deploy.sh 0000644 0001750 0001750 00000000226 13245343355 011711 0 ustar stack stack openstack overcloud deploy -r /home/stack/templates/roles_data.yaml --answers-file ~/answers.yaml --ntp-server a.ntp.br,b.ntp.br,c.ntp.br,pool.ntp.br
answers.yaml 0000644 0001750 0001750 00000003000 13251531145 012411 0 ustar stack stack templates: /home/stack/openstack-tripleo-heat-templates/
environments:
- /home/stack/templates/node-info.yaml
- /home/stack/templates/ports.yaml
- /home/stack/templates/compute-hci.yaml
- /home/stack/templates/overcloud_images.yaml
- /home/stack/templates/environment-file-1.yaml
- /home/stack/templates/cinder-dellps-config.yaml
- /usr/share/openstack-tripleo-heat-templates/environments/cinder-backup.yaml
- /usr/share/openstack-tripleo-heat-templates/environments/ceph-ansible/ceph-ansible.yaml
- /usr/share/openstack-tripleo-heat-templates/environments/ceph-ansible/ceph-rgw.yaml
- /home/stack/templates/storage-config.yaml
- /home/stack/templates/ceph-config.yaml
- /home/stack/templates/ceph-config-per_node.yaml
- /home/stack/openstack-tripleo-heat-templates/environments/network-isolation.yaml
- /home/stack/templates/network-environment.yaml
- /usr/share/openstack-tripleo-heat-templates/environments/tls-endpoints-public-dns.yaml
- /home/stack/templates/rhel-registration/environment-rhel-registration.yaml
- /home/stack/templates/rhel-registration/rhel-registration-resource-registry.yaml
- /home/stack/templates/enable-tls.yaml
- /usr/share/openstack-tripleo-heat-templates/environments/services/ironic.yaml
- /home/stack/templates/ironic.yaml
- /home/stack/templates/fencing.yaml
- /usr/share/openstack-tripleo-heat-templates/environments/services/octavia.yaml
- /usr/share/openstack-tripleo-heat-templates/environments/auditd.yaml
- /home/stack/templates/remove_manila.yaml
answers-complete-19-01-09.yaml 0000644 0001750 0001750 00000002341 13245343355 015130 0 ustar stack stack templates: /home/stack/openstack-tripleo-heat-templates/
environments:
- /home/stack/templates/node-info.yaml
- /home/stack/templates/ports.yaml
- /home/stack/templates/compute-hci.yaml
- /home/stack/templates/overcloud_images.yaml
- /home/stack/templates/environment-file-1.yaml
- /home/stack/templates/cinder-dellps-config.yaml
- /home/stack/openstack-tripleo-heat-templates/environments/cinder-backup.yaml
- /home/stack/openstack-tripleo-heat-templates/environments/ceph-ansible/ceph-ansible.yaml
- /home/stack/openstack-tripleo-heat-templates/environments/ceph-ansible/ceph-rgw.yaml
- /home/stack/templates/storage-config.yaml
- /home/stack/templates/ceph-config.yaml
- /home/stack/openstack-tripleo-heat-templates/environments/network-isolation.yaml
- /home/stack/templates/network-environment.yaml
- /home/stack/openstack-tripleo-heat-templates/environments/tls-endpoints-public-dns.yaml
- /home/stack/templates/rhel-registration/environment-rhel-registration.yaml
- /home/stack/templates/rhel-registration/rhel-registration-resource-registry.yaml
- /home/stack/templates/enable-tls.yaml
- /home/stack/openstack-tripleo-heat-templates/environments/services/ironic.yaml
- /home/stack/templates/ironic.yaml
templates/ 0000755 0001750 0001750 00000000000 13245570310 012050 5 ustar stack stack templates/ceph-numa-pinning-template.yaml 0000644 0001750 0001750 00000000765 13245343354 020100 0 ustar stack stack heat_template_version: 2014-10-16
parameters:
servers:
type: json
resources:
ExtraConfig:
type: OS::Heat::SoftwareConfig
properties:
group: script
inputs:
- name: OSD_NUMA_INTERFACE
config: {get_file: numa-systemd-osd.sh}
ExtraDeployments:
type: OS::Heat::SoftwareDeployments
properties:
servers: {get_param: servers}
config: {get_resource: ExtraConfig}
input_values:
OSD_NUMA_INTERFACE: 'em2'
actions: ['CREATE']
templates/cinder-dellps-config.yaml 0000644 0001750 0001750 00000002370 13245343354 016734 0 ustar stack stack # Copyright (c) 2016-2017 Dell Inc, or its subsidiaries.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# A Heat environment file which can be used to enable a
# a Cinder Dell EMC PS Series backend, configured via puppet
resource_registry:
OS::TripleO::Services::CinderBackendDellPs: /usr/share/openstack-tripleo-heat-templates/puppet/services/cinder-backend-dellps.yaml
parameter_defaults:
CinderEnableDellPsBackend: true
CinderDellPsBackendName: 'tripleo_dellps'
CinderDellPsSanIp: '172.18.0.201'
CinderDellPsSanLogin: 'vdcstor'
CinderDellPsSanPassword: 'aGr#pfeopG'
CinderDellPsSanThinProvision: true
CinderDellPsGroupname: 'STOS01'
CinderDellPsPool: 'default'
CinderDellPsChapLogin: ''
CinderDellPsChapPassword: ''
CinderDellPsUseChap: false
templates/compute-hci.yaml 0000644 0001750 0001750 00000000213 13245343354 015153 0 ustar stack stack parameter_defaults:
ComputeHCIParameters:
NovaReservedHostMemory: 60000
ComputeHCIExtraConfig:
nova::cpu_allocation_ratio: 9.2
templates/enable-tls.yaml 0000644 0001750 0001750 00000016171 13245343354 014776 0 ustar stack stack # Use this environment to pass in certificates for SSL deployments.
# For these values to take effect, one of the tls-endpoints-*.yaml environments
# must also be used.
parameter_defaults:
SSLCertificate: |
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgIQVKLKi6Crkfx4EE+XxeW/1TANBgkqhkiG9w0BAQsFADBC
MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMS
UmFwaWRTU0wgU0hBMjU2IENBMB4XDTE3MDMyNzAwMDAwMFoXDTE4MDMyNzIzNTk1
OVowITEfMB0GA1UEAwwWd3d3LnZkYXRhY2VudGVyLmNvbS5icjCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAMXqRRWwIUTFfTfFyy/O7cOjs4QOWOkCbqI1
D/4kIYcyGIbMM9wx/shUtFKd47vxI2WqCPr3aQIQo0igw+KMQ/wZ5XvRQNey+t0z
4LFfmvRfGhNLfdUjhKMsx+yW2V8jKlk6UAvxRFAqnGN6KstB9Na7VCoBCI74tmAh
KPD6u5Lb0paXCQAFiySFU0CiROS776GNuGhLQBhJ4kxML9M0EunnoM5D+A4dsFXz
SLozZWvdNrY7oxH25SjkPLeFrlj+AGDT8EzGhIzkyy//CpJf8iQGAfiY3o+QHbVO
hCQ76ZmiqPU2HqHsSa41pSMIpsXvDT1kf2Bx78ZToh+SvU5ZxD8CAwEAAaOCApUw
ggKRMDUGA1UdEQQuMCyCFnd3dy52ZGF0YWNlbnRlci5jb20uYnKCEnZkYXRhY2Vu
dGVyLmNvbS5icjAJBgNVHRMEAjAAMCsGA1UdHwQkMCIwIKAeoByGGmh0dHA6Ly9n
cC5zeW1jYi5jb20vZ3AuY3JsMG8GA1UdIARoMGYwZAYGZ4EMAQIBMFowKgYIKwYB
BQUHAgEWHmh0dHBzOi8vd3d3LnJhcGlkc3NsLmNvbS9sZWdhbDAsBggrBgEFBQcC
AjAgDB5odHRwczovL3d3dy5yYXBpZHNzbC5jb20vbGVnYWwwHwYDVR0jBBgwFoAU
l8InUJ7CyewMiDLIfK3ipgFP2m8wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQG
CCsGAQUFBwMBBggrBgEFBQcDAjBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGG
E2h0dHA6Ly9ncC5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9ncC5zeW1j
Yi5jb20vZ3AuY3J0MIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHYA3esdK3oNT6Yg
i4GtgWhwfi6OnQHVXIiNPRHEzbbsvswAAAFbEZ45rwAABAMARzBFAiEAttzE4bZ0
8PrHpblxbaNw9lEcf0JlkPPGO0qjNXVqJ9kCIHWjS0R+CuO+WetJ1fLiqHVs+0TN
7vmJlnaWUOQap6E0AHYApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAA
AAFbEZ45ygAABAMARzBFAiBTJrzO6hXYMGBPErOMs2f4GxIs21+VrS/+oTE4nmkk
cQIhAMTsXn1WNb6wtQoP/V6RXUv92MPCsLxp/0eHsnCnqVCnMA0GCSqGSIb3DQEB
CwUAA4IBAQCOdbhn+X97FA3HF+gpD2wrWWfEnp9zTqHzFmn7CEnzFPFo/4H+W5PY
Ux5exD09VCCmUQbaP2d5hGsBtFXImPBHs+PQHautZ7Jo9lSrKjzImiNVv3nRquhh
AL+tKloMDNxggXS6rEP8QjXHgIs8fZJYO3PVMfSo5xdczw/pvvcOAcTAgcjvn9dt
I0AqApSO4MF1PM3RrpTl3DqGOWgbVeBEZOB5PrlCt678st6a5x6zwlJnx9H4tvH5
rbzJ5BcNS/H82iZEX2pNuSviuY4chHkU25MWYEat+OTw4OmD+grdl0tpwym+NWlc
jWvrOW/hRHTauOGIR6WKpR15uZYkQlKC
-----END CERTIFICATE-----
SSLIntermediateCertificate: |
-----BEGIN CERTIFICATE-----
MIIDfTCCAuagAwIBAgIDErvmMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT
MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0
aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDIwNTIxMDQwMDAwWhcNMTgwODIxMDQwMDAw
WjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UE
AxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9m
OSm9BXiLnTjoBbdqfnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIu
T8rxh0PBFpVXLVDviS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6c
JmTM386DGXHKTubU1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmR
Cw7+OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5asz
PeE4uwc2hGKceeoWMPRfwCvocWvk+QIDAQABo4HwMIHtMB8GA1UdIwQYMBaAFEjm
aPkr0rKV10fYIyAQTzOYkJ/UMB0GA1UdDgQWBBTAephojYn7qwVkDBF9qn1luMrM
TjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjA6BgNVHR8EMzAxMC+g
LaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDBO
BgNVHSAERzBFMEMGBFUdIAAwOzA5BggrBgEFBQcCARYtaHR0cHM6Ly93d3cuZ2Vv
dHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5MA0GCSqGSIb3DQEBBQUAA4GB
AHbhEm5OSxYShjAGsoEIz/AIx8dxfmbuwu3UOx//8PDITtZDOLC5MH0Y0FWDomrL
NhGc6Ehmo21/uBPUR/6LWlxz/K7ZGzIZOKuXNBSqltLroxwUCEm2u+WR74M26x1W
b8ravHNjkOR/ez4iyz0H7V84dJzjA1BOoa+Y7mHyhD8S
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIETTCCAzWgAwIBAgIDAjpxMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
YWwgQ0EwHhcNMTMxMjExMjM0NTUxWhcNMjIwNTIwMjM0NTUxWjBCMQswCQYDVQQG
EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSUmFwaWRTU0wg
U0hBMjU2IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu1jBEgEu
l9h9GKrIwuWF4hdsYC7JjTEFORoGmFbdVNcRjFlbPbFUrkshhTIWX1SG5tmx2GCJ
a1i+ctqgAEJ2sSdZTM3jutRc2aZ/uyt11UZEvexAXFm33Vmf8Wr3BvzWLxmKlRK6
msrVMNI4/Bk7WxU7NtBDTdFlodSLwWBBs9ZwF8w5wJwMoD23ESJOztmpetIqYpyg
C04q18NhWoXdXBC5VD0tA/hJ8LySt7ecMcfpuKqCCwW5Mc0IW7siC/acjopVHHZD
dvDibvDfqCl158ikh4tq8bsIyTYYZe5QQ7hdctUoOeFTPiUs2itP3YqeUFDgb5rE
1RkmiQF1cwmbOwIDAQABo4IBSjCCAUYwHwYDVR0jBBgwFoAUwHqYaI2J+6sFZAwR
fap9ZbjKzE4wHQYDVR0OBBYEFJfCJ1CewsnsDIgyyHyt4qYBT9pvMBIGA1UdEwEB
/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgEGMDYGA1UdHwQvMC0wK6ApoCeGJWh0
dHA6Ly9nMS5zeW1jYi5jb20vY3Jscy9ndGdsb2JhbC5jcmwwLwYIKwYBBQUHAQEE
IzAhMB8GCCsGAQUFBzABhhNodHRwOi8vZzIuc3ltY2IuY29tMEwGA1UdIARFMEMw
QQYKYIZIAYb4RQEHNjAzMDEGCCsGAQUFBwIBFiVodHRwOi8vd3d3Lmdlb3RydXN0
LmNvbS9yZXNvdXJjZXMvY3BzMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFTeW1h
bnRlY1BLSS0xLTU2OTANBgkqhkiG9w0BAQsFAAOCAQEANevhiyBWlLp6vXmp9uP+
bji0MsGj21hWID59xzqxZ2nVeRQb9vrsYPJ5zQoMYIp0TKOTKqDwUX/N6fmS/Zar
RfViPT9gRlATPSATGC6URq7VIf5Dockj/lPEvxrYrDrK3maXI67T30pNcx9vMaJR
BBZqAOv5jUOB8FChH6bKOvMoPF9RrNcKRXdLDlJiG9g4UaCSLT+Qbsh+QJ8gRhVd
4FB84XavXu0R0y8TubglpK9YCa81tGJUheNI3rzSkHp6pIQNo0LyUcDUrVNlXWz4
Px8G8k/Ll6BKWcZ40egDuYVtLLrhX7atKz4lecWLVtXjCYDqwSfC2Q7sRwrp0Mr8
2A==
-----END CERTIFICATE-----
SSLKey: |
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAxepFFbAhRMV9N8XLL87tw6OzhA5Y6QJuojUP/iQhhzIYhswz
3DH+yFS0Up3ju/EjZaoI+vdpAhCjSKDD4oxD/Bnle9FA17L63TPgsV+a9F8aE0t9
1SOEoyzH7JbZXyMqWTpQC/FEUCqcY3oqy0H01rtUKgEIjvi2YCEo8Pq7ktvSlpcJ
AAWLJIVTQKJE5LvvoY24aEtAGEniTEwv0zQS6eegzkP4Dh2wVfNIujNla902tjuj
EfblKOQ8t4WuWP4AYNPwTMaEjOTLL/8Kkl/yJAYB+Jjej5AdtU6EJDvpmaKo9TYe
oexJrjWlIwimxe8NPWR/YHHvxlOiH5K9TlnEPwIDAQABAoIBAEJvTDdmgxRhspG5
LGZk8Lz+Q3Etm7zDmz2J0E9/8109fKwq+bGNerfmbw1YgKyC2l3zAMa1rCMMULM9
e+OdL+j9DGJOsJR3OOxt0JvZutsS3V7itV+JZ6mai5WoYVklJb8D6wDHQSYj15Ew
3hKSlkxKX4smA6hyZk3Ic8TIdZRq67NqbuZKz6Jhr3FCdDomUxwCVuCGBL3Q/PTZ
OzZ4Ugn70UB3sj4DI6DlQHwm9Xl4UQIqGb1Lh8C7qBwVYwXnaWrFMG8eLTJyiPA7
Dzm8HyqEJ4Dh25PU5oy3+QSRaEHCNxgVBDiVY/VDPjoHkMbJxdHuSVltnihBVsa2
