# environment_groups: (required)
# environment_groups:
-# Identifies an environment choice. If group includes multiple environments it
-# indicates that environments in group are mutually exclusive.
+# Identifies a group of environments.
# Attributes:
# title: (optional)
# description: (optional)
# tags: a list of tags to provide additional information for e.g. filtering (optional)
# environments: (required)
+# mutually_exclusive: (optional) boolean to identify that environments in group are mutually exclusive
# environments:
# List of environments in environment group
# title: (required)
# description: (optional)
# requires: an array of environments which are required by this environment (optional)
-# resource_registry: [tbd] (optional)
-
-# resource_registry:
-# [tbd] Each environment can provide options on resource_registry level applicable
-# only when that given environment is used. (resource_type of that environment can
-# be implemented using multiple templates).
topics:
- - title: Base Resources Configuration
+ - title: General Deployment Options
description:
environment_groups:
- - title:
- description: Enable base configuration for all resources required for OpenStack Deployment
+ - name: general-deployment-options
+ title:
+ description: Enables base configuration for all resources required for OpenStack Deployment
environments:
- file: overcloud-resource-registry-puppet.yaml
title: Base resources configuration
description:
-
- - title: Deployment Options
- description:
- environment_groups:
- - title: High Availability
- description: Enables configuration of an Overcloud controller with Pacemaker
- environments:
- - file: environments/puppet-pacemaker.yaml
- title: Pacemaker
- description: Enable configuration of an Overcloud controller with Pacemaker
- requires:
- - overcloud-resource-registry-puppet.yaml
- - title: Pacemaker options
- description:
- environments:
- - file: environments/puppet-pacemaker-no-restart.yaml
- title: Pacemaker No Restart
- description:
- requires:
- - environments/puppet-pacemaker.yaml
- - overcloud-resource-registry-puppet.yaml
- - title: Docker RDO
+ - title: Containerized Deployment
description: >
- Docker container with heat agents for containerized compute node
+ Configures Deployment to use containerized services
environments:
- file: environments/docker.yaml
- title: Docker RDO
+ title: Containerized Deployment
description:
requires:
- overcloud-resource-registry-puppet.yaml
- - title: Enable TLS
- description: >
- environments:
- - file: environments/enable-tls.yaml
- title: TLS
- description: >
- Use this option to pass in certificates for SSL deployments.
- For these values to take effect, one of the TLS endpoints
- environments must also be used.
- requires:
- - overcloud-resource-registry-puppet.yaml
- - title: TLS Endpoints
- description: >
- environments:
- - file: environments/tls-endpoints-public-dns.yaml
- title: SSL-enabled deployment with DNS name as public endpoint
- description: >
- Use this environment when deploying an SSL-enabled overcloud where the public
- endpoint is a DNS name.
- requires:
- - environments/enable-tls.yaml
- - overcloud-resource-registry-puppet.yaml
- - file: environments/tls-endpoints-public-ip.yaml
- title: SSL-enabled deployment with IP address as public endpoint
- description: >
- Use this environment when deploying an SSL-enabled overcloud where the public
- endpoint is an IP address.
- requires:
- - environments/enable-tls.yaml
- - overcloud-resource-registry-puppet.yaml
- - title: External load balancer
- description: >
- Enable external load balancer
- environments:
- - file: environments/external-loadbalancer-vip-v6.yaml
- title: External load balancer IPv6
- description: >
- requires:
- - overcloud-resource-registry-puppet.yaml
- - file: environments/external-loadbalancer-vip.yaml
- title: External load balancer IPv4
- description: >
- requires:
- - overcloud-resource-registry-puppet.yaml
-
- - title: Additional Services
- description: Deploy additional Overcloud services
- environment_groups:
- - title: Manila
- description:
- environments:
- - file: environments/manila-generic-config.yaml
- title: Manila
- description: Enable Manila generic driver backend
- requires:
- - overcloud-resource-registry-puppet.yaml
- - title: Sahara
- description:
- environments:
- - file: environments/services/sahara.yaml
- title: Sahara
- description: Deploy Sahara service
- requires:
- - overcloud-resource-registry-puppet.yaml
- - title: Ironic
- description:
- environments:
- - file: environments/services/ironic.yaml
- title: Ironic
- description: Deploy Ironic service
- requires:
- - overcloud-resource-registry-puppet.yaml
- - title: Mistral
- description:
- environments:
- - file: environments/services/mistral.yaml
- title: Mistral
- description: Deploy Mistral service
- requires:
- - overcloud-resource-registry-puppet.yaml
- - title: Ceilometer Api
- description:
+ - title: High Availability
+ description: Enables configuration of an Overcloud Controller with Pacemaker
environments:
- - file: environments/services/disable-ceilometer-api.yaml
- title: Ceilometer Api
- description: Disable Ceilometer Api service. This service is
- deprecated and will be removed in future releases. Please move
- to using gnocchi/aodh/panko apis instead.
+ - file: environments/puppet-pacemaker.yaml
+ title: High Availability (Pacemaker)
+ description:
requires:
- overcloud-resource-registry-puppet.yaml
- # - title: Network Interface Configuration
- # description:
- # environment_groups:
-
- - title: Overlay Network Configuration
+ - title: Network Configuration
description:
environment_groups:
- title: Network Isolation
to that role) on these networks.
requires:
- overcloud-resource-registry-puppet.yaml
- - title: Single NIC or Bonding
+ mutually_exclusive: true
+ - title: NICs, Bonding, VLANs Configuration
description: >
- Configure roles to use pair of bonded nics or to use Vlans on a
- single nic. This option assumes use of Network Isolation.
+ Choose one of the pre-defined configurations or provide custom
+ network-environment.yaml instead. Note that pre-defined configuration work
+ only with standard Roles and Networks. These options assume use of Network Isolation.
environments:
- file: environments/net-bond-with-vlans.yaml
title: Bond with Vlans
for each role. This option assumes use of Network Isolation.
requires:
- environments/network-isolation.yaml
- - overcloud-resource-registry-puppet.yaml
- file: environments/net-bond-with-vlans-no-external.yaml
title: Bond with Vlans No External Ports
description: >
Sets external ports to noop.
requires:
- environments/network-isolation.yaml
- - overcloud-resource-registry-puppet.yaml
- file: environments/net-bond-with-vlans-v6.yaml
title: Bond with Vlans IPv6
description: >
This option assumes use of Network Isolation IPv6.
requires:
- environments/network-isolation-v6.yaml
- - overcloud-resource-registry-puppet.yaml
- file: environments/net-multiple-nics.yaml
title: Multiple NICs
description: >
This option assumes use of Network Isolation.
requires:
- environments/network-isolation.yaml
- - overcloud-resource-registry-puppet.yaml
- file: environments/net-multiple-nics-v6.yaml
title: Multiple NICs IPv6
description: >
This option assumes use of Network Isolation IPv6.
requires:
- environments/network-isolation-v6.yaml
- - overcloud-resource-registry-puppet.yaml
- file: environments/net-single-nic-with-vlans.yaml
title: Single NIC with Vlans
description: >
each isolated network. This option assumes use of Network Isolation.
requires:
- environments/network-isolation.yaml
- - overcloud-resource-registry-puppet.yaml
- file: environments/net-single-nic-with-vlans-no-external.yaml
title: Single NIC with Vlans No External Ports
description: >
Sets external ports to noop.
requires:
- environments/network-isolation.yaml
- - overcloud-resource-registry-puppet.yaml
- file: environments/net-single-nic-linux-bridge-with-vlans.yaml
title: Single NIC with Linux Bridge Vlans
description: >
each isolated network. This option assumes use of Network Isolation.
requires:
- environments/network-isolation.yaml
- - overcloud-resource-registry-puppet.yaml
- file: environments/net-single-nic-with-vlans-v6.yaml
title: Single NIC with Vlans IPv6
description: >
This option assumes use of Network Isolation IPv6
requires:
- environments/network-isolation-v6.yaml
- - overcloud-resource-registry-puppet.yaml
+ mutually_exclusive: true
- title: Management Network
description: >
Enable the creation of a system management network. This
description:
requires:
- overcloud-resource-registry-puppet.yaml
+ mutually_exclusive: true
+
+ - title: Docker Network
+ description: >
+ [Temporary] Use this option when deploying containerized deployment
+ without network isolation
+ environments:
+ - file: environments/docker-network.yaml
+ title: Docker network
+ description:
+ requires:
+ - environments/docker.yaml
+
+ - title: External load balancer
+ description: >
+ Enable external load balancer, requires network Isolation to be enabled.
+ Note that this option assumes standard isolated networks set.
+ environments:
+ - file: environments/external-loadbalancer-vip.yaml
+ title: External load balancer IPv4
+ description: >
+ requires:
+ - environments/network-isolation.yaml
+ - file: environments/external-loadbalancer-vip-v6.yaml
+ title: External load balancer IPv6
+ description: >
+ requires:
+ - environments/network-isolation-v6.yaml
+ mutually_exclusive: true
- title: Neutron Plugin Configuration
description:
description:
requires:
- overcloud-resource-registry-puppet.yaml
- - file: environments/neutron-midonet.yaml
- title: Deploy MidoNet Services
+ - file: environments/networking/neutron-midonet.yaml
+ title: Neutron MidoNet Services
description:
requires:
- overcloud-resource-registry-puppet.yaml
requires:
- overcloud-resource-registry-puppet.yaml
- - title: Nova Extensions
- description:
- environment_groups:
- - title: Nova Extensions
- description:
- environments:
- - file: environments/nova-nuage-config.yaml
- title: Nuage backend
- description: >
- Enables Nuage backend on the Compute
- requires:
- - overcloud-resource-registry-puppet.yaml
-
- title: Storage
description:
environment_groups:
- - title: Cinder backup service
- description:
- environments:
- - file: environments/cinder-backup.yaml
- title: Cinder backup service
- description: >
- OpenStack Cinder Backup service with Pacemaker configured
- with Puppet
- requires:
- - environments/puppet-pacemaker.yaml
- - overcloud-resource-registry-puppet.yaml
- - title: Cinder backend
+ - title: Cinder backends
description: >
Enable various Cinder backends
environments:
description:
requires:
- overcloud-resource-registry-puppet.yaml
- - file: environments/cinder-netapp-config.yaml
+ - file: environments/storage/cinder-netapp-config.yaml
title: Cinder NetApp backend
description:
requires:
- file: environments/cinder-dellsc-config.yaml
title: Cinder Dell EMC Storage Center ISCSI backend
description: >
- Enables a Cinder Dell EMC Storage Center ISCSI backend,
- configured via puppet
+ Enables a Cinder Dell EMC Storage Center ISCSI backend
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/cinder-hpelefthand-config.yaml
title: Cinder HPELeftHandISCSI backend
description: >
- Enables a Cinder HPELeftHandISCSI backend, configured
- via puppet
+ Enables a Cinder HPELeftHandISCSI backend
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/cinder-dellps-config.yaml
title: Cinder Dell EMC PS Series backend
description: >
- Enables a Cinder Dell EMC PS Series backend,
- configured via puppet
+ Enables a Cinder Dell EMC PS Series backend
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/cinder-iser.yaml
- file: environments/cinder-scaleio-config.yaml
title: Cinder Dell EMC ScaleIO backend
description: >
- Enables a Cinder Dell EMC ScaleIO backend,
- configured via puppet
+ Enables a Cinder Dell EMC ScaleIO backend
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/cinder-veritas-hyperscale-config.yaml
configured via puppet
requires:
- overcloud-resource-registry-puppet.yaml
- - title: Ceph
- description: >
- Enable the use of Ceph in the overcloud
+ - title: Cinder backup service
+ description:
environments:
- - file: environments/puppet-ceph-external.yaml
- title: Externally managed Ceph
+ - file: environments/cinder-backup.yaml
+ title: Cinder backup service
description: >
- Configures the overcloud to use an externally managed Ceph cluster, via RBD driver.
+ OpenStack Cinder Backup service with Pacemaker
requires:
+ - environments/puppet-pacemaker.yaml
- overcloud-resource-registry-puppet.yaml
+ - title: Ceph
+ description: >
+ Enable the use of Ceph in the overcloud
+ environments:
- file: environments/puppet-ceph.yaml
- title: TripleO managed Ceph
+ title: Ceph Storage Backend
description: >
Deploys a Ceph cluster via TripleO, requires at lease one CephStorage node or
use of hyperconverged-ceph.yaml environment for the HCI scenario, where CephOSD is
colocated with NovaCompute and configures the overcloud to use it, via RBD driver.
requires:
- overcloud-resource-registry-puppet.yaml
- - title: CephMDS
- description: >
- Deploys CephMDS via TripleO, an additional Ceph service needed to create shared
- filesystems hosted in Ceph.
+ - file: environments/storage/external-ceph.yaml
+ title: Externally managed Ceph
+ description: >
+ Configures the overcloud to use an externally managed Ceph cluster, via RBD driver.
+ requires:
+ - overcloud-resource-registry-puppet.yaml
+ mutually_exclusive: true
+ - title: Additional Ceph Options
+ description:
environments:
- file: environments/services/ceph-mds.yaml
title: Deploys CephMDS
- description:
+ description: >
+ Deploys CephMDS via TripleO, an additional Ceph service needed to create shared
+ filesystems hosted in Ceph.
requires:
- environments/puppet-ceph.yaml
- - title: Ceph Rados Gateway
- description: >
- Deploys CephRGW via TripleO, transparently replaces Swift providing a compatible API
- which stores data in the Ceph cluster.
- environments:
- file: environments/ceph-radosgw.yaml
- title: Deploys CephRGW
- description:
+ title: Ceph Rados Gateway
+ description: >
+ Deploys CephRGW via TripleO, transparently replaces Swift providing a compatible API
+ which stores data in the Ceph cluster.
requires:
- environments/puppet-ceph.yaml
- - title: Manila with CephFS
- description: >
- Deploys Manila and configures it with the CephFS driver. This requires the deployment of
- Ceph and CephMDS from TripleO or the use of an external Ceph cluster for the overcloud.
- environments:
- file: environments/manila-cephfsnative-config.yaml
- title: Deploys Manila with CephFS driver
- description: Deploys Manila and configures CephFS as its default backend.
