftwareDeployment
     depends_on: NetworkDeployment
+    condition: server_not_blacklisted
     properties:
       config: {get_resource: UpdateConfig}
       server: {get_resource: SwiftStorage}
@@ -543,6 +571,7 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
     description: Heat resource handle for the swift storage server
     value:
       {get_resource: SwiftStorage}
+    condition: server_not_blacklisted
   external_ip_address:
     description: IP address of the server in the external network
     value: {get_attr: [ExternalPort, ip_address]}
index b84039d..c51b6e1 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Post-upgrade configuration steps via puppet for all roles
index 2120277..3a15cec 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Post-deploy configuration steps via puppet for all roles,
index 782a32c..360c633 100644 (file)
     properties:
       StepConfig: {list_join: ["\n", {get_param: [role_data, {{role.name}}, step_config]}]}
 
-  {{role.name}}PrePuppet:
-    type: OS::TripleO::Tasks::{{role.name}}PrePuppet
-    properties:
-      servers: {get_param: [servers, {{role.name}}]}
-      input_values:
-        update_identifier: {get_param: DeployIdentifier}
-
   # Step through a series of configuration steps
 {% for step in range(1, 6) %}
   {{role.name}}Deployment_Step{{step}}:
     type: OS::Heat::StructuredDeploymentGroup
   {% if step == 1 %}
-    depends_on: [{{role.name}}PrePuppet, {{role.name}}PreConfig, {{role.name}}ArtifactsDeploy]
+    depends_on: [{{role.name}}PreConfig, {{role.name}}ArtifactsDeploy]
   {% else %}
     depends_on:
     {% for dep in roles %}
@@ -58,7 +51,7 @@
       - {{dep.name}}Deployment_Step5
   {% endfor %}
     properties:
-      servers:  {get_param: servers}
+      servers: {get_param: servers}
       input_values:
         update_identifier: {get_param: DeployIdentifier}
 
     properties:
         servers: {get_param: [servers, {{role.name}}]}
 
-  {{role.name}}PostPuppet:
-    depends_on:
-      - {{role.name}}ExtraConfigPost
-    type: OS::TripleO::Tasks::{{role.name}}PostPuppet
-    properties:
-      servers: {get_param: [servers, {{role.name}}]}
-      input_values:
-        update_identifier: {get_param: DeployIdentifier}
 {% endfor %}
index 9cfc65a..7acf2df 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: 'OpenStack {{role}} node configured by Puppet'
 parameters:
   Overcloud{{role}}Flavor:
@@ -125,6 +125,15 @@ parameters:
     type: string
     description: Command which will be run whenever configuration data changes
     default: os-refresh-config --timeout 14400
+  ConfigCollectSplay:
+    type: number
+    default: 30
+    description: |
+      Maximum amount of time to possibly to delay configuation collection
+      polling. Defaults to 30 seconds. Set to 0 to disable it which will cause
+      the configuration collection to occur as soon as the collection process
+      starts.  This setting is used to prevent the configuration collection
+      processes from polling all at the exact same time.
   LoggingSources:
     type: json
     default: []
@@ -145,13 +154,28 @@ parameters:
       major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
       environment files.
     default: ''
+  DeploymentServerBlacklistDict:
+    default: {}
+    type: json
+    description: >
+      Map of server hostnames to blacklist from any triggered
+      deployments. If the value is 1, the server will be blacklisted. This
+      parameter is generated from the parent template.
+
+conditions:
+  server_not_blacklisted:
+    not:
+      equals:
+        - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
+        - 1
 
 resources:
   {{role}}:
-    type: OS::TripleO::Server
+    type: OS::TripleO::{{role.name}}Server
     metadata:
       os-collect-config:
         command: {get_param: ConfigCommand}
+        splay: {get_param: ConfigCollectSplay}
     properties:
       image: {get_param: {{role}}Image}
       image_update_policy: {get_param: ImageUpdatePolicy}
@@ -374,6 +398,7 @@ resources:
   NetworkDeployment:
     type: OS::TripleO::SoftwareDeployment
     depends_on: PreNetworkConfig
+    condition: server_not_blacklisted
     properties:
       name: NetworkDeployment
       config: {get_resource: NetworkConfig}
@@ -400,6 +425,7 @@ resources:
   {{role}}UpgradeInitDeployment:
     type: OS::Heat::SoftwareDeployment
     depends_on: NetworkDeployment
+    condition: server_not_blacklisted
     properties:
       name: {{role}}UpgradeInitDeployment
       server: {get_resource: {{role}}}
@@ -408,6 +434,7 @@ resources:
   {{role}}Deployment:
     type: OS::Heat::StructuredDeployment
     depends_on: {{role}}UpgradeInitDeployment
+    condition: server_not_blacklisted
     properties:
       name: {{role}}Deployment
       config: {get_resource: {{role}}Config}
@@ -482,6 +509,7 @@ resources:
   UpdateDeployment:
     type: OS::Heat::SoftwareDeployment
     depends_on: NetworkDeployment
+    condition: server_not_blacklisted
     properties:
       name: UpdateDeployment
       config: {get_resource: UpdateConfig}
@@ -578,6 +606,7 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
     description: Heat resource handle for {{role}} server
     value:
       {get_resource: {{role}}}
+    condition: server_not_blacklisted
   external_ip_address:
     description: IP address of the server in the external network
     value: {get_attr: [ExternalPort, ip_address]}
index f19b6cc..7a18ef0 100644 (file)
@@ -16,6 +16,39 @@ Each service may define its own input parameters and defaults.
 Operators will use the parameter_defaults section of any Heat
 environment to set per service parameters.
 
+Apart from sevice specific inputs, there are few default parameters for all
+the services. Following are the list of default parameters:
+
+ * ServiceNetMap: Mapping of service_name -> network name. Default mappings
+   for service to network names are defined in
+   ../network/service_net_map.j2.yaml, which may be overridden via
+   ServiceNetMap values added to a user environment file via
+   parameter_defaults.
+
+ * EndpointMap: Mapping of service endpoint -> protocol. Contains a mapping of
+   endpoint data generated for all services, based on the data included in
+   ../network/endpoints/endpoint_data.yaml.
+
+ * DefaultPasswords: Mapping of service -> default password. Used to pass some
+   passwords from the parent templates, this is a legacy interface and should
+   not be used by new services.
+
+ * RoleName: Name of the role on which this service is deployed. A service can
+   be deployed in multiple roles. This is an internal parameter (should not be
+   set via environment file), which is fetched from the name attribute of the
+   roles_data.yaml template.
+
+ * RoleParameters: Parameter specific to a role on which the service is
+   applied. Using the format "<RoleName>Parameters" in the parameter_defaults
+   of user environment file, parameters can be provided for a specific role.
+   For example, in order to provide a parameter specific to "Compute" role,
+   below is the format::
+
+      parameter_defaults:
+        ComputeParameters:
+          Param1: value
+
+
 Config Settings
 ---------------
 
index 7cc6e4c..561b48c 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Aodh API service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -38,6 +46,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
   ApacheServiceBase:
     type: ./apache.yaml
@@ -45,6 +55,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
       EnableInternalTLS: {get_param: EnableInternalTLS}
 
 outputs:
@@ -93,6 +105,12 @@ outputs:
       metadata_settings:
         get_attr: [ApacheServiceBase, role_data, metadata_settings]
       upgrade_tasks:
-        - name: Stop aodh_api service (running under httpd)
-          tags: step1
-          service: name=httpd state=stopped
+        yaql:
+          expression: $.data.apache_upgrade + $.data.aodh_api_upgrade
+          data:
+            apache_upgrade:
+              get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
+            aodh_api_upgrade:
+              - name: Stop aodh_api service (running under httpd)
+                tags: step1
+                service: name=httpd state=stopped
index 48a2aec..331fe9a 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Aodh service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -61,15 +69,15 @@ outputs:
       config_settings:
         aodh_redis_password: {get_param: RedisPassword}
         aodh::db::database_connection:
-          list_join:
-            - ''
-            - - {get_param: [EndpointMap, MysqlInternal, protocol]}
-              - '://aodh:'
-              - {get_param: AodhPassword}
-              - '@'
-              - {get_param: [EndpointMap, MysqlInternal, host]}
-              - '/aodh'
-              - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
+          make_url:
+            scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
+            username: aodh
+            password: {get_param: AodhPassword}
+            host: {get_param: [EndpointMap, MysqlInternal, host]}
+            path: /aodh
+            query:
+              read_default_file: /etc/my.cnf.d/tripleo.cnf
+              read_default_group: tripleo
         aodh::debug: {get_param: Debug}
         aodh::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
         aodh::rabbit_userid: {get_param: RabbitUserName}
@@ -83,7 +91,7 @@ outputs:
         aodh::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
         aodh::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
         aodh::auth::auth_password: {get_param: AodhPassword}
-        aodh::auth::auth_region: 'regionOne'
+        aodh::auth::auth_region: {get_param: KeystoneRegion}
         aodh::auth::auth_tenant_name: 'service'
       service_config_settings:
         keystone:
index b8be4a9..669c11d 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Aodh Evaluator service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -29,6 +37,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index f5c9330..17710ec 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Aodh Listener service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -29,6 +37,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index 84c50dd..2eed1b7 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Aodh Notifier service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -29,6 +37,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index 6e53b1f..23fcab9 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Apache service configured with Puppet. Note this is typically included
@@ -22,6 +22,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -30,6 +38,11 @@ parameters:
   EnableInternalTLS:
     type: boolean
     default: false
+  InternalTLSCAFile:
+    default: '/etc/ipa/ca.crt'
+    type: string
+    description: Specifies the default CA cert to use if TLS is used for
+                 services in the internal network.
 
 conditions:
 
@@ -64,6 +77,7 @@ outputs:
             # internal_api_uri -> [IP]
             # internal_api_subnet - > IP/CIDR
             apache::ip: {get_param: [ServiceNetMap, ApacheNetwork]}
+            apache::default_vhost: false
             apache::server_signature: 'Off'
             apache::server_tokens: 'Prod'
             apache_remote_proxy_ips_network:
@@ -75,21 +89,25 @@ outputs:
             apache::mod::prefork::serverlimit: { get_param: ApacheServerLimit }
             apache::mod::remoteip::proxy_ips:
               - "%{hiera('apache_remote_proxy_ips_network')}"
-          -
-            generate_service_certificates: true
-            tripleo::certmonger::apache_dirs::certificate_dir: '/etc/pki/tls/certs/httpd'
-            tripleo::certmonger::apache_dirs::key_dir: '/etc/pki/tls/private/httpd'
-            apache_certificates_specs:
-              map_merge:
-                repeat:
-                  template:
-                    httpd-NETWORK:
-                      service_certificate: '/etc/pki/tls/certs/httpd/httpd-NETWORK.crt'
-                      service_key: '/etc/pki/tls/private/httpd/httpd-NETWORK.key'
-                      hostname: "%{hiera('fqdn_NETWORK')}"
-                      principal: "HTTP/%{hiera('fqdn_NETWORK')}"
-                  for_each:
-                    NETWORK: {get_attr: [ApacheNetworks, value]}
+          - if:
+            - internal_tls_enabled
+            -
+              generate_service_certificates: true
+              apache::mod::ssl::ssl_ca: {get_param: InternalTLSCAFile}
+              tripleo::certmonger::apache_dirs::certificate_dir: '/etc/pki/tls/certs/httpd'
+              tripleo::certmonger::apache_dirs::key_dir: '/etc/pki/tls/private/httpd'
+              apache_certificates_specs:
+                map_merge:
+                  repeat:
+                    template:
+                      httpd-NETWORK:
+                        service_certificate: '/etc/pki/tls/certs/httpd/httpd-NETWORK.crt'
+                        service_key: '/etc/pki/tls/private/httpd/httpd-NETWORK.key'
+                        hostname: "%{hiera('fqdn_NETWORK')}"
+                        principal: "HTTP/%{hiera('fqdn_NETWORK')}"
+                    for_each:
+                      NETWORK: {get_attr: [ApacheNetworks, value]}
+            - {}
       metadata_settings:
         if:
           - internal_tls_enabled
@@ -112,3 +130,6 @@ outputs:
           shell: /usr/bin/systemctl show 'httpd' --property ActiveState | grep '\bactive\b'
           when: httpd_enabled.rc == 0
           tags: step0,validation
+        - name: Ensure mod_ssl package is installed
+          tags: step3
+          yum: name=mod_ssl state=latest
index 8085ac8..3eff534 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   AuditD configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
index 91a5b01..53fba63 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Barbican API service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -70,6 +78,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
@@ -104,15 +114,15 @@ outputs:
                 params:
                   $NETWORK: {get_param: [ServiceNetMap, BarbicanApiNetwork]}
             barbican::db::database_connection:
-              list_join:
-                - ''
-                - - {get_param: [EndpointMap, MysqlInternal, protocol]}
-                  - '://barbican:'
-                  - {get_param: BarbicanPassword}
-                  - '@'
-                  - {get_param: [EndpointMap, MysqlInternal, host]}
-                  - '/barbican'
-                  - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
+              make_url:
+                scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
+                username: barbican
+                password: {get_param: BarbicanPassword}
+                host: {get_param: [EndpointMap, MysqlInternal, host]}
+                path: /barbican
+                query:
+                  read_default_file: /etc/my.cnf.d/tripleo.cnf
+                  read_default_group: tripleo
             tripleo.barbican_api.firewall_rules:
               '117 barbican':
                 dport:
@@ -153,16 +163,22 @@ outputs:
       metadata_settings:
         get_attr: [ApacheServiceBase, role_data, metadata_settings]
       upgrade_tasks:
-        - name: Check if barbican_api is deployed
-          command: systemctl is-enabled openstack-barbican-api
-          tags: common
-          ignore_errors: True
-          register: barbican_api_enabled
-        - name: "PreUpgrade step0,validation: Check service openstack-barbican-api is running"
-          shell: /usr/bin/systemctl show 'openstack-barbican-api' --property ActiveState | grep '\bactive\b'
-          when: barbican_api_enabled.rc == 0
-          tags: step0,validation
-        - name: Install openstack-barbican-api package if it was disabled
-          tags: step3
-          yum: name=openstack-barbican-api state=latest
-          when: barbican_api_enabled.rc != 0
+        yaql:
+          expression: $.data.apache_upgrade + $.data.barbican_api_upgrade
+          data:
+            apache_upgrade:
+              get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
+            barbican_api_upgrade:
+              - name: Check if barbican_api is deployed
+                command: systemctl is-enabled openstack-barbican-api
+                tags: common
+                ignore_errors: True
+                register: barbican_api_enabled
+              - name: "PreUpgrade step0,validation: Check service openstack-barbican-api is running"
+                shell: /usr/bin/systemctl show 'openstack-barbican-api' --property ActiveState | grep '\bactive\b'
+                when: barbican_api_enabled.rc == 0
+                tags: step0,validation
+              - name: Install openstack-barbican-api package if it was disabled
+                tags: step3
+                yum: name=openstack-barbican-api state=latest
+                when: barbican_api_enabled.rc != 0
index 735e6dd..6249c1a 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   HAproxy service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
index 8082352..2dbaf55 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Ceilometer Central Agent service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -38,6 +46,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
@@ -53,6 +63,8 @@ outputs:
           - get_attr: [CeilometerServiceBase, role_data, config_settings]
           - ceilometer_redis_password: {get_param: RedisPassword}
             central_namespace: true
+      service_config_settings:
+        get_attr: [CeilometerServiceBase, role_data, service_config_settings]
       step_config: |
         include ::tripleo::profile::base::ceilometer::agent::polling
       upgrade_tasks:
index 546bcd9..c453a43 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Ceilometer Compute Agent service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -35,6 +43,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
@@ -47,6 +57,8 @@ outputs:
           - get_attr: [CeilometerServiceBase, role_data, config_settings]
           - ceilometer::agent::compute::instance_discovery_method: {get_param: InstanceDiscoveryMethod}
             compute_namespace: true
+      service_config_settings:
+        get_attr: [CeilometerServiceBase, role_data, service_config_settings]
       step_config: |
         include ::tripleo::profile::base::ceilometer::agent::polling
       upgrade_tasks:
index 26647df..7dd1e78 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Ceilometer Ipmi Agent service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -38,6 +46,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index 4ee43f4..6e89356 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Ceilometer Notification Agent service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -35,6 +43,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
@@ -47,6 +57,8 @@ outputs:
         - ceilometer
       config_settings:
         get_attr: [CeilometerServiceBase, role_data, config_settings]
+      service_config_settings:
+        get_attr: [CeilometerServiceBase, role_data, service_config_settings]
       step_config: |
         include ::tripleo::profile::base::ceilometer::agent::notification
       upgrade_tasks:
index ba94b45..74b0c3d 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Ceilometer API service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -43,6 +51,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
   ApacheServiceBase:
     type: ./apache.yaml
@@ -50,6 +60,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
       EnableInternalTLS: {get_param: EnableInternalTLS}
 
 outputs:
@@ -100,6 +112,12 @@ outputs:
       metadata_settings:
         get_attr: [ApacheServiceBase, role_data, metadata_settings]
       upgrade_tasks:
-        - name: Stop ceilometer_api service (running under httpd)
-          tags: step1
-          service: name=httpd state=stopped
+        yaql:
+          expression: $.data.apache_upgrade + $.data.ceilometer_api_upgrade
+          data:
+            apache_upgrade:
+              get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
+            ceilometer_api_upgrade:
+              - name: Stop ceilometer_api service (running under httpd)
+                tags: step1
+                service: name=httpd state=stopped
index e161372..b3e2c3a 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Ceilometer service configured with Puppet
@@ -13,15 +13,19 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
                  via parameter_defaults in the resource registry.
     type: json
-  CeilometerBackend:
-    default: 'mongodb'
-    description: The ceilometer backend type.
-    type: string
   CeilometerMeteringSecret:
     description: Secret shared by the ceilometer services.
     type: string
@@ -30,25 +34,31 @@ parameters:
     description: The password for the ceilometer service account.
     type: string
     hidden: true
-  CeilometerMeterDispatcher:
-    default: ['gnocchi']
-    description: Comma-seperated list of Dispatcher to process meter data
-    type: comma_delimited_list
-    constraints:
-    - allowed_values: ['gnocchi', 'database']
-  CeilometerEventDispatcher:
-    default: ['panko', 'gnocchi']
-    description: Comma-separated list of Dispatchers to process events data
-    type: comma_delimited_list
-    constraints:
-    - allowed_values: ['panko', 'gnocchi', 'database']
   CeilometerWorkers:
     default: 0
     description: Number of workers for Ceilometer service.
     type: number
+  ManageEventPipeline:
+    default: false
+    description: Whether to manage event_pipeline.yaml.
+    type: boolean
   EventPipelinePublishers:
-    default: ['notifier://?topic=alarm.all']
-    description: A list of publishers to put in event_pipeline.yaml.
+    default: ['gnocchi://']
+    description: >
+        A list of publishers to put in event_pipeline.yaml. When the
+        collector is used, override this with notifier:// publisher.
+        Set ManageEventPipeline to true for override to take effect.
+    type: comma_delimited_list
+  ManagePipeline:
+    default: false
+    description: Whether to manage pipeline.yaml.
+    type: boolean
+  PipelinePublishers:
+    default: ['gnocchi://']
+    description: >
+        A list of publishers to put in pipeline.yaml. When the
+        collector is used, override this with notifier:// publisher.
+        Set ManagePipeline to true for override to take effect.
     type: comma_delimited_list
   Debug:
     default: ''
@@ -81,6 +91,14 @@ parameters:
     description: Whether to create or skip API endpoint. Set this to
         false, if you choose to disable Ceilometer API service.
     type: boolean
+  SnmpdReadonlyUserName:
+    default: ro_snmp_user
+    description: The user name for SNMPd with readonly rights running on all Overcloud nodes
+    type: string
+  SnmpdReadonlyUserPassword:
+    description: The user password for SNMPd with readonly rights running on all Overcloud nodes
+    type: string
+    hidden: true
 
 outputs:
   role_data:
@@ -88,21 +106,7 @@ outputs:
     value:
       service_name: ceilometer_base
       config_settings:
-        ceilometer_auth_enabled: true
         ceilometer::debug: {get_param: Debug}
-        ceilometer::db::database_connection:
-          list_join:
-            - ''
-            - - {get_param: [EndpointMap, MysqlInternal, protocol]}
-            - - '://ceilometer:'
-              - {get_param: CeilometerPassword}
-              - '@'
-              - {get_param: [EndpointMap, MysqlInternal, host]}
-              - '/ceilometer'
-              - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
-        ceilometer_backend: {get_param: CeilometerBackend}
-        # we include db_sync class in puppet-tripleo
-        ceilometer::db::sync_db: false
         ceilometer::keystone::authtoken::project_name: 'service'
         ceilometer::keystone::authtoken::user_domain_name: 'Default'
         ceilometer::keystone::authtoken::project_domain_name: 'Default'
@@ -111,14 +115,15 @@ outputs:
         ceilometer::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
         ceilometer::agent::auth::auth_password: {get_param: CeilometerPassword}
         ceilometer::agent::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
+        ceilometer::agent::notification::manage_event_pipeline: {get_param: ManageEventPipeline}
         ceilometer::agent::notification::event_pipeline_publishers: {get_param: EventPipelinePublishers}
+        ceilometer::agent::notification::manage_pipeline: {get_param: ManagePipeline}
+        ceilometer::agent::notification::pipeline_publishers: {get_param: PipelinePublishers}
         ceilometer::agent::auth::auth_region: {get_param: KeystoneRegion}
         ceilometer::agent::auth::auth_tenant_name: 'service'
         ceilometer::agent::auth::auth_user_domain_name: 'Default'
         ceilometer::agent::auth::auth_project_domain_name: 'Default'
         ceilometer::agent::auth::auth_endpoint_type: 'internalURL'
-        ceilometer::collector::meter_dispatcher: {get_param: CeilometerMeterDispatcher}
-        ceilometer::collector::event_dispatcher: {get_param: CeilometerEventDispatcher}
         ceilometer::dispatcher::gnocchi::url: {get_param: [EndpointMap, GnocchiInternal, uri]}
         ceilometer::dispatcher::gnocchi::filter_project: 'service'
         ceilometer::dispatcher::gnocchi::archive_policy: 'low'
@@ -128,11 +133,12 @@ outputs:
         ceilometer::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
         ceilometer::rabbit_port: {get_param: RabbitClientPort}
         ceilometer::rabbit_heartbeat_timeout_threshold: 60
-        ceilometer::db::database_db_max_retries: -1
-        ceilometer::db::database_max_retries: -1
         ceilometer::telemetry_secret: {get_param: CeilometerMeteringSecret}
+        ceilometer::snmpd_readonly_username: {get_param: SnmpdReadonlyUserName}
+        ceilometer::snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
       service_config_settings:
         keystone:
+          ceilometer_auth_enabled: true
           ceilometer::keystone::auth::public_url: {get_param: [EndpointMap, CeilometerPublic, uri]}
           ceilometer::keystone::auth::internal_url: {get_param: [EndpointMap, CeilometerInternal, uri]}
           ceilometer::keystone::auth::admin_url: {get_param: [EndpointMap, CeilometerAdmin, uri]}
index b0ec971..3ec1842 100644 (file)
@@ -1,7 +1,8 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Ceilometer Collector service configured with Puppet
+  This service is deprecated and will be removed in future releases.
 