gvB8XdECgYEA+zZTejlDUFj68oOK8jaTsdGPbhYUun3zcKQbRKDCGuCbhT8xv8pf
DnitAGWMCsQcR60y0D+ajX293vv3p3OvJKc41G4/eBFS1YwdnEco3rCQl9R32pgd
UMPJXRfAyRm4PjI6/a3qfSAk/Ks9o8QzxmBcu1uOTVEgAOXR1P3tDIkCgYEAya/n
vS0G70rtBp+I28R7YlBC9gB3C52BjLb0xFVTjkbVuQmhq8+LvJgJUvZL8GTSF7Nc
xe9hRqQF+IqOxTysOp8r5IhBkqYYL8Tn9yheyD74+C48uq5Z/3avyBLjUGglzUO0
/VlShJK6p98MsU/JEjLCEa/hz/uaHZOrIJQc6IcCgYEAnLPRtM9dlxQ6TecSWG8F
CIoRb3lkqsSAg8ZKoC+rhTqQqLi33sxtKUjLmhC+H8UfYvK+XLsgPJywQRVp8dGu
8i1BvPmcq9galM0Xd3HII8l+GMfXj8sNlmDbDjAP+SILFPkeZToEqNLRX6+t/qcY
KOnZTqIZDU/Kp+S0VKmlIgkCgYEAwGfQoxdmizgmYPAnBsktj//TsY2GBA2xfkU3
wmlIOe33i/vVQOvRegxssLmIfoAgMT4KHkYcveBSVeYRB7a284HPxMf8DmPnpQKq
7I2VxmDU8SZjBxC3iM94KF1kf9urXGPgMOVapGC6MtXF7Q2ZW4QSwf7RZLG5N8gd
NAo4fdcCgYEAtZpSMs2qYule/FEhYst8zvqTNUB9fwHe8gilQfmwBPin5JagQ0oS
h6r5me7R3uYo8mV+vC9XInJJB7CVzsqibxQz/19HpoegwIV1rD6h7BZigJyP2J8O
prmxMfM29LXccJHfXVdbIlz2mBAqMiDYa8RuBC5d+LCZE5OMOslGfLw=
-----END RSA PRIVATE KEY-----
resource_registry:
OS::TripleO::NodeTLSData: /usr/share/openstack-tripleo-heat-templates/puppet/extraconfig/tls/tls-cert-inject.yaml
templates/environment-file-1.yaml 0000644 0001750 0001750 00000000323 13245343354 016357 0 ustar stack stack parameter_defaults:
CloudName: vdatacenter.com.br
DnsServers: ["187.108.193.3"]
TimeZone: 'America/Sao_Paulo'
ExtraConfig:
snmp::ro_community: datacenter2314
snmp::ro_community6: datacenter23146
templates/ironic.yaml 0000644 0001750 0001750 00000000501 13245343354 014221 0 ustar stack stack parameter_defaults:
NovaSchedulerDefaultFilters:
- RetryFilter
- AggregateInstanceExtraSpecsFilter
- AvailabilityZoneFilter
- RamFilter
- DiskFilter
- ComputeFilter
- ComputeCapabilitiesFilter
- ImagePropertiesFilter
IronicCleaningDiskErase: full
templates/network-environment.yaml 0000644 0001750 0001750 00000005322 13245343354 016777 0 ustar stack stack # This template configures each role to use a pair of bonded nics (nic2 and
# nic3) and configures an IP address on each relevant isolated network
# for each role. This template assumes use of network-isolation.yaml.
#
# FIXME: if/when we add functionality to heatclient to include heat
# environment files we should think about using it here to automatically
# include network-isolation.yaml.
resource_registry:
OS::TripleO::BlockStorage::Net::SoftwareConfig: /home/stack/templates/nic-configs/cinder-storage.yaml
OS::TripleO::Compute::Net::SoftwareConfig: /home/stack/templates/nic-configs/compute.yaml
OS::TripleO::Controller::Net::SoftwareConfig: /home/stack/templates/nic-configs/controller.yaml
OS::TripleO::ObjectStorage::Net::SoftwareConfig: /home/stack/templates/nic-configs/swift-storage.yaml
OS::TripleO::CephStorage::Net::SoftwareConfig: /home/stack/templates/nic-configs/ceph-storage.yaml
OS::TripleO::ComputeHCI::Net::SoftwareConfig: /home/stack/templates/nic-configs/compute-hci.yaml
parameter_defaults:
InternalApiNetCidr: 172.16.0.0/24
TenantNetCidr: 172.17.0.0/24
StorageNetCidr: 172.18.0.0/24
StorageMgmtNetCidr: 172.19.0.0/24
ManagementNetCidr: 172.20.0.0/24
ExternalNetCidr: 177.93.104.0/21
InternalApiAllocationPools: [{'start': '172.16.0.10', 'end': '172.16.0.200'}]
TenantAllocationPools: [{'start': '172.17.0.10', 'end': '172.17.0.200'}]
StorageAllocationPools: [{'start': '172.18.0.10', 'end': '172.18.0.200'}]
StorageMgmtAllocationPools: [{'start': '172.19.0.10', 'end': '172.19.0.200'}]
ManagementAllocationPools: [{'start': '172.20.0.10', 'end': '172.20.0.200'}]
# Leave room for floating IPs in the External allocation pool
ExternalAllocationPools: [{'start': '177.93.104.10', 'end': '177.93.104.63'}]
# Set to the router gateway on the external network
ExternalInterfaceDefaultRoute: 177.93.104.1
# Gateway router for the provisioning network (or Undercloud IP)
ControlPlaneDefaultRoute: 192.168.24.1
# The IP address of the EC2 metadata server. Generally the IP of the Undercloud
EC2MetadataIp: 192.168.24.1
# Define the DNS servers (maximum 2) for the overcloud nodes
DnsServers: ["187.108.193.3","8.8.8.8"]
InternalApiNetworkVlanID: 201
StorageNetworkVlanID: 202
StorageMgmtNetworkVlanID: 203
TenantNetworkVlanID: 204
ManagementNetworkVlanID: 205
ExternalNetworkVlanID: 100
NeutronExternalNetworkBridge: "''"
NeutronNetworkType: 'vxlan'
NeutronTunnelTypes: 'vxlan'
BondInterfaceOvsOptions:
"lacp=active bond_mode=balance-tcp other-config:lacp-fallback-ab=true"
NeutronBridgeMappings: datacentre:br-ex,baremetal:br-baremetal
NeutronFlatNetworks: datacentre,baremetal
controllerExtraConfig:
neutron::agents::dhcp::enable_isolated_metadata: true
templates/nic-configs/ 0000755 0001750 0001750 00000000000 13245343354 014255 5 ustar stack stack templates/nic-configs/README.md 0000644 0001750 0001750 00000004120 13245343354 015531 0 ustar stack stack This directory contains Heat templates to help configure
Vlans on a bonded pair of NICs for each Overcloud role.
There are two versions of the controller role template, one with
an external network interface, and another without. If the
external network interface is not configured, the ctlplane address
ranges will be used for external (public) network traffic.
Configuration
-------------
To make use of these templates create a Heat environment that looks
something like this:
resource\_registry:
OS::TripleO::BlockStorage::Net::SoftwareConfig: network/config/bond-with-vlans/cinder-storage.yaml
OS::TripleO::Compute::Net::SoftwareConfig: network/config/bond-with-vlans/compute.yaml
OS::TripleO::Controller::Net::SoftwareConfig: network/config/bond-with-vlans/controller.yaml
OS::TripleO::ObjectStorage::Net::SoftwareConfig: network/config/bond-with-vlans/swift-storage.yaml
OS::TripleO::CephStorage::Net::SoftwareConfig: network/config/bond-with-vlans/ceph-storage.yaml
Or use this Heat environment file:
environments/net-bond-with-vlans.yaml
Configuration with no External Network
--------------------------------------
Same as above except set the following value for the controller role:
OS::TripleO::Controller::Net::SoftwareConfig: network/config/bond-with-vlans/controller-no-external.yaml
Configuration with System Management Network
--------------------------------------------
To enable the optional System Management network, create a Heat environment
that looks something like this:
resource\_registry:
OS::TripleO::Network::Management: ../network/management.yaml
OS::TripleO::Controller::Ports::ManagementPort: ../network/ports/management.yaml
OS::TripleO::Compute::Ports::ManagementPort: ../network/ports/management.yaml
OS::TripleO::CephStorage::Ports::ManagementPort: ../network/ports/management.yaml
OS::TripleO::SwiftStorage::Ports::ManagementPort: ../network/ports/management.yaml
OS::TripleO::BlockStorage::Ports::ManagementPort: ../network/ports/management.yaml
Or use this Heat environment file:
environments/network-management.yaml
templates/nic-configs/ceph-storage.yaml 0000644 0001750 0001750 00000013402 13245343354 017522 0 ustar stack stack heat_template_version: pike
description: >
Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the ceph storage role.
parameters:
ControlPlaneIp:
default: ''
description: IP address/subnet on the ctlplane network
type: string
ExternalIpSubnet:
default: ''
description: IP address/subnet on the external network
type: string
InternalApiIpSubnet:
default: ''
description: IP address/subnet on the internal_api network
type: string
StorageIpSubnet:
default: ''
description: IP address/subnet on the storage network
type: string
StorageMgmtIpSubnet:
default: ''
description: IP address/subnet on the storage_mgmt network
type: string
TenantIpSubnet:
default: ''
description: IP address/subnet on the tenant network
type: string
ManagementIpSubnet: # Only populated when including environments/network-management.yaml
default: ''
description: IP address/subnet on the management network
type: string
BondInterfaceOvsOptions:
default: ''
description: 'The ovs_options or bonding_options string for the bond
interface. Set things like lacp=active and/or bond_mode=balance-slb
for OVS bonds or like mode=4 for Linux bonds using this option.'
type: string
ExternalNetworkVlanID:
default: 10
description: Vlan ID for the external network traffic.
type: number
InternalApiNetworkVlanID:
default: 20
description: Vlan ID for the internal_api network traffic.
type: number
StorageNetworkVlanID:
default: 30
description: Vlan ID for the storage network traffic.
type: number
StorageMgmtNetworkVlanID:
default: 40
description: Vlan ID for the storage mgmt network traffic.
type: number
TenantNetworkVlanID:
default: 50
description: Vlan ID for the tenant network traffic.
type: number
ManagementNetworkVlanID:
default: 60
description: Vlan ID for the management network traffic.
type: number
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
type: string
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
ExternalInterfaceDefaultRoute: # Not used by default in this template
default: 10.0.0.1
description: The default route of the external network.
type: string
ManagementInterfaceDefaultRoute: # Commented out by default in this template
default: unset
description: The default route of the management network.
type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
type: comma_delimited_list
EC2MetadataIp: # Override this via parameter_defaults
description: The IP address of the EC2 metadata server.
type: string
resources:
OsNetConfigImpl:
type: OS::Heat::SoftwareConfig
properties:
group: script
config:
str_replace:
template:
get_file: /usr/share/openstack-tripleo-heat-templates/network/scripts/run-os-net-config.sh
params:
$network_config:
network_config:
- type: interface
name: em1
mtu: 1500
use_dhcp: false
dns_servers:
get_param: DnsServers
addresses:
- ip_netmask:
list_join:
- /
- - get_param: ControlPlaneIp
- get_param: ControlPlaneSubnetCidr
routes:
- ip_netmask: 169.254.169.254/32
next_hop:
get_param: EC2MetadataIp
- default: true
next_hop:
get_param: ControlPlaneDefaultRoute
- type: ovs_bridge
name: br-bond
members:
- type: ovs_bond
name: bond1
mtu: 9000
ovs_options:
get_param: BondInterfaceOvsOptions
members:
- type: interface
name: nic2
mtu: 9000
primary: true
- type: interface
name: nic3
mtu: 9000
- type: vlan
device: bond1
mtu: 9000
vlan_id:
get_param: StorageNetworkVlanID
addresses:
- ip_netmask:
get_param: StorageIpSubnet
- type: vlan
device: bond1
mtu: 9000
vlan_id:
get_param: StorageMgmtNetworkVlanID
addresses:
- ip_netmask:
get_param: StorageMgmtIpSubnet
# Uncomment when including environments/network-management.yaml
# If setting default route on the Management interface, comment
# out the default route on the Control Plane.
#-
# type: vlan
# device: bond1
# vlan_id: {get_param: ManagementNetworkVlanID}
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
# routes:
# -
# default: true
# next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
description: The OsNetConfigImpl resource.