+ title: Manila with CephFS
+ description: >
+ Deploys Manila and configures it with the CephFS driver. This requires the deployment of
+ Ceph and CephMDS from TripleO or the use of an external Ceph cluster for the overcloud.
requires:
- overcloud-resource-registry-puppet.yaml
- - title: Storage Environment
- description: >
- Can be used to set up storage backends. Defaults to Ceph used as a
- backend for Cinder, Glance, Nova ephemeral storage and Gnocchi. It
- configures which services will use Ceph, or if any of the services
- will use NFS. And more. Usually requires to be edited by user first.
- tags:
- - no-gui
+ - title: Glance backends
+ description:
environments:
- - file: environments/storage-environment.yaml
- title: Storage Environment
- description:
+ - file: environments/storage/glance-nfs.yaml
+ title: Glance NFS Backend
+ description: |
+ Configure and enable this option to enable the use of an NFS
+ share as the backend for Glance.
requires:
- overcloud-resource-registry-puppet.yaml
- - title: Utilities
- description:
+
+ - title: Security
+ description: Security Hardening Options
environment_groups:
- - title: Config Debug
- description: Enable config management (e.g. Puppet) debugging
+ - title: TLS
+ description:
environments:
- - file: environments/config-debug.yaml
- title: Config Debug
+ - file: environments/ssl/enable-tls.yaml
+ title: SSL on OpenStack Public Endpoints
+ description: >
+ Use this option to pass in certificates for SSL deployments.
+ For these values to take effect, one of the TLS endpoints
+ options must also be used.
+ requires:
+ - overcloud-resource-registry-puppet.yaml
+ - title: TLS Endpoints
+ description:
+ environments:
+ - file: environments/ssl/tls-endpoints-public-dns.yaml
+ title: SSL-enabled deployment with DNS name as public endpoint
+ description: >
+ Use this option when deploying an SSL-enabled overcloud where the public
+ endpoint is a DNS name.
+ requires:
+ - environments/ssl/enable-tls.yaml
+ - file: environments/ssl/tls-everywhere-endpoints-dns.yaml
+ title: Deploy All SSL Endpoints as DNS names
+ description: >
+ Use this option when deploying an overcloud where all the endpoints are
+ DNS names and there's TLS in all endpoint types.
+ requires:
+ - environments/ssl/enable-tls.yaml
+ - file: environments/ssl/tls-endpoints-public-ip.yaml
+ title: SSL-enabled deployment with IP address as public endpoint
+ description: >
+ Use this option when deploying an SSL-enabled overcloud where the public
+ endpoint is an IP address.
+ requires:
+ - environments/ssl/enable-tls.yaml
+ mutually_exclusive: true
+ - title: SSH Banner Text
+ description: Enables population of SSH Banner Text
+ environments:
+ - file: environments/sshd-banner.yaml
+ title: SSH Banner Text
description:
requires:
- overcloud-resource-registry-puppet.yaml
- - title: Disable journal in MongoDb
- description: >
- Since, when journaling is enabled, MongoDb will create big journal
- file it can take time. In a CI environment for example journaling is
- not necessary.
+ - title: Horizon Password Validation
+ description: Enable Horizon Password validation
environments:
- - file: environments/mongodb-nojournal.yaml
- title: Disable journal in MongoDb
+ - file: environments/horizon_password_validation.yaml
+ title: Horizon Password Validation
description:
requires:
- overcloud-resource-registry-puppet.yaml
- - title: Overcloud Steps
- description: >
- Specifies hooks/breakpoints where overcloud deployment should stop
- Allows operator validation between steps, and/or more granular control.
- Note: the wildcards relate to naming convention for some resource suffixes,
- e.g see puppet/*-post.yaml, enabling this will mean we wait for
- a user signal on every *Deployment_StepN resource defined in those files.
- tags:
- - no-gui
+ - title: AuditD Rules
+ description: Management of AuditD rules
environments:
- - file: environments/overcloud-steps.yaml
- title: Overcloud Steps
+ - file: environments/auditd.yaml
+ title: AuditD Rule Management
description:
requires:
- overcloud-resource-registry-puppet.yaml
+ - title: Keystone CADF auditing
+ description: Enable CADF notifications in Keystone for auditing
+ environments:
+ - file: environments/cadf.yaml
+ title: Keystone CADF auditing
+ - title: SecureTTY Values
+ description: Set values within /etc/securetty
+ environments:
+ - file: environments/securetty.yaml
+ title: SecureTTY Values
+
+ - title: Additional Services
+ description:
+ environment_groups:
+ - title:
+ description: Deploy additional services
+ environments:
+ - file: environments/services/manila-generic-config.yaml
+ title: Barbican
+ description: Enable Barbican with the default secret store backend
+ requires:
+ - overcloud-resource-registry-puppet.yaml
+ - file: environments/manila-generic-config.yaml
+ title: Manila
+ description: Enable Manila with generic driver backend
+ requires:
+ - overcloud-resource-registry-puppet.yaml
+ - file: environments/services/sahara.yaml
+ title: Sahara
+ description: Deploy Sahara service
+ requires:
+ - overcloud-resource-registry-puppet.yaml
+ - file: environments/services/ironic.yaml
+ title: Ironic
+ description: Deploy Ironic service
+ requires:
+ - overcloud-resource-registry-puppet.yaml
+ - file: environments/services/mistral.yaml
+ title: Mistral
+ description: Deploy Mistral service
+ requires:
+ - overcloud-resource-registry-puppet.yaml
+ - file: environments/services/ec2-api.yaml
+ title: EC2 API
+ description: Enable EC2-API service
+ requires:
+ - overcloud-resource-registry-puppet.yaml
+ - file: environments/services/zaqar.yaml
+ title: Zaqar
+ description: Deploy Zaqar service
+ requires:
+ - overcloud-resource-registry-puppet.yaml
+
+ - title: Nova Extensions
+ description:
+ environment_groups:
+ - title: Nova Extensions
+ description:
+ environments:
+ - file: environments/nova-nuage-config.yaml
+ title: Nuage backend
+ description: >
+ Enables Nuage backend on the Compute
+ requires:
+ - overcloud-resource-registry-puppet.yaml
- title: Operational Tools
description:
description: Enable monitoring agents
environments:
- file: environments/monitoring-environment.yaml
- title: Enable monitoring agents
+ title: Monitoring agents
description:
requires:
- overcloud-resource-registry-puppet.yaml
description: Enable centralized logging clients (fluentd)
environments:
- file: environments/logging-environment.yaml
- title: Enable fluentd client
+ title: fluentd client
description:
requires:
- overcloud-resource-registry-puppet.yaml
description: Enable performance monitoring agents
environments:
- file: environments/collectd-environment.yaml
- title: Enable performance monitoring agents
+ title: Performance monitoring agents
description:
requires:
- overcloud-resource-registry-puppet.yaml
- - title: Security Options
- description: Security Hardening Options
+ - title: Utilities
+ description:
environment_groups:
- - title: SSH Banner Text
- description: Enables population of SSH Banner Text
+ - title: Config Debug
+ description: Enable config management (e.g. Puppet) debugging
environments:
- - file: environments/sshd-banner.yaml
- title: SSH Banner Text
+ - file: environments/config-debug.yaml
+ title: Config Debug
description:
requires:
- overcloud-resource-registry-puppet.yaml
- - title: Horizon Password Validation
- description: Enable Horizon Password validation
+ - title: Disable journal in MongoDb
+ description: >
+ Since, when journaling is enabled, MongoDb will create big journal
+ file it can take time. In a CI environment for example journaling is
+ not necessary.
environments:
- - file: environments/horizon_password_validation.yaml
- title: Horizon Password Validation
+ - file: environments/mongodb-nojournal.yaml
+ title: Disable journal in MongoDb
description:
requires:
- overcloud-resource-registry-puppet.yaml
- - title: AuditD Rules
- description: Management of AuditD rules
+ - title: Overcloud Steps
+ description: >
+ Specifies hooks/breakpoints where overcloud deployment should stop
+ Allows operator validation between steps, and/or more granular control.
+ Note: the wildcards relate to naming convention for some resource suffixes,
+ e.g see puppet/*-post.yaml, enabling this will mean we wait for
+ a user signal on every *Deployment_StepN resource defined in those files.
+ tags:
+ - no-gui
environments:
- - file: environments/auditd.yaml
- title: AuditD Rule Management
+ - file: environments/overcloud-steps.yaml
+ title: Overcloud Steps
description:
requires:
- overcloud-resource-registry-puppet.yaml
- - title: Keystone CADF auditing
- description: Enable CADF notifications in Keystone for auditing
- environments:
- - file: environments/cadf.yaml
- title: Keystone CADF auditing
- - title: SecureTTY Values
- description: Set values within /etc/securetty
- environments:
- - file: environments/securetty.yaml
- title: SecureTTY Values
OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None
OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginML2OVN
- OS::TripleO::Services::ComputeNeutronCorePlugin: ../../puppet/services/neutron-compute-plugin-ovn.yaml
+ OS::TripleO::Services::ComputeNeutronCorePlugin: OS::Heat::None
+ OS::TripleO::Services::OVNController: ../../puppet/services/ovn-controller.yaml
OS::TripleO::Services::OVNDBs: ../../puppet/services/ovn-dbs.yaml
parameter_defaults:
- OS::TripleO::Services::NeutronServer
- OS::TripleO::Services::NeutronCorePlugin
- OS::TripleO::Services::OVNDBs
- - OS::TripleO::Services::ComputeNeutronCorePlugin
+ - OS::TripleO::Services::OVNController
- OS::TripleO::Services::RabbitMQ
- OS::TripleO::Services::HAproxy
- OS::TripleO::Services::Keepalived
description: Role name on which the service is applied
type: string
RoleParameters:
- description: Role Specific parameters to be provided to service
+ description: Parameters specific to the role
default: {}
type: json
key_name:
type: string
default: unused
+ description: Name of keypair to assign to servers
security_groups:
type: json
default: []
ContainersCommon:
type: ./containers-common.yaml
+ MySQLClient:
+ type: ../../puppet/services/database/mysql-client.yaml
+
AodhApiPuppetBase:
type: ../../puppet/services/aodh-api.yaml
properties:
- get_attr: [AodhApiPuppetBase, role_data, config_settings]
- apache::default_vhost: false
step_config: &step_config
- get_attr: [AodhApiPuppetBase, role_data, step_config]
+ list_join:
+ - "\n"
+ - - {get_attr: [AodhApiPuppetBase, role_data, step_config]}
+ - {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [AodhApiPuppetBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
ContainersCommon:
type: ./containers-common.yaml
+ MySQLClient:
+ type: ../../puppet/services/database/mysql-client.yaml
+
AodhEvaluatorBase:
type: ../../puppet/services/aodh-evaluator.yaml
properties:
map_merge:
- get_attr: [AodhEvaluatorBase, role_data, config_settings]
step_config: &step_config
- get_attr: [AodhEvaluatorBase, role_data, step_config]
+ list_join:
+ - "\n"
+ - - {get_attr: [AodhEvaluatorBase, role_data, step_config]}
+ - {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [AodhEvaluatorBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
ContainersCommon:
type: ./containers-common.yaml
+ MySQLClient:
+ type: ../../puppet/services/database/mysql-client.yaml
+
AodhListenerBase:
type: ../../puppet/services/aodh-listener.yaml
properties:
map_merge:
- get_attr: [AodhListenerBase, role_data, config_settings]
step_config: &step_config
- get_attr: [AodhListenerBase, role_data, step_config]
+ list_join:
+ - "\n"
+ - - {get_attr: [AodhListenerBase, role_data, step_config]}
+ - {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [AodhListenerBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
ContainersCommon:
type: ./containers-common.yaml
+ MySQLClient:
+ type: ../../puppet/services/database/mysql-client.yaml
+
AodhNotifierBase:
type: ../../puppet/services/aodh-notifier.yaml
properties:
map_merge:
- get_attr: [AodhNotifierBase, role_data, config_settings]
step_config: &step_config
- get_attr: [AodhNotifierBase, role_data, step_config]
+ list_join:
+ - "\n"
+ - - {get_attr: [AodhNotifierBase, role_data, step_config]}
+ - {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [AodhNotifierBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
ContainersCommon:
type: ./containers-common.yaml
+ MySQLClient:
+ type: ../../puppet/services/database/mysql-client.yaml
+
CinderBase:
type: ../../puppet/services/cinder-api.yaml
properties:
service_name: {get_attr: [CinderBase, role_data, service_name]}
config_settings: {get_attr: [CinderBase, role_data, config_settings]}
step_config: &step_config
- get_attr: [CinderBase, role_data, step_config]
+ list_join:
+ - "\n"
+ - - {get_attr: [CinderBase, role_data, step_config]}
+ - {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
cinder_api_cron:
image: *cinder_api_image
net: host
+ user: root
privileged: false
restart: always
volumes:
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ metadata_settings:
+ get_attr: [CinderBase, role_data, metadata_settings]
host_prep_tasks:
- name: create persistent logs directory
file:
ContainersCommon:
type: ./containers-common.yaml
+ MySQLClient:
+ type: ../../puppet/services/database/mysql-client.yaml
+
CinderBase:
type: ../../puppet/services/cinder-backup.yaml
properties:
service_name: {get_attr: [CinderBase, role_data, service_name]}
config_settings: {get_attr: [CinderBase, role_data, config_settings]}
step_config: &step_config
- get_attr: [CinderBase, role_data, step_config]
+ list_join:
+ - "\n"
+ - - {get_attr: [CinderBase, role_data, step_config]}
+ - {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
- /var/lib/kolla/config_files/cinder_backup.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro
- /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro
- - /var/lib/config-data/puppet-generated/ceph/:/var/lib/kolla/config_files/src-ceph:ro
- /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
- /dev/:/dev/
- /run/:/run/
ContainersCommon:
type: ./containers-common.yaml
+ MySQLClient:
+ type: ../../puppet/services/database/mysql-client.yaml
+
CinderBase:
type: ../../puppet/services/cinder-scheduler.yaml
properties:
service_name: {get_attr: [CinderBase, role_data, service_name]}
config_settings: {get_attr: [CinderBase, role_data, config_settings]}
step_config: &step_config
- get_attr: [CinderBase, role_data, step_config]
+ list_join:
+ - "\n"
+ - - {get_attr: [CinderBase, role_data, step_config]}
+ - {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
ContainersCommon:
type: ./containers-common.yaml
+ MySQLClient:
+ type: ../../puppet/services/database/mysql-client.yaml
+
CinderBase:
type: ../../puppet/services/cinder-volume.yaml
properties:
- "\n"
- - "include ::tripleo::profile::base::lvm"
- get_attr: [CinderBase, role_data, step_config]
+ - get_attr: [MySQLClient, role_data, step_config]
service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
- /var/lib/kolla/config_files/cinder_volume.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro
- /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro
- - /var/lib/config-data/puppet-generated/ceph/:/var/lib/kolla/config_files/src-ceph:ro
- /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
- /lib/modules:/lib/modules:ro
- /dev/:/dev/
ContainersCommon:
type: ./containers-common.yaml
+ MySQLClient:
+ type: ../../puppet/services/database/mysql-client.yaml
+
CongressBase:
type: ../../puppet/services/congress.yaml
properties:
map_merge:
- get_attr: [CongressBase, role_data, config_settings]
step_config: &step_config
- get_attr: [CongressBase, role_data, step_config]
+ list_join:
+ - "\n"
+ - - {get_attr: [CongressBase, role_data, step_config]}
+ - {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [CongressBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
- /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro
- if:
- internal_tls_enabled
- - - {get_param: InternalTLSCAFile}
+ - - list_join:
+ - ':'
+ - - {get_param: InternalTLSCAFile}
+ - {get_param: InternalTLSCAFile}
+ - 'ro'
- null
+++ /dev/null
-heat_template_version: pike
-
-description: >
- Configuration for containerized MySQL clients
-
-parameters:
- DockerMysqlClientConfigImage:
- description: The container image to use for the mysql_client config_volume
- type: string
- ServiceData:
- default: {}
- description: Dictionary packing service data
- type: json
- ServiceNetMap:
- default: {}
- description: Mapping of service_name -> network name. Typically set
- via parameter_defaults in the resource registry. This
- mapping overrides those in ServiceNetMapDefaults.