 parameters:
   ServiceNetMap:
@@ -13,11 +14,27 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
                  via parameter_defaults in the resource registry.
     type: json
+  CeilometerBackend:
+    default: 'mongodb'
+    description: The ceilometer backend type.
+    type: string
+  CeilometerPassword:
+    description: The password for the ceilometer service account.
+    type: string
+    hidden: true
   MonitoringSubscriptionCeilometerCollector:
     default: 'overcloud-ceilometer-collector'
     type: string
@@ -26,7 +43,32 @@ parameters:
     default:
       tag: openstack.ceilometer.collector
       path: /var/log/ceilometer/collector.log
-
+  CeilometerMeterDispatcher:
+    default: ['gnocchi']
+    description: Comma-seperated list of Dispatcher to process meter data
+                 Note that database option is deprecated and will not be
+                 supported in future.
+    type: comma_delimited_list
+    constraints:
+    - allowed_values: ['gnocchi', 'database']
+  CeilometerEventDispatcher:
+    default: ['panko', 'gnocchi']
+    description: Comma-separated list of Dispatchers to process events data
+                 Note that database option is deprecated and will not be
+                 supported in future.
+    type: comma_delimited_list
+    constraints:
+    - allowed_values: ['panko', 'gnocchi', 'database']
+  CeilometerEventTTL:
+    default: '86400'
+    description: Number of seconds that events are kept in the database for
+                 (<= 0 means forever)
+    type: string
+  CeilometerMeteringTTL:
+    default: '86400'
+    description: Number of seconds that samples are kept in the database for
+                 (<= 0 means forever)
+    type: string
 resources:
   CeilometerServiceBase:
     type: ./ceilometer-base.yaml
@@ -34,6 +76,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
   MongoDbBase:
     type: ./database/mongodb-base.yaml
@@ -41,6 +85,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
@@ -55,6 +101,25 @@ outputs:
         map_merge:
           - get_attr: [MongoDbBase, role_data, config_settings]
           - get_attr: [CeilometerServiceBase, role_data, config_settings]
+          - ceilometer::db::database_connection:
+              make_url:
+                scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
+                username: ceilometer
+                password: {get_param: CeilometerPassword}
+                host: {get_param: [EndpointMap, MysqlInternal, host]}
+                path: /ceilometer
+                query:
+                  read_default_file: /etc/my.cnf.d/tripleo.cnf
+                  read_default_group: tripleo
+            ceilometer_backend: {get_param: CeilometerBackend}
+            ceilometer::event_time_to_live: {get_param: CeilometerEventTTL}
+            ceilometer::metering_time_to_live: {get_param: CeilometerMeteringTTL}
+            # we include db_sync class in puppet-tripleo
+            ceilometer::db::sync_db: false
+            ceilometer::db::database_db_max_retries: -1
+            ceilometer::db::database_max_retries: -1
+            ceilometer::collector::meter_dispatcher: {get_param: CeilometerMeterDispatcher}
+            ceilometer::collector::event_dispatcher: {get_param: CeilometerEventDispatcher}
       service_config_settings:
         get_attr: [CeilometerServiceBase, role_data, service_config_settings]
       step_config: |
index 714434b..775e921 100644 (file)
@@ -1,7 +1,9 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Ceilometer Expirer service configured with Puppet
+  Note, This service is deprecated and will be removed in
+  future releases.
 
 parameters:
   ServiceNetMap:
@@ -13,6 +15,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -29,6 +39,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index 033d3f7..e12c55e 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Ceph base service. Shared by all Ceph services.
@@ -55,6 +55,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -91,7 +99,6 @@ outputs:
       service_name: ceph_base
       config_settings:
         tripleo::profile::base::ceph::enable_ceph_storage: {get_param: ControllerEnableCephStorage}
-        ceph::profile::params::osd_pool_default_min_size: 1
         ceph::profile::params::osds: {/srv/data: {}}
         ceph::profile::params::manage_repo: false
         ceph::profile::params::authentication_type: cephx
index f972e21..ec34fca 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Ceph Client service.
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -29,6 +37,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index 134f47c..599532c 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Ceph External service.
@@ -53,6 +53,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
index b68567f..270d3a2 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Ceph MDS service.
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -31,6 +39,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index d589ef8..2855230 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Ceph Monitor service.
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -70,6 +78,10 @@ parameters:
   MonitoringSubscriptionCephMon:
     default: 'overcloud-ceph-mon'
     type: string
+  CephPoolDefaultSize:
+    description: default minimum replication for RBD copies
+    type: number
+    default: 3
 
 resources:
   CephBase:
@@ -78,6 +90,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
@@ -92,7 +106,7 @@ outputs:
             ceph::profile::params::mon_key: {get_param: CephMonKey}
             ceph::profile::params::osd_pool_default_pg_num: 32
             ceph::profile::params::osd_pool_default_pgp_num: 32
-            ceph::profile::params::osd_pool_default_size: 3
+            ceph::profile::params::osd_pool_default_size: {get_param: CephPoolDefaultSize}
             # repeat returns items in a list, so we need to map_merge twice
             tripleo::profile::base::ceph::mon::ceph_pools:
               map_merge:
index a97fa11..24b2886 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Ceph OSD service.
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -47,6 +55,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index 4985611..ad91b4e 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Ceph RadosGW service.
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -43,6 +51,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index af9802b..6ad451a 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Requests certificates using certmonger through Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
index c1e6b0b..036209f 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Cinder API service configured with Puppet
@@ -22,6 +22,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -64,6 +72,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
       EnableInternalTLS: {get_param: EnableInternalTLS}
 
   CinderBase:
@@ -72,6 +82,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
@@ -159,25 +171,31 @@ outputs:
       metadata_settings:
         get_attr: [ApacheServiceBase, role_data, metadata_settings]
       upgrade_tasks:
-        - name: Check if cinder_api is deployed
-          command: systemctl is-enabled openstack-cinder-api
-          tags: common
-          ignore_errors: True
-          register: cinder_api_enabled
-        - name: "PreUpgrade step0,validation: Check service openstack-cinder-api is running"
-          shell: /usr/bin/systemctl show 'openstack-cinder-api' --property ActiveState | grep '\bactive\b'
-          when: cinder_api_enabled.rc == 0
-          tags: step0,validation
-        - name: check for cinder running under apache (post upgrade)
-          tags: step1
-          shell: "httpd -t -D DUMP_VHOSTS | grep -q cinder"
-          register: cinder_apache
-          ignore_errors: true
-        - name: Stop cinder_api service (running under httpd)
-          tags: step1
-          service: name=httpd state=stopped
-          when: cinder_apache.rc == 0
-        - name: Stop and disable cinder_api service (pre-upgrade not under httpd)
-          tags: step1
-          when: cinder_api_enabled.rc == 0
-          service: name=openstack-cinder-api state=stopped enabled=no
+        yaql:
+          expression: $.data.apache_upgrade + $.data.cinder_api_upgrade
+          data:
+            apache_upgrade:
+              get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
+            cinder_api_upgrade:
+              - name: Check if cinder_api is deployed
+                command: systemctl is-enabled openstack-cinder-api
+                tags: common
+                ignore_errors: True
+                register: cinder_api_enabled
+              - name: "PreUpgrade step0,validation: Check service openstack-cinder-api is running"
+                shell: /usr/bin/systemctl show 'openstack-cinder-api' --property ActiveState | grep '\bactive\b'
+                when: cinder_api_enabled.rc == 0
+                tags: step0,validation
+              - name: check for cinder running under apache (post upgrade)
+                tags: step1
+                shell: "httpd -t -D DUMP_VHOSTS | grep -q cinder"
+                register: cinder_apache
+                ignore_errors: true
+              - name: Stop cinder_api service (running under httpd)
+                tags: step1
+                service: name=httpd state=stopped
+                when: cinder_apache.rc == 0
+              - name: Stop and disable cinder_api service (pre-upgrade not under httpd)
+                tags: step1
+                when: cinder_api_enabled.rc == 0
+                service: name=openstack-cinder-api state=stopped enabled=no
index 1f15c53..d038253 100644 (file)
@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Openstack Cinder Dell EMC PS Series backend
@@ -58,6 +58,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     type: json
index 6a6196a..a201134 100644 (file)
@@ -11,7 +11,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Openstack Cinder Dell EMC Storage Center backend
@@ -49,6 +49,18 @@ parameters:
   CinderDellScVolumeFolder:
     type: string
     default: 'dellsc_volume'
+  CinderDellScSecondarySanIp:
+    type: string
+    default: ''
+  CinderDellScSecondarySanLogin:
+    type: string
+    default: 'Admin'
+  CinderDellScSecondarySanPassword:
+    type: string
+    hidden: true
+  CinderDellScSecondaryScApiPort:
+    type: number
+    default: 3033
   ServiceNetMap:
     default: {}
     description: Mapping of service_name -> network name. Typically set
@@ -58,6 +70,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     type: json
@@ -81,5 +101,9 @@ outputs:
                 cinder::backend::dellsc_iscsi::dell_sc_api_port: {get_param: CinderDellScApiPort}
                 cinder::backend::dellsc_iscsi::dell_sc_server_folder: {get_param: CinderDellScServerFolder}
                 cinder::backend::dellsc_iscsi::dell_sc_volume_folder: {get_param: CinderDellScVolumeFolder}
+                cinder::backend::dellsc_iscsi::secondary_san_ip: {get_param: CinderDellScSecondarySanIp}
+                cinder::backend::dellsc_iscsi::secondary_san_login: {get_param: CinderDellScSecondarySanLogin}
+                cinder::backend::dellsc_iscsi::secondary_san_password: {get_param: CinderDellScSecondarySanPassword}
+                cinder::backend::dellsc_iscsi::secondary_sc_api_port: {get_param: CinderDellScSecondaryScApiPort}
       step_config: |
         include ::tripleo::profile::base::cinder::volume
index 29a0ce1..bddc8e1 100644 (file)
@@ -1,8 +1,30 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: Openstack Cinder Netapp backend
 
 parameters:
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
   CinderEnableNetappBackend:
     type: boolean
     default: true
@@ -75,20 +97,6 @@ parameters:
   CinderNetappEseriesHostType:
     type: string
     default: 'linux_dm_mp'
-  ServiceNetMap:
-    default: {}
-    description: Mapping of service_name -> network name. Typically set
-                 via parameter_defaults in the resource registry.  This
-                 mapping overrides those in ServiceNetMapDefaults.
-    type: json
-  DefaultPasswords:
-    default: {}
-    type: json
-  EndpointMap:
-    default: {}
-    type: json
-    description: Mapping of service endpoint -> protocol. Typically set
-                 via parameter_defaults in the resource registry.
 
 parameter_groups:
 - label: deprecated
diff --git a/puppet/services/cinder-backend-pure.yaml b/puppet/services/cinder-backend-pure.yaml
new file mode 100644 (file)
index 0000000..576896a
--- /dev/null
@@ -0,0 +1,76 @@
+# Copyright (c) 2017 Pure Storage Inc, or its subsidiaries.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+heat_template_version: pike
+
+description: >
+  Openstack Cinder Pure Storage FlashArray backend
+
+parameters:
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+  EndpointMap:
+    default: {}
+    type: json
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+  CinderEnablePureBackend:
+    type: boolean
+    default: true
+  CinderPureBackendName:
+    type: string
+    default: 'tripleo_pure'
+  CinderPureStorageProtocol:
+    type: string
+    default: 'iSCSI'
+  CinderPureSanIp:
+    type: string
+  CinderPureAPIToken:
+    type: string
+  CinderPureUseChap:
+    type: boolean
+    default: false
+  CinderPureMultipathXfer:
+    type: boolean
+    default: true
+
+outputs:
+  role_data:
+    description: Role data for the Cinder Pure Storage FlashArray backend.
+    value:
+      service_name: cinder_backend_pure
+      config_settings:
+                tripleo::profile::base::cinder::volume::cinder_enable_pure_backend: {get_param: CinderEnablePureBackend}
+                cinder::backend::pure::volume_backend_name: {get_param: CinderPureBackendName}
+                cinder::backend::pure::pure_storage_protocol: {get_param: CinderPureStorageProtocol}
+                cinder::backend::pure::san_ip: {get_param: CinderPureSanIp}
+                cinder::backend::pure::pure_api_token: {get_input: PureAPIToken}
+                cinder::backend::pure::use_chap_auth: {get_input: PureUseChap}
+                cinder::backend::pure::use_multipath_for_image_xfer: {get_input: PureMultipathXfer}
+      step_config: |
+        include ::tripleo::profile::base::cinder::volume
index c4e4aa3..832cc09 100644 (file)
@@ -11,7 +11,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Openstack Cinder Dell EMC ScaleIO backend
@@ -78,6 +78,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     type: json
index 14be07a..629a0f5 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Cinder Backup service configured with Puppet
@@ -25,6 +25,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -42,6 +50,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index 88e7edb..2ba5aa5 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Cinder base service. Shared by all Cinder services.
@@ -21,6 +21,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -92,15 +100,15 @@ outputs:
       service_name: cinder_base
       config_settings:
         cinder::database_connection:
-          list_join:
-            - ''
-            - - {get_param: [EndpointMap, MysqlInternal, protocol]}
-              - '://cinder:'
-              - {get_param: CinderPassword}
-              - '@'
-              - {get_param: [EndpointMap, MysqlInternal, host]}
-              - '/cinder'
-              - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
+          make_url:
+            scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
+            username: cinder
+            password: {get_param: CinderPassword}
+            host: {get_param: [EndpointMap, MysqlInternal, host]}
+            path: /cinder
+            query:
+              read_default_file: /etc/my.cnf.d/tripleo.cnf
+              read_default_group: tripleo
         cinder::debug: {get_param: Debug}
         cinder::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
         cinder::rabbit_userid: {get_param: RabbitUserName}
index ca7d283..3ea0fd8 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Configure Cinder HPELeftHandISCSIDriver
@@ -32,6 +32,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     type: json
index f8361f6..806f9bb 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Cinder Scheduler service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -35,6 +43,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index 26f1a96..fe95222 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Cinder Volume service configured with Puppet
@@ -55,6 +55,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -77,6 +85,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index 5f6b565..8fbcd99 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Congress service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -62,15 +70,15 @@ outputs:
       config_settings:
         congress_password: {get_param: CongressPassword}
         congress::db::database_connection:
-          list_join:
-            - ''
-            - - {get_param: [EndpointMap, MysqlInternal, protocol]}
-              - '://congress:'
-              - {get_param: CongressPassword}
-              - '@'
-              - {get_param: [EndpointMap, MysqlInternal, host]}
-              - '/congress'
-              - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
+          make_url:
+            scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
+            username: congress
+            password: {get_param: CongressPassword}
+            host: {get_param: [EndpointMap, MysqlInternal, host]}
+            path: /congress
+            query:
+              read_default_file: /etc/my.cnf.d/tripleo.cnf
+              read_default_group: tripleo
         congress::debug: {get_param: Debug}
         congress::rpc_backend: rabbit
         congress::rabbit_userid: {get_param: RabbitUserName}
index c27fcb7..b5fced4 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Configuration details for MongoDB service using composable roles
@@ -24,6 +24,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
index 5059721..968d435 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   MongoDb service deployment using puppet
@@ -14,6 +14,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -32,6 +40,13 @@ parameters:
       format: >-
         /(?<time>\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}.\d+\+\d{4})
         (?<message>.*)$/
+  EnableInternalTLS:
+    type: boolean
+    default: false
+
+conditions:
+
+  internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
 
 resources:
   MongoDbBase:
@@ -40,6 +55,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
@@ -69,6 +86,28 @@ outputs:
             # internal_api_uri -> [IP]
             # internal_api_subnet - > IP/CIDR
             mongodb::server::bind_ip: {get_param: [ServiceNetMap, MongodbNetwork]}
+          -
+            if:
+              - internal_tls_enabled
+              -
+                generate_service_certificates: true
+                mongodb::server::ssl: true
+                mongodb::server::ssl_key: '/etc/pki/tls/certs/mongodb.pem'
+                mongodb_certificate_specs:
+                  service_pem: '/etc/pki/tls/certs/mongodb.pem'
+                  service_certificate: '/etc/pki/tls/certs/mongodb.crt'
+                  service_key: '/etc/pki/tls/private/mongodb.key'
+                  hostname:
+                    str_replace:
+                      template: "%{hiera('fqdn_NETWORK')}"
+                      params:
+                        NETWORK: {get_param: [ServiceNetMap, MongodbNetwork]}
+                  principal:
+                    str_replace:
+                      template: "mongodb/%{hiera('fqdn_NETWORK')}"
+                      params:
+                        NETWORK: {get_param: [ServiceNetMap, MongodbNetwork]}
+              - {}
       step_config: |
         include ::tripleo::profile::base::database::mongodb
       upgrade_tasks:
@@ -78,3 +117,11 @@ outputs:
         - name: Start mongodb service
           tags: step4
           service: name=mongod state=started
+      metadata_settings:
+        if:
+          - internal_tls_enabled
+          -
+            - service: mongodb
+              network: {get_param: [ServiceNetMap, MongodbNetwork]}
+              type: node
+          - null
index 78456e2..19d732d 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Mysql client settings
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -21,6 +29,11 @@ parameters:
   EnableInternalTLS:
     type: boolean
     default: false
+  InternalTLSCAFile:
+    default: '/etc/ipa/ca.crt'
+    type: string
+    description: Specifies the default CA cert to use if TLS is used for
+                 services in the internal network.
 