value:
get_resource: OsNetConfigImpl
templates/nic-configs/cinder-storage.yaml 0000644 0001750 0001750 00000013535 13245343354 020056 0 ustar stack stack heat_template_version: pike
description: >
Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the cinder storage role.
parameters:
ControlPlaneIp:
default: ''
description: IP address/subnet on the ctlplane network
type: string
ExternalIpSubnet:
default: ''
description: IP address/subnet on the external network
type: string
InternalApiIpSubnet:
default: ''
description: IP address/subnet on the internal_api network
type: string
StorageIpSubnet:
default: ''
description: IP address/subnet on the storage network
type: string
StorageMgmtIpSubnet:
default: ''
description: IP address/subnet on the storage_mgmt network
type: string
TenantIpSubnet:
default: ''
description: IP address/subnet on the tenant network
type: string
ManagementIpSubnet: # Only populated when including environments/network-management.yaml
default: ''
description: IP address/subnet on the management network
type: string
BondInterfaceOvsOptions:
default: ''
description: 'The ovs_options or bonding_options string for the bond
interface. Set things like lacp=active and/or bond_mode=balance-slb
for OVS bonds or like mode=4 for Linux bonds using this option.'
type: string
ExternalNetworkVlanID:
default: 10
description: Vlan ID for the external network traffic.
type: number
InternalApiNetworkVlanID:
default: 20
description: Vlan ID for the internal_api network traffic.
type: number
StorageNetworkVlanID:
default: 30
description: Vlan ID for the storage network traffic.
type: number
StorageMgmtNetworkVlanID:
default: 40
description: Vlan ID for the storage mgmt network traffic.
type: number
TenantNetworkVlanID:
default: 50
description: Vlan ID for the tenant network traffic.
type: number
ManagementNetworkVlanID:
default: 60
description: Vlan ID for the management network traffic.
type: number
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
type: string
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
ExternalInterfaceDefaultRoute: # Not used by default in this template
default: 10.0.0.1
description: The default route of the external network.
type: string
ManagementInterfaceDefaultRoute: # Commented out by default in this template
default: unset
description: The default route of the management network.
type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
type: comma_delimited_list
EC2MetadataIp: # Override this via parameter_defaults
description: The IP address of the EC2 metadata server.
type: string
resources:
OsNetConfigImpl:
type: OS::Heat::SoftwareConfig
properties:
group: script
config:
str_replace:
template:
get_file: /usr/share/openstack-tripleo-heat-templates/network/scripts/run-os-net-config.sh
params:
$network_config:
network_config:
- type: interface
name: nic1
use_dhcp: false
dns_servers:
get_param: DnsServers
addresses:
- ip_netmask:
list_join:
- /
- - get_param: ControlPlaneIp
- get_param: ControlPlaneSubnetCidr
routes:
- ip_netmask: 169.254.169.254/32
next_hop:
get_param: EC2MetadataIp
- default: true
next_hop:
get_param: ControlPlaneDefaultRoute
- type: ovs_bridge
name: br-bond
members:
- type: ovs_bond
name: bond1
ovs_options:
get_param: BondInterfaceOvsOptions
members:
- type: interface
name: nic2
primary: true
- type: interface
name: nic3
- type: vlan
device: bond1
vlan_id:
get_param: InternalApiNetworkVlanID
addresses:
- ip_netmask:
get_param: InternalApiIpSubnet
- type: vlan
device: bond1
vlan_id:
get_param: StorageNetworkVlanID
addresses:
- ip_netmask:
get_param: StorageIpSubnet
- type: vlan
device: bond1
vlan_id:
get_param: StorageMgmtNetworkVlanID
addresses:
- ip_netmask:
get_param: StorageMgmtIpSubnet
# Uncomment when including environments/network-management.yaml
# If setting default route on the Management interface, comment
# out the default route on the Control Plane.
#-
# type: vlan
# device: bond1
# vlan_id: {get_param: ManagementNetworkVlanID}
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
# routes:
# -
# default: true
# next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
description: The OsNetConfigImpl resource.
value:
get_resource: OsNetConfigImpl
templates/nic-configs/compute-dpdk.yaml 0000644 0001750 0001750 00000014550 13245343354 017542 0 ustar stack stack heat_template_version: pike
description: >
Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the compute role.
parameters:
ControlPlaneIp:
default: ''
description: IP address/subnet on the ctlplane network
type: string
ExternalIpSubnet:
default: ''
description: IP address/subnet on the external network
type: string
InternalApiIpSubnet:
default: ''
description: IP address/subnet on the internal_api network
type: string
StorageIpSubnet:
default: ''
description: IP address/subnet on the storage network
type: string
StorageMgmtIpSubnet:
default: ''
description: IP address/subnet on the storage_mgmt network
type: string
TenantIpSubnet:
default: ''
description: IP address/subnet on the tenant network
type: string
ManagementIpSubnet: # Only populated when including environments/network-management.yaml
default: ''
description: IP address/subnet on the management network
type: string
BondInterfaceOvsOptions:
default: ''
description: 'The ovs_options or bonding_options string for the bond
interface. Set things like lacp=active and/or bond_mode=balance-slb
for OVS bonds or like mode=4 for Linux bonds using this option.'
type: string
ExternalNetworkVlanID:
default: 10
description: Vlan ID for the external network traffic.
type: number
InternalApiNetworkVlanID:
default: 20
description: Vlan ID for the internal_api network traffic.
type: number
StorageNetworkVlanID:
default: 30
description: Vlan ID for the storage network traffic.
type: number
StorageMgmtNetworkVlanID:
default: 40
description: Vlan ID for the storage mgmt network traffic.
type: number
TenantNetworkVlanID:
default: 50
description: Vlan ID for the tenant network traffic.
type: number
ManagementNetworkVlanID:
default: 60
description: Vlan ID for the management network traffic.
type: number
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
type: string
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
ExternalInterfaceDefaultRoute: # Not used by default in this template
default: 10.0.0.1
description: The default route of the external network.
type: string
ManagementInterfaceDefaultRoute: # Commented out by default in this template
default: unset
description: The default route of the management network.
type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
type: comma_delimited_list
EC2MetadataIp: # Override this via parameter_defaults
description: The IP address of the EC2 metadata server.
type: string
resources:
OsNetConfigImpl:
type: OS::Heat::SoftwareConfig
properties:
group: script
config:
str_replace:
template:
get_file: /usr/share/openstack-tripleo-heat-templates/network/scripts/run-os-net-config.sh
params:
$network_config:
network_config:
- type: interface
name: nic1
use_dhcp: false
dns_servers:
get_param: DnsServers
addresses:
- ip_netmask:
list_join:
- /
- - get_param: ControlPlaneIp
- get_param: ControlPlaneSubnetCidr
routes:
- ip_netmask: 169.254.169.254/32
next_hop:
get_param: EC2MetadataIp
- default: true
next_hop:
get_param: ControlPlaneDefaultRoute
- type: ovs_bridge
name: bridge_name
members:
- type: ovs_bond
name: bond1
ovs_options:
get_param: BondInterfaceOvsOptions
members:
- type: interface
name: nic2
primary: true
- type: interface
name: nic3
- type: vlan
device: bond1
vlan_id:
get_param: InternalApiNetworkVlanID
addresses:
- ip_netmask:
get_param: InternalApiIpSubnet
- type: vlan
device: bond1
vlan_id:
get_param: StorageNetworkVlanID
addresses:
- ip_netmask:
get_param: StorageIpSubnet
- type: vlan
device: bond1
vlan_id:
get_param: TenantNetworkVlanID
addresses:
- ip_netmask:
get_param: TenantIpSubnet
# Uncomment when including environments/network-management.yaml
# If setting default route on the Management interface, comment
# out the default route on the Control Plane.
#-
# type: vlan
# device: bond1
# vlan_id: {get_param: ManagementNetworkVlanID}
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
# routes:
# -
# default: true
# next_hop: {get_param: ManagementInterfaceDefaultRoute}
- type: ovs_user_bridge
name: br-link
members:
- type: ovs_dpdk_bond
name: dpdkbond0
members:
- type: ovs_dpdk_port
name: dpdk0
members:
- type: interface
name: nic4
- type: ovs_dpdk_port
name: dpdk1
members:
- type: interface
name: nic5
outputs:
OS::stack_id:
description: The OsNetConfigImpl resource.
value:
get_resource: OsNetConfigImpl
templates/nic-configs/compute-hci.yaml 0000644 0001750 0001750 00000015713 13245343354 017365 0 ustar stack stack heat_template_version: pike
description: >
Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the compute role.
parameters:
ControlPlaneIp:
default: ''
description: IP address/subnet on the ctlplane network
type: string
ExternalIpSubnet:
default: ''
description: IP address/subnet on the external network
type: string
InternalApiIpSubnet:
default: ''
description: IP address/subnet on the internal_api network
type: string
StorageIpSubnet:
default: ''
description: IP address/subnet on the storage network
type: string
StorageMgmtIpSubnet:
default: ''
description: IP address/subnet on the storage_mgmt network
type: string
TenantIpSubnet:
default: ''
description: IP address/subnet on the tenant network
type: string
ManagementIpSubnet: # Only populated when including environments/network-management.yaml
default: ''
description: IP address/subnet on the management network
type: string
BondInterfaceOvsOptions:
default: ''
description: 'The ovs_options or bonding_options string for the bond
interface. Set things like lacp=active and/or bond_mode=balance-slb
for OVS bonds or like mode=4 for Linux bonds using this option.'
type: string
ExternalNetworkVlanID:
default: 10
description: Vlan ID for the external network traffic.
type: number
InternalApiNetworkVlanID:
default: 20
description: Vlan ID for the internal_api network traffic.
type: number
StorageNetworkVlanID:
default: 30
description: Vlan ID for the storage network traffic.
type: number
StorageMgmtNetworkVlanID:
default: 40
description: Vlan ID for the storage mgmt network traffic.
type: number
TenantNetworkVlanID:
default: 50
description: Vlan ID for the tenant network traffic.
type: number
ManagementNetworkVlanID:
default: 60
description: Vlan ID for the management network traffic.
type: number
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
type: string
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
ExternalInterfaceDefaultRoute: # Not used by default in this template
default: 10.0.0.1
description: The default route of the external network.
type: string
ManagementInterfaceDefaultRoute: # Commented out by default in this template
default: unset
description: The default route of the management network.
type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
type: comma_delimited_list
EC2MetadataIp: # Override this via parameter_defaults
description: The IP address of the EC2 metadata server.
type: string
resources:
OsNetConfigImpl:
type: OS::Heat::SoftwareConfig
properties:
group: script
config:
str_replace:
template:
get_file: /usr/share/openstack-tripleo-heat-templates/network/scripts/run-os-net-config.sh
params:
$network_config:
network_config:
- type: interface
name: em1
mtu: 1500
use_dhcp: false
addresses:
- ip_netmask:
list_join:
- /
- - get_param: ControlPlaneIp
- get_param: ControlPlaneSubnetCidr
routes:
- ip_netmask: 169.254.169.254/32
next_hop:
get_param: EC2MetadataIp
- type: ovs_bridge
name: bridge_name
dns_servers:
get_param: DnsServers
members:
- type: ovs_bond
name: bond1
mtu: 9000
ovs_options:
get_param: BondInterfaceOvsOptions
members:
- type: interface
name: p3p1
mtu: 9000
primary: true
- type: interface
name: p3p2
mtu: 9000
- type: vlan
device: bond1
mtu: 1500
vlan_id:
get_param: ExternalNetworkVlanID
addresses:
- ip_netmask:
get_param: ExternalIpSubnet
routes:
- default: true
next_hop:
get_param: ExternalInterfaceDefaultRoute
- type: vlan
device: bond1
mtu: 9000
vlan_id:
get_param: InternalApiNetworkVlanID
addresses:
- ip_netmask:
get_param: InternalApiIpSubnet
- type: vlan
device: bond1
mtu: 9000
vlan_id:
get_param: StorageNetworkVlanID
addresses:
- ip_netmask:
get_param: StorageIpSubnet
# Uncomment when including environments/hyperconverged-ceph.yaml
- type: vlan
device: bond1
mtu: 9000
vlan_id: {get_param: StorageMgmtNetworkVlanID}
addresses:
- ip_netmask: {get_param: StorageMgmtIpSubnet}
- type: vlan
device: bond1
mtu: 9000
vlan_id:
get_param: TenantNetworkVlanID
addresses:
- ip_netmask:
get_param: TenantIpSubnet
# Uncomment when including environments/network-management.yaml
# If setting default route on the Management interface, comment
# out the default route on the Control Plane.
#- type: vlan
# device: bond1
# vlan_id: {get_param: ManagementNetworkVlanID}
# addresses:
# - ip_netmask: {get_param: ManagementIpSubnet}
# routes:
# - default: true
# next_hop: {get_param: ManagementInterfaceDefaultRoute}
- type: interface
name: em2
use_dhcp: false
defroute: false
- type: interface
name: em3
use_dhcp: false
defroute: false
- type: interface
name: em4
use_dhcp: false
defroute: false
outputs:
OS::stack_id:
description: The OsNetConfigImpl resource.
value:
get_resource: OsNetConfigImpl
templates/nic-configs/compute.yaml 0000644 0001750 0001750 00000015664 13245343354 016631 0 ustar stack stack heat_template_version: pike
description: >
Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the compute role.
parameters:
ControlPlaneIp:
default: ''
description: IP address/subnet on the ctlplane network
type: string
ExternalIpSubnet:
default: ''
description: IP address/subnet on the external network
type: string
InternalApiIpSubnet:
default: ''
description: IP address/subnet on the internal_api network
type: string
StorageIpSubnet:
default: ''
description: IP address/subnet on the storage network
type: string
StorageMgmtIpSubnet:
default: ''
description: IP address/subnet on the storage_mgmt network
type: string
TenantIpSubnet:
default: ''
description: IP address/subnet on the tenant network
type: string
ManagementIpSubnet: # Only populated when including environments/network-management.yaml
default: ''
description: IP address/subnet on the management network
type: string
BondInterfaceOvsOptions:
default: ''
description: 'The ovs_options or bonding_options string for the bond
interface. Set things like lacp=active and/or bond_mode=balance-slb
for OVS bonds or like mode=4 for Linux bonds using this option.'
type: string
ExternalNetworkVlanID:
default: 10
description: Vlan ID for the external network traffic.