- type: json
- DefaultPasswords:
- default: {}
- type: json
- RoleName:
- default: ''
- description: Role name on which the service is applied
- type: string
- RoleParameters:
- default: {}
- description: Parameters specific to the role
- type: json
- EndpointMap:
- default: {}
- description: Mapping of service endpoint -> protocol. Typically set
- via parameter_defaults in the resource registry.
- type: json
- EnableInternalTLS:
- type: boolean
- default: false
- InternalTLSCAFile:
- default: '/etc/ipa/ca.crt'
- type: string
- description: Specifies the default CA cert to use if TLS is used for
- services in the internal network.
-
-outputs:
- role_data:
- description: Role for setting mysql client parameters
- value:
- service_name: mysql_client
- config_settings:
- tripleo::profile::base::database::mysql::client::mysql_client_bind_address: {get_param: [ServiceNetMap, MysqlNetwork]}
- tripleo::profile::base::database::mysql::client::enable_ssl: {get_param: EnableInternalTLS}
- tripleo::profile::base::database::mysql::client::ssl_ca: {get_param: InternalTLSCAFile}
- # BEGIN DOCKER SETTINGS #
- step_config: ""
- puppet_config:
- config_volume: mysql_client
- puppet_tags: file # set this even though file is the default
- step_config: "include ::tripleo::profile::base::database::mysql::client"
- config_image: {get_param: DockerMysqlClientConfigImage}
- # no need for a docker config, this service only generates configuration files
- docker_config: {}
ContainersCommon:
type: ./containers-common.yaml
+ MySQLClient:
+ type: ../../puppet/services/database/mysql-client.yaml
+
Ec2ApiPuppetBase:
type: ../../puppet/services/ec2-api.yaml
properties:
service_name: {get_attr: [Ec2ApiPuppetBase, role_data, service_name]}
config_settings: {get_attr: [Ec2ApiPuppetBase, role_data, config_settings]}
step_config: &step_config
- get_attr: [Ec2ApiPuppetBase, role_data, step_config]
+ list_join:
+ - "\n"
+ - - {get_attr: [Ec2ApiPuppetBase, role_data, step_config]}
+ - {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [Ec2ApiPuppetBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
ContainersCommon:
type: ./containers-common.yaml
+ MySQLClient:
+ type: ../../puppet/services/database/mysql-client.yaml
+
GlanceApiPuppetBase:
type: ../../puppet/services/glance-api.yaml
properties:
- get_attr: [GlanceApiPuppetBase, role_data, config_settings]
- glance::api::sync_db: false
step_config: &step_config
- get_attr: [GlanceApiPuppetBase, role_data, step_config]
+ list_join:
+ - "\n"
+ - - {get_attr: [GlanceApiPuppetBase, role_data, step_config]}
+ - {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [GlanceApiPuppetBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS #
puppet_config:
ContainersCommon:
type: ./containers-common.yaml
+ MySQLClient:
+ type: ../../puppet/services/database/mysql-client.yaml
+
GnocchiMetricdBase:
type: ../../puppet/services/gnocchi-metricd.yaml
properties:
service_name: {get_attr: [GnocchiMetricdBase, role_data, service_name]}
config_settings: {get_attr: [GnocchiMetricdBase, role_data, config_settings]}
step_config: &step_config
- get_attr: [GnocchiMetricdBase, role_data, step_config]
+ list_join:
+ - "\n"
+ - - {get_attr: [GnocchiMetricdBase, role_data, step_config]}
+ - {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [GnocchiMetricdBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
ContainersCommon:
type: ./containers-common.yaml
+ MySQLClient:
+ type: ../../puppet/services/database/mysql-client.yaml
+
GnocchiStatsdBase:
type: ../../puppet/services/gnocchi-statsd.yaml
properties:
service_name: {get_attr: [GnocchiStatsdBase, role_data, service_name]}
config_settings: {get_attr: [GnocchiStatsdBase, role_data, config_settings]}
step_config: &step_config
- get_attr: [GnocchiStatsdBase, role_data, step_config]
+ list_join:
+ - "\n"
+ - - {get_attr: [GnocchiStatsdBase, role_data, step_config]}
+ - {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [GnocchiStatsdBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
map_merge:
- get_attr: [HAProxyBase, role_data, config_settings]
- tripleo::haproxy::haproxy_daemon: false
+ tripleo::haproxy::haproxy_service_manage: false
step_config: &step_config
get_attr: [HAProxyBase, role_data, step_config]
service_config_settings: {get_attr: [HAProxyBase, role_data, service_config_settings]}
puppet_config:
config_volume: haproxy
puppet_tags: haproxy_config
- step_config: *step_config
+ step_config:
+ "class {'::tripleo::profile::base::haproxy': manage_firewall => false}"
config_image: {get_param: DockerHAProxyConfigImage}
volumes: &deployed_cert_mount
- list_join:
preserve_properties: true
docker_config:
step_1:
+ haproxy_firewall:
+ detach: false
+ image: {get_param: DockerHAProxyImage}
+ net: host
+ user: root
+ privileged: true
+ command:
+ - '/bin/bash'
+ - '-c'
+ - str_replace:
+ template:
+ list_join:
+ - '; '
+ - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 1}' > /etc/puppet/hieradata/docker.json"
+ - "FACTER_uuid=docker puppet apply --tags TAGS -v -e 'CONFIG'"
+ params:
+ TAGS: 'tripleo::firewall::rule'
+ CONFIG: *step_config
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ - *deployed_cert_mount
+ -
+ - /var/lib/kolla/config_files/haproxy.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/puppet-generated/haproxy/:/var/lib/kolla/config_files/src:ro
+ # puppet saves iptables rules in /etc/sysconfig
+ - /etc/sysconfig:/etc/sysconfig:rw
+ # saving rules require accessing /usr/libexec/iptables/iptables.init, just bind-mount
+ # the necessary bit and prevent systemd to try to reload the service in the container
+ - /usr/libexec/iptables:/usr/libexec/iptables:ro
+ - /usr/libexec/initscripts/legacy-actions:/usr/libexec/initscripts/legacy-actions:ro
+ - /etc/puppet:/tmp/puppet-etc:ro
+ - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
haproxy:
image: {get_param: DockerHAProxyImage}
net: host
- privileged: false
restart: always
volumes:
list_concat:
heat_api_cron:
image: {get_param: DockerHeatApiImage}
net: host
+ user: root
privileged: false
restart: always
volumes:
ContainersCommon:
type: ./containers-common.yaml
+ MySQLClient:
+ type: ../../puppet/services/database/mysql-client.yaml
+
HeatBase:
type: ../../puppet/services/heat-engine.yaml
properties:
- get_attr: [HeatBase, role_data, config_settings]
- apache::default_vhost: false
step_config: &step_config
- get_attr: [HeatBase, role_data, step_config]
+ list_join:
+ - "\n"
+ - - {get_attr: [HeatBase, role_data, step_config]}
+ - {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [HeatBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
ContainersCommon:
type: ./containers-common.yaml
+ MySQLClient:
+ type: ../../puppet/services/database/mysql-client.yaml
+
IronicApiBase:
type: ../../puppet/services/ironic-api.yaml
properties:
- get_attr: [IronicApiBase, role_data, config_settings]
- apache::default_vhost: false
step_config: &step_config
- get_attr: [IronicApiBase, role_data, step_config]
+ list_join:
+ - "\n"
+ - - {get_attr: [IronicApiBase, role_data, step_config]}
+ - {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [IronicApiBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
ContainersCommon:
type: ./containers-common.yaml
+ MySQLClient:
+ type: ../../puppet/services/database/mysql-client.yaml
+
IronicConductorBase:
type: ../../puppet/services/ironic-conductor.yaml
properties:
- ironic::pxe::http_root: /var/lib/ironic/httpboot
- ironic::conductor::http_root: /var/lib/ironic/httpboot
step_config: &step_config
- get_attr: [IronicConductorBase, role_data, step_config]
+ list_join:
+ - "\n"
+ - - {get_attr: [IronicConductorBase, role_data, step_config]}
+ - {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [IronicConductorBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
tags: step2
service: name=iscsid.socket state=stopped enabled=no
when: stat_iscsid_socket.stat.exists
- metadata_settings: {}
ContainersCommon:
type: ./containers-common.yaml
+ MySQLClient:
+ type: ../../puppet/services/database/mysql-client.yaml
+
KeystoneBase:
type: ../../puppet/services/keystone.yaml
properties:
- "\n"
- - "['Keystone_user', 'Keystone_endpoint', 'Keystone_domain', 'Keystone_tenant', 'Keystone_user_role', 'Keystone_role', 'Keystone_service'].each |String $val| { noop_resource($val) }"
- {get_attr: [KeystoneBase, role_data, step_config]}
+ - {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [KeystoneBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
merge: true
preserve_properties: true
/var/lib/kolla/config_files/keystone_cron.json:
- command: /usr/sbin/cron -n
+ # FIXME(dprince): this is unused ATM because Kolla hardcodes the
+ # args for the keystone container to -DFOREGROUND
+ command: /usr/sbin/crond -n
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
keystone_cron:
start_order: 4
image: *keystone_image
+ user: root
net: host
privileged: false
restart: always
+ command: ['/bin/bash', '-c', '/usr/local/bin/kolla_set_configs && /usr/sbin/crond -n']
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
ContainersCommon:
type: ./containers-common.yaml
+ MySQLClient:
+ type: ../../puppet/services/database/mysql-client.yaml
+
ManilaApiPuppetBase:
type: ../../puppet/services/manila-api.yaml
properties:
service_name: {get_attr: [ManilaApiPuppetBase, role_data, service_name]}
config_settings: {get_attr: [ManilaApiPuppetBase, role_data, config_settings]}
step_config: &step_config
- {get_attr: [ManilaApiPuppetBase, role_data, step_config]}
+ list_join:
+ - "\n"
+ - - {get_attr: [ManilaApiPuppetBase, role_data, step_config]}
+ - {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [ManilaApiPuppetBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS #
puppet_config:
ContainersCommon:
type: ./containers-common.yaml
+ MySQLClient:
+ type: ../../puppet/services/database/mysql-client.yaml
+
ManilaSchedulerPuppetBase:
type: ../../puppet/services/manila-scheduler.yaml
properties:
service_name: {get_attr: [ManilaSchedulerPuppetBase, role_data, service_name]}
config_settings: {get_attr: [ManilaSchedulerPuppetBase, role_data, config_settings]}
step_config: &step_config
- {get_attr: [ManilaSchedulerPuppetBase, role_data, step_config]}
+ list_join:
+ - "\n"
+ - - {get_attr: [ManilaSchedulerPuppetBase, role_data, step_config]}
+ - {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [ManilaSchedulerPuppetBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS #
puppet_config:
ContainersCommon:
type: ./containers-common.yaml
+ MySQLClient:
+ type: ../../puppet/services/database/mysql-client.yaml
+
ManilaBase:
type: ../../puppet/services/manila-share.yaml
properties:
service_name: {get_attr: [ManilaBase, role_data, service_name]}
config_settings: {get_attr: [ManilaBase, role_data, config_settings]}
step_config: &step_config
- get_attr: [ManilaBase, role_data, step_config]
+ list_join:
+ - "\n"
+ - - {get_attr: [ManilaBase, role_data, step_config]}
+ - {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [ManilaBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
ContainersCommon:
type: ./containers-common.yaml
+ MySQLClient:
+ type: ../../puppet/services/database/mysql-client.yaml
+
MistralApiBase:
type: ../../puppet/services/mistral-api.yaml
properties:
map_merge:
- get_attr: [MistralApiBase, role_data, config_settings]
step_config: &step_config
- get_attr: [MistralApiBase, role_data, step_config]
+ list_join:
+ - "\n"
+ - - {get_attr: [MistralApiBase, role_data, step_config]}
+ - {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [MistralApiBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
ContainersCommon:
type: ./containers-common.yaml
+ MySQLClient:
+ type: ../../puppet/services/database/mysql-client.yaml
+
MistralBase:
type: ../../puppet/services/mistral-engine.yaml
properties:
map_merge:
- get_attr: [MistralBase, role_data, config_settings]
step_config: &step_config
- get_attr: [MistralBase, role_data, step_config]
+ list_join:
+ - "\n"
+ - - {get_attr: [MistralBase, role_data, step_config]}
+ - {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [MistralBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
ContainersCommon:
type: ./containers-common.yaml
+ MySQLClient:
+ type: ../../puppet/services/database/mysql-client.yaml
+
MistralBase:
type: ../../puppet/services/mistral-executor.yaml
properties:
map_merge:
- get_attr: [MistralBase, role_data, config_settings]
step_config: &step_config