 outputs:
   role_data:
@@ -30,5 +43,6 @@ outputs:
       config_settings:
         tripleo::profile::base::database::mysql::client::mysql_client_bind_address: {get_param: [ServiceNetMap, MysqlNetwork]}
         tripleo::profile::base::database::mysql::client::enable_ssl: {get_param: EnableInternalTLS}
+        tripleo::profile::base::database::mysql::client::ssl_ca: {get_param: InternalTLSCAFile}
       step_config: |
         include ::tripleo::profile::base::database::mysql::client
index da55da3..2bde903 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   MySQL service deployment using puppet
@@ -14,6 +14,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
index af89ffb..89fa806 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Redis service configured with Puppet
@@ -8,6 +8,10 @@ parameters:
     description: The password for Redis
     type: string
     hidden: true
+  RedisFDLimit:
+    description: Configure Redis FD limit
+    type: string
+    default: 10240
   ServiceNetMap:
     default: {}
     description: Mapping of service_name -> network name. Typically set
@@ -17,6 +21,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -43,3 +55,4 @@ outputs:
         redis::sentinel::redis_host: "%{hiera('bootstrap_nodeid_ip')}"
         redis::sentinel::notification_script: '/usr/local/bin/redis-notifications.sh'
         redis::sentinel::sentinel_bind: {get_param: [ServiceNetMap, RedisNetwork]}
+        redis::ulimit: {get_param: RedisFDLimit}
index 5ea25ca..df406a8 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Redis service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -26,6 +34,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
diff --git a/puppet/services/disabled/ceilometer-collector-disabled.yaml b/puppet/services/disabled/ceilometer-collector-disabled.yaml
new file mode 100644 (file)
index 0000000..18092a8
--- /dev/null
@@ -0,0 +1,38 @@
+heat_template_version: pike
+
+description: >
+  OpenStack Ceilometer Collector service, disabled since pike
+
+parameters:
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+
+outputs:
+  role_data:
+    description: Role data for the disabled Ceilometer Collector role.
+    value:
+      service_name: ceilometer_collector_disabled
+      upgrade_tasks:
+        - name: Stop and disable ceilometer_collector service on upgrade
+          tags: step1
+          service: name=openstack-ceilometer-collector state=stopped enabled=no
diff --git a/puppet/services/disabled/ceilometer-expirer-disabled.yaml b/puppet/services/disabled/ceilometer-expirer-disabled.yaml
new file mode 100644 (file)
index 0000000..9b7b47e
--- /dev/null
@@ -0,0 +1,50 @@
+heat_template_version: pike
+
+description: >
+  OpenStack Ceilometer Expirer service, disabled since pike
+
+parameters:
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+
+resources:
+  CeilometerServiceBase:
+    type: ../ceilometer-base.yaml
+    properties:
+      ServiceNetMap: {get_param: ServiceNetMap}
+      DefaultPasswords: {get_param: DefaultPasswords}
+      EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
+
+outputs:
+  role_data:
+    description: Role data for the disabling Ceilometer Expirer role.
+    value:
+      service_name: ceilometer_expirer_disabled
+      config_settings:
+        map_merge:
+          - get_attr: [CeilometerServiceBase, role_data, config_settings]
+          - ceilometer::expirer::enable_cron: false
+      step_config: |
+        include ::tripleo::profile::base::ceilometer::expirer
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Glance Registry service, disabled since ocata
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -23,7 +31,7 @@ outputs:
   role_data:
     description: Role data for the disabled Glance Registry role.
     value:
-      service_name: glance_registry
+      service_name: glance_registry_disabled
       upgrade_tasks:
         - name: Stop and disable glance_registry service on upgrade
           tags: step1
diff --git a/puppet/services/disabled/mongodb-disabled.yaml b/puppet/services/disabled/mongodb-disabled.yaml
new file mode 100644 (file)
index 0000000..fa3fe9a
--- /dev/null
@@ -0,0 +1,38 @@
+heat_template_version: pike
+
+description: >
+  Mongodb service, disabled by default since pike
+
+parameters:
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+
+outputs:
+  role_data:
+    description: Role data for the disabled MongoDB role.
+    value:
+      service_name: mongodb_disabled
+      upgrade_tasks:
+        - name: Stop and disable mongodb service on upgrade
+          tags: step1
+          service: name=mongod state=stopped enabled=no
index e7da238..2be2112 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Configures docker on the host
@@ -25,6 +25,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
 
 outputs:
   role_data:
index d1adefe..aa878a9 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack EC2-API service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -30,6 +38,15 @@ parameters:
     type: string
     default: 'regionOne'
     description: Keystone region for endpoint
+  Ec2ApiExternalNetwork:
+    type: string
+    default: ''
+    description: Name of the external network, which is used to connect VPCs to
+                 Internet and to allocate Elastic IPs
+  NovaDefaultFloatingPool:
+    default: 'public'
+    description: Default pool for floating IP addresses
+    type: string
   MonitoringSubscriptionEc2Api:
     default: 'overcloud-ec2-api'
     type: string
@@ -52,6 +69,7 @@ parameters:
 
 conditions:
   nova_workers_zero: {equals : [{get_param: Ec2ApiWorkers}, 0]}
+  external_network_unset: {equals : [{get_param: Ec2ApiExternalNetwork}, '']}
 
 outputs:
   role_data:
@@ -89,15 +107,15 @@ outputs:
               params:
                 $NETWORK: {get_param: [ServiceNetMap, Ec2ApiMetadataNetwork]}
           ec2api::db::database_connection:
-            list_join:
-              - ''
-              - - {get_param: [EndpointMap, MysqlInternal, protocol]}
-                - '://ec2_api:'
-                - {get_param: Ec2ApiPassword}
-                - '@'
-                - {get_param: [EndpointMap, MysqlInternal, host]}
-                - '/ec2_api'
-                - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
+            make_url:
+              scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
+              username: ec2_api
+              password: {get_param: Ec2ApiPassword}
+              host: {get_param: [EndpointMap, MysqlInternal, host]}
+              path: /ec2_api
+              query:
+                read_default_file: /etc/my.cnf.d/tripleo.cnf
+                read_default_group: tripleo
           ec2api::api::keystone_ec2_tokens_url:
             list_join:
               - ''
@@ -109,6 +127,11 @@ outputs:
           - {}
           - ec2api::api::ec2api_workers: {get_param: Ec2ApiWorkers}
             ec2api::metadata::metadata_workers: {get_param: Ec2ApiWorkers}
+        -
+          if:
+          - external_network_unset
+          - ec2api::api::external_network: {get_param: NovaDefaultFloatingPool}
+          - ec2api::api::external_network: {get_param: Ec2ApiExternalNetwork}
       step_config: |
         include tripleo::profile::base::nova::ec2api
       service_config_settings:
index 5db8bec..2e87764 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Etcd service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -25,6 +33,13 @@ parameters:
   MonitoringSubscriptionEtcd:
     default: 'overcloud-etcd'
     type: string
+  EnableInternalTLS:
+    type: boolean
+    default: false
+
+conditions:
+
+  internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
 
 outputs:
   role_data:
@@ -33,27 +48,47 @@ outputs:
       service_name: etcd
       monitoring_subscription: {get_param: MonitoringSubscriptionEtcd}
       config_settings:
-        etcd::etcd_name:
-          str_replace:
-            template:
-              "%{hiera('fqdn_$NETWORK')}"
-            params:
-              $NETWORK: {get_param: [ServiceNetMap, EtcdNetwork]}
-        # NOTE: bind IP is found in Heat replacing the network name with the local node IP
-        # for the given network; replacement examples (eg. for internal_api):
-        # internal_api -> IP
-        # internal_api_uri -> [IP]
-        # internal_api_subnet - > IP/CIDR
-        tripleo::profile::base::etcd::bind_ip: {get_param: [ServiceNetMap, EtcdNetwork]}
-        tripleo::profile::base::etcd::client_port: '2379'
-        tripleo::profile::base::etcd::peer_port: '2380'
-        etcd::initial_cluster_token: {get_param: EtcdInitialClusterToken}
-        etcd::manage_package: false
-        tripleo.etcd.firewall_rules:
-          '141 etcd':
-            dport:
-              - 2379
-              - 2380
+        map_merge:
+        -
+          etcd::etcd_name:
+            str_replace:
+              template:
+                "%{hiera('fqdn_$NETWORK')}"
+              params:
+                $NETWORK: {get_param: [ServiceNetMap, EtcdNetwork]}
+          # NOTE: bind IP is found in Heat replacing the network name with the local node IP
+          # for the given network; replacement examples (eg. for internal_api):
+          # internal_api -> IP
+          # internal_api_uri -> [IP]
+          # internal_api_subnet - > IP/CIDR
+          tripleo::profile::base::etcd::bind_ip: {get_param: [ServiceNetMap, EtcdNetwork]}
+          tripleo::profile::base::etcd::client_port: '2379'
+          tripleo::profile::base::etcd::peer_port: '2380'
+          etcd::initial_cluster_token: {get_param: EtcdInitialClusterToken}
+          etcd::manage_package: false
+          tripleo.etcd.firewall_rules:
+            '141 etcd':
+              dport:
+                - 2379
+                - 2380
+        -
+          if:
+          - internal_tls_enabled
+          - generate_service_certificates: true
+            tripleo::profile::base::etcd::certificate_specs:
+              service_certificate: '/etc/pki/tls/certs/etcd.crt'
+              service_key: '/etc/pki/tls/private/etcd.key'
+              hostname:
+                str_replace:
+                  template: "%{hiera('fqdn_NETWORK')}"
+                  params:
+                    NETWORK: {get_param: [ServiceNetMap, EtcdNetwork]}
+              principal:
+                str_replace:
+                  template: "etcd/%{hiera('fqdn_NETWORK')}"
+                  params:
+                    NETWORK: {get_param: [ServiceNetMap, EtcdNetwork]}
+          - {}
       step_config: |
         include ::tripleo::profile::base::etcd
       upgrade_tasks:
@@ -71,3 +106,11 @@ outputs:
         - name: Stop etcd service
           tags: step2
           service: name=etcd state=stopped
+      metadata_settings:
+        if:
+          - internal_tls_enabled
+          -
+            - service: etcd
+              network: {get_param: [ServiceNetMap, EtcdNetwork]}
+              type: node
+          - null
index 75f5b6a..206536d 100644 (file)
@@ -1,9 +1,31 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   External Swift Proxy endpoint configured with Puppet
 
 parameters:
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
   ExternalPublicUrl:
     description: Public endpoint url for the external swift proxy
     type: string
@@ -25,20 +47,6 @@ parameters:
     type: string
     default: 'regionOne'
     description: Keystone region for endpoint
-  ServiceNetMap:
-    default: {}
-    description: Mapping of service_name -> network name. Typically set
-                 via parameter_defaults in the resource registry.  This
-                 mapping overrides those in ServiceNetMapDefaults.
-    type: json
-  DefaultPasswords:
-    default: {}
-    type: json
-  EndpointMap:
-    default: {}
-    description: Mapping of service endpoint -> protocol. Typically set
-                 via parameter_defaults in the resource registry.
-    type: json
 
 resources:
 
index f61e615..2815174 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Glance API service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -119,6 +127,7 @@ parameters:
 
 conditions:
   use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
+  glance_workers_unset: {equals : [{get_param: GlanceWorkers}, '']}
 
 resources:
 
@@ -128,6 +137,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
       EnableInternalTLS: {get_param: EnableInternalTLS}
 
 outputs:
@@ -143,24 +154,23 @@ outputs:
         map_merge:
           - get_attr: [TLSProxyBase, role_data, config_settings]
           - glance::api::database_connection:
-              list_join:
-                - ''
-                - - {get_param: [EndpointMap, MysqlInternal, protocol]}
-                  - '://glance:'
-                  - {get_param: GlancePassword}
-                  - '@'
-                  - {get_param: [EndpointMap, MysqlInternal, host]}
-                  - '/glance'
-                  - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
+              make_url:
+                scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
+                username: glance
+                password: {get_param: GlancePassword}
+                host: {get_param: [EndpointMap, MysqlInternal, host]}
+                path: /glance
+                query:
+                  read_default_file: /etc/my.cnf.d/tripleo.cnf
+                  read_default_group: tripleo
             glance::api::bind_port: {get_param: [EndpointMap, GlanceInternal, port]}
-            glance::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+            glance::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
             glance::api::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
             glance::api::enable_v1_api: false
             glance::api::enable_v2_api: true
             glance::api::authtoken::password: {get_param: GlancePassword}
             glance::api::enable_proxy_headers_parsing: true
             glance::api::debug: {get_param: Debug}
-            glance::api::workers: {get_param: GlanceWorkers}
             glance::policy::policies: {get_param: GlanceApiPolicies}
             tripleo.glance_api.firewall_rules:
               '112 glance_api':
@@ -168,6 +178,8 @@ outputs:
                   - 9292
                   - 13292
             glance::api::authtoken::project_name: 'service'
+            glance::keystone::authtoken::user_domain_name: 'Default'
+            glance::keystone::authtoken::project_domain_name: 'Default'
             glance::api::pipeline: 'keystone'
             glance::api::show_image_direct_url: true
             # NOTE: bind IP is found in Heat replacing the network name with the
@@ -195,10 +207,11 @@ outputs:
               - {get_param: [ServiceNetMap, GlanceApiNetwork]}
             glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
             glance_log_file: {get_param: GlanceLogFile}
-            glance::backend::swift::swift_store_auth_address: {get_param: [EndpointMap, KeystoneInternal, uri] }
+            glance::backend::swift::swift_store_auth_address: {get_param: [EndpointMap, KeystoneV3Internal, uri] }
             glance::backend::swift::swift_store_user: service:glance
             glance::backend::swift::swift_store_key: {get_param: GlancePassword}
             glance::backend::swift::swift_store_create_container_on_put: true
+            glance::backend::swift::swift_store_auth_version: 3
             glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName}
             glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName}
             glance_backend: {get_param: GlanceBackend}
@@ -210,6 +223,11 @@ outputs:
             tripleo::profile::base::glance::api::glance_nfs_enabled: {get_param: GlanceNfsEnabled}
             tripleo::glance::nfs_mount::share: {get_param: GlanceNfsShare}
             tripleo::glance::nfs_mount::options: {get_param: GlanceNfsOptions}
+          -
+            if:
+            - glance_workers_unset
+            - {}
+            - glance::api::workers: {get_param: GlanceWorkers}
       service_config_settings:
         keystone:
           glance::keystone::auth::public_url: {get_param: [EndpointMap, GlancePublic, uri]}
index cd32370..2411d42 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Gnocchi service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -59,6 +67,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
   ApacheServiceBase:
     type: ./apache.yaml
@@ -66,6 +76,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
       EnableInternalTLS: {get_param: EnableInternalTLS}
 
 outputs:
@@ -133,6 +145,12 @@ outputs:
       metadata_settings:
         get_attr: [ApacheServiceBase, role_data, metadata_settings]
       upgrade_tasks:
-        - name: Stop gnocchi_api service (running under httpd)
-          tags: step1
-          service: name=httpd state=stopped
+        yaql:
+          expression: $.data.apache_upgrade + $.data.gnocchi_api_upgrade
+          data:
+            apache_upgrade:
+              get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
+            gnocchi_api_upgrade:
+              - name: Stop gnocchi_api service (running under httpd)
+                tags: step1
+                service: name=httpd state=stopped
index dc6daec..80ef717 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Gnocchi service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -22,6 +30,10 @@ parameters:
     default: 'mysql'
     description: The short name of the Gnocchi indexer backend to use.
     type: string
+  MetricProcessingDelay:
+    default: 30
+    description: Delay between processing metrics.
+    type: number
   GnocchiPassword:
     description: The password for the gnocchi service and db account.
     type: string
@@ -55,16 +67,17 @@ outputs:
         gnocchi_redis_password: {get_param: RedisPassword}
         gnocchi::debug: {get_param: Debug}
         gnocchi::db::database_connection:
-          list_join:
-            - ''
-            - - {get_param: [EndpointMap, MysqlInternal, protocol]}
-              - '://gnocchi:'
-              - {get_param: GnocchiPassword}
-              - '@'
-              - {get_param: [EndpointMap, MysqlInternal, host]}
-              - '/gnocchi'
-              - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
-        gnocchi::db::sync::extra_opts: '--skip-storage'
+          make_url:
+            scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
+            username: gnocchi
+            password: {get_param: GnocchiPassword}
+            host: {get_param: [EndpointMap, MysqlInternal, host]}
+            path: /gnocchi
+            query:
+              read_default_file: /etc/my.cnf.d/tripleo.cnf
+              read_default_group: tripleo
+        gnocchi::db::sync::extra_opts: ''
+        gnocchi::storage::metric_processing_delay: {get_param: MetricProcessingDelay}
         gnocchi::storage::swift::swift_user: 'service:gnocchi'
         gnocchi::storage::swift::swift_auth_version: 3
         gnocchi::storage::swift::swift_key: {get_param: GnocchiPassword}
index 9d76c2e..5ada99f 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Gnocchi service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -33,6 +41,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index bb8d3bc..5ba1dfc 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Gnocchi service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -29,6 +37,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index ae22616..1866bb9 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   HAProxy deployment with TLS enabled, powered by certmonger
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
index 6013b02..7ebacdb 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   HAProxy deployment with TLS enabled, powered by certmonger
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
index bd5b9ef..a71491c 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   HAproxy service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -37,6 +45,11 @@ parameters:
   MonitoringSubscriptionHaproxy:
     default: 'overcloud-haproxy'
     type: string
+  InternalTLSCAFile:
+    default: '/etc/ipa/ca.crt'
+    type: string
+    description: Specifies the default CA cert to use if TLS is used for
+                 services in the internal network.
 
 resources:
 
@@ -46,6 +59,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
   HAProxyInternalTLS:
     type: OS::TripleO::Services::HAProxyInternalTLS
@@ -53,6 +68,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
@@ -71,6 +88,7 @@ outputs:
             tripleo::haproxy::haproxy_stats_user: {get_param: HAProxyStatsUser}
             tripleo::haproxy::haproxy_stats_password: {get_param: HAProxyStatsPassword}
             tripleo::haproxy::redis_password: {get_param: RedisPassword}
+            tripleo::haproxy::ca_bundle: {get_param: InternalTLSCAFile}
             tripleo::profile::base::haproxy::certificates_specs:
               map_merge:
                 - get_attr: [HAProxyPublicTLS, role_data, certificates_specs]
@@ -96,8 +114,6 @@ outputs:
           when: haproxy_enabled.rc == 0
           service: name=haproxy state=started
       metadata_settings:
-        yaql:
-          expression: '[].concat(coalesce($.data.internal, []), coalesce($.data.public, []))'
-          data:
-            public: {get_attr: [HAProxyPublicTLS, role_data, metadata_settings]}
-            internal: {get_attr: [HAProxyInternalTLS, role_data, metadata_settings]}
+        list_concat:
+          - {get_attr: [HAProxyPublicTLS, role_data, metadata_settings]}
+          - {get_attr: [HAProxyInternalTLS, role_data, metadata_settings]}
index c4d4485..92d73cf 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Openstack Heat CloudFormation API service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -53,6 +61,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
       EnableInternalTLS: {get_param: EnableInternalTLS}
 
   HeatBase:
@@ -61,6 +71,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index 7f8fa1f..a740d20 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Openstack Heat CloudWatch API service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -45,6 +53,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
       EnableInternalTLS: {get_param: EnableInternalTLS}
 
   HeatBase:
@@ -53,6 +63,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index f8128bb..ced7f0c 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Openstack Heat API service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -59,6 +67,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
       EnableInternalTLS: {get_param: EnableInternalTLS}
 