type: number
InternalApiNetworkVlanID:
default: 20
description: Vlan ID for the internal_api network traffic.
type: number
StorageNetworkVlanID:
default: 30
description: Vlan ID for the storage network traffic.
type: number
StorageMgmtNetworkVlanID:
default: 40
description: Vlan ID for the storage mgmt network traffic.
type: number
TenantNetworkVlanID:
default: 50
description: Vlan ID for the tenant network traffic.
type: number
ManagementNetworkVlanID:
default: 60
description: Vlan ID for the management network traffic.
type: number
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
type: string
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
ExternalInterfaceDefaultRoute: # Not used by default in this template
default: 10.0.0.1
description: The default route of the external network.
type: string
ManagementInterfaceDefaultRoute: # Commented out by default in this template
default: unset
description: The default route of the management network.
type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
type: comma_delimited_list
EC2MetadataIp: # Override this via parameter_defaults
description: The IP address of the EC2 metadata server.
type: string
resources:
OsNetConfigImpl:
type: OS::Heat::SoftwareConfig
properties:
group: script
config:
str_replace:
template:
get_file: /usr/share/openstack-tripleo-heat-templates/network/scripts/run-os-net-config.sh
params:
$network_config:
network_config:
- type: interface
name: em1
mtu: 1500
use_dhcp: false
addresses:
- ip_netmask:
list_join:
- /
- - get_param: ControlPlaneIp
- get_param: ControlPlaneSubnetCidr
routes:
- ip_netmask: 169.254.169.254/32
next_hop:
get_param: EC2MetadataIp
- type: ovs_bridge
name: bridge_name
dns_servers:
get_param: DnsServers
members:
- type: ovs_bond
name: bond1
mtu: 9000
ovs_options:
get_param: BondInterfaceOvsOptions
members:
- type: interface
name: p3p1
mtu: 9000
primary: true
- type: interface
name: p3p2
mtu: 9000
- type: vlan
device: bond1
mtu: 1500
vlan_id:
get_param: ExternalNetworkVlanID
addresses:
- ip_netmask:
get_param: ExternalIpSubnet
routes:
- default: true
next_hop:
get_param: ExternalInterfaceDefaultRoute
- type: vlan
device: bond1
mtu: 9000
vlan_id:
get_param: InternalApiNetworkVlanID
addresses:
- ip_netmask:
get_param: InternalApiIpSubnet
- type: vlan
device: bond1
mtu: 9000
vlan_id:
get_param: StorageNetworkVlanID
addresses:
- ip_netmask:
get_param: StorageIpSubnet
# Uncomment when including environments/hyperconverged-ceph.yaml
#- type: vlan
# device: bond1
# vlan_id: {get_param: StorageMgmtNetworkVlanID}
# addresses:
# - ip_netmask: {get_param: StorageMgmtIpSubnet}
- type: vlan
device: bond1
mtu: 9000
vlan_id:
get_param: TenantNetworkVlanID
addresses:
- ip_netmask:
get_param: TenantIpSubnet
# Uncomment when including environments/network-management.yaml
# If setting default route on the Management interface, comment
# out the default route on the Control Plane.
#- type: vlan
# device: bond1
# vlan_id: {get_param: ManagementNetworkVlanID}
# addresses:
# - ip_netmask: {get_param: ManagementIpSubnet}
# routes:
# - default: true
# next_hop: {get_param: ManagementInterfaceDefaultRoute}
- type: interface
name: em2
use_dhcp: false
defroute: false
- type: interface
name: em3
use_dhcp: false
defroute: false
- type: interface
name: em4
use_dhcp: false
defroute: false
outputs:
OS::stack_id:
description: The OsNetConfigImpl resource.
value:
get_resource: OsNetConfigImpl
templates/nic-configs/controller-no-external.yaml 0000644 0001750 0001750 00000014004 13245343354 021555 0 ustar stack stack heat_template_version: pike
description: >
Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the controller role.
parameters:
ControlPlaneIp:
default: ''
description: IP address/subnet on the ctlplane network
type: string
ExternalIpSubnet:
default: ''
description: IP address/subnet on the external network
type: string
InternalApiIpSubnet:
default: ''
description: IP address/subnet on the internal_api network
type: string
StorageIpSubnet:
default: ''
description: IP address/subnet on the storage network
type: string
StorageMgmtIpSubnet:
default: ''
description: IP address/subnet on the storage_mgmt network
type: string
TenantIpSubnet:
default: ''
description: IP address/subnet on the tenant network
type: string
ManagementIpSubnet: # Only populated when including environments/network-management.yaml
default: ''
description: IP address/subnet on the management network
type: string
BondInterfaceOvsOptions:
default: ''
description: 'The ovs_options or bonding_options string for the bond
interface. Set things like lacp=active and/or bond_mode=balance-slb
for OVS bonds or like mode=4 for Linux bonds using this option.'
type: string
ExternalNetworkVlanID:
default: 10
description: Vlan ID for the external network traffic.
type: number
InternalApiNetworkVlanID:
default: 20
description: Vlan ID for the internal_api network traffic.
type: number
StorageNetworkVlanID:
default: 30
description: Vlan ID for the storage network traffic.
type: number
StorageMgmtNetworkVlanID:
default: 40
description: Vlan ID for the storage mgmt network traffic.
type: number
TenantNetworkVlanID:
default: 50
description: Vlan ID for the tenant network traffic.
type: number
ManagementNetworkVlanID:
default: 60
description: Vlan ID for the management network traffic.
type: number
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
ExternalInterfaceDefaultRoute:
default: 10.0.0.1
description: default route for the external network
type: string
ManagementInterfaceDefaultRoute: # Commented out by default in this template
default: unset
description: The default route of the management network.
type: string
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
type: comma_delimited_list
EC2MetadataIp: # Override this via parameter_defaults
description: The IP address of the EC2 metadata server.
type: string
resources:
OsNetConfigImpl:
type: OS::Heat::SoftwareConfig
properties:
group: script
config:
str_replace:
template:
get_file: /usr/share/openstack-tripleo-heat-templates/network/scripts/run-os-net-config.sh
params:
$network_config:
network_config:
- type: interface
name: nic1
use_dhcp: false
addresses:
- ip_netmask:
list_join:
- /
- - get_param: ControlPlaneIp
- get_param: ControlPlaneSubnetCidr
routes:
- ip_netmask: 169.254.169.254/32
next_hop:
get_param: EC2MetadataIp
- default: true
next_hop:
get_param: ControlPlaneDefaultRoute
- type: ovs_bridge
name: bridge_name
use_dhcp: true
members:
- type: ovs_bond
name: bond1
ovs_options:
get_param: BondInterfaceOvsOptions
members:
- type: interface
name: nic2
primary: true
- type: interface
name: nic3
- type: vlan
device: bond1
vlan_id:
get_param: InternalApiNetworkVlanID
addresses:
- ip_netmask:
get_param: InternalApiIpSubnet
- type: vlan
device: bond1
vlan_id:
get_param: StorageNetworkVlanID
addresses:
- ip_netmask:
get_param: StorageIpSubnet
- type: vlan
device: bond1
vlan_id:
get_param: StorageMgmtNetworkVlanID
addresses:
- ip_netmask:
get_param: StorageMgmtIpSubnet
- type: vlan
device: bond1
vlan_id:
get_param: TenantNetworkVlanID
addresses:
- ip_netmask:
get_param: TenantIpSubnet
# Uncomment when including environments/network-management.yaml
# If setting default route on the Management interface, comment
# out the default route on the Control Plane.
#-
# type: vlan
# device: bond1
# vlan_id: {get_param: ManagementNetworkVlanID}
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
# routes:
# -
# default: true
# next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
description: The OsNetConfigImpl resource.
value:
get_resource: OsNetConfigImpl
templates/nic-configs/controller-v6.yaml 0000644 0001750 0001750 00000015271 13245343354 017663 0 ustar stack stack heat_template_version: pike
description: >
Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the controller role with IPv6
on the External network. The IPv6 default route is on the External network, and the IPv4 default route is on the Control
Plane.
parameters:
ControlPlaneIp:
default: ''
description: IP address/subnet on the ctlplane network
type: string
ExternalIpSubnet:
default: ''
description: IP address/subnet on the external network
type: string
InternalApiIpSubnet:
default: ''
description: IP address/subnet on the internal_api network
type: string
StorageIpSubnet:
default: ''
description: IP address/subnet on the storage network
type: string
StorageMgmtIpSubnet:
default: ''
description: IP address/subnet on the storage_mgmt network
type: string
TenantIpSubnet:
default: ''
description: IP address/subnet on the tenant network
type: string
ManagementIpSubnet: # Only populated when including environments/network-management.yaml
default: ''
description: IP address/subnet on the management network
type: string
BondInterfaceOvsOptions:
default: bond_mode=active-backup
description: 'The ovs_options or bonding_options string for the bond
interface. Set things like lacp=active and/or bond_mode=balance-slb
for OVS bonds or like mode=4 for Linux bonds using this option.'
type: string
ExternalNetworkVlanID:
default: 10
description: Vlan ID for the external network traffic.
type: number
InternalApiNetworkVlanID:
default: 20
description: Vlan ID for the internal_api network traffic.
type: number
StorageNetworkVlanID:
default: 30
description: Vlan ID for the storage network traffic.
type: number
StorageMgmtNetworkVlanID:
default: 40
description: Vlan ID for the storage mgmt network traffic.
type: number
TenantNetworkVlanID:
default: 50
description: Vlan ID for the tenant network traffic.
type: number
ManagementNetworkVlanID:
default: 60
description: Vlan ID for the management network traffic.
type: number
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
type: string
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
ExternalInterfaceDefaultRoute:
default: 10.0.0.1
description: default route for the external network
type: string
ManagementInterfaceDefaultRoute: # Commented out by default in this template
default: unset
description: The default route of the management network.
type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
type: comma_delimited_list
EC2MetadataIp: # Override this via parameter_defaults
description: The IP address of the EC2 metadata server.
type: string
resources:
OsNetConfigImpl:
type: OS::Heat::SoftwareConfig
properties:
group: script
config:
str_replace:
template:
get_file: /usr/share/openstack-tripleo-heat-templates/network/scripts/run-os-net-config.sh
params:
$network_config:
network_config:
- type: interface
name: nic1
use_dhcp: false
addresses:
- ip_netmask:
list_join:
- /
- - get_param: ControlPlaneIp
- get_param: ControlPlaneSubnetCidr
routes:
- ip_netmask: 169.254.169.254/32
next_hop:
get_param: EC2MetadataIp
- default: true
next_hop:
get_param: ControlPlaneDefaultRoute
- type: ovs_bridge
name: bridge_name
dns_servers:
get_param: DnsServers
members:
- type: ovs_bond
name: bond1
ovs_options:
get_param: BondInterfaceOvsOptions
members:
- type: interface
name: nic2
primary: true
- type: interface
name: nic3
- type: vlan
device: bond1
vlan_id:
get_param: ExternalNetworkVlanID
addresses:
- ip_netmask:
get_param: ExternalIpSubnet
routes:
- default: true
next_hop:
get_param: ExternalInterfaceDefaultRoute
- type: vlan
device: bond1
vlan_id:
get_param: InternalApiNetworkVlanID
addresses:
- ip_netmask:
get_param: InternalApiIpSubnet
- type: vlan
device: bond1
vlan_id:
get_param: StorageNetworkVlanID
addresses:
- ip_netmask:
get_param: StorageIpSubnet
- type: vlan
device: bond1
vlan_id:
get_param: StorageMgmtNetworkVlanID
addresses:
- ip_netmask:
get_param: StorageMgmtIpSubnet
- type: vlan
device: bond1
vlan_id:
get_param: TenantNetworkVlanID
addresses:
- ip_netmask:
get_param: TenantIpSubnet
# Uncomment when including environments/network-management.yaml
# If setting default route on the Management interface, comment
# out the default route on the External interface. This will
# make the External API unreachable from remote subnets.
#-
# type: vlan
# device: bond1
# vlan_id: {get_param: ManagementNetworkVlanID}
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
# routes:
# -
# default: true
# next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
description: The OsNetConfigImpl resource.
value:
get_resource: OsNetConfigImpl
templates/nic-configs/controller.yaml 0000644 0001750 0001750 00000016201 13245343354 017324 0 ustar stack stack heat_template_version: pike
description: >
Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the controller role.
parameters:
ControlPlaneIp:
default: ''
description: IP address/subnet on the ctlplane network
type: string
ExternalIpSubnet:
default: ''
description: IP address/subnet on the external network
type: string
InternalApiIpSubnet:
default: ''
description: IP address/subnet on the internal_api network
type: string
StorageIpSubnet:
default: ''
description: IP address/subnet on the storage network
type: string
StorageMgmtIpSubnet:
default: ''
description: IP address/subnet on the storage_mgmt network
type: string
TenantIpSubnet:
default: ''
description: IP address/subnet on the tenant network
type: string
ManagementIpSubnet: # Only populated when including environments/network-management.yaml
default: ''
description: IP address/subnet on the management network
type: string
BondInterfaceOvsOptions:
default: bond_mode=active-backup
description: 'The ovs_options or bonding_options string for the bond
interface. Set things like lacp=active and/or bond_mode=balance-slb
for OVS bonds or like mode=4 for Linux bonds using this option.'
type: string
ExternalNetworkVlanID:
default: 10
description: Vlan ID for the external network traffic.
type: number
InternalApiNetworkVlanID:
default: 20
description: Vlan ID for the internal_api network traffic.
type: number
StorageNetworkVlanID:
default: 30
description: Vlan ID for the storage network traffic.
type: number
StorageMgmtNetworkVlanID:
default: 40
description: Vlan ID for the storage mgmt network traffic.
type: number
TenantNetworkVlanID:
default: 50
description: Vlan ID for the tenant network traffic.
type: number
ManagementNetworkVlanID:
default: 60
description: Vlan ID for the management network traffic.
type: number
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
ExternalInterfaceDefaultRoute:
default: 10.0.0.1
description: default route for the external network
type: string
ManagementInterfaceDefaultRoute: # Commented out by default in this template
default: unset
description: The default route of the management network.
type: string
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
type: comma_delimited_list
EC2MetadataIp: # Override this via parameter_defaults
description: The IP address of the EC2 metadata server.