- get_attr: [MistralBase, role_data, step_config]
+ list_join:
+ - "\n"
+ - - {get_attr: [MistralBase, role_data, step_config]}
+ - {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [MistralBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
kolla_config:
/var/lib/kolla/config_files/multipathd.json:
command: /usr/sbin/multipathd -d
- config_files:
- - source: "/var/lib/kolla/config_files/src-iscsid/*"
- dest: "/"
- merge: true
- preserve_properties: true
+ config_files:
+ - source: "/var/lib/kolla/config_files/src-iscsid/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
docker_config:
step_3:
multipathd:
- name: Stop and disable multipathd service
tags: step2
service: name=multipathd state=stopped enabled=no
- metadata_settings: {}
ContainersCommon:
type: ./containers-common.yaml
+ MySQLClient:
+ type: ../../puppet/services/database/mysql-client.yaml
+
NeutronBase:
type: ../../puppet/services/neutron-api.yaml
properties:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
step_config: &step_config
- get_attr: [NeutronBase, role_data, step_config]
+ list_join:
+ - "\n"
+ - - {get_attr: [NeutronBase, role_data, step_config]}
+ - {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [NeutronBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
ContainersCommon:
type: ./containers-common.yaml
+ MySQLClient:
+ type: ../../puppet/services/database/mysql-client.yaml
+
NovaApiBase:
type: ../../puppet/services/nova-api.yaml
properties:
- "\n"
- - "['Nova_cell_v2'].each |String $val| { noop_resource($val) }"
- {get_attr: [NovaApiBase, role_data, step_config]}
+ - {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [NovaApiBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
volumes: *nova_api_bootstrap_volumes
user: root
command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 discover_hosts'"
+ metadata_settings:
+ get_attr: [NovaApiBase, role_data, metadata_settings]
host_prep_tasks:
- name: create persistent logs directory
file:
ContainersCommon:
type: ./containers-common.yaml
+ MySQLClient:
+ type: ../../puppet/services/database/mysql-client.yaml
+
NovaComputeBase:
type: ../../puppet/services/nova-compute.yaml
properties:
config_settings:
get_attr: [NovaComputeBase, role_data, config_settings]
step_config: &step_config
- get_attr: [NovaComputeBase, role_data, step_config]
+ list_join:
+ - "\n"
+ - - {get_attr: [NovaComputeBase, role_data, step_config]}
+ - {get_attr: [MySQLClient, role_data, step_config]}
puppet_config:
config_volume: nova_libvirt
puppet_tags: nova_config,nova_paste_api_ini
ContainersCommon:
type: ./containers-common.yaml
+ MySQLClient:
+ type: ../../puppet/services/database/mysql-client.yaml
+
NovaConductorBase:
type: ../../puppet/services/nova-conductor.yaml
properties:
service_name: {get_attr: [NovaConductorBase, role_data, service_name]}
config_settings: {get_attr: [NovaConductorBase, role_data, config_settings]}
step_config: &step_config
- get_attr: [NovaConductorBase, role_data, step_config]
+ list_join:
+ - "\n"
+ - - {get_attr: [NovaConductorBase, role_data, step_config]}
+ - {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [NovaConductorBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
ContainersCommon:
type: ./containers-common.yaml
+ MySQLClient:
+ type: ../../puppet/services/database/mysql-client.yaml
+
NovaConsoleauthPuppetBase:
type: ../../puppet/services/nova-consoleauth.yaml
properties:
service_name: {get_attr: [NovaConsoleauthPuppetBase, role_data, service_name]}
config_settings: {get_attr: [NovaConsoleauthPuppetBase, role_data, config_settings]}
step_config: &step_config
- get_attr: [NovaConsoleauthPuppetBase, role_data, step_config]
+ list_join:
+ - "\n"
+ - - {get_attr: [NovaConsoleauthPuppetBase, role_data, step_config]}
+ - {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [NovaConsoleauthPuppetBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
ContainersCommon:
type: ./containers-common.yaml
+ MySQLClient:
+ type: ../../puppet/services/database/mysql-client.yaml
+
NovaIronicBase:
type: ../../puppet/services/nova-ironic.yaml
properties:
service_name: {get_attr: [NovaIronicBase, role_data, service_name]}
config_settings: {get_attr: [NovaIronicBase, role_data, config_settings]}
step_config: &step_config
- get_attr: [NovaIronicBase, role_data, step_config]
+ list_join:
+ - "\n"
+ - - {get_attr: [NovaIronicBase, role_data, step_config]}
+ - {get_attr: [MySQLClient, role_data, step_config]}
puppet_config:
config_volume: nova
puppet_tags: nova_config,nova_paste_api_ini
ContainersCommon:
type: ./containers-common.yaml
+ MySQLClient:
+ type: ../../puppet/services/database/mysql-client.yaml
+
NovaLibvirtBase:
type: ../../puppet/services/nova-libvirt.yaml
properties:
config_settings:
get_attr: [NovaLibvirtBase, role_data, config_settings]
step_config: &step_config
- get_attr: [NovaLibvirtBase, role_data, step_config]
+ list_join:
+ - "\n"
+ - - {get_attr: [NovaLibvirtBase, role_data, step_config]}
+ - {get_attr: [MySQLClient, role_data, step_config]}
puppet_config:
config_volume: nova_libvirt
puppet_tags: libvirtd_config,nova_config,file,exec
ContainersCommon:
type: ./containers-common.yaml
+ MySQLClient:
+ type: ../../puppet/services/database/mysql-client.yaml
+
NovaPlacementBase:
type: ../../puppet/services/nova-placement.yaml
properties:
- get_attr: [NovaPlacementBase, role_data, config_settings]
- apache::default_vhost: false
step_config: &step_config
- get_attr: [NovaPlacementBase, role_data, step_config]
+ list_join:
+ - "\n"
+ - - {get_attr: [NovaPlacementBase, role_data, step_config]}
+ - {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [NovaPlacementBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
- /var/log/containers/nova:/var/log/nova
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ metadata_settings:
+ get_attr: [NovaPlacementBase, role_data, metadata_settings]
host_prep_tasks:
- name: create persistent logs directory
file:
ContainersCommon:
type: ./containers-common.yaml
+ MySQLClient:
+ type: ../../puppet/services/database/mysql-client.yaml
+
NovaSchedulerBase:
type: ../../puppet/services/nova-scheduler.yaml
properties:
service_name: {get_attr: [NovaSchedulerBase, role_data, service_name]}
config_settings: {get_attr: [NovaSchedulerBase, role_data, config_settings]}
step_config: &step_config
- get_attr: [NovaSchedulerBase, role_data, step_config]
+ list_join:
+ - "\n"
+ - - {get_attr: [NovaSchedulerBase, role_data, step_config]}
+ - {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [NovaSchedulerBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
ContainersCommon:
type: ./containers-common.yaml
+ MySQLClient:
+ type: ../../puppet/services/database/mysql-client.yaml
+
NovaVncProxyPuppetBase:
type: ../../puppet/services/nova-vnc-proxy.yaml
properties:
service_name: {get_attr: [NovaVncProxyPuppetBase, role_data, service_name]}
config_settings: {get_attr: [NovaVncProxyPuppetBase, role_data, config_settings]}
step_config: &step_config
- get_attr: [NovaVncProxyPuppetBase, role_data, step_config]
+ list_join:
+ - "\n"
+ - - {get_attr: [NovaVncProxyPuppetBase, role_data, step_config]}
+ - {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [NovaVncProxyPuppetBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
ContainersCommon:
type: ./containers-common.yaml
+ MySQLClient:
+ type: ../../puppet/services/database/mysql-client.yaml
+
OctaviaApiPuppetBase:
type: ../../puppet/services/octavia-api.yaml
properties:
service_name: {get_attr: [OctaviaApiPuppetBase, role_data, service_name]}
config_settings: {get_attr: [OctaviaApiPuppetBase, role_data, config_settings]}
step_config: &step_config
- get_attr: [OctaviaApiPuppetBase, role_data, step_config]
+ list_join:
+ - "\n"
+ - - {get_attr: [OctaviaApiPuppetBase, role_data, step_config]}
+ - {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [OctaviaApiPuppetBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS #
puppet_config:
resources:
+ MySQLClient:
+ type: ../../../puppet/services/database/mysql-client.yaml
+
CinderBackupBase:
type: ../../../puppet/services/cinder-backup.yaml
properties:
puppet_config:
config_volume: cinder
puppet_tags: cinder_config,file,concat,file_line
- step_config: {get_attr: [CinderBackupBase, role_data, step_config]}
+ step_config:
+ list_join:
+ - "\n"
+ - - {get_attr: [CinderBackupBase, role_data, step_config]}
+ - {get_attr: [MySQLClient, role_data, step_config]}
config_image: {get_param: DockerCinderConfigImage}
kolla_config:
/var/lib/kolla/config_files/cinder_backup.json:
resources:
+ MySQLClient:
+ type: ../../../puppet/services/database/mysql-client.yaml
+
CinderBase:
type: ../../../puppet/services/cinder-volume.yaml
properties:
puppet_config:
config_volume: cinder
puppet_tags: cinder_config,file,concat,file_line
- step_config: {get_attr: [CinderBase, role_data, step_config]}
+ step_config:
+ list_join:
+ - "\n"
+ - - {get_attr: [CinderBase, role_data, step_config]}
+ - {get_attr: [MySQLClient, role_data, step_config]}
config_image: {get_param: DockerCinderConfigImage}
kolla_config:
/var/lib/kolla/config_files/cinder_volume.json:
ContainersCommon:
type: ./containers-common.yaml
+ MySQLClient:
+ type: ../../puppet/services/database/mysql-client.yaml
+
PankoApiPuppetBase:
type: ../../puppet/services/panko-api.yaml
properties:
- get_attr: [PankoApiPuppetBase, role_data, config_settings]
- apache::default_vhost: false
step_config: &step_config
- get_attr: [PankoApiPuppetBase, role_data, step_config]
+ list_join:
+ - "\n"
+ - - {get_attr: [PankoApiPuppetBase, role_data, step_config]}
+ - {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [PankoApiPuppetBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS #
puppet_config:
ContainersCommon:
type: ./containers-common.yaml
+ MySQLClient:
+ type: ../../puppet/services/database/mysql-client.yaml
+
SaharaApiPuppetBase:
type: ../../puppet/services/sahara-api.yaml
properties:
- get_attr: [SaharaApiPuppetBase, role_data, config_settings]
- sahara::sync_db: false
step_config: &step_config
- get_attr: [SaharaApiPuppetBase, role_data, step_config]
+ list_join:
+ - "\n"
+ - - {get_attr: [SaharaApiPuppetBase, role_data, step_config]}
+ - {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [SaharaApiPuppetBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS #
puppet_config:
ContainersCommon:
type: ./containers-common.yaml
+ MySQLClient:
+ type: ../../puppet/services/database/mysql-client.yaml
+
SaharaEnginePuppetBase:
type: ../../puppet/services/sahara-engine.yaml
properties:
- get_attr: [SaharaEnginePuppetBase, role_data, config_settings]
- sahara::sync_db: false
step_config: &step_config
- get_attr: [SaharaEnginePuppetBase, role_data, step_config]
+ list_join:
+ - "\n"
+ - - {get_attr: [SaharaEnginePuppetBase, role_data, step_config]}
+ - {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [SaharaEnginePuppetBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS #
puppet_config:
ContainersCommon:
type: ./containers-common.yaml
+ MySQLClient:
+ type: ../../puppet/services/database/mysql-client.yaml
+
TackerBase:
type: ../../puppet/services/tacker.yaml
properties:
map_merge:
- get_attr: [TackerBase, role_data, config_settings]
step_config: &step_config
- get_attr: [TackerBase, role_data, step_config]
+ list_join:
+ - "\n"
+ - - {get_attr: [TackerBase, role_data, step_config]}
+ - {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [TackerBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
ContainersCommon:
type: ./containers-common.yaml
+ MySQLClient:
+ type: ../../puppet/services/database/mysql-client.yaml
+
ZaqarBase:
type: ../../puppet/services/zaqar.yaml
properties:
service_name: {get_attr: [ZaqarBase, role_data, service_name]}
config_settings: {get_attr: [ZaqarBase, role_data, config_settings]}
step_config: &step_config
- get_attr: [ZaqarBase, role_data, step_config]
+ list_join:
+ - "\n"
+ - - {get_attr: [ZaqarBase, role_data, step_config]}
+ - {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [ZaqarBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
OS::TripleO::Services::Docker: ../puppet/services/docker.yaml
# The compute node still needs extra initialization steps
OS::TripleO::Compute::NodeUserData: ../docker/firstboot/setup_docker_host.yaml
+ # Default Neutron ML2 puppet plugin to use when NeutronCorePlugin is set to ML2
+ OS::TripleO::Docker::NeutronMl2PluginBase: ../puppet/services/neutron-plugin-ml2.yaml