   HeatBase:
@@ -67,6 +77,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index 6ada9c2..dfd823d 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Openstack Heat base service. Shared for all Heat services.
@@ -39,6 +39,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
index 98dac4c..1d5f054 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Openstack Heat Engine service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -65,6 +73,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
@@ -84,34 +94,28 @@ outputs:
             heat::engine::max_nested_stack_depth: 6
             heat::engine::max_resources_per_stack: {get_param: HeatMaxResourcesPerStack}
             heat::engine::heat_metadata_server_url:
-              list_join:
-                - ''
-                - - {get_param: [EndpointMap, HeatCfnPublic, protocol]}
-                  - '://'
-                  - {get_param: [EndpointMap, HeatCfnPublic, host]}
-                  - ':'
-                  - {get_param: [EndpointMap, HeatCfnPublic, port]}
+              make_url:
+                scheme: {get_param: [EndpointMap, HeatCfnPublic, protocol]}
+                host: {get_param: [EndpointMap, HeatCfnPublic, host]}
+                port: {get_param: [EndpointMap, HeatCfnPublic, port]}
             heat::engine::heat_waitcondition_server_url:
-              list_join:
-                - ''
-                - - {get_param: [EndpointMap, HeatCfnPublic, protocol]}
-                  - '://'
-                  - {get_param: [EndpointMap, HeatCfnPublic, host]}
-                  - ':'
-                  - {get_param: [EndpointMap, HeatCfnPublic, port]}
-                  - '/v1/waitcondition'
+              make_url:
+                scheme: {get_param: [EndpointMap, HeatCfnPublic, protocol]}
+                host: {get_param: [EndpointMap, HeatCfnPublic, host]}
+                port: {get_param: [EndpointMap, HeatCfnPublic, port]}
+                path: /v1/waitcondition
             heat::engine::convergence_engine: {get_param: HeatConvergenceEngine}
             tripleo::profile::base::heat::manage_db_purge: {get_param: HeatEnableDBPurge}
             heat::database_connection:
-              list_join:
-                - ''
-                - - {get_param: [EndpointMap, MysqlInternal, protocol]}
-                  - '://heat:'
-                  - {get_param: HeatPassword}
-                  - '@'
-                  - {get_param: [EndpointMap, MysqlInternal, host]}
-                  - '/heat'
-                  - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
+              make_url:
+                scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
+                username: heat
+                password: {get_param: HeatPassword}
+                host: {get_param: [EndpointMap, MysqlInternal, host]}
+                path: /heat
+                query:
+                  read_default_file: /etc/my.cnf.d/tripleo.cnf
+                  read_default_group: tripleo
             heat::keystone_ec2_uri:
               list_join:
               - ''
index 8fb13c1..562afe1 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Horizon service configured with Puppet
@@ -17,6 +17,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -118,3 +126,10 @@ outputs:
           tags: step1
           when: httpd_enabled.rc == 0
           service: name=httpd state=stopped
+      service_config_settings:
+        haproxy:
+          tripleo.horizon.firewall_rules:
+            '127 horizon':
+              dport:
+                - 80
+                - 443
index 1f18cb1..945033a 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Ironic API configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -43,6 +51,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index d186b04..da48516 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Ironic services configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -52,15 +60,15 @@ outputs:
       service_name: ironic_base
       config_settings:
         ironic::database_connection:
-          list_join:
-            - ''
-            - - {get_param: [EndpointMap, MysqlInternal, protocol]}
-              - '://ironic:'
-              - {get_param: IronicPassword}
-              - '@'
-              - {get_param: [EndpointMap, MysqlInternal, host]}
-              - '/ironic'
-              - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
+          make_url:
+            scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
+            username: ironic
+            password: {get_param: IronicPassword}
+            host: {get_param: [EndpointMap, MysqlInternal, host]}
+            path: /ironic
+            query:
+              read_default_file: /etc/my.cnf.d/tripleo.cnf
+              read_default_group: tripleo
         ironic::debug: {get_param: Debug}
         ironic::rabbit_userid: {get_param: RabbitUserName}
         ironic::rabbit_password: {get_param: RabbitPassword}
index be910d1..b167671 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Ironic conductor configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -32,6 +40,13 @@ parameters:
                  created yet) and should be changed to an actual UUID in
                  a post-deployment stack update.
     type: string
+  IronicDefaultBootOption:
+    default: 'local'
+    description: How to boot the bare metal instances. Set to 'local' (the
+                 default) to use local bootloader (requires grub2 for partition
+                 images). Set to 'netboot' to make the instances boot from
+                 controllers using PXE/iPXE.
+    type: string
   IronicDefaultNetworkInterface:
     default: 'flat'
     description: Network interface implementation to use by default.
@@ -45,6 +60,20 @@ parameters:
     default: ['pxe_ipmitool', 'pxe_drac', 'pxe_ilo']
     description: Enabled Ironic drivers
     type: comma_delimited_list
+  IronicEnabledHardwareTypes:
+    default: ['ipmi', 'redfish']
+    description: Enabled Ironic hardware types
+    type: comma_delimited_list
+  IronicEnabledManagementInterfaces:
+    default: ['ipmitool', 'redfish']
+    description: Enabled management interface implementations. Each hardware
+                 type must have at least one valid implementation enabled.
+    type: comma_delimited_list
+  IronicEnabledPowerInterfaces:
+    default: ['ipmitool', 'redfish']
+    description: Enabled power interface implementations. Each hardware
+                 type must have at least one valid implementation enabled.
+    type: comma_delimited_list
   IronicIPXEEnabled:
     default: true
     description: Whether to use iPXE instead of PXE for deployment.
@@ -77,6 +106,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
@@ -91,7 +122,9 @@ outputs:
             ironic::conductor::cleaning_disk_erase: {get_param: IronicCleaningDiskErase}
             ironic::conductor::cleaning_network: {get_param: IronicCleaningNetwork}
             ironic::conductor::provisioning_network: {get_param: IronicProvisioningNetwork}
+            ironic::conductor::default_boot_option: {get_param: IronicDefaultBootOption}
             ironic::conductor::enabled_drivers: {get_param: IronicEnabledDrivers}
+            ironic::conductor::enabled_hardware_types: {get_param: IronicEnabledHardwareTypes}
             # We need an endpoint containing a real IP, not a VIP here
             ironic_conductor_http_host: {get_param: [ServiceNetMap, IronicNetwork]}
             ironic::conductor::http_url:
@@ -112,7 +145,10 @@ outputs:
             # NOTE(dtantsur): UEFI only works with iPXE currently for us
             ironic::drivers::pxe::uefi_pxe_config_template: '$pybasedir/drivers/modules/ipxe_config.template'
             ironic::drivers::pxe::uefi_pxe_bootfile_name: 'ipxe.efi'
+            ironic::drivers::interfaces::enabled_console_interfaces: ['ipmitool-socat', 'no-console']
+            ironic::drivers::interfaces::enabled_management_interfaces: {get_param: IronicEnabledManagementInterfaces}
             ironic::drivers::interfaces::enabled_network_interfaces: ['flat', 'neutron']
+            ironic::drivers::interfaces::enabled_power_interfaces: {get_param: IronicEnabledPowerInterfaces}
             ironic::drivers::interfaces::default_network_interface: {get_param: IronicDefaultNetworkInterface}
             tripleo.ironic_conductor.firewall_rules:
               '134 ironic conductor TFTP':
index 38f9f3b..44e6b24 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Keepalived service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -52,12 +60,12 @@ outputs:
         - tripleo.keepalived.firewall_rules:
             '106 keepalived vrrp':
               proto: vrrp
-        - 
+        -
           if:
           - control_iface_empty
           - {}
           - tripleo::keepalived::control_virtual_interface: {get_param: ControlVirtualInterface}
-        - 
+        -
           if:
           - public_iface_empty
           - {}
index 2a335b6..c142b47 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Load kernel modules with kmod and configure kernel options with sysctl.
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -26,6 +34,28 @@ parameters:
     default: 0
     description: Configures sysctl net.ipv6.{default/all}.disable_ipv6 keys
     type: number
+  NeighbourGcThreshold1:
+    default: 1024
+    description: Configures sysctl net.ipv4.neigh.default.gc_thresh1 value.
+                 This is the minimum number of entries to keep in the ARP
+                 cache. The garbage collector will not run if there are
+                 fewer than this number of entries in the cache.
+    type: number
+  NeighbourGcThreshold2:
+    default: 2048
+    description: Configures sysctl net.ipv4.neigh.default.gc_thresh2 value.
+                 This is the soft maximum number of entries to keep in the
+                 ARP cache. The garbage collector will  allow the number of
+                 entries to exceed this for 5 seconds before collection will
+                 be performed.
+    type: number
+  NeighbourGcThreshold3:
+    default: 4096
+    description: Configures sysctl net.ipv4.neigh.default.gc_thresh3 value.
+                 This is the hard maximum number of entries to keep in the
+                 ARP cache. The garbage collector will always run if there
+                 are more than this number of entries in the cache.
+    type: number
 
 outputs:
   role_data:
@@ -47,6 +77,8 @@ outputs:
             value: 0
           net.ipv4.conf.all.send_redirects:
             value: 0
+          net.ipv4.conf.all.arp_accept:
+            value: 1
           net.ipv4.conf.default.accept_redirects:
             value: 0
           net.ipv4.conf.default.secure_redirects:
@@ -86,5 +118,12 @@ outputs:
             value: 1
           fs.suid_dumpable:
             value: 0
+          #avoid neighbour table overflow on large deployments
+          net.ipv4.neigh.default.gc_thresh1:
+            value: {get_param: NeighbourGcThreshold1}
+          net.ipv4.neigh.default.gc_thresh2:
+            value: {get_param: NeighbourGcThreshold2}
+          net.ipv4.neigh.default.gc_thresh3:
+            value: {get_param: NeighbourGcThreshold3}
       step_config: |
         include ::tripleo::profile::base::kernel
index 8a0e750..7262e47 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Keystone service configured with Puppet
@@ -47,6 +47,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -183,6 +191,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
       EnableInternalTLS: {get_param: EnableInternalTLS}
 
 conditions:
@@ -202,15 +212,15 @@ outputs:
         map_merge:
           - get_attr: [ApacheServiceBase, role_data, config_settings]
           - keystone::database_connection:
-              list_join:
-                - ''
-                - - {get_param: [EndpointMap, MysqlInternal, protocol]}
-                  - '://keystone:'
-                  - {get_param: AdminToken}
-                  - '@'
-                  - {get_param: [EndpointMap, MysqlInternal, host]}
-                  - '/keystone'
-                  - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
+              make_url:
+                scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
+                username: keystone
+                password: {get_param: AdminToken}
+                host: {get_param: [EndpointMap, MysqlInternal, host]}
+                path: /keystone
+                query:
+                  read_default_file: /etc/my.cnf.d/tripleo.cnf
+                  read_default_group: tripleo
             keystone::admin_token: {get_param: AdminToken}
             keystone::admin_password: {get_param: AdminPassword}
             keystone::roles::admin::password: {get_param: AdminPassword}
@@ -231,6 +241,7 @@ outputs:
                 content: {get_param: KeystoneFernetKey0}
               '/etc/keystone/fernet-keys/1':
                 content: {get_param: KeystoneFernetKey1}
+            keystone::fernet_replace_keys: false
             keystone::debug: {get_param: Debug}
             keystone::rabbit_userid: {get_param: RabbitUserName}
             keystone::rabbit_password: {get_param: RabbitPassword}
@@ -339,10 +350,15 @@ outputs:
             horizon::keystone_multidomain_support: true
             horizon::keystone_default_domain: 'Default'
           - {}
-      # Ansible tasks to handle upgrade
-      upgrade_tasks:
-        - name: Stop keystone service (running under httpd)
-          tags: step1
-          service: name=httpd state=stopped
       metadata_settings:
         get_attr: [ApacheServiceBase, role_data, metadata_settings]
+      upgrade_tasks:
+        yaql:
+          expression: $.data.apache_upgrade + $.data.keystone_upgrade
+          data:
+            apache_upgrade:
+              get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
+            keystone_upgrade:
+              - name: Stop keystone service (running under httpd)
+                tags: step1
+                service: name=httpd state=stopped
index 65ad80e..21049a9 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: Fluentd base service
 
@@ -12,6 +12,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: >
index 57595b8..e34f31f 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: Fluentd client configured with Puppet
 
@@ -12,6 +12,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: >
@@ -24,6 +32,8 @@ resources:
     type: ./fluentd-base.yaml
     properties:
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
 
index 68f98af..9ade641 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: Fluentd logging configuration
 
@@ -12,6 +12,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: >
index 4061ca2..2710d78 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Manila-api service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -37,6 +45,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index 36ef1ea..f4c7a07 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Openstack Manila Cephfs backend
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -39,7 +47,7 @@ parameters:
     default: 'ceph'
   ManilaCephFSNativeCephFSEnableSnapshots:
     type: boolean
-    default: true
+    default: false
   ManilaCephFSDataPoolName:
     default: manila_data
     type: string
index 23831a6..7be9239 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Openstack Manila generic backend.
@@ -58,6 +58,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     type: json
index 1f6fcf4..b106848 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Openstack Manila netapp backend.
@@ -73,6 +73,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     type: json
index c183bc0..a299fff 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Openstack Manila base service. Shared by manila-api/scheduler/share services
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -59,15 +67,15 @@ outputs:
         manila::db::database_db_max_retries: -1
         manila::db::database_max_retries: -1
         manila::sql_connection:
-          list_join:
-          - ''
-          - - {get_param: [EndpointMap, MysqlInternal, protocol]}
-            - '://manila:'
-            - {get_param: ManilaPassword}
-            - '@'
-            - {get_param: [EndpointMap, MysqlInternal, host]}
-            - '/manila'
-            - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
+          make_url:
+            scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
+            username: manila
+            password: {get_param: ManilaPassword}
+            host: {get_param: [EndpointMap, MysqlInternal, host]}
+            path: /manila
+            query:
+              read_default_file: /etc/my.cnf.d/tripleo.cnf
+              read_default_group: tripleo
       service_config_settings:
         mysql:
           manila::db::mysql::password: {get_param: ManilaPassword}
index c8114f2..b3d1ffa 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Manila-scheduler service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -41,6 +49,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index 6ac0d2c..50d7f7c 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Manila-share service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -33,6 +41,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index 146cc30..5b98e02 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Memcached service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
index 49b2d4c..da77ef0 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: Collectd client service
 
@@ -17,6 +17,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   CollectdDefaultPlugins:
     default:
       - disk
@@ -70,7 +78,9 @@ parameters:
   CollectdSecurityLevel:
     type: string
     description: >
-      Security level setting for remote collectd connection.
+      Security level setting for remote collectd connection. If it is
+      set to Sign or Encrypt the CollectdPassword and CollectdUsername
+      parameters need to be set.
     default: 'None'
     constraints:
       - allowed_values:
index 02c6939..b865ec1 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Openstack Mistral API service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -28,14 +36,29 @@ parameters:
       e.g. { mistral-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
     default: {}
     type: json
+  EnableInternalTLS:
+    type: boolean
+    default: false
+
+conditions:
+  mistral_workers_zero: {equals : [{get_param: MistralWorkers}, 0]}
 
 resources:
+  ApacheServiceBase:
+    type: ./apache.yaml
+    properties:
+      ServiceNetMap: {get_param: ServiceNetMap}
+      DefaultPasswords: {get_param: DefaultPasswords}
+      EndpointMap: {get_param: EndpointMap}
+      EnableInternalTLS: {get_param: EnableInternalTLS}
   MistralBase:
     type: ./mistral-base.yaml
     properties:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
@@ -47,12 +70,25 @@ outputs:
           - get_attr: [MistralBase, role_data, config_settings]
           - mistral::api::api_workers: {get_param: MistralWorkers}
             mistral::api::bind_host: {get_param: [ServiceNetMap, MistralApiNetwork]}
+            mistral::wsgi::apache::ssl: {get_param: EnableInternalTLS}
             mistral::policy::policies: {get_param: MistralApiPolicies}
             tripleo.mistral_api.firewall_rules:
               '133 mistral':
                 dport:
                   - 8989
                   - 13989
+            mistral::api::service_name: 'httpd'
+            mistral::wsgi::apache::bind_host: {get_param: [ServiceNetMap, MistralApiNetwork]}
+            mistral::wsgi::apache::servername:
+              str_replace:
+                template:
+                  "%{hiera('fqdn_$NETWORK')}"
+                params:
+                  $NETWORK: {get_param: [ServiceNetMap, MistralApiNetwork]}
+          - if:
+            - mistral_workers_zero
+            - {}
+            - mistral::wsgi::apache::workers: {get_param: MistralWorkers}
       service_config_settings:
         get_attr: [MistralBase, role_data, service_config_settings]
       step_config: |
@@ -69,10 +105,16 @@ outputs:
             grep '\bactive\b'
           when: mistral_api_enabled.rc == 0
           tags: step0,validation
-        - name: Stop mistral_api service
+        - name: check for mistral_api running under apache (post upgrade)
+          tags: step1
+          shell: "httpd -t -D DUMP_VHOSTS | grep -q mistral_api_wsgi"
+          register: mistral_api_apache
+          ignore_errors: true
+        - name: Stop mistral_api service (running under httpd)
           tags: step1
-          service: name=openstack-mistral-api state=stopped
-        - name: Install openstack-mistral-api package if it was disabled
-          tags: step3
-          yum: name=openstack-mistral-api state=latest
-          when: mistral_api_enabled.rc != 0
+          service: name=httpd state=stopped
+          when: mistral_api_apache.rc == 0
+        - name: Stop and disable mistral_api service (pre-upgrade not under httpd)
+          tags: step1
+          when: mistral_api_enabled.rc == 0
+          service: name=openstack-mistral-api state=stopped enabled=no
index d5c2169..2e70865 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Openstack Mistral base service. Shared for all Mistral services.
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -57,15 +65,15 @@ outputs:
       service_name: mistral_base
       config_settings:
         mistral::database_connection:
-          list_join:
-            - ''
-            - - {get_param: [EndpointMap, MysqlInternal, protocol]}
-              - '://mistral:'
-              - {get_param: MistralPassword}
-              - '@'
-              - {get_param: [EndpointMap, MysqlInternal, host]}
-              - '/mistral'
-              - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
+          make_url:
+            scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
+            username: mistral
+            password: {get_param: MistralPassword}
+            host: {get_param: [EndpointMap, MysqlInternal, host]}
+            path: /mistral
+            query:
+              read_default_file: /etc/my.cnf.d/tripleo.cnf
+              read_default_group: tripleo
         mistral::rabbit_userid: {get_param: RabbitUserName}
         mistral::rabbit_password: {get_param: RabbitPassword}
         mistral::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
index 03a2a55..6a0fed1 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Openstack Mistral Engine service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -26,6 +34,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index 0f6adb0..57f29dd 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Openstack Mistral API service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -26,6 +34,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index 2fa1569..5e7e994 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: Sensu base service
 
@@ -17,6 +17,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   MonitoringRabbitHost:
     description: RabbitMQ host Sensu has to connect to.
     type: string
index 4b5f36a..25e2b94 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: Sensu client configured with Puppet
 
@@ -12,6 +12,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: >
@@ -38,6 +46,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index 67341ed..9b78437 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Contrail Analytics Database service deployment using puppet, this YAML file
@@ -16,6 +16,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -29,6 +37,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index e3e0ec4..f85ba7c 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Contrail Analytics service deployment using puppet, this YAML file
@@ -16,6 +16,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -29,6 +37,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index bc56a3c..bdcdbb8 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Base parameters for all Contrail Services.
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
index 185b609..feda585 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Contrail Config service deployment using puppet, this YAML file
@@ -16,6 +16,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -37,6 +45,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index 0964989..f110854 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Contrail Control service deployment using puppet, this YAML file
@@ -16,6 +16,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -37,6 +45,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index b47c2c3..5ce25a2 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Contrail Database service deployment using puppet, this YAML file
@@ -16,6 +16,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -29,6 +37,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index 4dfc657..da86714 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Contrail Heat plugin adds Contrail specific heat resources enabling heat
@@ -14,6 +14,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -27,6 +35,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index 2f2ceb3..0c5e2a8 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Neutron Opencontrail plugin
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -30,6 +38,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index 765be9a..8918f6d 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Provision Contrail services after deployment
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -26,6 +34,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index 88adc4a..9d48e0e 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Contrail TSN Service
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -41,6 +49,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index 0cd1f82..f03ed9c 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Neutron Compute OpenContrail plugin
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -42,6 +50,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index 3786cdd..f723e6a 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Contrail WebUI service deployment using puppet, this YAML file
@@ -16,6 +16,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -29,6 +37,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index 9b9d1c7..8e1e0b8 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Neutron Server configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -21,13 +29,13 @@ parameters:
   NeutronWorkers:
     default: ''
     description: |
-      Sets the number of API and RPC workers for the Neutron service. The
-      default value results in the configuration being left unset and a
-      system-dependent default will be chosen (usually the number of
-      processors). Please note that this can result in a large number of
-      processes and memory consumption on systems with a large core count. On
-      such systems it is recommended that a non-default value be selected that
-      matches the load requirements.
+      Sets the number of API and RPC workers for the Neutron service.
+      The default value results in the configuration being left unset
+      and a system-dependent default will be chosen (usually the number
+      of processors). Please note that this can result in a large number
+      of processes and memory consumption on systems with a large core
+      count. On such systems it is recommended that a non-default value
+      be selected that matches the load requirements.
     type: string
   NeutronPassword:
     description: The password for the neutron service and db account, used by neutron agents.
@@ -92,6 +100,7 @@ parameter_groups:
 
 conditions:
   use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
+  neutron_workers_unset: {equals : [{get_param: NeutronWorkers}, '']}
 
 resources:
 
@@ -101,6 +110,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
       EnableInternalTLS: {get_param: EnableInternalTLS}
 