type: string
resources:
OsNetConfigImpl:
type: OS::Heat::SoftwareConfig
properties:
group: script
config:
str_replace:
template:
get_file: /usr/share/openstack-tripleo-heat-templates/network/scripts/run-os-net-config.sh
params:
$network_config:
network_config:
- type: interface
name: em1
mtu: 1500
use_dhcp: false
addresses:
- ip_netmask:
list_join:
- /
- - get_param: ControlPlaneIp
- get_param: ControlPlaneSubnetCidr
routes:
- ip_netmask: 169.254.169.254/32
next_hop:
get_param: EC2MetadataIp
- type: ovs_bridge
name: bridge_name
dns_servers:
get_param: DnsServers
members:
- type: ovs_bond
name: bond1
mtu: 9000
ovs_options:
get_param: BondInterfaceOvsOptions
members:
- type: interface
name: p2p1
mtu: 9000
primary: true
- type: interface
name: p2p2
mtu: 9000
- type: vlan
device: bond1
mtu: 1500
vlan_id:
get_param: ExternalNetworkVlanID
addresses:
- ip_netmask:
get_param: ExternalIpSubnet
routes:
- default: true
next_hop:
get_param: ExternalInterfaceDefaultRoute
- type: vlan
device: bond1
mtu: 9000
vlan_id:
get_param: InternalApiNetworkVlanID
addresses:
- ip_netmask:
get_param: InternalApiIpSubnet
- type: vlan
device: bond1
mtu: 9000
vlan_id:
get_param: StorageNetworkVlanID
addresses:
- ip_netmask:
get_param: StorageIpSubnet
- type: vlan
device: bond1
mtu: 9000
vlan_id:
get_param: StorageMgmtNetworkVlanID
addresses:
- ip_netmask:
get_param: StorageMgmtIpSubnet
- type: vlan
device: bond1
mtu: 9000
vlan_id:
get_param: TenantNetworkVlanID
addresses:
- ip_netmask:
get_param: TenantIpSubnet
# Uncomment when including environments/network-management.yaml
# If setting default route on the Management interface, comment
# out the default route on the External interface. This will
# make the External API unreachable from remote subnets.
#-
# type: vlan
# device: bond1
# vlan_id: {get_param: ManagementNetworkVlanID}
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
# routes:
# -
# default: true
# next_hop: {get_param: ManagementInterfaceDefaultRoute}
- type: ovs_bridge
name: br-baremetal
use_dhcp: false
members:
- type: interface
name: em2
mtu: 1500
- type: interface
name: em3
use_dhcp: false
defroute: false
- type: interface
name: em4
use_dhcp: false
defroute: false
outputs:
OS::stack_id:
description: The OsNetConfigImpl resource.
value:
get_resource: OsNetConfigImpl
templates/nic-configs/networker.yaml 0000644 0001750 0001750 00000015024 13245343354 017163 0 ustar stack stack heat_template_version: pike
description: >
Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for a dedicated Neutron networker role.
parameters:
ControlPlaneIp:
default: ''
description: IP address/subnet on the ctlplane network
type: string
ExternalIpSubnet:
default: ''
description: IP address/subnet on the external network
type: string
InternalApiIpSubnet:
default: ''
description: IP address/subnet on the internal_api network
type: string
StorageIpSubnet:
default: ''
description: IP address/subnet on the storage network
type: string
StorageMgmtIpSubnet:
default: ''
description: IP address/subnet on the storage_mgmt network
type: string
TenantIpSubnet:
default: ''
description: IP address/subnet on the tenant network
type: string
ManagementIpSubnet: # Only populated when including environments/network-management.yaml
default: ''
description: IP address/subnet on the management network
type: string
BondInterfaceOvsOptions:
default: bond_mode=active-backup
description: The ovs_options string for the bond interface. Set things like lacp=active and/or bond_mode=balance-slb using
this option.
type: string
ExternalNetworkVlanID:
default: 10
description: Vlan ID for the external network traffic.
type: number
InternalApiNetworkVlanID:
default: 20
description: Vlan ID for the internal_api network traffic.
type: number
StorageNetworkVlanID:
default: 30
description: Vlan ID for the storage network traffic.
type: number
StorageMgmtNetworkVlanID:
default: 40
description: Vlan ID for the storage mgmt network traffic.
type: number
TenantNetworkVlanID:
default: 50
description: Vlan ID for the tenant network traffic.
type: number
ManagementNetworkVlanID:
default: 60
description: Vlan ID for the management network traffic.
type: number
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
ExternalInterfaceDefaultRoute:
default: 10.0.0.1
description: default route for the external network
type: string
ManagementInterfaceDefaultRoute: # Commented out by default in this template
default: unset
description: The default route of the management network.
type: string
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
type: comma_delimited_list
EC2MetadataIp: # Override this via parameter_defaults
description: The IP address of the EC2 metadata server.
type: string
resources:
OsNetConfigImpl:
type: OS::Heat::SoftwareConfig
properties:
group: script
config:
str_replace:
template:
get_file: /usr/share/openstack-tripleo-heat-templates/network/scripts/run-os-net-config.sh
params:
$network_config:
network_config:
- type: interface
name: em1
mtu: 1500
use_dhcp: false
addresses:
- ip_netmask:
list_join:
- /
- - get_param: ControlPlaneIp
- get_param: ControlPlaneSubnetCidr
routes:
- ip_netmask: 169.254.169.254/32
next_hop:
get_param: EC2MetadataIp
- type: ovs_bridge
name: bridge_name
dns_servers:
get_param: DnsServers
members:
- type: ovs_bond
name: bond1
mtu: 9000
ovs_options:
get_param: BondInterfaceOvsOptions
members:
- type: interface
name: ens1
mtu: 9000
primary: true
- type: interface
name: ens2
mtu: 9000
- type: vlan
device: bond1
mtu: 1500
vlan_id:
get_param: ExternalNetworkVlanID
addresses:
- ip_netmask:
get_param: ExternalIpSubnet
routes:
- default: true
next_hop:
get_param: ExternalInterfaceDefaultRoute
- type: vlan
device: bond1
mtu: 9000
vlan_id:
get_param: InternalApiNetworkVlanID
addresses:
- ip_netmask:
get_param: InternalApiIpSubnet
- type: vlan
device: bond1
mtu: 9000
vlan_id:
get_param: TenantNetworkVlanID
addresses:
- ip_netmask:
get_param: TenantIpSubnet
# Uncomment when including environments/network-management.yaml
# If setting default route on the Management interface, comment
# out the default route on the External interface. This will
# make the External API unreachable from remote subnets.
#-
# type: vlan
# device: bond1
# vlan_id: {get_param: ManagementNetworkVlanID}
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
# routes:
# -
# default: true
# next_hop: {get_param: ManagementInterfaceDefaultRoute}
- type: ovs_bridge
name: br-baremetal
use_dhcp: false
members:
- type: interface
name: em2
mtu: 1500
- type: interface
name: em3
use_dhcp: false
defroute: false
- type: interface
name: em4
use_dhcp: false
defroute: false
outputs:
OS::stack_id:
description: The OsNetConfigImpl resource.
value:
get_resource: OsNetConfigImpl
templates/nic-configs/swift-storage.yaml 0000644 0001750 0001750 00000013532 13245343354 017743 0 ustar stack stack heat_template_version: pike
description: >
Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the swift storage role.
parameters:
ControlPlaneIp:
default: ''
description: IP address/subnet on the ctlplane network
type: string
ExternalIpSubnet:
default: ''
description: IP address/subnet on the external network
type: string
InternalApiIpSubnet:
default: ''
description: IP address/subnet on the internal_api network
type: string
StorageIpSubnet:
default: ''
description: IP address/subnet on the storage network
type: string
StorageMgmtIpSubnet:
default: ''
description: IP address/subnet on the storage_mgmt network
type: string
TenantIpSubnet:
default: ''
description: IP address/subnet on the tenant network
type: string
ManagementIpSubnet: # Only populated when including environments/network-management.yaml
default: ''
description: IP address/subnet on the management network
type: string
BondInterfaceOvsOptions:
default: ''
description: The ovs_options or bonding_options string for the bond
interface. Set things like lacp=active and/or bond_mode=balance-slb
for OVS bonds or like mode=4 for Linux bonds using this option.
type: string
ExternalNetworkVlanID:
default: 10
description: Vlan ID for the external network traffic.
type: number
InternalApiNetworkVlanID:
default: 20
description: Vlan ID for the internal_api network traffic.
type: number
StorageNetworkVlanID:
default: 30
description: Vlan ID for the storage network traffic.
type: number
StorageMgmtNetworkVlanID:
default: 40
description: Vlan ID for the storage mgmt network traffic.
type: number
TenantNetworkVlanID:
default: 50
description: Vlan ID for the tenant network traffic.
type: number
ManagementNetworkVlanID:
default: 60
description: Vlan ID for the management network traffic.
type: number
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
type: string
ControlPlaneDefaultRoute: # Override this via parameter_defaults
description: The default route of the control plane network.
type: string
ExternalInterfaceDefaultRoute: # Not used by default in this template
default: 10.0.0.1
description: The default route of the external network.
type: string
ManagementInterfaceDefaultRoute: # Commented out by default in this template
default: unset
description: The default route of the management network.
type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
type: comma_delimited_list
EC2MetadataIp: # Override this via parameter_defaults
description: The IP address of the EC2 metadata server.
type: string
resources:
OsNetConfigImpl:
type: OS::Heat::SoftwareConfig
properties:
group: script
config:
str_replace:
template:
get_file: /usr/share/openstack-tripleo-heat-templates/network/scripts/run-os-net-config.sh
params:
$network_config:
network_config:
- type: interface
name: nic1
use_dhcp: false
dns_servers:
get_param: DnsServers
addresses:
- ip_netmask:
list_join:
- /
- - get_param: ControlPlaneIp
- get_param: ControlPlaneSubnetCidr
routes:
- ip_netmask: 169.254.169.254/32
next_hop:
get_param: EC2MetadataIp
- default: true
next_hop:
get_param: ControlPlaneDefaultRoute
- type: ovs_bridge
name: br-bond
members:
- type: ovs_bond
name: bond1
ovs_options:
get_param: BondInterfaceOvsOptions
members:
- type: interface
name: nic2
primary: true
- type: interface
name: nic3
- type: vlan
device: bond1
vlan_id:
get_param: InternalApiNetworkVlanID
addresses:
- ip_netmask:
get_param: InternalApiIpSubnet
- type: vlan
device: bond1
vlan_id:
get_param: StorageNetworkVlanID
addresses:
- ip_netmask:
get_param: StorageIpSubnet
- type: vlan
device: bond1
vlan_id:
get_param: StorageMgmtNetworkVlanID
addresses:
- ip_netmask:
get_param: StorageMgmtIpSubnet
# Uncomment when including environments/network-management.yaml
# If setting default route on the Management interface, comment
# out the default route on the Control Plane.
#-
# type: vlan
# device: bond1
# vlan_id: {get_param: ManagementNetworkVlanID}
# addresses:
# -
# ip_netmask: {get_param: ManagementIpSubnet}
# routes:
# -
# default: true
# next_hop: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
description: The OsNetConfigImpl resource.
value:
get_resource: OsNetConfigImpl
templates/node-info.yaml 0000644 0001750 0001750 00000000333 13245343354 014617 0 ustar stack stack parameter_defaults:
OvercloudControlFlavor: control
OvercloudCephStorageFlavor: ceph-storage
OvercloudComputeHCIFlavor: computehci
ControllerCount: 3
CephStorageCount: 3
ComputeHCICount: 3
ComputeCount: 0
templates/rhel-registration/ 0000755 0001750 0001750 00000000000 13245343354 015520 5 ustar stack stack templates/rhel-registration/environment-rhel-registration.yaml 0000644 0001750 0001750 00000001717 13245343354 024416 0 ustar stack stack # Note this can be specified either in the call
# to heat stack-create via an additional -e option
# or via the global environment on the seed in
# /etc/heat/environment.d/default.yaml
parameter_defaults:
rhel_reg_activation_key: ""
rhel_reg_auto_attach: "true"
rhel_reg_base_url: ""
rhel_reg_environment: ""
rhel_reg_force: ""
rhel_reg_machine_name: ""
rhel_reg_org: "7807024"
rhel_reg_password: "S!s#vEoM4$7eR"
rhel_reg_pool_id: ""
rhel_reg_release: ""
rhel_reg_repos: "rhel-7-server-rpms,rhel-7-server-extras-rpms,rhel-7-server-rh-common-rpms,rhel-ha-for-rhel-7-server-rpms,rhel-7-server-openstack-12-rpms,rhel-7-server-rhceph-2-mon-rpms"
rhel_reg_sat_url: ""
rhel_reg_server_url: ""
rhel_reg_service_level: ""
rhel_reg_user: "eveocloud"
rhel_reg_type: ""
rhel_reg_method: "portal"
rhel_reg_sat_repo: ""
rhel_reg_http_proxy_host: ""
rhel_reg_http_proxy_port: ""
rhel_reg_http_proxy_username: ""
rhel_reg_http_proxy_password: ""
templates/rhel-registration/rhel-registration-resource-registry.yaml 0000644 0001750 0001750 00000000112 13245343354 025533 0 ustar stack stack resource_registry:
OS::TripleO::NodeExtraConfig: rhel-registration.yaml
templates/rhel-registration/rhel-registration.yaml 0000644 0001750 0001750 00000010271 13245343354 022047 0 ustar stack stack heat_template_version: ocata
description: >
RHEL Registration and unregistration software deployments.