# NOTE: add roles to be docker enabled as we support them.
OS::TripleO::Services::AodhApi: ../docker/services/aodh-api.yaml
OS::TripleO::Services::Iscsid: ../docker/services/iscsid.yaml
OS::TripleO::Services::Keystone: ../docker/services/keystone.yaml
OS::TripleO::Services::NovaMigrationTarget: ../docker/services/nova-migration-target.yaml
+ OS::TripleO::Services::NeutronServer: ../docker/services/neutron-api.yaml
OS::TripleO::Services::NeutronApi: ../docker/services/neutron-api.yaml
OS::TripleO::Services::NeutronCorePlugin: ../docker/services/neutron-plugin-ml2.yaml
+ OS::TripleO::Services::NeutronMetadataAgent: ../docker/services/neutron-metadata.yaml
+ OS::TripleO::Services::NeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml
OS::TripleO::Services::NeutronDhcpAgent: ../docker/services/neutron-dhcp.yaml
OS::TripleO::Services::NeutronL3Agent: ../docker/services/neutron-l3.yaml
- OS::TripleO::Services::NeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml
- OS::TripleO::Services::NeutronServer: ../docker/services/neutron-api.yaml
OS::TripleO::Services::PankoApi: ../docker/services/panko-api.yaml
OS::TripleO::Services::SwiftProxy: ../docker/services/swift-proxy.yaml
OS::TripleO::Services::SwiftRingBuilder: ../docker/services/swift-ringbuilder.yaml
OS::TripleO::Services::NeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml
OS::TripleO::Services::NeutronDhcpAgent: ../docker/services/neutron-dhcp.yaml
OS::TripleO::Services::NeutronL3Agent: ../docker/services/neutron-l3.yaml
+ OS::TripleO::Services::HAproxy: ../docker/services/haproxy.yaml
OS::TripleO::Services::MySQL: ../docker/services/database/mysql.yaml
- OS::TripleO::Services::MySQLClient: ../docker/services/database/mysql-client.yaml
OS::TripleO::Services::RabbitMQ: ../docker/services/rabbitmq.yaml
OS::TripleO::Services::MongoDb: ../docker/services/database/mongodb.yaml
OS::TripleO::Services::Redis: ../docker/services/database/redis.yaml
OS::TripleO::Services::PankoApi: ../docker/services/panko-api.yaml
OS::TripleO::Services::CeilometerAgentCentral: ../docker/services/ceilometer-agent-central.yaml
OS::TripleO::Services::CeilometerAgentIpmi: ../docker/services/ceilometer-agent-ipmi.yaml
- OS::TripleO::Services::CeilometerAgentCompute: ../docker/services/ceilometer-agent-compute.yaml
+ OS::TripleO::Services::ComputeCeilometerAgent: ../docker/services/ceilometer-agent-compute.yaml
OS::TripleO::Services::CeilometerAgentNotification: ../docker/services/ceilometer-agent-notification.yaml
OS::TripleO::Services::Horizon: ../docker/services/horizon.yaml
OS::TripleO::Services::Iscsid: ../docker/services/iscsid.yaml
- OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::Docker
- OS::TripleO::Services::Iscsid
+ - OS::TripleO::Services::OVNController
{%- endfor %}
# Port assignments for the VIPs
- {%- for network in networks if network.vip %}
+ {%- for network in networks if network.vip and network.enabled|default(true) %}
OS::TripleO::Network::Ports::{{network.name}}VipPort: ../network/ports/{{network.name_lower|default(network.name.lower())}}.yaml
{%- endfor %}
OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/vip.yaml
# extensions, configured via puppet
resource_registry:
OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginML2OVN
- OS::TripleO::Services::ComputeNeutronCorePlugin: ../puppet/services/neutron-compute-plugin-ovn.yaml
+ OS::TripleO::Services::OVNController: ../puppet/services/ovn-controller.yaml
OS::TripleO::Services::OVNDBs: ../puppet/services/pacemaker/ovn-dbs.yaml
# Disabling Neutron services that overlap with OVN
- OS::TripleO::Services::NeutronL3Agent: OS::Heat::None
OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
+ OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
+ OS::TripleO::Services::NeutronL3Agent: OS::Heat::None
OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None
OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None
- OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
+ OS::TripleO::Services::ComputeNeutronCorePlugin: OS::Heat::None
parameter_defaults:
NeutronMechanismDrivers: ovn
# A Heat environment file which can be used to enable OVN
# extensions, configured via puppet
resource_registry:
- OS::TripleO::Services::NeutronL3Agent: OS::Heat::None
- OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
- OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None
OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginML2OVN
- OS::TripleO::Services::ComputeNeutronCorePlugin: ../puppet/services/neutron-compute-plugin-ovn.yaml
+ OS::TripleO::Services::OVNController: ../puppet/services/ovn-controller.yaml
+ OS::TripleO::Services::OVNDBs: ../puppet/services/ovn-dbs.yaml
# Disabling Neutron services that overlap with OVN
- OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None
+ OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
- OS::TripleO::Services::OVNDBs: ../puppet/services/ovn-dbs.yaml
+ OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None
+ OS::TripleO::Services::NeutronL3Agent: OS::Heat::None
+ OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None
+ OS::TripleO::Services::ComputeNeutronCorePlugin: OS::Heat::None
parameter_defaults:
NeutronMechanismDrivers: ovn
--- /dev/null
+# A Heat environment that can be used to deploy OpenDaylight with SRIOV
+resource_registry:
+ OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
+ OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
+ OS::TripleO::Services::ComputeNeutronCorePlugin: ../puppet/services/neutron-plugin-ml2.yaml
+ OS::TripleO::Services::NeutronCorePlugin: ../puppet/services/neutron-plugin-ml2-odl.yaml
+ OS::TripleO::Services::OpenDaylightApi: ../puppet/services/opendaylight-api.yaml
+ OS::TripleO::Services::OpenDaylightOvs: ../puppet/services/opendaylight-ovs.yaml
+ OS::TripleO::Services::NeutronSriovAgent: ../puppet/services/neutron-sriov-agent.yaml
+ OS::TripleO::Services::NeutronL3Agent: OS::Heat::None
+
+parameter_defaults:
+ NeutronEnableForceMetadata: true
+ NeutronMechanismDrivers: ['sriovnicswitch','opendaylight_v2']
+ NeutronServicePlugins: 'odl-router_v2,trunk'
+
+ # Add PciPassthroughFilter to the scheduler default filters
+ #NovaSchedulerDefaultFilters: ['RetryFilter','AvailabilityZoneFilter','RamFilter','ComputeFilter','ComputeCapabilitiesFilter','ImagePropertiesFilter','ServerGroupAntiAffinityFilter','ServerGroupAffinityFilter','PciPassthroughFilter']
+ #NovaSchedulerAvailableFilters: ["nova.scheduler.filters.all_filters","nova.scheduler.filters.pci_passthrough_filter.PciPassthroughFilter"]
+
+ #NeutronPhysicalDevMappings: "datacentre:ens20f2"
+
+ # Number of VFs that needs to be configured for a physical interface
+ #NeutronSriovNumVFs: "ens20f2:5"
+
+ #NovaPCIPassthrough:
+ # - devname: "ens20f2"
+ # physical_network: "datacentre"
--- /dev/null
+# *******************************************************************
+# This file was created automatically by the sample environment
+# generator. Developers should use `tox -e genconfig` to update it.
+# Users are recommended to make changes to a copy of the file instead
+# of the original, if any customizations are needed.
+# *******************************************************************
+# title: Custom Domain Name
+# description: |
+# This environment contains the parameters that need to be set in order to
+# use a custom domain name and have all of the various FQDNs reflect it.
+parameter_defaults:
+ # The DNS domain used for the hosts. This must match the overcloud_domain_name configured on the undercloud.
+ # Type: string
+ CloudDomain: localdomain
+
+ # The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
+ # Type: string
+ CloudName: overcloud.localdomain
+
+ # The DNS name of this cloud's provisioning network endpoint. E.g. 'ci-overcloud.ctlplane.tripleo.org'.
+ # Type: string
+ CloudNameCtlplane: overcloud.ctlplane.localdomain
+
+ # The DNS name of this cloud's internal API endpoint. E.g. 'ci-overcloud.internalapi.tripleo.org'.
+ # Type: string
+ CloudNameInternal: overcloud.internalapi.localdomain
+
+ # The DNS name of this cloud's storage endpoint. E.g. 'ci-overcloud.storage.tripleo.org'.
+ # Type: string
+ CloudNameStorage: overcloud.storage.localdomain
+
+ # The DNS name of this cloud's storage management endpoint. E.g. 'ci-overcloud.storagemgmt.tripleo.org'.
+ # Type: string
+ CloudNameStorageManagement: overcloud.storagemgmt.localdomain
+
CloudNameCtlplane:
default: overcloud.ctlplane.localdomain
description: >
- The DNS name of this cloud's storage management endpoint. E.g.
- 'ci-overcloud.management.tripleo.org'.
+ The DNS name of this cloud's provisioning network endpoint. E.g.
+ 'ci-overcloud.ctlplane.tripleo.org'.
type: string
resources:
type: string
RoleParameters:
type: json
- description: Role Specific parameters
+ description: Parameters specific to the role
default: {}
ServiceNames:
type: comma_delimited_list
type: string
RoleParameters:
type: json
- description: Role Specific parameters
+ description: Parameters specific to the role
default: {}
ServiceNames:
type: comma_delimited_list
type: string
RoleParameters:
type: json
- description: Role Specific parameters
+ description: Parameters specific to the role
default: {}
ServiceNames:
type: comma_delimited_list
- allowed_pattern: "[0-9,-]*"
type: string
default: ""
+ deployment_actions:
+ default: ['CREATE', 'UPDATE']
+ type: comma_delimited_list
+ description: >
+ List of stack actions that will trigger any deployments in this
+ templates. The actions will be an empty list of the server is in the
+ toplevel DeploymentServerBlacklist parameter's value.
+ EnableDpdkDeploymentActions:
+ default: ['CREATE']
+ type: comma_delimited_list
+ description: >
+ Exposing the DPDK deployment action, it may be required to run DPDK
+ config during an upgrade. By default DPDK will be enabled during the
+ CREATE action only. But on cases when it requires for certain migration,
+ it may be required to run it for UPDATE action too.
# DEPRECATED: the following options are deprecated and are currently maintained
# for backwards compatibility. They will be removed in the Queens cycle.
HostCpusList:
default: ''
description: Memory allocated for each socket
type: string
- deployment_actions:
- default: ['CREATE', 'UPDATE']
- type: comma_delimited_list
- description: >
- List of stack actions that will trigger any deployments in this
- templates. The actions will be an empty list of the server is in the
- toplevel DeploymentServerBlacklist parameter's value.
conditions:
is_host_config_required: {not: {equals: [{get_param: [RoleParameters, KernelArgs]}, ""]}}
_TUNED_PROFILE_NAME_: {get_param: [RoleParameters, TunedProfileName]}
_TUNED_CORES_: {get_param: [RoleParameters, IsolCpusList]}
+ RebootConfig:
+ type: OS::Heat::SoftwareConfig
+ condition: is_reboot_config_required
+ properties:
+ group: script
+ config: |
+ #!/bin/bash
+ # Stop os-collect-config to avoid any race collecting another
+ # deployment before reboot happens
+ systemctl stop os-collect-config.service
+ /sbin/reboot
+
+ RebootDeployment:
+ type: OS::Heat::SoftwareDeployment
+ depends_on: HostParametersDeployment
+ condition: is_reboot_config_required
+ properties:
+ name: RebootDeployment
+ server: {get_param: server}
+ config: {get_resource: RebootConfig}
+ actions:
+ if:
+ - deployment_actions_empty
+ - []
+ - ['CREATE'] # Only do this on CREATE
+ signal_transport: NO_SIGNAL
+
+ # With OvS2.7 (which is default with pike), ovs-vswitchd will start dpdk
+ # immediately after setting dpdk-init (behaviour change from ovs2.6).
+ # Starting of DPDK require the huge page configuration to be enabled. So
+ # reboot will happen before DPDK config and we don't need an explicity
+ # restart after dpdk-init as true because of the behavior change.
+ # TODO(skramaja): Dependency is that till the service file workaround, is
+ # maintained, restart of ovs is required.
EnableDpdkConfig:
type: OS::Heat::SoftwareConfig
condition: is_dpdk_config_required
sed -i 's/start_daemon \"\$OVS_VSWITCHD_PRIORITY\"/umask 0002 \&\& start_daemon \"$OVS_VSWITCHD_PRIORITY\"/' $ovs_ctl_path
fi
+ systemctl daemon-reload
+ systemctl restart openvswitch
# DO NOT use --detailed-exitcodes
puppet apply --logdest console \
EnableDpdkDeployment:
type: OS::Heat::SoftwareDeployment
condition: is_dpdk_config_required
+ depends_on: RebootDeployment
properties:
name: EnableDpdkDeployment
server: {get_param: server}
if:
- deployment_actions_empty
- []
- - ['CREATE'] # Only do this on CREATE
-
- RebootConfig:
- type: OS::Heat::SoftwareConfig
- condition: is_reboot_config_required
- properties:
- group: script
- config: |
- #!/bin/bash
- # Stop os-collect-config to avoid any race collecting another
- # deployment before reboot happens
- systemctl stop os-collect-config.service
- /sbin/reboot
-
- RebootDeployment:
- type: OS::Heat::SoftwareDeployment
- depends_on: HostParametersDeployment
- condition: is_reboot_config_required
- properties:
- name: RebootDeployment
- server: {get_param: server}
- config: {get_resource: RebootConfig}
- actions:
- if:
- - deployment_actions_empty
- - []
- - ['CREATE'] # Only do this on CREATE
- signal_transport: NO_SIGNAL
+ - {get_param: EnableDpdkDeploymentActions}
outputs:
result:
log_debug "Restarting openstack ceilometer agent compute"
systemctl restart openstack-ceilometer-compute
yum install -y openstack-nova-migration
+ # https://bugs.launchpad.net/tripleo/+bug/1707926 stop&disable libvirtd
+ log_debug "Stop and disable libvirtd service for upgrade to containers"
+ systemctl stop libvirtd
+ systemctl disable libvirtd
fi
# Apply puppet manifest to converge just right after the ${ROLE} upgrade
- puppet/blockstorage-role.yaml
- puppet/objectstorage-role.yaml
- puppet/cephstorage-role.yaml
+ - network/internal_api.yaml
+ - network/external.yaml
+ - network/storage.yaml
+ - network/storage_mgmt.yaml
+ - network/tenant.yaml
+ - network/management.yaml
+ - network/internal_api_v6.yaml
+ - network/external_v6.yaml
+ - network/storage_v6.yaml
+ - network/storage_mgmt_v6.yaml
+ - network/tenant_v6.yaml
+ - network/management_v6.yaml
+ - network/ports/internal_api.yaml
+ - network/ports/external.yaml
+ - network/ports/storage.yaml
+ - network/ports/storage_mgmt.yaml
+ - network/ports/tenant.yaml
+ - network/ports/management.yaml
+ - network/ports/internal_api_v6.yaml
+ - network/ports/external_v6.yaml
+ - network/ports/storage_v6.yaml
+ - network/ports/storage_mgmt_v6.yaml
+ - network/ports/tenant_v6.yaml
+ - network/ports/management_v6.yaml
+ - network/ports/internal_api_from_pool.yaml
+ - network/ports/external_from_pool.yaml
+ - network/ports/storage_from_pool.yaml
+ - network/ports/storage_mgmt_from_pool.yaml
+ - network/ports/tenant_from_pool.yaml
+ - network/ports/management_from_pool.yaml
+ - network/ports/internal_api_from_pool_v6.yaml
+ - network/ports/external_from_pool_v6.yaml
+ - network/ports/storage_from_pool_v6.yaml
+ - network/ports/storage_mgmt_from_pool_v6.yaml
+ - network/ports/tenant_from_pool_v6.yaml
+ - network/ports/management_from_pool_v6.yaml
description: Ip allocation pool range for the management network.
type: json
ManagementInterfaceDefaultRoute:
- default: null
+ default: unset
description: The default route of the management network.
type: string
--- /dev/null
+heat_template_version: pike
+
+description: >
+ {{network.name}} network definition (automatically generated).