   NeutronBase:
@@ -109,6 +120,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
@@ -124,20 +137,18 @@ outputs:
           - get_attr: [NeutronBase, role_data, config_settings]
           - get_attr: [TLSProxyBase, role_data, config_settings]
           - neutron::server::database_connection:
-              list_join:
-                - ''
-                - - {get_param: [EndpointMap, MysqlInternal, protocol]}
-                  - '://neutron:'
-                  - {get_param: NeutronPassword}
-                  - '@'
-                  - {get_param: [EndpointMap, MysqlInternal, host]}
-                  - '/ovs_neutron'
-                  - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
+              make_url:
+                scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
+                username: neutron
+                password: {get_param: NeutronPassword}
+                host: {get_param: [EndpointMap, MysqlInternal, host]}
+                path: /ovs_neutron
+                query:
+                  read_default_file: /etc/my.cnf.d/tripleo.cnf
+                  read_default_group: tripleo
             neutron::policy::policies: {get_param: NeutronApiPolicies}
             neutron::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
             neutron::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
-            neutron::server::api_workers: {get_param: NeutronWorkers}
-            neutron::server::rpc_workers: {get_param: NeutronWorkers}
             neutron::server::allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
             neutron::server::enable_proxy_headers_parsing: true
             neutron::keystone::authtoken::password: {get_param: NeutronPassword}
@@ -155,6 +166,7 @@ outputs:
                   - 9696
                   - 13696
             neutron::server::router_distributed: {get_param: NeutronEnableDVR}
+            neutron::server::enable_dvr: {get_param: NeutronEnableDVR}
             # NOTE: bind IP is found in Heat replacing the network name with the local node IP
             # for the given network; replacement examples (eg. for internal_api):
             # internal_api -> IP
@@ -178,6 +190,12 @@ outputs:
               - 'localhost'
               - {get_param: [ServiceNetMap, NeutronApiNetwork]}
             tripleo::profile::base::neutron::server::l3_ha_override: {get_param: NeutronL3HA}
+          -
+            if:
+            - neutron_workers_unset
+            - {}
+            - neutron::server::api_workers: {get_param: NeutronWorkers}
+              neutron::server::rpc_workers: {get_param: NeutronWorkers}
       step_config: |
         include tripleo::profile::base::neutron::server
       service_config_settings:
index 9f60506..57581b5 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Neutron base service. Shared for all Neutron agents.
@@ -30,6 +30,10 @@ parameters:
     type: number
     default: 0
     description: The number of neutron dhcp agents to schedule per network
+  NeutronDnsDomain:
+    type: string
+    default: openstacklocal
+    description: Domain to use for building the hostnames.
   NeutronCorePlugin:
     default: 'ml2'
     description: |
@@ -70,6 +74,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -95,6 +107,7 @@ outputs:
             neutron::debug: {get_param: Debug}
             neutron::purge_config: {get_param: EnableConfigPurge}
             neutron::allow_overlapping_ips: true
+            neutron::dns_domain: {get_param: NeutronDnsDomain}
             neutron::rabbit_heartbeat_timeout_threshold: 60
             neutron::host: '%{::fqdn}'
             neutron::db::database_db_max_retries: -1
index f01cf6f..a70337d 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   BGPVPN API service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
index 8f56e0a..3faf788 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Installs bigswitch agent and enables the services
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
index 5b6fcca..75b0304 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Neutron Compute Midonet plugin
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
index ea71769..a165725 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Neutron Compute Nuage plugin
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
index 0dca29a..b5ce790 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Neutron Compute OVN agent
@@ -12,6 +12,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   ServiceNetMap:
     default: {}
     description: Mapping of service_name -> network name. Typically set
index 09aa619..08cecf6 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Neutron Compute Plumgrid plugin
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
index fe7f9f3..91582db 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Neutron DHCP agent configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -52,6 +60,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
diff --git a/puppet/services/neutron-l2gw-agent.yaml b/puppet/services/neutron-l2gw-agent.yaml
new file mode 100644 (file)
index 0000000..39c443f
--- /dev/null
@@ -0,0 +1,106 @@
+heat_template_version: pike
+
+description: >
+  L2 Gateway agent configured with Puppet
+parameters:
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  L2gwAgentOvsdbHosts:
+    default: ''
+    description: L2 gateway agent OVSDB server list.
+    type: comma_delimited_list
+  L2gwAgentEnableManager:
+    default: false
+    description: Connection can be initiated by the ovsdb server.
+    type: boolean
+  L2gwAgentManagerTableListeningPort:
+    default: 6632
+    description: port number for L2 gateway agent, so that it can listen
+    type: number
+  L2gwAgentPeriodicInterval:
+    default: 20
+    description: The L2 gateway agent checks connection state with the OVSDB
+                 servers. The interval is number of seconds between attempts.
+    type: number
+  L2gwAgentMaxConnectionRetries:
+    default: 10
+    description: The L2 gateway agent retries to connect to the OVSDB server
+    type: number
+  L2gwAgentSocketTimeout:
+    default: 30
+    description: socket timeout
+    type: number
+  MonitoringSubscriptionNeutronL2gwAgent:
+    default: 'overcloud-neutron-l2gw-agent'
+    type: string
+  NeutronL2gwAgentLoggingSource:
+    type: json
+    default:
+      tag: openstack.neutron.agent.l2gw
+      path: /var/log/neutron/l2gw-agent.log
+
+conditions:
+  internal_manager_enabled: {equals: [{get_param: L2gwAgentEnableManager}, True]}
+
+outputs:
+  role_data:
+    description: Role data for the L2 Gateway role.
+    value:
+      service_name: neutron_l2gw_agent
+      monitoring_subscription: {get_param: MonitoringSubscriptionNeutronL2gwAgent}
+      logging_source: {get_param: NeutronL2gwAgentLoggingSource}
+      logging_groups:
+        - neutron
+      config_settings:
+        map_merge:
+          - neutron::agents::l2gw::ovsdb_hosts: {get_param: L2gwAgentOvsdbHosts}
+            neutron::agents::l2gw::enable_manager: {get_param: L2gwAgentEnableManager}
+            neutron::agents::l2gw::manager_table_listening_port: {get_param: L2gwAgentManagerTableListeningPort}
+            neutron::agents::l2gw::periodic_interval: {get_param: L2gwAgentPeriodicInterval}
+            neutron::agents::l2gw::max_connection_retries: {get_param: L2gwAgentMaxConnectionRetries}
+            neutron::agents::l2gw::socket_timeout: {get_param: L2gwAgentSocketTimeout}
+          -
+            if:
+              - internal_manager_enabled
+              - tripleo.neutron_l2gw_agent.firewall_rules:
+                  '142 neutron l2gw agent input':
+                    proto: 'tcp'
+                    dport: {get_param: L2gwAgentManagerTableListeningPort}
+              - null
+
+      step_config: |
+        include tripleo::profile::base::neutron::agents::l2gw
+      upgrade_tasks:
+        - name: Check if neutron_l2gw_agent is deployed
+          command: systemctl is-enabled neutron-l2gw-agent
+          tags: common
+          ignore_errors: True
+          register: neutron_l2gw_agent_enabled
+        - name: "PreUpgrade step0,validation: Check service neutron-l2gw-agent is running"
+          shell: /usr/bin/systemctl show 'neutron-l2gw-agent' --property ActiveState | grep '\bactive\b'
+          when: neutron_l2gw_agent_enabled.rc == 0
+          tags: step0,validation
+        - name: Stop neutron_l2gw_agent service
+          tags: step1
+          when: neutron_l2gw_agent_enabled.rc == 0
+          service: name=neutron-l2gw-agent state=stopped
index b6f0d28..1ad009b 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   L2 Gateway service plugin configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
index 1d6a237..1a4a4f6 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Neutron L3 agent for DVR enabled compute nodes
@@ -14,6 +14,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -52,6 +60,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index cd9870b..0598639 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Neutron L3 agent configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -60,6 +68,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
diff --git a/puppet/services/neutron-linuxbridge-agent.yaml b/puppet/services/neutron-linuxbridge-agent.yaml
new file mode 100644 (file)
index 0000000..f432405
--- /dev/null
@@ -0,0 +1,83 @@
+heat_template_version: ocata
+
+description: >
+  OpenStack Neutron Linuxbridge agent configured with Puppet.
+
+parameters:
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+  PhysicalInterfaceMapping:
+    description: List of  <physical_network>:<physical_interface> tuples
+                 mapping physical network names to agent's node-specific
+                 physical network interfaces. Defaults to empty list.
+    type: comma_delimited_list
+    default: ''
+  NeutronLinuxbridgeFirewallDriver:
+    default: ''
+    description: Configure the classname of the firewall driver to  use  for
+                 implementing security groups.  Possible  values  depend  on
+                 system  configuration. The default value of an empty string
+                 will result in a default supported configuration.
+    type: string
+  NeutronEnableL2Pop:
+    type: string
+    description: Enable/disable the L2 population feature in the Neutron agents.
+    default: 'False'
+  NeutronTunnelTypes:
+    default: 'vxlan'
+    description: The tunnel types for the Neutron tenant network.
+    type: comma_delimited_list
+
+conditions:
+  no_firewall_driver: {equals : [{get_param: NeutronLinuxbridgeFirewallDriver}, '']}
+
+resources:
+
+  NeutronBase:
+    type: ./neutron-base.yaml
+    properties:
+      ServiceNetMap: {get_param: ServiceNetMap}
+      DefaultPasswords: {get_param: DefaultPasswords}
+      EndpointMap: {get_param: EndpointMap}
+
+outputs:
+  role_data:
+    description: Role data for the Neutron Linuxbridge agent service.
+    value:
+      service_name: neutron_linuxbridge_agent
+      config_settings:
+        map_merge:
+          - get_attr: [NeutronBase, role_data, config_settings]
+          - neutron::agents::ml2::linuxbridge::physical_interface_mappings: {get_param: PhysicalInterfaceMapping}
+            neutron::agents::ml2::linuxbridge::l2_population: {get_param: NeutronEnableL2Pop}
+            neutron::agents::ml2::linuxbridge::tunnel_types: {get_param: NeutronTunnelTypes}
+            neutron::agents::ml2::linuxbridge::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
+            neutron::agents::dhcp::interface_driver: 'neutron.agent.linux.interface.BridgeInterfaceDriver'
+            neutron::agents::dhcp::dhcp_driver: 'neutron.agent.linux.dhcp.Dnsmasq'
+          -
+            if:
+            - no_firewall_driver
+            - {}
+            - neutron::agents::ml2::linuxbridge::firewall_driver: {get_param: NeutronLinuxbridgeFirewallDriver}
+      step_config: |
+        include ::tripleo::profile::base::neutron::linuxbridge
index 32ef567..593fae4 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Neutron Metadata agent configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -46,6 +54,9 @@ parameters:
       tag: openstack.neutron.agent.metadata
       path: /var/log/neutron/metadata-agent.log
 
+conditions:
+  neutron_workers_unset: {equals : [{get_param: NeutronWorkers}, '']}
+
 resources:
 
   NeutronBase:
@@ -54,6 +65,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
@@ -68,11 +81,15 @@ outputs:
         map_merge:
           - get_attr: [NeutronBase, role_data, config_settings]
           - neutron::agents::metadata::shared_secret: {get_param: NeutronMetadataProxySharedSecret}
-            neutron::agents::metadata::metadata_workers: {get_param: NeutronWorkers}
             neutron::agents::metadata::auth_password: {get_param: NeutronPassword}
             neutron::agents::metadata::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
             neutron::agents::metadata::auth_tenant: 'service'
             neutron::agents::metadata::metadata_ip: "%{hiera('nova_metadata_vip')}"
+          -
+            if:
+            - neutron_workers_unset
+            - {}
+            - neutron::agents::metadata::metadata_workers: {get_param: NeutronWorkers}
       step_config: |
         include tripleo::profile::base::neutron::metadata
       upgrade_tasks:
index 9198f35..8ace3e5 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Neutron Midonet plugin and services
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
index ef2485d..76d5c26 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Neutron OVS agent configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -81,6 +89,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
   OpenVswitchUpgrade:
     type: ./openvswitch-upgrade.yaml
index 80516fe..29c1046 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Neutron OVS DPDK configured with Puppet for Compute Role
@@ -13,26 +13,37 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
                  via parameter_defaults in the resource registry.
     type: json
   HostCpusList:
+    default: "0"
     description: List of cores to be used for host process
     type: string
     constraints:
-      - allowed_pattern: "'[0-9,-]+'"
+      - allowed_pattern: "[0-9,-]+"
   NeutronDpdkCoreList:
+    default: ""
     description: List of cores to be used for DPDK Poll Mode Driver
     type: string
     constraints:
-      - allowed_pattern: "'[0-9,-]+'"
+      - allowed_pattern: "[0-9,-]*"
   NeutronDpdkMemoryChannels:
+    default: ""
     description: Number of memory channels to be used for DPDK
     type: string
     constraints:
-      - allowed_pattern: "[0-9]+"
+      - allowed_pattern: "[0-9]*"
   NeutronDpdkSocketMemory:
     default: ""
     description: Memory allocated for each socket
@@ -61,10 +72,38 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
   OpenVswitchUpgrade:
     type: ./openvswitch-upgrade.yaml
 
+  # Merging role-specific parameters (RoleParameters) with the default parameters.
+  # RoleParameters will have the precedence over the default parameters.
+  RoleParametersValue:
+    type: OS::Heat::Value
+    properties:
+      type: json
+      value:
+        map_replace:
+          - map_replace:
+            - neutron::agents::ml2::ovs::datapath_type: NeutronDatapathType
+              neutron::agents::ml2::ovs::vhostuser_socket_dir: NeutronVhostuserSocketDir
+              vswitch::dpdk::driver_type: NeutronDpdkDriverType
+              vswitch::dpdk::host_core_list: HostCpusList
+              vswitch::dpdk::pmd_core_list: NeutronDpdkCoreList
+              vswitch::dpdk::memory_channels: NeutronDpdkMemoryChannels
+              vswitch::dpdk::socket_mem: NeutronDpdkSocketMemory
+            - values: {get_param: [RoleParameters]}
+          - values:
+              NeutronDatapathType: {get_param: NeutronDatapathType}
+              NeutronVhostuserSocketDir: {get_param: NeutronVhostuserSocketDir}
+              NeutronDpdkDriverType: {get_param: NeutronDpdkDriverType}
+              HostCpusList: {get_param: HostCpusList}
+              NeutronDpdkCoreList: {get_param: NeutronDpdkCoreList}
+              NeutronDpdkMemoryChannels: {get_param: NeutronDpdkMemoryChannels}
+              NeutronDpdkSocketMemory: {get_param: NeutronDpdkSocketMemory}
+
 outputs:
   role_data:
     description: Role data for the Neutron OVS DPDK Agent service.
@@ -77,13 +116,7 @@ outputs:
             - keys:
                 tripleo.neutron_ovs_agent.firewall_rules: tripleo.neutron_ovs_dpdk_agent.firewall_rules
           - neutron::agents::ml2::ovs::enable_dpdk: true
-            neutron::agents::ml2::ovs::datapath_type: {get_param: NeutronDatapathType}
-            neutron::agents::ml2::ovs::vhostuser_socket_dir: {get_param: NeutronVhostuserSocketDir}
-            vswitch::dpdk::host_core_list: {get_param: HostCpusList}
-            vswitch::dpdk::pmd_core_list: {get_param: NeutronDpdkCoreList}
-            vswitch::dpdk::memory_channels: {get_param: NeutronDpdkMemoryChannels}
-            vswitch::dpdk::socket_mem: {get_param: NeutronDpdkSocketMemory}
-            vswitch::dpdk::driver_type: {get_param: NeutronDpdkDriverType}
+          - get_attr: [RoleParametersValue, value]
       step_config: {get_attr: [NeutronOvsAgent, role_data, step_config]}
       upgrade_tasks:
         get_attr: [OpenVswitchUpgrade, role_data, upgrade_tasks]
index becd25c..a151695 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Configure hieradata for Fujitsu C-Fabric plugin configuration
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -53,6 +61,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index 85971f1..c4bf075 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: Configure hieradata for Fujitsu fossw plugin configuration
 
@@ -12,6 +12,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -56,6 +64,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index acacadf..6424b76 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Neutron ML2/OpenDaylight plugin configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -31,6 +39,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index 4d4c390..4cda87b 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Neutron ML2/OVN plugin configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -60,6 +68,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index 3abd04f..130f889 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Neutron ML2 Plugin configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -68,6 +76,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
diff --git a/puppet/services/neutron-plugin-nsx.yaml b/puppet/services/neutron-plugin-nsx.yaml
new file mode 100644 (file)
index 0000000..c4088e6
--- /dev/null
@@ -0,0 +1,74 @@
+heat_template_version: pike
+
+description: >
+  OpenStack Neutron NSX
+
+parameters:
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  DefaultOverlayTz:
+    description: UUID of the default NSX overlay transport zone.
+    type: string
+  DefaultTier0Router:
+    description: UUID of the default tier0 router that will be used for connecting to
+                 tier1 logical routers and configuring external networks.
+    type: string
+  NsxApiManagers:
+    description: IP address of one or more NSX managers separated by commas.
+    type: string
+  NsxApiUser:
+    description: User name of NSX Manager.
+    type: string
+  NsxApiPassword:
+    description: Password of NSX Manager.
+    type: string
+  NativeDhcpMetadata:
+    default: True
+    description: This is the flag to indicate if using native DHCP/Metadata or not.
+    type: string
+  DhcpProfileUuid:
+    description: This is the UUID of the NSX DHCP Profile that will be used to enable
+                 native DHCP service.
+    type: string
+  MetadataProxyUuid:
+    description: This is the UUID of the NSX Metadata Proxy that will be used to enable
+                 native metadata service.
+    type: string
+
+outputs:
+  role_data:
+    description: Role data for the Neutron NSX plugin
+    value:
+      service_name: neutron_plugin_nsx
+      config_settings:
+        neutron::plugins::nsx_v3::default_overlay_tz: {get_param: DefaultOverlayTz}
+        neutron::plugins::nsx_v3::default_tier0_router: {get_param: DefaultTier0Router}
+        neutron::plugins::nsx_v3::nsx_api_managers: {get_param: NsxApiManagers}
+        neutron::plugins::nsx_v3::nsx_api_user: {get_param: NsxApiUser}
+        neutron::plugins::nsx_v3::nsx_api_password: {get_param: NsxApiPassword}
+        neutron::plugins::nsx_v3::native_dhcp_metadata: {get_param: NativeDhcpMetadata}
+        neutron::plugins::nsx_v3::dhcp_profile_uuid: {get_param: DhcpProfileUuid}
+        neutron::plugins::nsx_v3::metadata_proxy_uuid: {get_param: MetadataProxyUuid}
+
+      step_config: |
+        include tripleo::profile::base::neutron::plugins::nsx_v3
index 6229a3f..953ffeb 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Neutron Nuage plugin
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -63,6 +71,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index f948dd0..a158010 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Neutron Plumgrid plugin
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -92,15 +100,15 @@ outputs:
       service_name: neutron_plugin_plumgrid
       config_settings:
         neutron::plugins::plumgrid::connection:
-          list_join:
-            - ''
-            - - {get_param: [EndpointMap, MysqlInternal, protocol]}
-              - '://neutron:'
-              - {get_param: NeutronPassword}
-              - '@'
-              - {get_param: [EndpointMap, MysqlInternal, host]}
-              - '/ovs_neutron'
-              - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
+          make_url:
+            scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
+            username: neutron
+            password: {get_param: NeutronPassword}
+            host: {get_param: [EndpointMap, MysqlInternal, host]}
+            path: /ovs_neutron
+            query:
+              read_default_file: /etc/my.cnf.d/tripleo.cnf
+              read_default_group: tripleo
         neutron::plugins::plumgrid::controller_priv_host: {get_param: [EndpointMap, KeystoneInternal, host]}
         neutron::plugins::plumgrid::admin_password: {get_param: AdminPassword}
         neutron::plugins::plumgrid::metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
index d3c82d8..c124d1e 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Neutron SR-IOV nic agent configured with Puppet
@@ -14,6 +14,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -54,6 +62,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
diff --git a/puppet/services/neutron-vpp-agent.yaml b/puppet/services/neutron-vpp-agent.yaml
new file mode 100644 (file)
index 0000000..cb72f67
--- /dev/null
@@ -0,0 +1,56 @@
+heat_template_version: pike
+
+description: >
+  OpenStack Neutron ML2/VPP agent configured with Puppet
+
+parameters:
+  ServiceNetMap:
+    default: {}
+    description: >
+      Mapping of service_name -> network name. Typically set via
+      parameter_defaults in the resource registry. This mapping overrides those
+      in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  NeutronVPPAgentPhysnets:
+    description: >
+      List of <physical_network>:<VPP Interface>
+      Example: "physnet1:GigabitEthernet2/2/0,physnet2:GigabitEthernet2/3/0"
+    type: comma_delimited_list
+    default: ""
+
+resources:
+
+  NeutronBase:
+    type: ./neutron-base.yaml
+    properties:
+      ServiceNetMap: {get_param: ServiceNetMap}
+      DefaultPasswords: {get_param: DefaultPasswords}
+      EndpointMap: {get_param: EndpointMap}
+
+outputs:
+  role_data:
+    description: Role data for the Neutron ML2/VPP agent service.
+    value:
+      service_name: neutron_vpp_agent
+      config_settings:
+        map_merge:
+          - get_attr: [NeutronBase, role_data, config_settings]
+          - tripleo::profile::base::neutron::agents::vpp::physnet_mapping: {get_param: NeutronVPPAgentPhysnets}
+      step_config: |
+        include ::tripleo::profile::base::neutron::agents::vpp
\ No newline at end of file
index 18d9b92..835edf0 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Nova API service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -81,6 +89,8 @@ resources:
   #     ServiceNetMap: {get_param: ServiceNetMap}
   #     DefaultPasswords: {get_param: DefaultPasswords}
   #     EndpointMap: {get_param: EndpointMap}
+  #     RoleName: {get_param: RoleName}
+  #     RoleParameters: {get_param: RoleParameters}
   #     EnableInternalTLS: {get_param: EnableInternalTLS}
 