# Note extra parameters can be defined, then passed data via the
# environment parameter_defaults, without modifying the parent template
parameters:
server:
type: string
# To be defined via a local or global environment in parameter_defaults
rhel_reg_activation_key:
type: string
rhel_reg_auto_attach:
type: string
rhel_reg_base_url:
type: string
rhel_reg_environment:
type: string
rhel_reg_force:
type: string
rhel_reg_machine_name:
type: string
rhel_reg_org:
type: string
rhel_reg_password:
type: string
rhel_reg_pool_id:
type: string
rhel_reg_release:
type: string
rhel_reg_repos:
type: string
rhel_reg_sat_url:
type: string
rhel_reg_server_url:
type: string
rhel_reg_service_level:
type: string
rhel_reg_user:
type: string
rhel_reg_type:
type: string
rhel_reg_method:
type: string
rhel_reg_sat_repo:
type: string
rhel_reg_http_proxy_host:
type: string
rhel_reg_http_proxy_port:
type: string
rhel_reg_http_proxy_username:
type: string
rhel_reg_http_proxy_password:
type: string
resources:
RHELRegistration:
type: OS::Heat::SoftwareConfig
properties:
group: script
inputs:
- name: REG_ACTIVATION_KEY
- name: REG_AUTO_ATTACH
- name: REG_BASE_URL
- name: REG_ENVIRONMENT
- name: REG_FORCE
- name: REG_MACHINE_NAME
- name: REG_ORG
- name: REG_PASSWORD
- name: REG_POOL_ID
- name: REG_RELEASE
- name: REG_REPOS
- name: REG_SAT_URL
- name: REG_SERVER_URL
- name: REG_SERVICE_LEVEL
- name: REG_USER
- name: REG_TYPE
- name: REG_METHOD
- name: REG_SAT_REPO
- name: REG_HTTP_PROXY_HOST
- name: REG_HTTP_PROXY_PORT
- name: REG_HTTP_PROXY_USERNAME
- name: REG_HTTP_PROXY_PASSWORD
config: {get_file: scripts/rhel-registration}
RHELRegistrationDeployment:
type: OS::Heat::SoftwareDeployment
properties:
name: RHELRegistrationDeployment
server: {get_param: server}
config: {get_resource: RHELRegistration}
actions: ['CREATE'] # Only do this on CREATE
input_values:
REG_ACTIVATION_KEY: {get_param: rhel_reg_activation_key}
REG_AUTO_ATTACH: {get_param: rhel_reg_auto_attach}
REG_BASE_URL: {get_param: rhel_reg_base_url}
REG_ENVIRONMENT: {get_param: rhel_reg_environment}
REG_FORCE: {get_param: rhel_reg_force}
REG_MACHINE_NAME: {get_param: rhel_reg_machine_name}
REG_ORG: {get_param: rhel_reg_org}
REG_PASSWORD: {get_param: rhel_reg_password}
REG_POOL_ID: {get_param: rhel_reg_pool_id}
REG_RELEASE: {get_param: rhel_reg_release}
REG_REPOS: {get_param: rhel_reg_repos}
REG_SAT_URL: {get_param: rhel_reg_sat_url}
REG_SERVER_URL: {get_param: rhel_reg_server_url}
REG_SERVICE_LEVEL: {get_param: rhel_reg_service_level}
REG_USER: {get_param: rhel_reg_user}
REG_TYPE: {get_param: rhel_reg_type}
REG_METHOD: {get_param: rhel_reg_method}
REG_SAT_REPO: {get_param: rhel_reg_sat_repo}
REG_HTTP_PROXY_HOST: {get_param: rhel_reg_http_proxy_host}
REG_HTTP_PROXY_PORT: {get_param: rhel_reg_http_proxy_port}
REG_HTTP_PROXY_USERNAME: {get_param: rhel_reg_http_proxy_username}
REG_HTTP_PROXY_PASSWORD: {get_param: rhel_reg_http_proxy_password}
RHELUnregistration:
type: OS::Heat::SoftwareConfig
properties:
group: script
config: {get_file: scripts/rhel-unregistration}
inputs:
- name: REG_METHOD
RHELUnregistrationDeployment:
type: OS::Heat::SoftwareDeployment
properties:
name: RHELUnregistrationDeployment
server: {get_param: server}
config: {get_resource: RHELUnregistration}
actions: ['DELETE'] # Only do this on DELETE
input_values:
REG_METHOD: {get_param: rhel_reg_method}
outputs:
deploy_stdout:
description: Deployment reference, used to trigger puppet apply on changes
value: {get_attr: [RHELRegistrationDeployment, deploy_stdout]}
templates/rhel-registration/scripts/ 0000755 0001750 0001750 00000000000 13245343354 017207 5 ustar stack stack templates/rhel-registration/scripts/rhel-registration 0000644 0001750 0001750 00000021134 13245343354 022575 0 ustar stack stack #!/bin/bash
# dib-lint: disable=setu sete setpipefail dibdebugtrace
set -eu
set -o pipefail
OK=/mnt/state/var/lib/rhsm/rhsm.ok
if [ -e $OK ] ; then
exit 0
fi
retry_max_count=10
opts=
config_opts=
attach_opts=
sat5_opts=
repos="repos --enable rhel-7-server-rpms"
satellite_repo=${REG_SAT_REPO}
proxy_host=
proxy_port=
proxy_url=
proxy_username=
proxy_password=
# process variables..
if [ -n "${REG_AUTO_ATTACH:-}" ]; then
opts="$opts --auto-attach"
if [ -n "${REG_SERVICE_LEVEL:-}" ]; then
opts="$opts --servicelevel $REG_SERVICE_LEVEL"
fi
if [ -n "${REG_RELEASE:-}" ]; then
opts="$opts --release=$REG_RELEASE"
fi
else
if [ -n "${REG_SERVICE_LEVEL:-}" ]; then
echo "WARNING: REG_SERVICE_LEVEL set without REG_AUTO_ATTACH."
fi
if [ -n "${REG_RELEASE:-}" ]; then
echo "WARNING: REG_RELEASE set without REG_AUTO_ATTACH."
fi
if [ -n "${REG_POOL_ID:-}" ]; then
attach_opts="$attach_opts --pool=$REG_POOL_ID"
fi
fi
if [ -n "${REG_BASE_URL:-}" ]; then
opts="$opts --baseurl=$REG_BASE_URL"
fi
if [ -n "${REG_ENVIRONMENT:-}" ]; then
opts="$opts --env=$REG_ENVIRONMENT"
fi
if [ -n "${REG_FORCE:-}" ]; then
opts="$opts --force"
sat5_opts="$sat5_opts --force"
fi
if [ -n "${REG_SERVER_URL:-}" ]; then
opts="$opts --serverurl=$REG_SERVER_URL"
fi
if [ -n "${REG_ACTIVATION_KEY:-}" ]; then
opts="$opts --activationkey=$REG_ACTIVATION_KEY"
sat5_opts="$sat5_opts --activationkey=$REG_ACTIVATION_KEY"
if [ -z "${REG_ORG:-}" ]; then
echo "WARNING: REG_ACTIVATION_KEY set without REG_ORG."
fi
else
echo "WARNING: Support for registering with a username and password is deprecated."
echo "Please use activation keys instead. See the README for more information."
if [ -n "${REG_PASSWORD:-}" ]; then
opts="$opts --password $REG_PASSWORD"
fi
if [ -n "${REG_USER:-}" ]; then
opts="$opts --username $REG_USER"
fi
fi
if [ -n "${REG_MACHINE_NAME:-}" ]; then
opts="$opts --name $REG_MACHINE_NAME"
sat5_opts="$sat5_opts --profilename=$REG_MACHINE_NAME"
fi
if [ -n "${REG_ORG:-}" ]; then
opts="$opts --org=$REG_ORG"
sat5_opts="$sat5_opts --systemorgid=$REG_ORG"
fi
if [ -n "${REG_REPOS:-}" ]; then
for repo in $(echo $REG_REPOS | tr ',' '\n'); do
repos="$repos --enable $repo"
done
fi
if [ -n "${REG_TYPE:-}" ]; then
opts="$opts --type=$REG_TYPE"
fi
# Proxy settings (host and port)
if [ -n "${REG_HTTP_PROXY_HOST:-}" ]; then
proxy_host="${REG_HTTP_PROXY_HOST}"
fi
if [ -n "${REG_HTTP_PROXY_PORT:-}" ]; then
proxy_port="${REG_HTTP_PROXY_PORT}"
fi
# Proxy settings (user and password)
if [ -n "${REG_HTTP_PROXY_USERNAME:-}" ]; then
proxy_username="${REG_HTTP_PROXY_USERNAME}"
fi
if [ -n "${REG_HTTP_PROXY_PASSWORD:-}" ]; then
proxy_password="${REG_HTTP_PROXY_PASSWORD}"
fi
# Sanity Checks for proxy host/port/user/password
if [ -n "${REG_HTTP_PROXY_HOST:-}" ]; then
if [ -n "${REG_HTTP_PROXY_PORT:-}" ]; then
# Good both values are not empty
proxy_url="http://${proxy_host}:${proxy_port}"
config_opts="--server.proxy_hostname=${proxy_host} --server.proxy_port=${proxy_port}"
sat5_opts="${sat5_opts} --proxy_hostname=${proxy_url}"
echo "RHSM Proxy set to: ${proxy_url}"
if [ -n "${REG_HTTP_PROXY_USERNAME:-}" ]; then
if [ -n "${REG_HTTP_PROXY_PASSWORD:-}" ]; then
config_opts="${config_opts} --server.proxy_user=${proxy_username} --server.proxy_password=${proxy_password}"
sat5_opts="${sat5_opts} --proxyUser=${proxy_username} --proxyPassword=${proxy_password}"
else
echo "Warning: REG_HTTP_PROXY_PASSWORD cannot be null with non-empty REG_HTTP_PROXY_USERNAME! Skipping..."
proxy_username= ; proxy_password=
fi
else
if [ -n "${REG_HTTP_PROXY_PASSWORD:-}" ]; then
echo "Warning: REG_HTTP_PROXY_USERNAME cannot be null with non-empty REG_HTTP_PROXY_PASSWORD! Skipping..."
proxy_username= ; proxy_password=
fi
fi
else
echo "Warning: REG_HTTP_PROXY_PORT cannot be null with non-empty REG_HTTP_PROXY_HOST! Skipping..."
proxy_host= ; proxy_port= ; proxy_url= ; proxy_username= ; proxy_password=
fi
else
if [ -n "${REG_HTTP_PROXY_PORT:-}" ]; then
echo "Warning: REG_HTTP_PROXY_HOST cannot be null with non-empty REG_HTTP_PROXY_PORT! Skipping..."
proxy_host= ; proxy_port= ; proxy_url= ; proxy_username= ; proxy_password=
fi
fi
function retry() {
# Inhibit -e since we want to retry without exiting..
set +e
# Retry delay (seconds)
retry_delay=2.0
retry_count=0
mycli="$@"
while [ $retry_count -lt ${retry_max_count} ]
do
echo "INFO: Sleeping ${retry_delay} ..."
sleep ${retry_delay}
echo "INFO: Executing '${mycli}' ..."
${mycli}
if [ $? -eq 0 ]; then
echo "INFO: Ran '${mycli}' successfully, not retrying..."
break
else
echo "WARN: Failed to connect when running '${mycli}', retrying (attempt #$retry_count )..."
retry_count=$(echo $retry_count + 1 | bc)
fi
done
if [ $retry_count -ge ${retry_max_count} ]; then
echo "ERROR: Failed to connect after ${retry_max_count} attempts when running '${mycli}'"
exit 1
fi
# Re-enable -e when exiting retry()
set -e
}
function detect_satellite_version {
ping_api=$REG_SAT_URL/katello/api/ping
if curl --retry ${retry_max_count} --retry-delay 10 --max-time 30 -L -k -s -D - -o /dev/null $ping_api | grep "200 OK"; then
echo Satellite 6 detected at $REG_SAT_URL
satellite_version=6
elif curl --retry ${retry_max_count} --retry-delay 10 --max-time 30 -L -k -s -D - -o /dev/null $REG_SAT_URL/rhn/Login.do | grep "200 OK"; then
echo Satellite 5 detected at $REG_SAT_URL
satellite_version=5
else
echo No Satellite detected at $REG_SAT_URL
exit 1
fi
}
if [ "x${proxy_url}" != "x" ];then
# Config subscription-manager for proxy
subscription-manager config ${config_opts}
# Config yum for proxy..
sed -i -e '/^proxy=/d' /etc/yum.conf
echo "proxy=${proxy_url}" >> /etc/yum.conf
# Handle optional username/password
if [ -n "${proxy_username}" ]; then
sed -i -e '/^proxy_username=/d' /etc/yum.conf
echo "proxy_username=${proxy_username}" >> /etc/yum.conf
fi
if [ -n "${proxy_password}" ]; then
sed -i -e '/^proxy_password=/d' /etc/yum.conf
echo "proxy_password=${proxy_password}" >> /etc/yum.conf
fi
fi
case "${REG_METHOD:-}" in
portal)
retry subscription-manager register $opts
if [ -z "${REG_AUTO_ATTACH:-}" -a -z "${REG_ACTIVATION_KEY:-}" ]; then
retry subscription-manager attach $attach_opts
fi
retry subscription-manager repos --disable='*'
retry subscription-manager $repos
;;
satellite)
detect_satellite_version
if [ "$satellite_version" = "6" ]; then
repos="$repos --enable ${satellite_repo}"
curl --retry ${retry_max_count} --retry-delay 10 --max-time 30 -L -k -O "$REG_SAT_URL/pub/katello-ca-consumer-latest.noarch.rpm"
# https://bugs.launchpad.net/tripleo/+bug/1711435
# Delete the /etc/rhsm/facts directory entirely so that the
# %post script from katello-ca-consumer does not override the
# hostname with $(hostname -f) if there is no fqdn set
fqdn=$(hostname -f)
if [ "$fqdn" = "localhost" -o "$fqdn" = "localhost.localdomain" ]; then
rm -rf /etc/rhsm/facts
fi
rpm -Uvh katello-ca-consumer-latest.noarch.rpm || true
retry subscription-manager register $opts
retry subscription-manager $repos
retry yum install -y katello-agent || true # needed for errata reporting to satellite6
katello-package-upload
# https://bugs.launchpad.net/tripleo/+bug/1711435
# recreate the facts dir just in case we rm'd it earlier
mkdir -p /etc/rhsm/facts
else
pushd /usr/share/rhn/
curl --retry ${retry_max_count} --retry-delay 10 --max-time 30 -k -O $REG_SAT_URL/pub/RHN-ORG-TRUSTED-SSL-CERT
popd
retry rhnreg_ks --serverUrl=$REG_SAT_URL/XMLRPC $sat5_opts
fi
;;
disable)
echo "Disabling RHEL registration"
;;
*)
echo "WARNING: only 'portal', 'satellite', and 'disable' are valid values for REG_METHOD."
exit 0
esac
mkdir -p $(dirname $OK)
touch $OK
templates/rhel-registration/scripts/rhel-unregistration 0000644 0001750 0001750 00000001144 13245343354 023137 0 ustar stack stack #!/bin/bash
set -eux
set -o pipefail
case "${REG_METHOD:-}" in
portal|satellite)
# Allow unregistration to fail.
# We don't want to fail stack deletes if unregistration fails.
# Note that this will be a no-op on satellite 5, which doesn't support
# unregistering from the cli.
subscription-manager unregister || true
subscription-manager clean || true
;;
disable)
echo "Disabling RHEL unregistration"
;;
*)
echo "WARNING: only 'portal', 'satellite', and 'disable' are valid values for REG_METHOD."
exit 0
esac
templates/roles_data.yaml 0000644 0001750 0001750 00000027454 13245343354 015073 0 ustar stack stack ###############################################################################
# File generated by TripleO
###############################################################################
###############################################################################
# Role: Controller #
###############################################################################
- name: Controller
description: |
Controller role that has all the controler services loaded and handles
Database, Messaging and Network functions.