+
+parameters:
+ # the defaults here work for static IP assignment (IPAM) only
+ {{network.name}}NetCidr:
+ default: {{network.ip_subnet|default("")}}
+ description: Cidr for the {{network.name_lower}} network.
+ type: string
+ {{network.name}}NetValueSpecs:
+ default: {'provider:physical_network': '{{network.name_lower}}', 'provider:network_type': 'flat'}
+ description: Value specs for the {{network.name_lower}} network.
+ type: json
+ {{network.name}}NetAdminStateUp:
+ default: false
+ description: This admin state of the network.
+ type: boolean
+ {{network.name}}NetEnableDHCP:
+ default: false
+ description: Whether to enable DHCP on the associated subnet.
+ type: boolean
+ {{network.name}}NetShared:
+ default: false
+ description: Whether this network is shared across all tenants.
+ type: boolean
+ {{network.name}}NetName:
+ default: {{network.name_lower}}
+ description: The name of the {{network.name_lower}} network.
+ type: string
+ {{network.name}}SubnetName:
+ default: {{network.name_lower}}_subnet
+ description: The name of the {{network.name_lower}} subnet in Neutron.
+ type: string
+ {{network.name}}AllocationPools:
+ default: {{network.allocation_pools|default([])}}
+ description: Ip allocation pool range for the {{network.name_lower}} network.
+ type: json
+ {{network.name}}InterfaceDefaultRoute:
+ default: {{network.gateway_ip|default("not_defined")}}
+ description: default route for the {{network.name_lower}} network
+ type: string
+{%- if network.vlan %}
+ {{network.name}}NetworkVlanID:
+ default: {{network.vlan}}
+ description: Vlan ID for the {{network.name}} network traffic.
+ type: number
+{%- endif %}
+{%- if network.ipv6 %}
+ IPv6AddressMode:
+ default: dhcpv6-stateful
+ description: Neutron subnet IPv6 address mode
+ type: string
+ IPv6RAMode:
+ default: dhcpv6-stateful
+ description: Neutron subnet IPv6 router advertisement mode
+ type: string
+{%- endif %}
+
+resources:
+ {{network.name}}Network:
+ type: OS::Neutron::Net
+ properties:
+ admin_state_up: {get_param: {{network.name}}NetAdminStateUp}
+ name: {get_param: {{network.name}}NetName}
+ shared: {get_param: {{network.name}}NetShared}
+ value_specs: {get_param: {{network.name}}NetValueSpecs}
+
+ {{network.name}}Subnet:
+ type: OS::Neutron::Subnet
+ properties:
+ cidr: {get_param: {{network.name}}NetCidr}
+ name: {get_param: {{network.name}}SubnetName}
+ network: {get_resource: {{network.name}}Network}
+ allocation_pools: {get_param: {{network.name}}AllocationPools}
+ gateway_ip: {get_param: {{network.name}}InterfaceDefaultRoute}
+{%- if network.ipv6 %}
+ ip_version: 6
+ ipv6_address_mode: {get_param: IPv6AddressMode}
+ ipv6_ra_mode: {get_param: IPv6RAMode}
+{%- else %}
+ enable_dhcp: {get_param: {{network.name}}NetEnableDHCP}
+{%- endif %}
+
+outputs:
+ OS::stack_id:
+ description: {{network.name_lower}} network
+ value: {get_resource: {{network.name}}Network}
+ subnet_cidr:
+ value: {get_attr: {{network.name}}Subnet, cidr}
+
resources:
{%- for network in networks %}
- {%- if network.name != 'InternalApi' %}
{{network.name}}Network:
- {%- else %}
- InternalNetwork:
- {%- endif %}
type: OS::TripleO::Network::{{network.name}}
{%- endfor %}
# NOTE(gfidente): we need to replace the null value with a
# string to work around https://bugs.launchpad.net/heat/+bug/1700025
{%- for network in networks %}
- {%- if network.name != 'InternalApi' %}
{{network.name_lower}}:
yaql:
data: {get_attr: [{{network.name}}Network, subnet_cidr]}
expression: str($.data).replace('null', 'disabled')
- {%- else %}
- {{network.name_lower}}:
- yaql:
- data: {get_attr: [InternalNetwork, subnet_cidr]}
- expression: str($.data).replace('null', 'disabled')
- {%- endif %}
{%- endfor %}
description: Name of the service to lookup
default: ''
type: string
- NetworkName:
- description: # Here for compatibility with isolated networks
+ NetworkName: # Here for compatibility with isolated networks
+ description: Name of the network where the VIP will be created
default: ctlplane
type: string
PortName:
parameters:
ExternalNetName:
- description: Name of the external neutron network
+ description: The name of the external network.
default: external
type: string
PortName:
parameters:
ExternalNetName:
- description: Name of the external network
+ description: The name of the external network.
default: external
type: string
PortName:
parameters:
ExternalNetName:
- description: Name of the external network
+ description: The name of the external network.
default: external
type: string
PortName:
parameters:
ExternalNetName:
- description: Name of the external neutron network
+ description: The name of the external network.
default: external
type: string
PortName:
parameters:
InternalApiNetName:
- description: Name of the internal API neutron network
+ description: The name of the internal API network.
default: internal_api
type: string
PortName:
parameters:
InternalApiNetName:
- description: Name of the internal API network
+ description: The name of the internal API network.
default: internal_api
type: string
PortName:
parameters:
InternalApiNetName:
- description: Name of the internal API network
+ description: The name of the internal API network.
default: internal_api
type: string
PortName:
parameters:
InternalApiNetName:
- description: Name of the internal API neutron network
+ description: The name of the internal API network.
default: internal_api
type: string
PortName:
parameters:
ManagementNetName:
- description: Name of the management neutron network
+ description: The name of the management network.
default: management
type: string
PortName:
parameters:
ManagementNetName:
- description: Name of the management network
+ description: The name of the management network.
default: management
type: string
PortName:
parameters:
ManagementNetName:
- description: Name of the management network
+ description: The name of the management network.
default: management
type: string
PortName:
parameters:
ManagementNetName:
- description: Name of the management neutron network
+ description: The name of the management network.
default: management
type: string
PortName:
ExternalIpSubnet:
default: ''
type: string
+ description: IP address/subnet on the external network
ExternalIpUri:
default: ''
type: string
InternalApiIpSubnet:
default: ''
type: string
+ description: IP address/subnet on the internal API network
InternalApiIpUri:
default: ''
type: string
StorageIpSubnet:
default: ''
type: string
+ description: IP address/subnet on the storage network
StorageIpUri:
default: ''
type: string
StorageMgmtIpSubnet:
default: ''
type: string
+ description: IP address/subnet on the storage mgmt network
StorageMgmtIpUri:
default: ''
type: string
TenantIpSubnet:
default: ''
type: string
+ description: IP address/subnet on the tenant network
TenantIpUri:
default: ''
type: string
ExternalIpUri:
default: ''
type: string
+ description: IP address with brackets in case of IPv6
InternalApiIp:
default: ''
type: string
InternalApiIpUri:
default: ''
type: string
+ description: IP address with brackets in case of IPv6
StorageIp:
default: ''
type: string
StorageIpUri:
default: ''
type: string
+ description: IP address with brackets in case of IPv6
StorageMgmtIp:
default: ''
type: string
StorageMgmtIpUri:
default: ''
type: string
+ description: IP address with brackets in case of IPv6
outputs:
net_ip_map:
ExternalIpUri:
default: ''
type: string
+ description: IP address with brackets in case of IPv6
InternalApiIp:
default: ''
type: string
InternalApiIpUri:
default: ''
type: string
+ description: IP address with brackets in case of IPv6
StorageIp:
default: ''
type: string
StorageIpUri:
default: ''
type: string
+ description: IP address with brackets in case of IPv6
StorageMgmtIp:
default: ''
type: string
StorageMgmtIpUri:
default: ''
type: string
+ description: IP address with brackets in case of IPv6
outputs:
net_ip_map:
description: IP address on the control plane
type: string
ControlPlaneNetwork:
- description: Name of the control plane network
+ description: The name of the undercloud Neutron control plane
default: ctlplane
type: string
PortName:
description: Name of the port
default: ''
type: string
- NetworkName:
- description: # Here for compatibility with vip.yaml
- default: ''
+ NetworkName: # Here for compatibility with vip.yaml
+ description: Name of the network where the VIP will be created
+ default: ctlplane
type: string
FixedIPs:
- description: # Here for compatibility with vip.yaml
+ description: >
+ Control the IP allocation for the VIP port. E.g.
+ [{'ip_address':'1.2.3.4'}]
default: []
type: json
ControlPlaneSubnetCidr: # Override this via parameter_defaults
--- /dev/null
+heat_template_version: pike
+
+description: >
+ Creates a port on the {{network.name}} network. The IP address will be chosen
+ automatically if FixedIPs is empty.
+
+parameters:
+ {{network.name}}NetName:
+ description: Name of the {{network.name_lower}} neutron network
+ default: {{network.name_lower|default(network.name|lower)}}
+ type: string
+ PortName:
+ description: Name of the port
+ default: ''
+ type: string
+ ControlPlaneIP: # Here for compatibility with noop.yaml
+ description: IP address on the control plane
+ default: ''
+ type: string
+ ControlPlaneNetwork: # Here for compatibility with ctlplane_vip.yaml
+ description: The name of the undercloud Neutron control plane
+ default: ctlplane
+ type: string
+ FixedIPs:
+ description: >
+ Control the IP allocation for the VIP port. E.g.
+ [{'ip_address':'1.2.3.4'}]
+ default: []
+ type: json
+ IPPool: # Here for compatibility with from_pool.yaml
+ default: {}
+ type: json
+ NodeIndex: # Here for compatibility with from_pool.yaml
+ default: 0
+ type: number
+
+resources:
+
+ {{network.name}}Port:
+ type: OS::Neutron::Port
+ properties:
+ network: {get_param: {{network.name}}NetName}
+ name: {get_param: PortName}
+ fixed_ips: {get_param: FixedIPs}
+ replacement_policy: AUTO
+
+outputs:
+ ip_address:
+ description: {{network.name}} network IP
+ value: {get_attr: [{{network.name}}Port, fixed_ips, 0, ip_address]}
+ ip_address_uri:
+{%- if network.ipv6 %}
+ description: {{network.name}} network IP (with brackets for IPv6 URLs)
+ value:
+ list_join:
+ - ''
+ - - '['
+ - {get_attr: [{{network.name}}Port, fixed_ips, 0, ip_address]}
+ - ']'
+{%- else %}
+ description: {{network.name}} network IP (for compatibility with IPv6 URLs)
+ value: {get_attr: [{{network.name}}Port, fixed_ips, 0, ip_address]}
+{%- endif %}
+ ip_subnet:
+ description: IP/Subnet CIDR for the {{network.name}} network IP
+ value:
+ list_join:
+ - ''
+ - - {get_attr: [{{network.name}}Port, fixed_ips, 0, ip_address]}
+ - '/'
+ - {str_split: ['/', {get_attr: [{{network.name}}Port, subnets, 0, cidr]}, 1]}
+
--- /dev/null
+heat_template_version: pike
+
+description: >
+ Creates a port on the {{network.name}} network, using a map of IPs per role.
+ Each role has a map of IPs in <Role>IPs parameters, with a list of IPs by
+ network (lower_name or lower case). For example:
+ ControllerIPs:
+ external:
+ - 1.2.3.4 # First controller
+ - 1.2.3.5 # Second controller
+
+parameters:
+ {{network.name}}NetName:
+ description: Name of the {{network.name}} neutron network
+ default: {{network.name_lower}}
+ type: string
+ PortName:
+ description: Name of the port
+ default: ''
+ type: string
+ ControlPlaneIP: # Here for compatibility with noop.yaml
+ description: IP address on the control plane
+ default: ''
+ type: string
+ ControlPlaneNetwork: # Here for compatibility with ctlplane_vip.yaml
+ description: The name of the undercloud Neutron control plane
+ default: ctlplane
+ type: string
+ IPPool: # Set in <Role>IPs map, see environments/ips-from-pool-all.yaml
+ default: {}
+ type: json
+ NodeIndex: # First node in the role will get first IP, and so on...
+ default: 0
+ type: number
+ {{network.name}}NetCidr:
+ default: {{network.ip_subnet}}
+ description: Cidr for the {{network.name_lower}} network.
+ type: string
+
+outputs:
+ ip_address:
+ description: {{network.name}} network IP
+ value: {get_param: [IPPool, {get_param: {{network.name}}NetName}, {get_param: NodeIndex}]}
+ ip_address_uri:
+{%- if network.ipv6 %}
+ description: {{network.name}} network IP (with brackets for IPv6 URLs)
+ value:
+ list_join:
+ - ''
+ - - '['
+ - {get_param: [IPPool, {get_param: {{network.name}}NetName}, {get_param: NodeIndex}]}
+ - ']'
+{%- else %}
+ description: {{network.name}} network IP (for compatibility with {{network.name_lower}}_v6.yaml)
+ value: {get_param: [IPPool, {get_param: {{network.name}}NetName}, {get_param: NodeIndex}]}
+{%- endif %}
+ ip_subnet:
+ description: IP/Subnet CIDR for the {{network.name}} network IP
+ value:
+ list_join:
+ - ''
+ - - {get_param: [IPPool, {get_param: {{network.name}}NetName}, {get_param: NodeIndex}]}
+ - '/'
+ - {str_split: ['/', {get_param: {{network.name}}NetCidr}, 1]}
+
parameters:
StorageNetName:
- description: Name of the storage neutron network
+ description: The name of the storage network.
default: storage
type: string
PortName:
parameters:
StorageNetName:
- description: Name of the storage network
+ description: The name of the storage network.
default: storage
type: string
PortName:
parameters:
StorageNetName:
- description: Name of the storage network
+ description: The name of the storage network.
default: storage
type: string
PortName:
parameters:
StorageMgmtNetName:
- description: Name of the storage_mgmt API neutron network
+ description: The name of the Storage management network.
default: storage_mgmt
type: string
PortName:
parameters:
StorageMgmtNetName:
- description: Name of the storage MGMT network
+ description: The name of the Storage management network.
default: storage_mgmt
type: string
PortName:
type: number
StorageMgmtNetCidr:
default: '172.16.3.0/24'
- description: Cidr for the storage MGMT network.