   NovaBase:
@@ -89,6 +99,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
@@ -227,7 +239,7 @@ outputs:
         - name: Run puppet apply to set tranport_url in nova.conf
           tags: step5
           when: is_bootstrap_node
-          command: puppet apply --detailed-exitcodes /root/nova-api_upgrade_manifest.pp
+          command: puppet apply --modulepath /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules --detailed-exitcodes /root/nova-api_upgrade_manifest.pp
           register: puppet_apply_nova_api_upgrade
           failed_when: puppet_apply_nova_api_upgrade.rc not in [0,2]
           changed_when: puppet_apply_nova_api_upgrade.rc == 2
index 9e7f014..ea21af8 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Nova base service. Shared for all Nova services.
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -146,45 +154,45 @@ outputs:
           nova::placement::os_region_name: {get_param: KeystoneRegion}
           nova::placement::os_interface: {get_param: NovaPlacementAPIInterface}
           nova::database_connection:
-            list_join:
-              - ''
-              - - {get_param: [EndpointMap, MysqlInternal, protocol]}
-                - '://nova:'
-                - {get_param: NovaPassword}
-                - '@'
-                - {get_param: [EndpointMap, MysqlInternal, host]}
-                - '/nova'
-                - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
+            make_url:
+              scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
+              username: nova
+              password: {get_param: NovaPassword}
+              host: {get_param: [EndpointMap, MysqlInternal, host]}
+              path: /nova
+              query:
+                read_default_file: /etc/my.cnf.d/tripleo.cnf
+                read_default_group: tripleo
           nova::cell0_database_connection:
-            list_join:
-              - ''
-              - - {get_param: [EndpointMap, MysqlInternal, protocol]}
-                - '://nova:'
-                - {get_param: NovaPassword}
-                - '@'
-                - {get_param: [EndpointMap, MysqlInternal, host]}
-                - '/nova_cell0'
-                - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
+            make_url:
+              scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
+              username: nova
+              password: {get_param: NovaPassword}
+              host: {get_param: [EndpointMap, MysqlInternal, host]}
+              path: /nova_cell0
+              query:
+                read_default_file: /etc/my.cnf.d/tripleo.cnf
+                read_default_group: tripleo
           nova::api_database_connection:
-            list_join:
-              - ''
-              - - {get_param: [EndpointMap, MysqlInternal, protocol]}
-                - '://nova_api:'
-                - {get_param: NovaPassword}
-                - '@'
-                - {get_param: [EndpointMap, MysqlInternal, host]}
-                - '/nova_api'
-                - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
+            make_url:
+              scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
+              username: nova_api
+              password: {get_param: NovaPassword}
+              host: {get_param: [EndpointMap, MysqlInternal, host]}
+              path: /nova_api
+              query:
+                read_default_file: /etc/my.cnf.d/tripleo.cnf
+                read_default_group: tripleo
           nova::placement_database_connection:
-            list_join:
-              - ''
-              - - {get_param: [EndpointMap, MysqlInternal, protocol]}
-                - '://nova_placement:'
-                - {get_param: NovaPassword}
-                - '@'
-                - {get_param: [EndpointMap, MysqlInternal, host]}
-                - '/nova_placement'
-                - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
+            make_url:
+              scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
+              username: nova_placement
+              password: {get_param: NovaPassword}
+              host: {get_param: [EndpointMap, MysqlInternal, host]}
+              path: /nova_placement
+              query:
+                read_default_file: /etc/my.cnf.d/tripleo.cnf
+                read_default_group: tripleo
           nova::debug: {get_param: Debug}
           nova::purge_config: {get_param: EnableConfigPurge}
           nova::network::neutron::neutron_project_name: 'service'
index b171143..e39e997 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Nova Compute service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -64,7 +72,7 @@ parameters:
     description: >
       Reserved RAM for host processes.
     type: number
-    default: 2048
+    default: 4096
     constraints:
       - range: { min: 512 }
   MonitoringSubscriptionNovaCompute:
@@ -94,6 +102,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
@@ -119,6 +129,11 @@ outputs:
             nova::compute::libvirt::migration_support: false
             tripleo::profile::base::nova::manage_migration: true
             tripleo::profile::base::nova::migration_ssh_key: {get_param: MigrationSshKey}
+            tripleo::profile::base::nova::migration_ssh_localaddrs:
+              - "%{hiera('cold_migration_ssh_inbound_addr')}"
+              - "%{hiera('live_migration_ssh_inbound_addr')}"
+            live_migration_ssh_inbound_addr: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
+            cold_migration_ssh_inbound_addr: {get_param: [ServiceNetMap, NovaColdMigrationNetwork]}
             tripleo::profile::base::nova::nova_compute_enabled: true
             nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName}
             nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName}
@@ -175,6 +190,9 @@ outputs:
               template: "dest=/etc/nova/nova.conf section=upgrade_levels option=compute value=LEVEL"
               params:
                 LEVEL: {get_param: UpgradeLevelNovaCompute}
+        - name: install openstack-nova-migration
+          tags: step3
+          yum: name=openstack-nova-migration state=latest
         - name: Start nova-compute service
           tags: step6
           service: name=openstack-nova-compute state=started
index 4574cae..30eb127 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Nova Conductor service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -45,6 +53,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index 82f329b..fa1168a 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Nova Consoleauth service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -34,6 +42,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index f1d8dff..4f66432 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Nova Compute service configured with Puppet and using Ironic
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -30,6 +38,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index b297424..4e762b5 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Libvirt service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -32,6 +40,48 @@ parameters:
   MonitoringSubscriptionNovaLibvirt:
     default: 'overcloud-nova-libvirt'
     type: string
+  EnableInternalTLS:
+    type: boolean
+    default: false
+  UseTLSTransportForLiveMigration:
+    type: boolean
+    default: true
+    description: If set to true and if EnableInternalTLS is enabled, it will
+                 set the libvirt URI's transport to tls and configure the
+                 relevant keys for libvirt.
+  InternalTLSCAFile:
+    default: '/etc/ipa/ca.crt'
+    type: string
+    description: Specifies the default CA cert to use if TLS is used for
+                 services in the internal network.
+  LibvirtCACert:
+    type: string
+    default: ''
+    description: This specifies the CA certificate to use for TLS in libvirt.
+                 This file will be symlinked to the default CA path in libvirt,
+                 which is /etc/pki/CA/cacert.pem. Note that due to limitations
+                 GNU TLS, which is the TLS backend for libvirt, the file must
+                 be less than 65K (so we can't use the system's CA bundle).
+                 This parameter should be used if the default (which comes from
+                 the InternalTLSCAFile parameter) is not desired. The current
+                 default reflects TripleO's default CA, which is FreeIPA.
+                 It will only be used if internal TLS is enabled.
+
+conditions:
+
+  use_tls_for_live_migration:
+    and:
+    - equals:
+      - {get_param: EnableInternalTLS}
+      - true
+    - equals:
+      - {get_param: UseTLSTransportForLiveMigration}
+      - true
+
+  libvirt_specific_ca_unset:
+    equals:
+      - {get_param: LibvirtCACert}
+      - ''
 
 resources:
   NovaBase:
@@ -40,6 +90,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
@@ -70,5 +122,60 @@ outputs:
                   - '49152-49215'
                   - '5900-5999'
 
+          -
+            if:
+              - use_tls_for_live_migration
+              -
+                generate_service_certificates: true
+                tripleo::profile::base::nova::libvirt_tls: true
+                nova::migration::libvirt::live_migration_inbound_addr:
+                  str_replace:
+                    template:
+                      "%{hiera('fqdn_$NETWORK')}"
+                    params:
+                      $NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
+                tripleo::certmonger::ca::libvirt::origin_ca_pem:
+                  if:
+                    - libvirt_specific_ca_unset
+                    - get_param: InternalTLSCAFile
+                    - get_param: LibvirtCACert
+                tripleo::certmonger::libvirt_dirs::certificate_dir: '/etc/pki/libvirt'
+                tripleo::certmonger::libvirt_dirs::key_dir: '/etc/pki/libvirt/private'
+                libvirt_certificates_specs:
+                  libvirt-server-cert:
+                    service_certificate: '/etc/pki/libvirt/servercert.pem'
+                    service_key: '/etc/pki/libvirt/private/serverkey.pem'
+                    hostname:
+                      str_replace:
+                        template: "%{hiera('fqdn_NETWORK')}"
+                        params:
+                          NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
+                    principal:
+                      str_replace:
+                        template: "libvirt/%{hiera('fqdn_NETWORK')}"
+                        params:
+                          NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
+                  libvirt-client-cert:
+                    service_certificate: '/etc/pki/libvirt/clientcert.pem'
+                    service_key: '/etc/pki/libvirt/private/clientkey.pem'
+                    hostname:
+                      str_replace:
+                        template: "%{hiera('fqdn_NETWORK')}"
+                        params:
+                          NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
+                    principal:
+                      str_replace:
+                        template: "libvirt/%{hiera('fqdn_NETWORK')}"
+                        params:
+                          NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
+              - {}
       step_config: |
         include tripleo::profile::base::nova::libvirt
+      metadata_settings:
+        if:
+          - use_tls_for_live_migration
+          -
+            - service: libvirt
+              network: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
+              type: node
+          - null
index 376f95b..335b2c2 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Nova API service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
index b59e2fc..86aa079 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Nova Placement API service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -52,6 +60,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
       EnableInternalTLS: {get_param: EnableInternalTLS}
 
   NovaBase:
@@ -60,6 +70,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index e4b6bb4..5da6d43 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Nova Scheduler service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -45,6 +53,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index 42335ad..2db44d6 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Nova Vncproxy service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -34,6 +42,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index 2f898a6..e64a00f 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Octavia API service.
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -49,6 +57,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
@@ -65,15 +75,15 @@ outputs:
           - octavia::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
             octavia::policy::policies: {get_param: OctaviaApiPolicies}
             octavia::db::database_connection:
-              list_join:
-                - ''
-                - - {get_param: [EndpointMap, MysqlInternal, protocol]}
-                  - '://octavia:'
-                  - {get_param: OctaviaPassword}
-                  - '@'
-                  - {get_param: [EndpointMap, MysqlInternal, host]}
-                  - '/octavia'
-                  - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
+              make_url:
+                scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
+                username: octavia
+                password: {get_param: OctaviaPassword}
+                host: {get_param: [EndpointMap, MysqlInternal, host]}
+                path: /octavia
+                query:
+                  read_default_file: /etc/my.cnf.d/tripleo.cnf
+                  read_default_group: tripleo
             octavia::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
             octavia::keystone::authtoken::project_name: 'service'
             octavia::keystone::authtoken::password: {get_param: OctaviaPassword}
@@ -84,7 +94,6 @@ outputs:
                   - 9876
                   - 13876
             octavia::api::host: {get_param: [ServiceNetMap, OctaviaApiNetwork]}
-            neutron::server::service_providers: ['LOADBALANCERV2:Octavia:neutron_lbaas.drivers.octavia.driver.OctaviaDriver:default']
       step_config: |
         include tripleo::profile::base::octavia::api
       service_config_settings:
@@ -103,3 +112,5 @@ outputs:
           octavia::db::mysql::allowed_hosts:
             - '%'
             - "%{hiera('mysql_bind_host')}"
+        neutron_api:
+          neutron::server::service_providers: ['LOADBALANCERV2:Octavia:neutron_lbaas.drivers.octavia.driver.OctaviaDriver:default']
index db15aa1..19dc5b4 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Octavia base service. Shared for all Octavia services
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
index 51d32f2..853567d 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Octavia Health Manager service.
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -39,6 +47,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index 84c3343..6c556fa 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Octavia Housekeeping service.
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -46,6 +54,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index 9212b76..4feae41 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Octavia Worker service.
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -69,6 +77,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index 6882aef..af85f4a 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenDaylight SDN Controller.
@@ -46,6 +46,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
 
 outputs:
   role_data:
index ed572b4..0d859be 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenDaylight OVS Configuration.
@@ -47,6 +47,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
 
 resources:
   OpenVswitchUpgrade:
index fea1ba9..f6e7846 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Openvswitch package special handling for upgrade.
index 6b8be77..20c38d8 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OVN databases configured with puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
index f7a0edf..1c89011 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Pacemaker service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
index 7686028..7ecb64d 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Ceph RBD mirror service.
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -29,6 +37,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index e75ac97..d888d4a 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Cinder Backup service with Pacemaker configured with Puppet
@@ -25,6 +25,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -39,6 +47,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
       CinderBackupBackend: {get_param: CinderBackupBackend}
       CinderBackupRbdPoolName: {get_param: CinderBackupRbdPoolName}
       CephClientUserName: {get_param: CephClientUserName}
index bef47a5..39914db 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Cinder Volume service with Pacemaker configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -27,6 +35,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
@@ -44,3 +54,18 @@ outputs:
             cinder::host: hostgroup
       step_config:
         include ::tripleo::profile::pacemaker::cinder::volume
+      upgrade_tasks:
+        - name: Stop cinder_volume service (pacemaker)
+          tags: step1
+          pacemaker_resource:
+            resource: openstack-cinder-volume
+            state: disable
+            wait_for_resource: true
+        - name: Sync cinder DB
+          tags: step5
+          command: cinder-manage db sync
+        - name: Start cinder_volume service (pacemaker)
+          tags: step5
+          pacemaker_resource:
+            resource: openstack-cinder-volume
+            state: enable
index 93bf596..d8e942d 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   MySQL with Pacemaker service deployment using puppet
@@ -14,6 +14,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -28,6 +36,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index e702d28..5bc28ed 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Redis service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -26,6 +34,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
@@ -37,5 +47,6 @@ outputs:
           - get_attr: [RedisBase, role_data, config_settings]
           - redis::service_manage: false
             redis::notify_service: false
+            redis::managed_by_cluster_manager: true
       step_config: |
         include ::tripleo::profile::pacemaker::database::redis
index 598deae..0fb8393 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   HAproxy service with Pacemaker configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -26,6 +34,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index ddc13df..12f6529 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   The manila-share service with Pacemaker configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -27,6 +35,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index caada95..7925720 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   RabbitMQ service with Pacemaker configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -26,6 +34,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
@@ -39,34 +49,5 @@ outputs:
           - rabbitmq::service_manage: false
       step_config: |
         include ::tripleo::profile::pacemaker::rabbitmq
-      upgrade_tasks:
-        - name: get bootstrap nodeid
-          tags: common
-          command: hiera bootstrap_nodeid
-          register: bootstrap_node
-        - name: set is_bootstrap_node fact
-          tags: common
-          set_fact: is_bootstrap_node={{bootstrap_node.stdout == ansible_hostname}}
-        - name: get rabbitmq policy
-          tags: common
-          shell: pcs resource show rabbitmq | grep -q -E "Attributes:.*\"ha-mode\":\"all\""
-          register: rabbit_ha_mode
-          when: is_bootstrap_node
-          ignore_errors: true
-        - name: set migrate_rabbit_ha_mode fact
-          tags: common
-          set_fact: migrate_rabbit_ha_mode={{rabbit_ha_mode.rc == 0}}
-          when: is_bootstrap_node
-        - name: Fixup for rabbitmq ha-queues LP#1668600
-          tags: step0,pre-upgrade
-          shell: |
-            nr_controllers=$(($(hiera controller_node_names | grep -o "," |wc -l) + 1))
-            nr_queues=$(($nr_controllers / 2 + ($nr_controllers % 2)))
-            if ! [ $nr_queues -gt 0 -a $nr_queues -le $nr_controllers ]; then
-                echo "ERROR: The nr. of HA queues during the rabbit upgrade is out of range: $nr_queues"
-                exit 1
-            fi
-            pcs resource update rabbitmq set_policy='ha-all ^(?!amq\\.).* {"ha-mode":"exactly","ha-params":'"$nr_queues}" --wait=600
-          when: is_bootstrap_node and migrate_rabbit_ha_mode
       metadata_settings:
         get_attr: [RabbitMQServiceBase, role_data, metadata_settings]
index daee43e..74aaf59 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Pacemaker remote service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
index 43e7aa1..a41e34f 100644 (file)
@@ -1,7 +1,9 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
-  OpenStack Panko API service configured with Puppet
+  OpenStack Panko API service configured with Puppet.
+  Note, This service is deprecated in Pike release and will
+  be disabled in future releases.
 
 parameters:
   ServiceNetMap:
@@ -13,6 +15,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -38,6 +48,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
   ApacheServiceBase:
     type: ./apache.yaml
@@ -45,6 +57,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
       EnableInternalTLS: {get_param: EnableInternalTLS}
 
 outputs:
@@ -92,21 +106,27 @@ outputs:
       metadata_settings:
         get_attr: [ApacheServiceBase, role_data, metadata_settings]
       upgrade_tasks:
-        - name: Check if httpd is deployed
-          command: systemctl is-enabled httpd
-          tags: common
-          ignore_errors: True
-          register: httpd_enabled
-        - name: "PreUpgrade step0,validation: Check if httpd is running"
-          shell: >
-            /usr/bin/systemctl show 'httpd' --property ActiveState |
-            grep '\bactive\b'
-          when: httpd_enabled.rc == 0
-          tags: step0,validation
-        - name: Stop panko-api service (running under httpd)
-          tags: step1
-          service: name=httpd state=stopped
-          when: httpd_enabled.rc == 0
-        - name: Install openstack-panko-api package if it was not installed
-          tags: step3
-          yum: name=openstack-panko-api state=latest
+        yaql:
+          expression: $.data.apache_upgrade + $.data.panko_api_upgrade
+          data:
+            apache_upgrade:
+              get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
+            panko_api_upgrade:
+              - name: Check if httpd is deployed
+                command: systemctl is-enabled httpd
+                tags: common
+                ignore_errors: True
+                register: httpd_enabled
+              - name: "PreUpgrade step0,validation: Check if httpd is running"
+                shell: >
+                  /usr/bin/systemctl show 'httpd' --property ActiveState |
+                  grep '\bactive\b'
+                when: httpd_enabled.rc == 0
+                tags: step0,validation
+              - name: Stop panko-api service (running under httpd)
+                tags: step1
+                service: name=httpd state=stopped
+                when: httpd_enabled.rc == 0
+              - name: Install openstack-panko-api package if it was not installed
+                tags: step3
+                yum: name=openstack-panko-api state=latest
index fda1345..84817bc 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Panko service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -38,15 +46,15 @@ outputs:
       service_name: panko_base
       config_settings:
         panko::db::database_connection:
-          list_join:
-            - ''
-            - - {get_param: [EndpointMap, MysqlInternal, protocol]}
-              - '://panko:'
-              - {get_param: PankoPassword}
-              - '@'
-              - {get_param: [EndpointMap, MysqlInternal, host]}
-              - '/panko'
-              - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
+          make_url:
+            scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
+            username: panko
+            password: {get_param: PankoPassword}
+            host: {get_param: [EndpointMap, MysqlInternal, host]}
+            path: /panko
+            query:
+              read_default_file: /etc/my.cnf.d/tripleo.cnf
+              read_default_group: tripleo
         panko::debug: {get_param: Debug}
         panko::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
         panko::keystone::authtoken::project_name: 'service'
index f8746ce..0659a94 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Qpid dispatch router service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
index 4747978..1a42fda 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   RabbitMQ service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -40,10 +48,10 @@ parameters:
     hidden: true
   RabbitHAQueues:
     description:
-      The number of HA queues to be configured in rabbit. The default is 0 which will
-      be automatically overridden to CEIL(N/2) where N is the number of nodes running
-      rabbitmq.
-    default: 0
+      The number of HA queues to be configured in rabbit. The default is -1 which
+      translates to "ha-mode all". The special value 0 will be automatically
+      overridden to CEIL(N/2) where N is the number of nodes running rabbitmq.
+    default: -1
     type: number
   MonitoringSubscriptionRabbitmq:
     default: 'overcloud-rabbitmq'
diff --git a/puppet/services/releasenotes/notes/mod_ssl-e7fd4db71189242e.yaml b/puppet/services/releasenotes/notes/mod_ssl-e7fd4db71189242e.yaml
new file mode 100644 (file)
index 0000000..eb7b513
--- /dev/null
@@ -0,0 +1,5 @@
+---
+upgrade:
+  - When a service is deployed in WSGI with Apache, make sure mode_ssl
+    package is deployed during the upgrade process, it's now required
+    by default so Apache can start properly.
index d9f2115..3df4ce7 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Sahara API service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -52,6 +60,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index d5131f6..1ee6d17 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Sahara base service. Shared for all Sahara services.
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -56,15 +64,15 @@ outputs:
       service_name: sahara_base
       config_settings:
         sahara::database_connection:
-          list_join:
-            - ''
-            - - {get_param: [EndpointMap, MysqlInternal, protocol]}
-              - '://sahara:'
-              - {get_param: SaharaPassword}
-              - '@'
-              - {get_param: [EndpointMap, MysqlInternal, host]}
-              - '/sahara'
-              - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
+          make_url:
+            scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
+            username: sahara
+            password: {get_param: SaharaPassword}
+            host: {get_param: [EndpointMap, MysqlInternal, host]}
+            path: /sahara
+            query:
+              read_default_file: /etc/my.cnf.d/tripleo.cnf
+              read_default_group: tripleo
         sahara::rabbit_password: {get_param: RabbitPassword}
         sahara::rabbit_user: {get_param: RabbitUserName}
         sahara::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
index c0b6b3e..b6c108e 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Sahara Engine service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -34,6 +42,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
index 6d32fe8..84a370f 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Configure securetty values
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
index 9820b43..0e7b6d2 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Utility stack to convert an array of services into a set of combined
@@ -26,6 +26,14 @@ parameters:
     description: Mapping of service -> default password. Used to help
                  pass top level passwords managed by Heat into services.
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    description: Role Specific parameters to be provided to service
+    default: {}
+    type: json
 
 resources:
 
@@ -38,6 +46,8 @@ resources:
         ServiceNetMap: {get_param: ServiceNetMap}
         EndpointMap: {get_param: EndpointMap}
         DefaultPasswords: {get_param: DefaultPasswords}
+        RoleName: {get_param: RoleName}
+        RoleParameters: {get_param: RoleParameters}
 