CountDefault: 1
tags:
- primary
- controller
networks:
- External
- InternalApi
- Storage
- StorageMgmt
- Tenant
HostnameFormatDefault: '%stackname%-controller-%index%'
# Deprecated & backward-compatible values (FIXME: Make parameters consistent)
# Set uses_deprecated_params to True if any deprecated params are used.
uses_deprecated_params: True
deprecated_param_extraconfig: 'controllerExtraConfig'
deprecated_param_flavor: 'OvercloudControlFlavor'
deprecated_param_image: 'controllerImage'
ServicesDefault:
- OS::TripleO::Services::AodhApi
- OS::TripleO::Services::AodhEvaluator
- OS::TripleO::Services::AodhListener
- OS::TripleO::Services::AodhNotifier
- OS::TripleO::Services::AuditD
- OS::TripleO::Services::BarbicanApi
- OS::TripleO::Services::CACerts
- OS::TripleO::Services::CeilometerAgentCentral
- OS::TripleO::Services::CeilometerAgentNotification
# FIXME: This service was disabled in Pike and this entry should be removed
# in Queens.
- OS::TripleO::Services::CeilometerApi
- OS::TripleO::Services::CeilometerCollector
- OS::TripleO::Services::CeilometerExpirer
- OS::TripleO::Services::CephExternal
- OS::TripleO::Services::CephMds
- OS::TripleO::Services::CephMon
- OS::TripleO::Services::CephRbdMirror
- OS::TripleO::Services::CephRgw
- OS::TripleO::Services::CertmongerUser
- OS::TripleO::Services::CinderApi
- OS::TripleO::Services::CinderBackendDellPs
- OS::TripleO::Services::CinderBackendDellSc
- OS::TripleO::Services::CinderBackendDellEMCUnity
- OS::TripleO::Services::CinderBackendDellEMCVMAXISCSI
- OS::TripleO::Services::CinderBackendNetApp
- OS::TripleO::Services::CinderBackendScaleIO
- OS::TripleO::Services::CinderBackendVRTSHyperScale
- OS::TripleO::Services::CinderBackup
- OS::TripleO::Services::CinderHPELeftHandISCSI
- OS::TripleO::Services::CinderScheduler
- OS::TripleO::Services::CinderVolume
- OS::TripleO::Services::Clustercheck
- OS::TripleO::Services::Collectd
- OS::TripleO::Services::Congress
- OS::TripleO::Services::Docker
- OS::TripleO::Services::Ec2Api
- OS::TripleO::Services::Etcd
- OS::TripleO::Services::ExternalSwiftProxy
- OS::TripleO::Services::FluentdClient
- OS::TripleO::Services::GlanceApi
- OS::TripleO::Services::GnocchiApi
- OS::TripleO::Services::GnocchiMetricd
- OS::TripleO::Services::GnocchiStatsd
- OS::TripleO::Services::HAproxy
- OS::TripleO::Services::HeatApi
- OS::TripleO::Services::HeatApiCfn
- OS::TripleO::Services::HeatApiCloudwatch
- OS::TripleO::Services::HeatEngine
- OS::TripleO::Services::Horizon
- OS::TripleO::Services::IronicApi
- OS::TripleO::Services::IronicConductor
- OS::TripleO::Services::IronicPxe
- OS::TripleO::Services::Iscsid
- OS::TripleO::Services::Keepalived
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Keystone
- OS::TripleO::Services::ManilaApi
- OS::TripleO::Services::ManilaBackendCephFs
- OS::TripleO::Services::ManilaBackendGeneric
- OS::TripleO::Services::ManilaBackendIsilon
- OS::TripleO::Services::ManilaBackendNetapp
- OS::TripleO::Services::ManilaBackendUnity
- OS::TripleO::Services::ManilaBackendVNX
- OS::TripleO::Services::ManilaBackendVMAX
- OS::TripleO::Services::ManilaScheduler
- OS::TripleO::Services::ManilaShare
- OS::TripleO::Services::Memcached
- OS::TripleO::Services::MongoDb
- OS::TripleO::Services::MySQL
- OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::NeutronApi
- OS::TripleO::Services::NeutronBgpVpnApi
- OS::TripleO::Services::NeutronCorePlugin
- OS::TripleO::Services::NeutronDhcpAgent
- OS::TripleO::Services::NeutronL2gwAgent
- OS::TripleO::Services::NeutronL2gwApi
- OS::TripleO::Services::NeutronL3Agent
- OS::TripleO::Services::NeutronLbaasv2Agent
- OS::TripleO::Services::NeutronLinuxbridgeAgent
- OS::TripleO::Services::NeutronMetadataAgent
- OS::TripleO::Services::NeutronML2FujitsuCfab
- OS::TripleO::Services::NeutronML2FujitsuFossw
- OS::TripleO::Services::NeutronOvsAgent
- OS::TripleO::Services::NeutronVppAgent
- OS::TripleO::Services::NovaApi
- OS::TripleO::Services::NovaConductor
- OS::TripleO::Services::NovaConsoleauth
- OS::TripleO::Services::NovaIronic
- OS::TripleO::Services::NovaMetadata
- OS::TripleO::Services::NovaPlacement
- OS::TripleO::Services::NovaScheduler
- OS::TripleO::Services::NovaVncProxy
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::ContainersLogrotateCrond
- OS::TripleO::Services::OctaviaApi
- OS::TripleO::Services::OctaviaHealthManager
- OS::TripleO::Services::OctaviaHousekeeping
- OS::TripleO::Services::OctaviaWorker
- OS::TripleO::Services::OpenDaylightApi
- OS::TripleO::Services::OpenDaylightOvs
- OS::TripleO::Services::OVNDBs
- OS::TripleO::Services::OVNController
- OS::TripleO::Services::Pacemaker
- OS::TripleO::Services::PankoApi
- OS::TripleO::Services::RabbitMQ
- OS::TripleO::Services::Redis
- OS::TripleO::Services::SaharaApi
- OS::TripleO::Services::SaharaEngine
- OS::TripleO::Services::Securetty
- OS::TripleO::Services::SensuClient
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::Sshd
- OS::TripleO::Services::SwiftProxy
- OS::TripleO::Services::SwiftRingBuilder
- OS::TripleO::Services::SwiftStorage
- OS::TripleO::Services::Tacker
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::Tuned
- OS::TripleO::Services::Vpp
- OS::TripleO::Services::Zaqar
###############################################################################
# Role: ComputeHCI #
###############################################################################
- name: ComputeHCI
description: |
Compute Node role hosting Ceph OSD too
networks:
- InternalApi
- Tenant
- Storage
- StorageMgmt
disable_upgrade_deployment: True
ServicesDefault:
- OS::TripleO::Services::AuditD
- OS::TripleO::Services::CACerts
- OS::TripleO::Services::CephClient
- OS::TripleO::Services::CephExternal
- OS::TripleO::Services::CephOSD
- OS::TripleO::Services::CertmongerUser
- OS::TripleO::Services::Collectd
- OS::TripleO::Services::ComputeCeilometerAgent
- OS::TripleO::Services::ComputeNeutronCorePlugin
- OS::TripleO::Services::ComputeNeutronL3Agent
- OS::TripleO::Services::ComputeNeutronMetadataAgent
- OS::TripleO::Services::ComputeNeutronOvsAgent
- OS::TripleO::Services::Docker
- OS::TripleO::Services::FluentdClient
- OS::TripleO::Services::Iscsid
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::NeutronLinuxbridgeAgent
- OS::TripleO::Services::NeutronSriovAgent
- OS::TripleO::Services::NeutronSriovHostConfig
- OS::TripleO::Services::NeutronVppAgent
- OS::TripleO::Services::NovaCompute
- OS::TripleO::Services::NovaLibvirt
- OS::TripleO::Services::NovaMigrationTarget
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::ContainersLogrotateCrond
- OS::TripleO::Services::OpenDaylightOvs
- OS::TripleO::Services::Securetty
- OS::TripleO::Services::SensuClient
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::Sshd
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::Tuned
- OS::TripleO::Services::Vpp
- OS::TripleO::Services::OVNController
###############################################################################
# Role: Compute #
###############################################################################
- name: Compute
description: |
Basic Compute Node role
CountDefault: 0
networks:
- InternalApi
- Tenant
- Storage
HostnameFormatDefault: '%stackname%-novacompute-%index%'
# Deprecated & backward-compatible values (FIXME: Make parameters consistent)
# Set uses_deprecated_params to True if any deprecated params are used.
uses_deprecated_params: True
deprecated_param_image: 'NovaImage'
deprecated_param_extraconfig: 'NovaComputeExtraConfig'
deprecated_param_metadata: 'NovaComputeServerMetadata'
deprecated_param_scheduler_hints: 'NovaComputeSchedulerHints'
deprecated_param_ips: 'NovaComputeIPs'
deprecated_server_resource_name: 'NovaCompute'
disable_upgrade_deployment: True
ServicesDefault:
- OS::TripleO::Services::AuditD
- OS::TripleO::Services::CACerts
- OS::TripleO::Services::CephClient
- OS::TripleO::Services::CephExternal
- OS::TripleO::Services::CertmongerUser
- OS::TripleO::Services::Collectd
- OS::TripleO::Services::ComputeCeilometerAgent
- OS::TripleO::Services::ComputeNeutronCorePlugin
- OS::TripleO::Services::ComputeNeutronL3Agent
- OS::TripleO::Services::ComputeNeutronMetadataAgent
- OS::TripleO::Services::ComputeNeutronOvsAgent
- OS::TripleO::Services::Docker
- OS::TripleO::Services::FluentdClient
- OS::TripleO::Services::Iscsid
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::NeutronLinuxbridgeAgent
- OS::TripleO::Services::NeutronSriovAgent
- OS::TripleO::Services::NeutronSriovHostConfig
- OS::TripleO::Services::NeutronVppAgent
- OS::TripleO::Services::NovaCompute
- OS::TripleO::Services::NovaLibvirt
- OS::TripleO::Services::NovaMigrationTarget
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::ContainersLogrotateCrond
- OS::TripleO::Services::OpenDaylightOvs
- OS::TripleO::Services::Securetty
- OS::TripleO::Services::SensuClient
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::Sshd
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::Tuned
- OS::TripleO::Services::Vpp
- OS::TripleO::Services::OVNController
###############################################################################
# Role: CephStorage #
###############################################################################
- name: CephStorage
description: |
Ceph OSD Storage node role
networks:
- Storage
- StorageMgmt
ServicesDefault:
- OS::TripleO::Services::AuditD
- OS::TripleO::Services::CACerts
- OS::TripleO::Services::CephOSD
- OS::TripleO::Services::CertmongerUser
- OS::TripleO::Services::Collectd
- OS::TripleO::Services::Docker
- OS::TripleO::Services::FluentdClient
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::ContainersLogrotateCrond
- OS::TripleO::Services::Securetty
- OS::TripleO::Services::SensuClient
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::Sshd
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::Tuned
templates/storage-config.yaml 0000644 0001750 0001750 00000001511 13245343354 015647 0 ustar stack stack parameter_defaults:
CinderEnableIscsiBackend: true
CinderEnableRbdBackend: true
CinderBackupBackend: ceph
CinderEnableNfsBackend: false
NovaEnableRbdBackend: true
GlanceBackend: rbd
GnocchiBackend: rbd
controllerExtraConfig:
horizon::can_set_password: true
cinder::config::cinder_config:
ceph_ssd/volume_driver:
value: cinder.volume.drivers.rbd.RBDDriver
ceph_ssd/rbd_ceph_conf:
value: /etc/ceph/ceph.conf
ceph_ssd/rbd_user:
value: openstack
ceph_ssd/rbd_pool:
value: volumes-ssd
ceph_ssd/backend_host:
value: hostgroup
ceph_ssd/volume_backend_name:
value: ceph_ssd
cinder_user_enabled_backends: ['ceph_ssd']
NovaComputeExtraConfig:
nova::compute::libvirt::libvirt_inject_password: true
templates/ports.yaml 0000644 0001750 0001750 00000001356 13245343354 014116 0 ustar stack stack resource_registry:
OS::TripleO::ComputeHCI::Ports::ExternalPort: /home/stack/openstack-tripleo-heat-templates/network/ports/external.yaml
OS::TripleO::ComputeHCI::Ports::InternalApiPort: /home/stack/openstack-tripleo-heat-templates/network/ports/internal_api.yaml
OS::TripleO::ComputeHCI::Ports::StoragePort: /home/stack/openstack-tripleo-heat-templates/network/ports/storage.yaml
OS::TripleO::ComputeHCI::Ports::TenantPort: /home/stack/openstack-tripleo-heat-templates/network/ports/tenant.yaml