+ description: Cidr for the storage management network.
type: string
outputs:
parameters:
StorageMgmtNetName:
- description: Name of the storage MGMT network
+ description: The name of the Storage management network.
default: storage_mgmt
type: string
PortName:
type: number
StorageMgmtNetCidr:
default: 'fd00:fd00:fd00:4000::/64'
- description: Cidr for the storage MGMT network.
+ description: Cidr for the storage management network.
type: string
outputs:
parameters:
StorageMgmtNetName:
- description: Name of the storage_mgmt API neutron network
+ description: The name of the Storage management network.
default: storage_mgmt
type: string
PortName:
parameters:
StorageNetName:
- description: Name of the storage neutron network
+ description: The name of the storage network.
default: storage
type: string
PortName:
parameters:
TenantNetName:
- description: Name of the tenant neutron network
+ description: The name of the tenant network.
default: tenant
type: string
PortName:
parameters:
TenantNetName:
- description: Name of the tenant network
+ description: The name of the tenant network.
default: tenant
type: string
PortName:
parameters:
TenantNetName:
- description: Name of the tenant network
+ description: The name of the tenant network.
default: tenant
type: string
PortName:
parameters:
TenantNetName:
- description: Name of the tenant neutron network
+ description: The name of the tenant network.
default: tenant
type: string
PortName:
type: string
NetworkName:
description: Name of the network where the VIP will be created
- default: internal_api
+ default: ctlplane
type: string
PortName:
description: Name of the port
type: string
NetworkName:
description: Name of the network where the VIP will be created
- default: internal_api
+ default: ctlplane
type: string
PortName:
description: Name of the port
# name: Name of the network (mandatory)
# name_lower: lowercase version of name used for filenames
# (optional, defaults to name.lower())
-# vlan: vlan for the network (optional)
-# gateway: gateway for the network (optional)
# enabled: Is the network enabled (optional, defaults to true)
+# ipv6: Does this network use IPv6 IPs? (optional, defaults to false)
+# (optional, may use parameter defaults in environment to set)
+# vlan: vlan for the network (optional)
# vip: Enable creation of a virtual IP on this network
-# [TODO] (dsneddon@redhat.com) - Enable dynamic creation of VIP ports, to support
-# VIPs on non-default networks. See https://bugs.launchpad.net/tripleo/+bug/1667104
+# [TODO] (dsneddon@redhat.com) - Enable dynamic creation of VIP ports,
+# to support VIPs on non-default networks.
+# See https://bugs.launchpad.net/tripleo/+bug/1667104
+# ip_subnet: IP/CIDR, e.g. '192.168.24.0/24' (optional, may use parameter defaults)
+# allocation_pools: IP range list e.g. [{'start':'10.0.0.4', 'end':'10.0.0.250}]
+# gateway_ip: gateway for the network (optional, may use parameter defaults)
+# NOTE: IP-related values set parameter defaults in templates, may be overridden.
+#
+# Example:
+# - name Example
+# vip: false
+# ip_subnet: '10.0.2.0/24'
+# allocation_pools: [{'start': '10.0.2.4', 'end': '10.0.2.250'}]
+# gateway_ip: '10.0.2.254'
#
+# TODO (dsneddon) remove existing templates from j2_excludes.yaml
+# and generate all templates dynamically.
+
- name: External
vip: true
name_lower: external
+ ip_subnet: '10.0.0.0/24'
+ allocation_pools: [{'start': '10.0.0.4', 'end': '10.0.0.250'}]
+ gateway_ip: '10.0.0.1'
- name: InternalApi
name_lower: internal_api
vip: true
+ ip_subnet: '172.16.2.0/24'
+ allocation_pools: [{'start': '172.16.2.4', 'end': '172.16.2.250'}]
- name: Storage
vip: true
name_lower: storage
+ ip_subnet: '172.16.1.0/24'
+ allocation_pools: [{'start': '172.16.1.4', 'end': '172.16.1.250'}]
- name: StorageMgmt
name_lower: storage_mgmt
vip: true
+ ip_subnet: '172.16.3.0/24'
+ allocation_pools: [{'start': '172.16.3.4', 'end': '172.16.3.250'}]
- name: Tenant
vip: false # Tenant network does not use VIPs
name_lower: tenant
+ ip_subnet: '172.16.0.0/24'
+ allocation_pools: [{'start': '172.16.0.4', 'end': '172.16.0.250'}]
- name: Management
# Management network is disabled by default
enabled: false
vip: false # Management network does not use VIPs
name_lower: management
+ ip_subnet: '10.0.1.0/24'
+ allocation_pools: [{'start': '10.0.1.4', 'end': '10.0.1.250'}]
OS::TripleO::Services::NeutronCorePluginNuage: puppet/services/neutron-plugin-nuage.yaml
OS::TripleO::Services::NeutronCorePluginNSX: puppet/services/neutron-plugin-nsx.yaml
OS::TripleO::Services::OVNDBs: OS::Heat::None
+ OS::TripleO::Services::OVNController: OS::Heat::None
OS::TripleO::Services::NeutronCorePluginMidonet: puppet/services/neutron-midonet.yaml
OS::TripleO::Services::NeutronOvsAgent: puppet/services/neutron-ovs-agent.yaml
CloudNameCtlplane:
default: overcloud.ctlplane.localdomain
description: >
- The DNS name of this cloud's storage management endpoint. E.g.
- 'ci-overcloud.management.tripleo.org'.
+ The DNS name of this cloud's provisioning network endpoint. E.g.
+ 'ci-overcloud.ctlplane.tripleo.org'.
type: string
ControlFixedIPs:
default: []
description: Neutron ID or name for ctlplane network.
NeutronPublicInterface:
default: nic1
- description: What interface to bridge onto br-ex for network nodes.
+ description: Which interface to add to the NeutronPhysicalBridge.
type: string
PublicVirtualFixedIPs:
default: []
parameter is generated from the parent template.
RoleParameters:
type: json
- description: Role Specific Parameters
+ description: Parameters specific to the role
default: {}
DeploymentSwiftDataMap:
type: json
parameter is generated from the parent template.
RoleParameters:
type: json
- description: Role Specific Parameters
+ description: Parameters specific to the role
default: {}
DeploymentSwiftDataMap:
type: json
parameter is generated from the parent template.
RoleParameters:
type: json
- description: Role Specific Parameters
+ description: Parameters specific to the role
default: {}
DeploymentSwiftDataMap:
type: json
parameter is generated from the parent template.
RoleParameters:
type: json
- description: Role Specific Parameters
+ description: Parameters specific to the role
default: {}
DeploymentSwiftDataMap:
type: json
parameter is generated from the parent template.
RoleParameters:
type: json
- description: Role Specific Parameters
+ description: Parameters specific to the role
default: {}
DeploymentSwiftDataMap:
type: json
parameter is generated from the parent template.
RoleParameters:
type: json
- description: Role Specific Parameters
+ description: Parameters specific to the role
default: {}
DeploymentSwiftDataMap:
type: json
type: string
constraints:
- allowed_values: ['naive', 'libvirt_metadata', 'workload_partitioning']
+ RedisPassword:
+ description: The password for the redis service account.
+ type: string
+ hidden: true
resources:
CeilometerServiceBase:
map_merge:
- get_attr: [CeilometerServiceBase, role_data, config_settings]
- ceilometer::agent::compute::instance_discovery_method: {get_param: InstanceDiscoveryMethod}
+ - ceilometer_redis_password: {get_param: RedisPassword}
compute_namespace: true
service_config_settings:
get_attr: [CeilometerServiceBase, role_data, service_config_settings]
description: >
A list of publishers to put in event_pipeline.yaml. When the
collector is used, override this with notifier:// publisher.
+ If zaqar is enabled, you can also publish to a zaqar queue
+ by including "zaqar://?queue=queue_name" in this list.
Set ManageEventPipeline to true for override to take effect.
type: comma_delimited_list
ManagePipeline:
description: Role data for iscsid
value:
service_name: iscsid
- config_setting: {}
+ config_settings: {}
step_config: |
include ::tripleo::profile::base::iscsid
via parameter_defaults in the resource registry.
type: json
NeutronMetadataProxySharedSecret:
- description: Metadata Secret
+ description: Shared secret to prevent spoofing
type: string
hidden: true
ContrailVrouterPhysicalInterface:
via parameter_defaults in the resource registry.
type: json
NeutronMetadataProxySharedSecret:
- description: Metadata Secret
+ description: Shared secret to prevent spoofing
type: string
+ hidden: true
ContrailVrouterPhysicalInterface:
default: 'eth0'
description: vRouter physical interface
via parameter_defaults in the resource registry.
type: json
NeutronMetadataProxySharedSecret:
- description: Metadata Secret
+ description: Shared secret to prevent spoofing
type: string
hidden: true
ContrailVrouterPhysicalInterface:
type: json
NeutronEnableL2Pop:
type: string
- description: >
- Enable/disable the L2 population feature in the Neutron agents.
+ description: Enable/disable the L2 population feature in the Neutron agents.
default: "False"
NeutronBridgeMappings:
description: >
default: "datacentre:br-ex"
NeutronTunnelTypes:
default: 'vxlan'
- description: |
- The tunnel types for the Neutron tenant network.
+ description: The tunnel types for the Neutron tenant network.
type: comma_delimited_list
NeutronAgentExtensions:
default: "qos"
OpenDaylightPortBindingController:
description: OpenDaylight port binding controller
type: string
- default: 'network-topology'
+ default: 'pseudo-agentdb-binding'
resources:
UpgradeLevelNovaCompute:
type: string
description: Nova Compute upgrade level
- default: auto
+ default: ''
MigrationSshKey:
type: json
description: >
UpgradeLevelNovaCompute:
type: string
description: Nova Compute upgrade level
- default: auto
+ default: ''
conditions:
nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]}
Required for VLAN deployments. For example physnet1 -> eth1.
type: comma_delimited_list
default: "datacentre:br-ex"
+ HostAllowedNetworkTypes:
+ description: Allowed tenant network types for this OVS host. Note this can
+ vary per host or role to constrain which hosts nova instances
+ and networks are scheduled to.
+ type: comma_delimited_list
+ default: ['local', 'vlan', 'vxlan', 'gre']
+ OvsEnableDpdk:
+ description: Whether or not to configure enable DPDK in OVS
+ default: false
+ type: boolean
+ OvsVhostuserMode:
+ description: Specify the mode for OVS with vhostuser port creation. In
+ client mode, the hypervisor will be responsible for creating
+ vhostuser sockets. In server mode, OVS will create them.
+ type: string
+ default: "client"
+ constraints:
+ - allowed_values: [ 'client', 'server' ]
+ VhostuserSocketDir:
+ description: Specify the directory to use for vhostuser sockets
+ type: string
+ default: "/var/run/openvswitch"
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
+ # Merging role-specific parameters (RoleParameters) with the default parameters.
+ # RoleParameters will have the precedence over the default parameters.
+ RoleParametersValue:
+ type: OS::Heat::Value
+ properties:
+ type: json
+ value:
+ map_replace:
+ - map_replace:
+ - neutron::plugins::ovs::opendaylight::allowed_network_types: HostAllowedNetworkTypes
+ neutron::plugins::ovs::opendaylight::enable_dpdk: OvsEnableDpdk
+ neutron::plugins::ovs::opendaylight::vhostuser_socket_dir: VhostuserSocketDir
+ neutron::plugins::ovs::opendaylight::vhostuser_mode: OvsVhostuserMode
+ neutron::plugins::ovs::opendaylight::provider_mappings: OpenDaylightProviderMappings
+ - values: {get_param: [RoleParameters]}
+ - values:
+ HostAllowedNetworkTypes: {get_param: HostAllowedNetworkTypes}
+ OvsEnableDpdk: {get_param: OvsEnableDpdk}
+ VhostuserSocketDir: {get_param: VhostuserSocketDir}
+ OvsVhostuserMode: {get_param: OvsVhostuserMode}
+ OpenDaylightProviderMappings: {get_param: OpenDaylightProviderMappings}
+
outputs:
role_data:
description: Role data for the OpenDaylight service.
opendaylight_check_url: {get_param: OpenDaylightCheckURL}
opendaylight::nb_connection_protocol: {get_param: OpenDaylightConnectionProtocol}
neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
- neutron::plugins::ovs::opendaylight::provider_mappings: {get_param: OpenDaylightProviderMappings}
tripleo.opendaylight_ovs.firewall_rules:
'118 neutron vxlan networks':
proto: 'udp'
'136 neutron gre networks':
proto: 'gre'
- get_attr: [Ovs, role_data, config_settings]
+ - get_attr: [RoleParametersValue, value]
step_config: |
include tripleo::profile::base::neutron::plugins::ovs::opendaylight
upgrade_tasks:
heat_template_version: pike
description: >
- OpenStack Neutron Compute OVN agent
+ OpenStack OVN Controller agent
parameters:
EndpointMap:
bridge on hosts - to a physical name 'datacentre' which can be used
to create provider networks (and we use this for the default floating
network) - if changing this either use different post-install network
- scripts or be sure to keep 'datacentre' as a mapping network name
+ scripts or be sure to keep 'datacentre' as a mapping network name.