   LoggingConfiguration:
     type: OS::TripleO::LoggingConfiguration
index 80c29f9..ffa5d31 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   SNMP client configured with Puppet, to facilitate Ceilometer Hardware
@@ -15,6 +15,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -28,6 +36,14 @@ parameters:
     description: The user password for SNMPd with readonly rights running on all Overcloud nodes
     type: string
     hidden: true
+  SnmpdBindHost:
+    description: An array of bind host addresses on which SNMP daemon will listen.
+    type: comma_delimited_list
+    default: ['udp:161','udp6:[::1]:161']
+  SnmpdOptions:
+    description: A string containing the commandline options passed to snmpd
+    type: string
+    default: '-LS0-5d'
 
 outputs:
   role_data:
@@ -37,6 +53,8 @@ outputs:
       config_settings:
         tripleo::profile::base::snmp::snmpd_user: {get_param: SnmpdReadonlyUserName}
         tripleo::profile::base::snmp::snmpd_password: {get_param: SnmpdReadonlyUserPassword}
+        snmp::agentaddress: {get_param: SnmpdBindHost}
+        snmp::snmpd_options: {get_param: SnmpdOptions}
         tripleo.snmp.firewall_rules:
           '127 snmp':
             dport: 161
index 12998c3..30058f0 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Configure sshd_config
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -22,6 +30,33 @@ parameters:
     default: ''
     description: Configures Banner text in sshd_config
     type: string
+  MessageOfTheDay:
+    default: ''
+    description: Configures /etc/motd text
+    type: string
+  SshServerOptions:
+    default:
+      HostKey:
+        - '/etc/ssh/ssh_host_rsa_key'
+        - '/etc/ssh/ssh_host_ecdsa_key'
+        - '/etc/ssh/ssh_host_ed25519_key'
+      SyslogFacility: 'AUTHPRIV'
+      AuthorizedKeysFile: '.ssh/authorized_keys'
+      PasswordAuthentication: 'no'
+      ChallengeResponseAuthentication: 'no'
+      GSSAPIAuthentication: 'yes'
+      GSSAPICleanupCredentials: 'no'
+      UsePAM: 'yes'
+      X11Forwarding: 'yes'
+      UsePrivilegeSeparation: 'sandbox'
+      AcceptEnv:
+        - 'LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES'
+        - 'LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT'
+        - 'LC_IDENTIFICATION LC_ALL LANGUAGE'
+        - 'XMODIFIERS'
+      Subsystem: 'sftp  /usr/libexec/openssh/sftp-server'
+    description: Mapping of sshd_config values
+    type: json
 
 outputs:
   role_data:
@@ -30,5 +65,7 @@ outputs:
       service_name: sshd
       config_settings:
         tripleo::profile::base::sshd::bannertext: {get_param: BannerText}
+        tripleo::profile::base::sshd::motd: {get_param: MessageOfTheDay}
+        tripleo::profile::base::sshd::options: {get_param: SshServerOptions}
       step_config: |
         include ::tripleo::profile::base::sshd
index 6046d5e..3066aec 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Swift Proxy service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
index 0ecc942..9a304ed 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Swift Proxy service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -53,6 +61,10 @@ parameters:
     description: Set to False to disable the swift proxy ceilometer pipeline.
     default: True
     type: boolean
+  SwiftCeilometerIgnoreProjects:
+    default: ['services']
+    description: Comma-seperated list of project names to ignore.
+    type: comma_delimited_list
   RabbitClientPort:
     default: 5672
     description: Set rabbit subscriber port, change this if using SSL
@@ -79,6 +91,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
   TLSProxyBase:
     type: OS::TripleO::Services::TLSProxyBase
@@ -106,6 +120,10 @@ outputs:
             swift::proxy::workers: {get_param: SwiftWorkers}
             swift::proxy::ceilometer::rabbit_user: {get_param: RabbitUserName}
             swift::proxy::ceilometer::rabbit_password: {get_param: RabbitPassword}
+            swift::proxy::ceilometer::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
+            swift::proxy::ceilometer::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
+            swift::proxy::ceilometer::password: {get_param: SwiftPassword}
+            swift::proxy::ceilometer::ignore_projects: {get_param: SwiftCeilometerIgnoreProjects}
             swift::proxy::staticweb::url_base: {get_param: [EndpointMap, SwiftPublic, uri_no_suffix]}
             swift::proxy::ceilometer::nonblocking_notify: true
             tripleo::profile::base::swift::proxy::rabbit_port: {get_param: RabbitClientPort}
index f62d5e1..3808dbc 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Swift Ringbuilder
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
index 261aade..f1a9b93 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Swift Storage service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -55,6 +63,8 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
       EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
 
 conditions:
   swift_mount_check:
index c14e061..e121feb 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Tacker service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -62,15 +70,15 @@ outputs:
       config_settings:
         tacker_password: {get_param: TackerPassword}
         tacker::db::database_connection:
-          list_join:
-            - ''
-            - - {get_param: [EndpointMap, MysqlInternal, protocol]}
-              - '://tacker:'
-              - {get_param: TackerPassword}
-              - '@'
-              - {get_param: [EndpointMap, MysqlInternal, host]}
-              - '/tacker'
-              - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
+          make_url:
+            scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
+            username: tacker
+            password: {get_param: TackerPassword}
+            host: {get_param: [EndpointMap, MysqlInternal, host]}
+            path: /tacker
+            query:
+              read_default_file: /etc/my.cnf.d/tripleo.cnf
+              read_default_group: tripleo
 
         tacker::debug: {get_param: Debug}
         tacker::rpc_backend: rabbit
index b14d7bc..92c3f9e 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   NTP service deployment using puppet, this YAML file
@@ -16,6 +16,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
index 5d0eeae..aece02c 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Composable Timezone service
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
index ff2b067..9fb590e 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   TripleO Firewall settings
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
index 737be82..2b9b883 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   TripleO Package installation settings
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
index 7c8f8a2..e3e28a2 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Vpp service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
index 33769d0..6bc296a 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   Openstack Zaqar service. Shared for all Heat services.
@@ -18,6 +18,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   Debug:
     default: ''
     description: Set to True to enable debugging on all services.
@@ -36,7 +44,26 @@ parameters:
       e.g. { zaqar-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
     default: {}
     type: json
+  ZaqarWorkers:
+    type: string
+    description: Set the number of workers for zaqar::wsgi::apache
+    default: '%{::os_workers}'
+  EnableInternalTLS:
+    type: boolean
+    default: false
+
+conditions:
+  zaqar_workers_zero: {equals : [{get_param: ZaqarWorkers}, 0]}
+
+resources:
 
+  ApacheServiceBase:
+    type: ./apache.yaml
+    properties:
+      ServiceNetMap: {get_param: ServiceNetMap}
+      DefaultPasswords: {get_param: DefaultPasswords}
+      EndpointMap: {get_param: EndpointMap}
+      EnableInternalTLS: {get_param: EnableInternalTLS}
 
 outputs:
   role_data:
@@ -44,16 +71,31 @@ outputs:
     value:
       service_name: zaqar
       config_settings:
-        zaqar::policy::policies: {get_param: ZaqarPolicies}
-        zaqar::keystone::authtoken::password: {get_param: ZaqarPassword}
-        zaqar::keystone::authtoken::project_name: 'service'
-        zaqar::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
-        zaqar::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
-        zaqar::debug: {get_param: Debug}
-        zaqar::transport::websocket::bind: {get_param: [EndpointMap, ZaqarInternal, host]}
-        zaqar::transport::wsgi::bind: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
-        zaqar::message_pipeline: 'zaqar.notification.notifier'
-        zaqar::unreliable: true
+        map_merge:
+          - get_attr: [ApacheServiceBase, role_data, config_settings]
+          - zaqar::policy::policies: {get_param: ZaqarPolicies}
+            zaqar::keystone::authtoken::password: {get_param: ZaqarPassword}
+            zaqar::keystone::authtoken::project_name: 'service'
+            zaqar::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
+            zaqar::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
+            zaqar::debug: {get_param: Debug}
+            zaqar::server::service_name: 'httpd'
+            zaqar::transport::websocket::bind: {get_param: [EndpointMap, ZaqarInternal, host]}
+            zaqar::wsgi::apache::ssl: false
+            zaqar::wsgi::apache::bind_host: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
+            zaqar::message_pipeline: 'zaqar.notification.notifier'
+            zaqar::unreliable: true
+            zaqar::wsgi::apache::servername:
+              str_replace:
+                template:
+                  "%{hiera('fqdn_$NETWORK')}"
+                params:
+                  $NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
+          -
+            if:
+            - zaqar_workers_zero
+            - {}
+            - zaqar::wsgi::apache::workers: {get_param: ZaqarWorkers}
       service_config_settings:
         keystone:
           zaqar::keystone::auth::password: {get_param: ZaqarPassword}
@@ -72,22 +114,37 @@ outputs:
       step_config: |
         include ::tripleo::profile::base::zaqar
       upgrade_tasks:
-        - name: Check if zaqar is deployed
-          command: systemctl is-enabled openstack-zaqar
-          tags: common
-          ignore_errors: True
-          register: zaqar_enabled
-        - name: "PreUpgrade step0,validation: Check if openstack-zaqar is running"
-          shell: >
-            /usr/bin/systemctl show 'openstack-zaqar' --property ActiveState |
-            grep '\bactive\b'
-          when: zaqar_enabled.rc == 0
-          tags: step0,validation
-        - name: Stop zaqar service
-          tags: step1
-          when: zaqar_enabled.rc == 0
-          service: name=openstack-zaqar state=stopped
-        - name: Install openstack-zaqar package if it was disabled
-          tags: step3
-          yum: name=openstack-zaqar state=latest
-          when: zaqar_enabled.rc != 0
+        yaql:
+          expression: $.data.apache_upgrade + $.data.zaqar_upgrade
+          data:
+            apache_upgrade:
+              get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
+            zaqar_upgrade:
+              - name: Check if zaqar is deployed
+                command: systemctl is-enabled openstack-zaqar
+                tags: common
+                ignore_errors: True
+                register: zaqar_enabled
+              - name: "PreUpgrade step0,validation: Check if openstack-zaqar is running"
+                shell: >
+                  /usr/bin/systemctl show 'openstack-zaqar' --property ActiveState |
+                  grep '\bactive\b'
+                when: zaqar_enabled.rc == 0
+                tags: step0,validation
+              - name: Check for zaqar running under apache (post upgrade)
+                tags: step1
+                shell: "httpd -t -D DUMP_VHOSTS | grep -q zaqar_wsgi"
+                register: zaqar_apache
+                ignore_errors: true
+              - name: Stop zaqar service (running under httpd)
+                tags: step1
+                service: name=httpd state=stopped
+                when: zaqar_apache.rc == 0
+              - name: Stop and disable zaqar service (pre-upgrade not under httpd)
+                tags: step1
+                when: zaqar_enabled.rc == 0
+                service: name=openstack-zaqar state=stopped enabled=no
+              - name: Install openstack-zaqar package if it was disabled
+                tags: step3
+                yum: name=openstack-zaqar state=latest
+                when: zaqar_enabled.rc != 0
index 2cfd43f..4f96717 100644 (file)
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 description: 'Upgrade for via ansible by applying a step related tag'
 