type: comma_delimited_list
default: "datacentre:br-ex"
outputs:
role_data:
- description: Role data for the Neutron Compute OVN agent
+ description: Role data for the OVN Controller agent
value:
- service_name: neutron_compute_plugin_ovn
+ service_name: ovn_controller
config_settings:
ovn::southbound::port: {get_param: OVNSouthboundServerPort}
ovn::controller::ovn_encap_type: {get_param: OVNTunnelEncapType}
ovn::controller::ovn_encap_ip: {get_param: [ServiceNetMap, NeutronApiNetwork]}
ovn::controller::ovn_bridge_mappings: {get_param: NeutronBridgeMappings}
nova::compute::force_config_drive: true
- tripleo.neutron_compute_plugin_ovn.firewall_rules:
+ tripleo.ovn_controller.firewall_rules:
'118 neutron vxlan networks':
proto: 'udp'
dport: 4789
dport: 6081
step_config: |
include ::tripleo::profile::base::neutron::agents::ovn
+ upgrade_tasks:
+ - name: Check if ovn_controller is deployed
+ command: systemctl is-enabled ovn-controller
+ tags: common
+ ignore_errors: True
+ register: ovn_controller_enabled
+ - name: "PreUpgrade step0,validation: Check service ovn-controller is running"
+ shell: /usr/bin/systemctl show 'ovn-controller' --property ActiveState | grep '\bactive\b'
+ when: ovn_controller_enabled.rc == 0
+ tags: step0,validation
+ - name: Stop ovn-controller service
+ tags: step1
+ when: ovn_controller_enabled.rc == 0
+ service: name=ovn-controller state=stopped
- {get_param: OVNSouthboundServerPort}
step_config: |
include ::tripleo::profile::base::neutron::ovn_northd
+ upgrade_tasks:
+ - name: Check if ovn_northd is deployed
+ command: systemctl is-enabled ovn-northd
+ tags: common
+ ignore_errors: True
+ register: ovn_northd_enabled
+ - name: "PreUpgrade step0,validation: Check service ovn-northd is running"
+ shell: /usr/bin/systemctl show 'ovn-northd' --property ActiveState | grep '\bactive\b'
+ when: ovn_northd_enabled.rc == 0
+ tags: step0,validation
+ - name: Stop ovn-northd service
+ tags: step1
+ when: ovn_northd_enabled.rc == 0
+ service: name=ovn-northd state=stopped
--- /dev/null
+---
+features:
+ - Adds new environment file for deploying SRIOV
+ with OpenDaylight.
--- /dev/null
+---
+fixes:
+ - Setting the port-binding to be pseudo-agentdb-binding.
+ Networking-odl no longer supports network-topology
+features:
+ - Enables per role configuration of per host
+ configuration which allows an operator to dedicate
+ different compute roles to different network or
+ port types in OpenDaylight deployments.
--- /dev/null
+---
+features:
+ - Added support for DPDK with OvS2.7, which requires huge page
+ configuration (with reboot) to be available before enabling DPDK.
+
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::Tuned
- OS::TripleO::Services::Vpp
+ - OS::TripleO::Services::OVNController
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::Tuned
- OS::TripleO::Services::Vpp
+ - OS::TripleO::Services::OVNController
- OS::TripleO::Services::OpenDaylightApi
- OS::TripleO::Services::OpenDaylightOvs
- OS::TripleO::Services::OVNDBs
+ - OS::TripleO::Services::OVNController
- OS::TripleO::Services::Pacemaker
- OS::TripleO::Services::PankoApi
- OS::TripleO::Services::RabbitMQ
- OS::TripleO::Services::OpenDaylightApi
- OS::TripleO::Services::OpenDaylightOvs
- OS::TripleO::Services::OVNDBs
+ - OS::TripleO::Services::OVNController
- OS::TripleO::Services::Pacemaker
- OS::TripleO::Services::PankoApi
- OS::TripleO::Services::Redis
- OS::TripleO::Services::OpenDaylightApi
- OS::TripleO::Services::OpenDaylightOvs
- OS::TripleO::Services::OVNDBs
+ - OS::TripleO::Services::OVNController
- OS::TripleO::Services::Pacemaker
- OS::TripleO::Services::PankoApi
- OS::TripleO::Services::RabbitMQ
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::Tuned
- OS::TripleO::Services::Vpp
+ - OS::TripleO::Services::OVNController
###############################################################################
# Role: BlockStorage #
###############################################################################
Note %index% is translated into the index of the node, e.g 0/1/2 etc
and %stackname% is replaced with OS::stack_name in the template below.
If you want to use the heat generated names, pass '' (empty string).
+ -
+ name: predictable-placement/custom-domain
+ title: Custom Domain Name
+ files:
+ overcloud.yaml:
+ parameters:
+ - CloudDomain
+ - CloudName
+ - CloudNameInternal
+ - CloudNameStorage
+ - CloudNameStorageManagement
+ - CloudNameCtlplane
+ description: |
+ This environment contains the parameters that need to be set in order to
+ use a custom domain name and have all of the various FQDNs reflect it.
r_map = {}
for r in role_data:
r_map[r.get('name')] = r
+
+ n_map = {}
+ for n in network_data:
+ if (n.get('enabled') is not False):
+ n_map[n.get('name')] = n
+ if not n.get('name_lower'):
+ n_map[n.get('name')]['name_lower'] = n.get('name').lower()
+ else:
+ print("skipping %s network: network is disabled" % n.get('name'))
+
excl_templates = ['%s/%s' % (template_path, e)
for e in j2_excludes.get('name')]
for f in files:
file_path = os.path.join(subdir, f)
- # We do two templating passes here:
+ # We do three templating passes here:
# 1. *.role.j2.yaml - we template just the role name
# and create multiple files (one per role)
- # 2. *.j2.yaml - we template with all roles_data,
+ # 2 *.network.j2.yaml - we template the network name and
+ # data and create multiple files for networks and
+ # network ports (one per network)
+ # 3. *.j2.yaml - we template with all roles_data,
# and create one file common to all roles
if f.endswith('.role.j2.yaml'):
print("jinja2 rendering role template %s" % f)
else:
print('skipping rendering of %s' % out_f_path)
+
+ elif f.endswith('.network.j2.yaml'):
+ print("jinja2 rendering network template %s" % f)
+ with open(file_path) as j2_template:
+ template_data = j2_template.read()
+ print("jinja2 rendering networks %s" % ",".join(n_map))
+ for network in n_map:
+ j2_data = {'network': n_map[network]}
+ # Output file names in "<name>.yaml" format
+ out_f = os.path.basename(f).replace('.network.j2.yaml',
+ '.yaml')
+ if os.path.dirname(file_path).endswith('ports'):
+ out_f = out_f.replace('port',
+ n_map[network]['name_lower'])
+ else:
+ out_f = out_f.replace('network',
+ n_map[network]['name_lower'])
+ out_f_path = os.path.join(out_dir, out_f)
+ if not (out_f_path in excl_templates):
+ _j2_render_to_file(template_data, j2_data,
+ out_f_path)
+ else:
+ print('skipping rendering of %s' % out_f_path)
+
elif f.endswith('.j2.yaml'):
print("jinja2 rendering normal template %s" % f)
with open(file_path) as j2_template:
'ExternalAllocationPools': ['default'],
'StorageNetCidr': ['default'],
'StorageAllocationPools': ['default'],
- 'StorageMgmtNetCidr': ['default',
- # FIXME
- 'description'],
+ 'StorageMgmtNetCidr': ['default'],
'StorageMgmtAllocationPools': ['default'],
'TenantNetCidr': ['default'],
'TenantAllocationPools': ['default'],
'InternalApiNetCidr': ['default'],
+ 'InternalApiAllocationPools': ['default'],
'UpdateIdentifier': ['description'],
+ 'key_name': ['default'],
+ # There's one template that defines this
+ # differently, and I'm not sure if we can
+ # safely change it.
+ 'EC2MetadataIp': ['default'],
+ # Same as EC2MetadataIp
+ 'ControlPlaneDefaultRoute': ['default'],
# TODO(bnemec): Address these existing
# inconsistencies.
- 'NeutronMetadataProxySharedSecret': [
- 'description', 'hidden'],
'ServiceNetMap': ['description', 'default'],
- 'EC2MetadataIp': ['default'],
'network': ['default'],
'ControlPlaneIP': ['default',
'description'],
'ControlPlaneIp': ['default',
'description'],
'NeutronBigswitchLLDPEnabled': ['default'],
- 'NeutronEnableL2Pop': ['description'],
'NeutronWorkers': ['description'],
- 'TenantIpSubnet': ['description'],
- 'ExternalNetName': ['description'],
- 'ControlPlaneDefaultRoute': ['default'],
- 'StorageMgmtNetName': ['description'],
'ServerMetadata': ['description'],
- 'InternalApiIpUri': ['description'],
- 'UpgradeLevelNovaCompute': ['default'],
- 'StorageMgmtIpUri': ['description'],
'server': ['description'],
'servers': ['description'],
- 'FixedIPs': ['description'],
- 'ExternalIpSubnet': ['description'],
- 'NeutronBridgeMappings': ['description'],
'ExtraConfig': ['description'],
- 'InternalApiIpSubnet': ['description'],
'DefaultPasswords': ['description',
'default'],
'BondInterfaceOvsOptions': ['description',
'default',
'constraints'],
'KeyName': ['constraints'],
- 'TenantNetName': ['description'],
- 'StorageIpSubnet': ['description'],
'OVNSouthboundServerPort': ['description'],
'ExternalInterfaceDefaultRoute':
['description', 'default'],
- 'ExternalIpUri': ['description'],
'IPPool': ['description'],
- 'ControlPlaneNetwork': ['description'],
'SSLCertificate': ['description',
'default',
'hidden'],
'HostCpusList': ['default', 'constraints'],
- 'InternalApiAllocationPools': ['default'],
'NodeIndex': ['description'],
'name': ['description', 'default'],
- 'StorageNetName': ['description'],
- 'ManagementNetName': ['description'],
- 'NeutronPublicInterface': ['description'],
- 'RoleParameters': ['description'],
- 'ManagementInterfaceDefaultRoute':
- ['default'],
'image': ['description', 'default'],
'NeutronBigswitchAgentEnabled': ['default'],
'EndpointMap': ['description', 'default'],
'DockerManilaConfigImage': ['description',
'default'],
- 'NetworkName': ['default', 'description'],
- 'StorageIpUri': ['description'],
- 'InternalApiNetName': ['description'],
- 'NeutronTunnelTypes': ['description'],
'replacement_policy': ['default'],
- 'StorageMgmtIpSubnet': ['description'],
'CloudDomain': ['description', 'default'],
- 'key_name': ['default', 'description'],
'EnableLoadBalancer': ['description'],
'ControllerExtraConfig': ['description'],
'NovaComputeExtraConfig': ['description'],
return 0
+def search(item, check_item, check_key):
+ if check_item(item):
+ return True
+ elif isinstance(item, list):
+ for i in item:
+ if search(i, check_item, check_key):
+ return True
+ elif isinstance(item, dict):
+ for k in item.keys():
+ if check_key(k, item[k]):
+ return True
+ elif search(item[k], check_item, check_key):
+ return True
+ return False
+
+
def validate_mysql_connection(settings):
no_op = lambda *args: False
error_status = [0]
error_status[0] = 1
return False
- def search(item, check_item, check_key):
- if check_item(item):
- return True
- elif isinstance(item, list):
- for i in item:
- if search(i, check_item, check_key):
- return True
- elif isinstance(item, dict):
- for k in item.keys():
- if check_key(k, item[k]):
- return True
- elif search(item[k], check_item, check_key):
- return True
- return False
-
search(settings, no_op, validate_mysql_uri)
return error_status[0]
+def validate_docker_service_mysql_usage(filename, tpl):
+ no_op = lambda *args: False
+ included_res = []
+
+ def match_included_res(item):
+ is_config_setting = isinstance(item, list) and len(item) > 1 and \
+ item[1:] == ['role_data', 'config_settings']
+ if is_config_setting:
+ included_res.append(item[0])
+ return is_config_setting
+
+ def match_use_mysql_protocol(items):
+ return items == ['EndpointMap', 'MysqlInternal', 'protocol']
+
+ all_content = []
+
+ def read_all(incfile, inctpl):
+ # search for included content
+ content = inctpl['outputs']['role_data']['value'].get('config_settings',{})
+ all_content.append(content)
+ included_res[:] = []
+ if search(content, match_included_res, no_op):
+ files = [inctpl['resources'][x]['type'] for x in included_res]
+ # parse included content
+ for r, f in zip(included_res, files):
+ # disregard class names, only consider file names
+ if 'OS::' in f:
+ continue
+ newfile = os.path.normpath(os.path.dirname(incfile)+'/'+f)
+ newtmp = yaml.load(open(newfile).read())
+ read_all(newfile, newtmp)
+
+ read_all(filename, tpl)
+ if search(all_content, match_use_mysql_protocol, no_op):
+ # ensure this service includes the mysqlclient service
+ resources = tpl['resources']
+ mysqlclient = [x for x in resources
+ if resources[x]['type'].endswith('mysql-client.yaml')]
+ if len(mysqlclient) == 0:
+ print("ERROR: containerized service %s uses mysql but "
+ "resource mysql-client.yaml is not used"
+ % filename)
+ return 1
+
+ # and that mysql::client puppet module is included in puppet-config
+ match_mysqlclient = \
+ lambda x: x == [mysqlclient[0], 'role_data', 'step_config']
+ role_data = tpl['outputs']['role_data']
+ puppet_config = role_data['value']['puppet_config']['step_config']
+ if not search(puppet_config, match_mysqlclient, no_op):
+ print("ERROR: containerized service %s uses mysql but "
+ "puppet_config section does not include "
+ "::tripleo::profile::base::database::mysql::client"
+ % filename)
+ return 1
+
+ return 0
+
+
def validate_docker_service(filename, tpl):
if 'outputs' in tpl and 'role_data' in tpl['outputs']:
if 'value' not in tpl['outputs']['role_data']:
return 1
if 'puppet_config' in role_data:
+ if validate_docker_service_mysql_usage(filename, tpl):
+ print('ERROR: could not validate use of mysql service for %s.'
+ % filename)
+ return 1
puppet_config = role_data['puppet_config']
for key in puppet_config:
if key in REQUIRED_DOCKER_PUPPET_CONFIG_SECTIONS:
Code Review / apex-tripleo-heat-templates.git / commitdiff