 parameters:
diff --git a/releasenotes/notes/Add-Internal-TLS-CA-File-parameter-c24ee13daaa11dfc.yaml b/releasenotes/notes/Add-Internal-TLS-CA-File-parameter-c24ee13daaa11dfc.yaml
new file mode 100644 (file)
index 0000000..8847b22
--- /dev/null
@@ -0,0 +1,6 @@
+---
+features:
+  - Adds the InternalTLSCAFile parameter, which defines which CA file should be
+    used by the internal services to verify that the peer's certificate is
+    trusted. This is applicable if internal TLS is enabled. Currently, it
+    defaults to using the CA file for FreeIPA, which is the default CA.
diff --git a/releasenotes/notes/Disable-mongodb-by-default-cce37d3254a77d27.yaml b/releasenotes/notes/Disable-mongodb-by-default-cce37d3254a77d27.yaml
new file mode 100644 (file)
index 0000000..e6e452f
--- /dev/null
@@ -0,0 +1,8 @@
+---
+upgrade:
+  - Mongodb is no longer used by default, so now one has to enable it
+    explicitly if there's a need for using it.
+other:
+  - Mongodb is not used by any service we enable by default, so it has been
+    removed from the default services. It has subsequently been added to the
+    services that use it (zaqar and ceilometer-collector).
diff --git a/releasenotes/notes/Enable-TLS-for-libvirt-0aab48cd8339da0f.yaml b/releasenotes/notes/Enable-TLS-for-libvirt-0aab48cd8339da0f.yaml
new file mode 100644 (file)
index 0000000..e8941b7
--- /dev/null
@@ -0,0 +1,6 @@
+---
+features:
+  - |
+    If TLS in the internal network is enabled, libvirt's transport defaults to
+    using TLS. This can be changed by setting the ``UseTLSTransportForLiveMigration``
+    parameter, which is ``true`` by default.
diff --git a/releasenotes/notes/add-all-hosts-to-hostsentry-20a8ee8a1a210ce2.yaml b/releasenotes/notes/add-all-hosts-to-hostsentry-20a8ee8a1a210ce2.yaml
new file mode 100644 (file)
index 0000000..b0ad9d9
--- /dev/null
@@ -0,0 +1,9 @@
+---
+fixes:
+  - Previously only the VIPs and their associated hostnames were present
+    in the HostsEntry output, due to the hosts_entries output on the
+    hosts-config.yaml nested stack being empty. It was referencing an
+    invalid attribute. See
+    https://bugs.launchpad.net/tripleo/+bug/1683517
+
+
diff --git a/releasenotes/notes/add-cadf-environment-0ce0078348c5333f.yaml b/releasenotes/notes/add-cadf-environment-0ce0078348c5333f.yaml
new file mode 100644 (file)
index 0000000..a45938b
--- /dev/null
@@ -0,0 +1,7 @@
+---
+features:
+  - Add new cadf.yaml environment, that will configure
+    Keystone to emit CADF notifications. This standard
+    provides auditing capabilities for compliance with
+    security, and is intented to be used for deploying
+    TripleO with hardened security.
diff --git a/releasenotes/notes/add-l2gw-agent-1a2f14a6ceefe362.yaml b/releasenotes/notes/add-l2gw-agent-1a2f14a6ceefe362.yaml
new file mode 100644 (file)
index 0000000..7f88e26
--- /dev/null
@@ -0,0 +1,3 @@
+---
+features:
+   - Add support for L2 Gateway Neutron agent
diff --git a/releasenotes/notes/add-support-for-pure-cinder-1a595f1940d5a06f.yaml b/releasenotes/notes/add-support-for-pure-cinder-1a595f1940d5a06f.yaml
new file mode 100644 (file)
index 0000000..da326e4
--- /dev/null
@@ -0,0 +1,3 @@
+---
+features:
+  - Added Pure Storage FlashArray iSCSI and FC backend support for cinder
diff --git a/releasenotes/notes/change-db-sync-timeout-57abe3e48d741842.yaml b/releasenotes/notes/change-db-sync-timeout-57abe3e48d741842.yaml
new file mode 100644 (file)
index 0000000..46f3b85
--- /dev/null
@@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    During a deployment on lower spec systems, the "db sync" can take longer
+    than five minutes. value of DatabaseSyncTimeout has change from 300
+    to 900 at the environment file "low-memory-usage.yaml".
diff --git a/releasenotes/notes/change-rabbitmq-ha-mode-policy-default-6c6cd7f02181f0e0.yaml b/releasenotes/notes/change-rabbitmq-ha-mode-policy-default-6c6cd7f02181f0e0.yaml
new file mode 100644 (file)
index 0000000..d6f74ef
--- /dev/null
@@ -0,0 +1,11 @@
+---
+upgrade:
+  - |
+    We are not changing the rabbitmq ha-mode policy during upgrades any longer.
+    The policy chosen at deploy time will remain the same but can be changed
+    manually.
+fixes:
+  - |
+    Due to https://bugs.launchpad.net/tripleo/+bug/1686337 we switch the
+    default of rabbitmq back ha-mode "all". This is to make the installation
+    more robust in the face of network issues.
diff --git a/releasenotes/notes/configurable-snmpd-options-3954c5858e2c7656.yaml b/releasenotes/notes/configurable-snmpd-options-3954c5858e2c7656.yaml
new file mode 100644 (file)
index 0000000..d69bf4f
--- /dev/null
@@ -0,0 +1,6 @@
+---
+features:
+  - |
+    Per default, don't log a message in syslog for each incoming SNMP query.
+    So set the default log level to '-LS0-5d'. Allow the operator to customize
+    the log level via a parameter.
diff --git a/releasenotes/notes/deprecate-ceilometer-expirer-83b193a07631d89d.yaml b/releasenotes/notes/deprecate-ceilometer-expirer-83b193a07631d89d.yaml
new file mode 100644 (file)
index 0000000..9088f96
--- /dev/null
@@ -0,0 +1,11 @@
+---
+upgrade:
+  - With expirer deprecated and disabled by default, there is an upgrade
+    impact here. If you had expirer enabled in ocata and you upgrade to
+    pike the expirer will not be enabled anymore. If you wish to use
+    expirer, ensure you include the ceilometer-expirer.yaml
+    to your upgrade deploy command. Also note that with collector
+    disabled, there is no need for expirer to be running.
+deprecations:
+  - Deprecate and turn off expirer service as collector. Without collector
+    and standard storage, expirer has no use.
diff --git a/releasenotes/notes/deprecate-collector-a16e5d58ae00806d.yaml b/releasenotes/notes/deprecate-collector-a16e5d58ae00806d.yaml
new file mode 100644 (file)
index 0000000..b9546a9
--- /dev/null
@@ -0,0 +1,14 @@
+---
+upgrade:
+  - With collector deprecated and disabled by default, there is an upgrade
+    impact here. If you had collector enabled in ocata and you upgrade to
+    pike the collector will not be enabled anymore. If you wish to use
+    collector, ensure you include the ceilometer-collector.yaml
+    to your upgrade deploy command. We recommend switching to using the
+    new pipeline approach with publisher instead.
+deprecations:
+  - Deprecate and disable ceilometer collector service by default. Instead
+    use the publisher directly in the pipeline to push data where appropriate.
+    This can be manually enabled by passing the environment file to deploy
+    command which is included in environment dir as ceilometer-collector.yaml.
+    By default, the pipeline publisher pushes data automatically to gnocchi.
diff --git a/releasenotes/notes/deprecate-panko-b2bdce647d2b9a6d.yaml b/releasenotes/notes/deprecate-panko-b2bdce647d2b9a6d.yaml
new file mode 100644 (file)
index 0000000..96f2c55
--- /dev/null
@@ -0,0 +1,5 @@
+---
+deprecations:
+  - Panko API service is deprecated in Pike release. Note that this service
+    will remain enabled by default as there is no replacement yet. This will
+    be disabled in future releases.
diff --git a/releasenotes/notes/disable-manila-cephfs-snapshots-by-default-d5320a05d9b501cf.yaml b/releasenotes/notes/disable-manila-cephfs-snapshots-by-default-d5320a05d9b501cf.yaml
new file mode 100644 (file)
index 0000000..98d70b6
--- /dev/null
@@ -0,0 +1,5 @@
+---
+upgrade:
+  - |
+    Disabled cephfs snapshot support (ManilaCephFSNativeCephFSEnableSnapshots
+    parameter) in manila by default.
diff --git a/releasenotes/notes/disable_default_apache_vhost-f41d11fe07605f7f.yaml b/releasenotes/notes/disable_default_apache_vhost-f41d11fe07605f7f.yaml
new file mode 100644 (file)
index 0000000..279e25c
--- /dev/null
@@ -0,0 +1,6 @@
+---
+upgrade:
+  - |
+    Disable default vhost for apache. It is required for a hybrid deployments
+    when WSGI based services running both at host and in containers, without
+    conflicting default ports.
diff --git a/releasenotes/notes/enable-arp_accept-6296b0113bc56b10.yaml b/releasenotes/notes/enable-arp_accept-6296b0113bc56b10.yaml
new file mode 100644 (file)
index 0000000..4025477
--- /dev/null
@@ -0,0 +1,9 @@
+---
+other:
+  - |
+    All nodes now enable ``arp_accept`` sysctl setting to help with honoring
+    gratuitous ARP packets in their ARP tables. While sources of gratuitous ARP
+    packets are diverse, this comes especially useful for Neutron floating IP
+    addresses that roam between devices, and for which Neutron L3 agent sends
+    gratuitous ARP packets to update all network nodes about IP address new
+    locations.
diff --git a/releasenotes/notes/expose-metric-processing-delay-0c098d7ec0af0728.yaml b/releasenotes/notes/expose-metric-processing-delay-0c098d7ec0af0728.yaml
new file mode 100644 (file)
index 0000000..1fc4f10
--- /dev/null
@@ -0,0 +1,3 @@
+---
+fixes:
+  - Expose metric_processing_delay to tweak gnocchi performance.
diff --git a/releasenotes/notes/glance-keystonev3-d35182ba9a3778eb.yaml b/releasenotes/notes/glance-keystonev3-d35182ba9a3778eb.yaml
new file mode 100644 (file)
index 0000000..072e85a
--- /dev/null
@@ -0,0 +1,4 @@
+---
+features:
+  - Deploy Glance with Keystone v3 endpoints and make
+    sure it doesn't rely on Keystone v2 anymore.
diff --git a/releasenotes/notes/increase-nova-reserved-host-memory-80434e8484a29680.yaml b/releasenotes/notes/increase-nova-reserved-host-memory-80434e8484a29680.yaml
new file mode 100644 (file)
index 0000000..88f67a0
--- /dev/null
@@ -0,0 +1,4 @@
+---
+other:
+  - Increased the default of NovaReservedHostMemory for
+    Compute nodes to 4096 MB.
diff --git a/releasenotes/notes/ironic-boot-option-3f3036aa5e82ec7e.yaml b/releasenotes/notes/ironic-boot-option-3f3036aa5e82ec7e.yaml
new file mode 100644 (file)
index 0000000..53191bd
--- /dev/null
@@ -0,0 +1,12 @@
+---
+features:
+  - |
+    New configuration ``IronicDefaultBootOption`` allows to change the default
+    boot option to use for bare metal instances in the overcloud.
+upgrade:
+  - |
+    The default boot option for bare metal instances in overcloud was changed
+    to "local". This was already the default for whole-disk images, but for
+    partition images it requires ``grub2`` to be installed on them.
+    Use the new ``IronicDefaultBootOption`` configuration to override, or
+    set ``boot_option`` capability on nodes and flavors.
diff --git a/releasenotes/notes/ironic-hardware-types-fe5140549d3bb792.yaml b/releasenotes/notes/ironic-hardware-types-fe5140549d3bb792.yaml
new file mode 100644 (file)
index 0000000..da3da6c
--- /dev/null
@@ -0,0 +1,9 @@
+---
+features:
+  - |
+    Configuring enabled Ironic hardware types is now possible via new
+    ``IronicEnabledHardwareTypes`` parameter. See this spec for details:
+    http://specs.openstack.org/openstack/ironic-specs/specs/approved/driver-composition-reform.html.
+  - |
+    Bare metal serial console support via ``socat`` utility is enabled for
+    Ironic hardware types supporting it (currently only ``ipmi``).
diff --git a/releasenotes/notes/match-enable_dvr-with-NeutronEnableDVR-fe8aac6c4ce52bce.yaml b/releasenotes/notes/match-enable_dvr-with-NeutronEnableDVR-fe8aac6c4ce52bce.yaml
new file mode 100644 (file)
index 0000000..5440043
--- /dev/null
@@ -0,0 +1,6 @@
+---
+upgrade:
+  - |
+    Neutron API controller no longer advertises ``dvr`` extension if the
+    cloud is not configured for DVR. This is achieved by setting ``enable_dvr``
+    to match ``NeutronEnableDVR`` setting.
diff --git a/releasenotes/notes/mistral-mod-wsgi-24d41a6f427237ff.yaml b/releasenotes/notes/mistral-mod-wsgi-24d41a6f427237ff.yaml
new file mode 100644 (file)
index 0000000..ae6401f
--- /dev/null
@@ -0,0 +1,7 @@
+---
+features:
+  - Move Mistral API to use mod_wsgi under Apache.
+upgrade:
+  - Mistral API systemd service will be stopped and 
+    disabled.
+
diff --git a/releasenotes/notes/nsx-support-1254839718d8df8c.yaml b/releasenotes/notes/nsx-support-1254839718d8df8c.yaml
new file mode 100644 (file)
index 0000000..1d9f5f8
--- /dev/null
@@ -0,0 +1,3 @@
+---
+features:
+  - Add support for NSX Neutron plugin
diff --git a/releasenotes/notes/octavia-1687026-c01313aab53f55a4.yaml b/releasenotes/notes/octavia-1687026-c01313aab53f55a4.yaml
new file mode 100644 (file)
index 0000000..2ba01c7
--- /dev/null
@@ -0,0 +1,5 @@
+---
+fixes:
+  - |
+    Octavia API and Neutron Server can now be deployed on separated nodes.
+    See https://bugs.launchpad.net/tripleo/+bug/1687026
diff --git a/releasenotes/notes/pluggable-server-type-per-role-314f38f8e5d4c84e.yaml b/releasenotes/notes/pluggable-server-type-per-role-314f38f8e5d4c84e.yaml
new file mode 100644 (file)
index 0000000..5b58d3d
--- /dev/null
@@ -0,0 +1,8 @@
+---
+features:
+  - The server resource type, OS::TripleO::Server can now be
+    mapped per role instead of globally. This allows users to
+    mix baremetal (OS::Nova::Server) and
+    deployed-server (OS::Heat::DeployedServer) server resources
+    in the same deployment. See
+    https://blueprints.launchpad.net/tripleo/+spec/pluggable-server-type-per-role
diff --git a/releasenotes/notes/redfish-9203af1f7bf02bc5.yaml b/releasenotes/notes/redfish-9203af1f7bf02bc5.yaml
new file mode 100644 (file)
index 0000000..8c24a22
--- /dev/null
@@ -0,0 +1,8 @@
+---
+features:
+  - |
+    Support for Redfish hardware is enabled by default for overcloud Ironic
+    via the ``redfish`` hardware type.
+  - |
+    Support changing enabled management and power interfaces for hardware types
+    in overcloud Ironic.
diff --git a/releasenotes/notes/server-blacklist-support-370c1a1f15a28a41.yaml b/releasenotes/notes/server-blacklist-support-370c1a1f15a28a41.yaml
new file mode 100644 (file)
index 0000000..7ab253b
--- /dev/null
@@ -0,0 +1,6 @@
+---
+features:
+  - Added the ability to blacklist servers by name from being
+    associated with any Heat triggered SoftwareDeployment
+    resources. The servers are specified in the new
+    DeploymentServerBlacklist parameter.
diff --git a/releasenotes/notes/service-role-name-0b8609d314564885.yaml b/releasenotes/notes/service-role-name-0b8609d314564885.yaml
new file mode 100644 (file)
index 0000000..6c73808
--- /dev/null
@@ -0,0 +1,4 @@
+---
+features:
+  - Role specific informations are added to the service template to enable
+    role specific decisions on the service.
diff --git a/releasenotes/notes/snmp_listen-2364188f73d43b14.yaml b/releasenotes/notes/snmp_listen-2364188f73d43b14.yaml
new file mode 100644 (file)
index 0000000..7cff9ee
--- /dev/null
@@ -0,0 +1,7 @@
+---
+features:
+  - |
+    Adding a new parameter to SNMP profile, SnmpdBindHost
+    so users can change the binding addresses on SNMP daemon.
+    The parameter is an array and takes the default value that
+    were previously hardcoded in puppet-tripleo.
diff --git a/releasenotes/notes/sshd-service-extensions-0c4d0879942a2052.yaml b/releasenotes/notes/sshd-service-extensions-0c4d0879942a2052.yaml
new file mode 100644 (file)
index 0000000..4cc01df
--- /dev/null
@@ -0,0 +1,5 @@
+---
+features:
+  - |
+    Added ability to manage MOTD Banner
+    Enabled SSHD composible service by default. Puppet-ssh manages the sshd config.
diff --git a/releasenotes/notes/stack-name-input-73f4d4d052f1377e.yaml b/releasenotes/notes/stack-name-input-73f4d4d052f1377e.yaml
new file mode 100644 (file)
index 0000000..2ccbee9
--- /dev/null
@@ -0,0 +1,5 @@
+---
+fixes:
+  - The stack name can now be overridden in the get-occ-config.sh script
+    for deployed-server's by setting the $STACK_NAME variable in the
+    environment.
diff --git a/releasenotes/notes/swap-prepuppet-and-postpuppet-to-preconfig-and-postconfig-debd5f28bc578d51.yaml b/releasenotes/notes/swap-prepuppet-and-postpuppet-to-preconfig-and-postconfig-debd5f28bc578d51.yaml
new file mode 100644 (file)
index 0000000..875b704
--- /dev/null
@@ -0,0 +1,6 @@
+---
+fixes:
+  - This commit merges both [Pre|Post]Puppet and [Pre|Post]Config
+    resources, giving an agnostic name for the configuration
+    steps. The [Pre|Post]Puppet resource is removed and should not
+    be used anymore.
diff --git a/releasenotes/notes/unset-ceph-default-min-size-0297620ed99dab5b.yaml b/releasenotes/notes/unset-ceph-default-min-size-0297620ed99dab5b.yaml
new file mode 100644 (file)
index 0000000..fc2cb48
--- /dev/null
@@ -0,0 +1,12 @@
+---
+fixes:
+  - |
+    Removed the hard coding of osd_pool_default_min_size. Setting this value
+    to 1 can result in data loss in operating production deployments. Not
+    setting this value (or setting it to 0) will allow ceph to calculate the
+    value based on the current setting of osd_pool_default_size. If the
+    replication count is 3, then the calculated min_size is 2.  If the
+    replication count is 1, then the calcualted min_size is 1. For a POC
+    deployments using a single OSD, set osd_pool_default_size = 1. See
+    description at http://docs.ceph.com/docs/master/rados/configuration/pool-pg-config-ref/
+    Added CephPoolDefaultSize to set default replication size. Default value is 3.
diff --git a/releasenotes/notes/update-metric-delay-default-963d073026e2cc15.yaml b/releasenotes/notes/update-metric-delay-default-963d073026e2cc15.yaml
new file mode 100644 (file)
index 0000000..d74e3a1
--- /dev/null
@@ -0,0 +1,4 @@
+---
+fixes:
+  - Update the default metric processing delay to 30. This will help reduce
+    the metric backlog and wont load up the storage backend.
diff --git a/releasenotes/notes/upgrade-stack-action-94598796a9d3511f.yaml b/releasenotes/notes/upgrade-stack-action-94598796a9d3511f.yaml
new file mode 100644 (file)
index 0000000..bdff0e6
--- /dev/null
@@ -0,0 +1,9 @@
+---
+upgrade:
+  - |
+    The new StackUpdateType parameter is now set to UPGRADE
+    when a major version upgrade is in progress.  This enables application
+    configuration via puppet to distinuish a major version upgrade from a
+    normal stack update (e.g for minor updates or reconfiguration) by
+    inspecting the stack_update_type hiera value.  In future other values may be added to
+    flag e.g minor updates vs reconfiguration, but for now only UPGRADE is considered.
diff --git a/releasenotes/notes/vhost_default_dir-cac327a0ac05df90.yaml b/releasenotes/notes/vhost_default_dir-cac327a0ac05df90.yaml
new file mode 100644 (file)
index 0000000..b9ddaec
--- /dev/null
@@ -0,0 +1,6 @@
+---
+issues:
+  - Modify ``NeutronVhostuserSocketDir`` to a seprate directory in the DPDK
+    environment file. A different set of permission is required for creating
+    vhost sockets when the vhost type is dpdkvhostuserclient (which is default
+    from ocata).
diff --git a/releasenotes/notes/vpp-ml2-8e115f7763510531.yaml b/releasenotes/notes/vpp-ml2-8e115f7763510531.yaml
new file mode 100644 (file)
index 0000000..2f8ae14
--- /dev/null
@@ -0,0 +1,3 @@
+---
+features:
+  - Adds support for networking-vpp ML2 mechanism driver and agent.
diff --git a/releasenotes/notes/zaqar-httpd-e7d91bf396da28d0.yaml b/releasenotes/notes/zaqar-httpd-e7d91bf396da28d0.yaml
new file mode 100644 (file)
index 0000000..a2172aa
--- /dev/null
@@ -0,0 +1,3 @@
+---
+features:
+  - Run the Zaqar WSGI service over httpd in Puppet.
index ec158ce..72b89b1 100644 (file)
@@ -52,7 +52,7 @@ copyright = u'2017, TripleO Developers'
 # built documents.
 #
 # The full version, including alpha/beta/rc tags.
-release = '7.0.0.0b1'
+release = '7.0.0.0b2'
 # The short X.Y version.
 version = '7.0.0'
 
index df8a71f..4a9b725 100644 (file)
@@ -1,6 +1,6 @@
 # The order of packages is significant, because pip processes them in the order
 # of appearance. Changing the order has an impact on the overall integration
 # process, which may cause wedges in the gate later.
-pbr>=2.0.0 # Apache-2.0
+pbr!=2.1.0,>=2.0.0 # Apache-2.0
 Jinja2!=2.9.0,!=2.9.1,!=2.9.2,!=2.9.3,!=2.9.4,>=2.8 # BSD License (3 clause)
 six>=1.9.0 # MIT
index 8d3b507..86cd3f0 100644 (file)
@@ -74,6 +74,8 @@
     - OS::TripleO::Services::NeutronApi
     - OS::TripleO::Services::NeutronCorePlugin
     - OS::TripleO::Services::NeutronOvsAgent
+    - OS::TripleO::Services::NeutronL2gwAgent
+    - OS::TripleO::Services::NeutronLinuxbridgeAgent
     - OS::TripleO::Services::RabbitMQ
     - OS::TripleO::Services::HAproxy
     - OS::TripleO::Services::Keepalived
     - OS::TripleO::Services::Sshd
     - OS::TripleO::Services::Securetty
     - OS::TripleO::Services::Timezone
-    - OS::TripleO::Services::CeilometerCollector
+    # FIXME: This service was disabled in Pike and this entry should be removed
+    # in Queens.
     - OS::TripleO::Services::CeilometerExpirer
     - OS::TripleO::Services::CeilometerAgentCentral
     - OS::TripleO::Services::CeilometerAgentNotification
     - OS::TripleO::Services::OctaviaHousekeeping
     - OS::TripleO::Services::OctaviaWorker
     - OS::TripleO::Services::Vpp
+    - OS::TripleO::Services::NeutronVppAgent
     - OS::TripleO::Services::Docker
 
 - name: Compute
     - OS::TripleO::Services::Kernel
     - OS::TripleO::Services::ComputeNeutronCorePlugin
     - OS::TripleO::Services::ComputeNeutronOvsAgent
+    - OS::TripleO::Services::NeutronLinuxbridgeAgent
     - OS::TripleO::Services::ComputeCeilometerAgent
     - OS::TripleO::Services::ComputeNeutronL3Agent
     - OS::TripleO::Services::ComputeNeutronMetadataAgent
     - OS::TripleO::Services::AuditD
     - OS::TripleO::Services::Collectd
     - OS::TripleO::Services::Vpp
+    - OS::TripleO::Services::NeutronVppAgent
     - OS::TripleO::Services::MySQLClient
     - OS::TripleO::Services::Docker
 
index df2e196..d57c8fc 100644 (file)
     - OS::TripleO::Services::NeutronCorePlugin
     - OS::TripleO::Services::NeutronOvsAgent
     - OS::TripleO::Services::NeutronDhcpAgent
-    - OS::TripleO::Services::AodhApi
-    - OS::TripleO::Services::AodhEvaluator
-    - OS::TripleO::Services::AodhNotifier
-    - OS::TripleO::Services::AodhListener
-    - OS::TripleO::Services::GnocchiApi
-    - OS::TripleO::Services::GnocchiMetricd
-    - OS::TripleO::Services::GnocchiStatsd
-    - OS::TripleO::Services::PankoApi
+    - OS::TripleO::Services::UndercloudAodhApi
+    - OS::TripleO::Services::UndercloudAodhEvaluator
+    - OS::TripleO::Services::UndercloudAodhNotifier
+    - OS::TripleO::Services::UndercloudAodhListener
+    - OS::TripleO::Services::UndercloudGnocchiApi
+    - OS::TripleO::Services::UndercloudGnocchiMetricd
+    - OS::TripleO::Services::UndercloudGnocchiStatsd
+    - OS::TripleO::Services::UndercloudPankoApi
+    - OS::TripleO::Services::UndercloudCeilometerAgentCentral
+    - OS::TripleO::Services::UndercloudCeilometerAgentNotification
index 1c9e3b4..c30101f 100644 (file)
@@ -4,6 +4,6 @@
 PyYAML>=3.10.0 # MIT
 Jinja2!=2.9.0,!=2.9.1,!=2.9.2,!=2.9.3,!=2.9.4,>=2.8 # BSD License (3 clause)
 six>=1.9.0 # MIT
-sphinx>=1.5.1 # BSD
+sphinx!=1.6.1,>=1.5.1 # BSD
 oslosphinx>=4.7.0 # Apache-2.0
 reno>=1.8.0 # Apache-2.0
index 1c8c4ba..69ed96a 100755 (executable)
@@ -32,6 +32,9 @@ def parse_opts(argv):
     parser.add_argument('-r', '--roles-data', metavar='ROLES_DATA',
                         help="""relative path to the roles_data.yaml file.""",
                         default='roles_data.yaml')
+    parser.add_argument('-n', '--network-data', metavar='NETWORK_DATA',
+                        help="""relative path to the network_data.yaml file.""",
+                        default='network_data.yaml')
     parser.add_argument('--safe',
                         action='store_true',
                         help="""Enable safe mode (do not overwrite files).""",
@@ -71,11 +74,15 @@ def _j2_render_to_file(j2_template, j2_data, outfile_name=None,
         out_f.write(r_template)
 
 
-def process_templates(template_path, role_data_path, output_dir, overwrite):
+def process_templates(template_path, role_data_path, output_dir,
+                      network_data_path, overwrite):
 
     with open(role_data_path) as role_data_file:
         role_data = yaml.safe_load(role_data_file)
 
+    with open(network_data_path) as network_data_file:
+        network_data = yaml.safe_load(network_data_file)
+
     j2_excludes_path = os.path.join(template_path, 'j2_excludes.yaml')
     with open(j2_excludes_path) as role_data_file:
         j2_excludes = yaml.safe_load(role_data_file)
@@ -150,7 +157,8 @@ def process_templates(template_path, role_data_path, output_dir, overwrite):
                     print("jinja2 rendering normal template %s" % f)
                     with open(file_path) as j2_template:
                         template_data = j2_template.read()
-                        j2_data = {'roles': role_data}
+                        j2_data = {'roles': role_data,
+                                   'networks': network_data}
                         out_f = os.path.basename(f).replace('.j2.yaml', '.yaml')
                         out_f_path = os.path.join(out_dir, out_f)
                         _j2_render_to_file(template_data, j2_data, out_f_path,
@@ -164,5 +172,7 @@ def process_templates(template_path, role_data_path, output_dir, overwrite):
 opts = parse_opts(sys.argv)
 
 role_data_path = os.path.join(opts.base_path, opts.roles_data)
+network_data_path = os.path.join(opts.base_path, opts.network_data)
 
-process_templates(opts.base_path, role_data_path, opts.output_dir, (not opts.safe))
+process_templates(opts.base_path, role_data_path, opts.output_dir,
+                  network_data_path, (not opts.safe))
index b8f07e4..cdda108 100755 (executable)
@@ -157,7 +157,7 @@ def convert(filename):
         print("Error couldn't find run-os-net-config.sh relative to filename")
         exit_usage()
 
-    for r in six.iteritems(tpl.get('resources', {})):
+    for r in (tpl.get('resources', {})).items():
         if (r[1].get('type') == 'OS::Heat::StructuredConfig' and
             r[1].get('properties', {}).get('group') == 'os-apply-config' and
             r[1].get('properties', {}).get('config', {}).get('os_net_config')):
index f9dffef..92d76d2 100755 (executable)
@@ -17,7 +17,8 @@ import traceback
 import yaml
 
 
-required_params = ['EndpointMap', 'ServiceNetMap', 'DefaultPasswords']
+required_params = ['EndpointMap', 'ServiceNetMap', 'DefaultPasswords',
+                   'RoleName', 'RoleParameters']
 
 envs_containing_endpoint_map = ['tls-endpoints-public-dns.yaml',
                                 'tls-endpoints-public-ip.yaml',
diff --git a/tox.ini b/tox.ini
index 3796a54..b92e545 100644 (file)
--- a/tox.ini
+++ b/tox.ini
@@ -4,6 +4,7 @@ skipsdist = True
 
 [testenv]
 usedevelop = True
+install_command = pip install -c{env:UPPER_CONSTRAINTS_FILE:https://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt} {opts} {packages}
 deps = -r{toxinidir}/requirements.txt
        -r{toxinidir}/test-requirements.txt
 
index f1f4cc1..ed7fefb 100644 (file)
@@ -82,8 +82,38 @@ function fqdn_check() {
   echo "SUCCESS"
 }
 
+# Verify at least one time source is available.
+function ntp_check() {
+  NTP_SERVERS=$(hiera ntp::servers nil |tr -d '[],"')
+  if [[ "$NTP_SERVERS" != "nil" ]];then
+    echo -n "Testing NTP..."
+    NTP_SUCCESS=0
+    for NTP_SERVER in $NTP_SERVERS; do
+      set +e
+      NTPDATE_OUT=$(ntpdate -qud $NTP_SERVER 2>&1)
+      NTPDATE_EXIT=$?
+      set -e
+      if [[ "$NTPDATE_EXIT" == "0" ]];then
+        NTP_SUCCESS=1
+        break
+      else
+        NTPDATE_OUT_FULL="$NTPDATE_OUT_FULL $NTPDATE_OUT"
+      fi
+    done
+    if  [[ "$NTP_SUCCESS" == "0" ]];then
+      echo "FAILURE"
+      echo "$NTPDATE_OUT_FULL"
+      exit 1
+    fi
+    echo "SUCCESS"
+  fi
+}
+
 ping_controller_ips "$ping_test_ips"
 ping_default_gateways
 if [[ $validate_fqdn == "True" ]];then
   fqdn_check
 fi
+if [[ $validate_ntp == "True" ]];then
+  ntp_check
+fi