OS::TripleO::ComputeHCI::Ports::StorageMgmtPort: /home/stack/openstack-tripleo-heat-templates/network/ports/storage_mgmt.yaml
OS::TripleO::Compute::Ports::ExternalPort: /home/stack/openstack-tripleo-heat-templates/network/ports/external.yaml
templates/ceph-config.yaml 0000644 0001750 0001750 00000000276 13245343354 015131 0 ustar stack stack parameter_defaults:
CephAnsibleDisksConfig:
osd_scenario: collocated
devices:
- /dev/sda
- /dev/sdb
- /dev/sdc
- /dev/sdd
- /dev/sde
- /dev/sdf
templates/ceph-config-per_node.yaml 0000644 0001750 0001750 00000003717 13245343354 016725 0 ustar stack stack resource_registry:
OS::TripleO::CephStorageExtraConfigPre: /usr/share/openstack-tripleo-heat-templates/puppet/extraconfig/pre_deploy/per_node.yaml
parameter_defaults:
NodeDataLookup: >
{
"66cdd2e0-200a-46dd-a5b7-fd4671541719": {
"dedicated_devices": [
"/dev/sdk",
"/dev/sdk",
"/dev/sdk",
"/dev/sdl",
"/dev/sdl",
"/dev/sdl",
"/dev/sdm",
"/dev/sdm",
"/dev/sdm"
],
"devices": [
"/dev/sdb",
"/dev/sdc",
"/dev/sdd",
"/dev/sde",
"/dev/sdf",
"/dev/sdg",
"/dev/sdh",
"/dev/sdi",
"/dev/sdj"
],
"osd_scenario": "non-collocated"
},
"8ce0e9f1-1140-4d5d-9a51-197698cee686": {
"dedicated_devices": [
"/dev/sdk",
"/dev/sdk",
"/dev/sdk",
"/dev/sdl",
"/dev/sdl",
"/dev/sdl",
"/dev/sdm",
"/dev/sdm",
"/dev/sdm"
],
"devices": [
"/dev/sdb",
"/dev/sdc",
"/dev/sdd",
"/dev/sde",
"/dev/sdf",
"/dev/sdg",
"/dev/sdh",
"/dev/sdi",
"/dev/sdj"
],
"osd_scenario": "non-collocated"
},
"75ebe855-40d4-4379-9507-52aaff0ee2f2": {
"dedicated_devices": [
"/dev/sdk",
"/dev/sdk",
"/dev/sdk",
"/dev/sdl",
"/dev/sdl",
"/dev/sdl",
"/dev/sdm",
"/dev/sdm",
"/dev/sdm"
],
"devices": [
"/dev/sdb",
"/dev/sdc",
"/dev/sdd",
"/dev/sde",
"/dev/sdf",
"/dev/sdg",
"/dev/sdh",
"/dev/sdi",
"/dev/sdj"
],
"osd_scenario": "non-collocated"
}
}
templates/fencing.yaml 0000644 0001750 0001750 00000004502 13245343354 014354 0 ustar stack stack parameter_defaults:
EnableFencing: true
FencingConfig:
devices:
- agent: fence_idrac
host_mac: 90:b1:1c:1c:3f:5b
params:
ipaddr: 192.168.24.201
lanplus: true
login: root
passwd: aW!gzXgRjEHx99
pcmk_host_list: overcloud-controller-2
privlvl: administrator
- agent: fence_idrac
host_mac: 24:b6:fd:f9:80:44
params:
ipaddr: 192.168.24.202
lanplus: true
login: root
passwd: aW!gzXgRjEHx99
pcmk_host_list: overcloud-controller-0
privlvl: administrator
- agent: fence_idrac
host_mac: 24:b6:fd:f9:72:3c
params:
ipaddr: 192.168.24.203
lanplus: true
login: root
passwd: aW!gzXgRjEHx99
pcmk_host_list: overcloud-controller-1
privlvl: administrator
- agent: fence_idrac
host_mac: 14:18:77:34:b3:00
params:
ipaddr: 192.168.24.204
lanplus: true
login: root
passwd: aW!gzXgRjEHx99
pcmk_host_list: overcloud-computehci-2
privlvl: administrator
- agent: fence_idrac
host_mac: 18:66:da:ef:d2:04
params:
ipaddr: 192.168.24.205
lanplus: true
login: root
passwd: aW!gzXgRjEHx99
pcmk_host_list: overcloud-computehci-0
privlvl: administrator
- agent: fence_idrac
host_mac: 18:66:da:ef:cf:4c
params:
ipaddr: 192.168.24.206
lanplus: true
login: root
passwd: aW!gzXgRjEHx99
pcmk_host_list: overcloud-computehci-1
privlvl: administrator
- agent: fence_idrac
host_mac: 78:2b:cb:27:ba:13
params:
ipaddr: 192.168.24.207
lanplus: true
login: root
passwd: aW!gzXgRjEHx99
pcmk_host_list: overcloud-cephstorage-2
privlvl: administrator
- agent: fence_idrac
host_mac: 84:2b:2b:55:4e:62
params:
ipaddr: 192.168.24.208
lanplus: true
login: root
passwd: aW!gzXgRjEHx99
pcmk_host_list: overcloud-cephstorage-0
privlvl: administrator
- agent: fence_idrac
host_mac: 78:2b:cb:76:41:e6
params:
ipaddr: 192.168.24.209
lanplus: true
login: root
passwd: aW!gzXgRjEHx99
pcmk_host_list: overcloud-cephstorage-1
privlvl: administrator
templates/overcloud_images.yaml 0000644 0001750 0001750 00000014750 13245561137 016301 0 ustar stack stack # Generated with the following on 2018-02-28T14:09:51.956556
#
# openstack overcloud container image prepare --namespace=registry.access.redhat.com/rhosp12 --prefix=openstack- --tag 12.0-20180124.1 --set ceph_namespace=registry.access.redhat.com/rhceph --set ceph_image=rhceph-2-rhel7 --set ceph_tag=latest --env-file=/home/stack/templates/overcloud_images.yaml -e /usr/share/openstack-tripleo-heat-templates/environments/services/octavia.yaml -e /usr/share/openstack-tripleo-heat-templates/environments/ceph-ansible/ceph-ansible.yaml -e /usr/share/openstack-tripleo-heat-templates/environments/ceph-ansible/ceph-rgw.yaml
#
parameter_defaults:
DockerAodhApiImage: registry.access.redhat.com/rhosp12/openstack-aodh-api:12.0-20180124.1
DockerAodhConfigImage: registry.access.redhat.com/rhosp12/openstack-aodh-api:12.0-20180124.1
DockerAodhEvaluatorImage: registry.access.redhat.com/rhosp12/openstack-aodh-evaluator:12.0-20180124.1
DockerAodhListenerImage: registry.access.redhat.com/rhosp12/openstack-aodh-listener:12.0-20180124.1
DockerAodhNotifierImage: registry.access.redhat.com/rhosp12/openstack-aodh-notifier:12.0-20180124.1
DockerCeilometerCentralImage: registry.access.redhat.com/rhosp12/openstack-ceilometer-central:12.0-20180124.1
DockerCeilometerComputeImage: registry.access.redhat.com/rhosp12/openstack-ceilometer-compute:12.0-20180124.1
DockerCeilometerConfigImage: registry.access.redhat.com/rhosp12/openstack-ceilometer-central:12.0-20180124.1
DockerCeilometerNotificationImage: registry.access.redhat.com/rhosp12/openstack-ceilometer-notification:12.0-20180124.1
DockerCephDaemonImage: registry.access.redhat.com/rhceph/rhceph-2-rhel7:latest
DockerClustercheckConfigImage: registry.access.redhat.com/rhosp12/openstack-mariadb:12.0-20180124.1
DockerClustercheckImage: registry.access.redhat.com/rhosp12/openstack-mariadb:12.0-20180124.1
DockerCrondConfigImage: registry.access.redhat.com/rhosp12/openstack-cron:12.0-20180124.1
DockerCrondImage: registry.access.redhat.com/rhosp12/openstack-cron:12.0-20180124.1
DockerGlanceApiConfigImage: registry.access.redhat.com/rhosp12/openstack-glance-api:12.0-20180124.1
DockerGlanceApiImage: registry.access.redhat.com/rhosp12/openstack-glance-api:12.0-20180124.1
DockerGnocchiApiImage: registry.access.redhat.com/rhosp12/openstack-gnocchi-api:12.0-20180124.1
DockerGnocchiConfigImage: registry.access.redhat.com/rhosp12/openstack-gnocchi-api:12.0-20180124.1
DockerGnocchiMetricdImage: registry.access.redhat.com/rhosp12/openstack-gnocchi-metricd:12.0-20180124.1
DockerGnocchiStatsdImage: registry.access.redhat.com/rhosp12/openstack-gnocchi-statsd:12.0-20180124.1
DockerHAProxyConfigImage: registry.access.redhat.com/rhosp12/openstack-haproxy:12.0-20180124.1
DockerHAProxyImage: registry.access.redhat.com/rhosp12/openstack-haproxy:12.0-20180124.1
DockerHeatApiCfnConfigImage: registry.access.redhat.com/rhosp12/openstack-heat-api-cfn:12.0-20180124.1
DockerHeatApiCfnImage: registry.access.redhat.com/rhosp12/openstack-heat-api-cfn:12.0-20180124.1
DockerHeatApiConfigImage: registry.access.redhat.com/rhosp12/openstack-heat-api:12.0-20180124.1
DockerHeatApiImage: registry.access.redhat.com/rhosp12/openstack-heat-api:12.0-20180124.1
DockerHeatConfigImage: registry.access.redhat.com/rhosp12/openstack-heat-api:12.0-20180124.1
DockerHeatEngineImage: registry.access.redhat.com/rhosp12/openstack-heat-engine:12.0-20180124.1
DockerHorizonConfigImage: registry.access.redhat.com/rhosp12/openstack-horizon:12.0-20180124.1
DockerHorizonImage: registry.access.redhat.com/rhosp12/openstack-horizon:12.0-20180124.1
DockerKeystoneConfigImage: registry.access.redhat.com/rhosp12/openstack-keystone:12.0-20180124.1
DockerKeystoneImage: registry.access.redhat.com/rhosp12/openstack-keystone:12.0-20180124.1
DockerMemcachedConfigImage: registry.access.redhat.com/rhosp12/openstack-memcached:12.0-20180124.1
DockerMemcachedImage: registry.access.redhat.com/rhosp12/openstack-memcached:12.0-20180124.1
DockerMysqlClientConfigImage: registry.access.redhat.com/rhosp12/openstack-mariadb:12.0-20180124.1
DockerMysqlConfigImage: registry.access.redhat.com/rhosp12/openstack-mariadb:12.0-20180124.1
DockerMysqlImage: registry.access.redhat.com/rhosp12/openstack-mariadb:12.0-20180124.1
DockerNovaApiImage: registry.access.redhat.com/rhosp12/openstack-nova-api:12.0-20180124.1
DockerNovaComputeImage: registry.access.redhat.com/rhosp12/openstack-nova-compute:12.0-20180124.1
DockerNovaConductorImage: registry.access.redhat.com/rhosp12/openstack-nova-conductor:12.0-20180124.1
DockerNovaConfigImage: registry.access.redhat.com/rhosp12/openstack-nova-api:12.0-20180124.1
DockerNovaConsoleauthImage: registry.access.redhat.com/rhosp12/openstack-nova-consoleauth:12.0-20180124.1
DockerNovaLibvirtConfigImage: registry.access.redhat.com/rhosp12/openstack-nova-compute:12.0-20180124.1
DockerNovaLibvirtImage: registry.access.redhat.com/rhosp12/openstack-nova-libvirt:12.0-20180124.1
DockerNovaMetadataImage: registry.access.redhat.com/rhosp12/openstack-nova-api:12.0-20180124.1
DockerNovaPlacementConfigImage: registry.access.redhat.com/rhosp12/openstack-nova-placement-api:12.0-20180124.1
DockerNovaPlacementImage: registry.access.redhat.com/rhosp12/openstack-nova-placement-api:12.0-20180124.1
DockerNovaSchedulerImage: registry.access.redhat.com/rhosp12/openstack-nova-scheduler:12.0-20180124.1
DockerNovaVncProxyImage: registry.access.redhat.com/rhosp12/openstack-nova-novncproxy:12.0-20180124.1
DockerOctaviaApiImage: registry.access.redhat.com/rhosp12/openstack-octavia-api:12.0-20180124.1
DockerOctaviaConfigImage: registry.access.redhat.com/rhosp12/openstack-octavia-api:12.0-20180124.1
DockerOctaviaHealthManagerImage: registry.access.redhat.com/rhosp12/openstack-octavia-health-manager:12.0-20180124.1
DockerOctaviaHousekeepingImage: registry.access.redhat.com/rhosp12/openstack-octavia-housekeeping:12.0-20180124.1
DockerOctaviaWorkerImage: registry.access.redhat.com/rhosp12/openstack-octavia-worker:12.0-20180124.1
DockerPankoApiImage: registry.access.redhat.com/rhosp12/openstack-panko-api:12.0-20180124.1
DockerPankoConfigImage: registry.access.redhat.com/rhosp12/openstack-panko-api:12.0-20180124.1
DockerRabbitmqConfigImage: registry.access.redhat.com/rhosp12/openstack-rabbitmq:12.0-20180124.1
DockerRabbitmqImage: registry.access.redhat.com/rhosp12/openstack-rabbitmq:12.0-20180124.1
DockerRedisConfigImage: registry.access.redhat.com/rhosp12/openstack-redis:12.0-20180124.1
DockerRedisImage: registry.access.redhat.com/rhosp12/openstack-redis:12.0-20180124.1
templates/post_config.yaml 0000644 0001750 0001750 00000000143 13245343354 015252 0 ustar stack stack resource_registry:
OS::TripleO::NodeExtraConfigPost: /home/stack/templates/horizon_password.yaml
templates/horizon_password.yaml 0000644 0001750 0001750 00000001523 13251526345 016355 0 ustar stack stack heat_template_version: 2014-10-16
description: >
Extra password thing
parameters:
servers:
type: json
DeployIdentifier:
type: string
resources:
CustomExtraConfig:
type: OS::Heat::SoftwareConfig
properties:
group: script
config:
str_replace:
template: |
#!/bin/bash
hfile="/var/lib/config-data/puppet-generated/horizon/etc/openstack-dashboard/local_settings"
[ -f $hfile ] && sed -i 's/^\#\(OPENSTACK_ENABLE_PASSWORD_RETRIEVE\ \= \).*/\1True/' $hfile || echo "file not there"
CustomExtraDeployments:
type: OS::Heat::SoftwareDeploymentGroup
properties:
servers: {get_param: servers}
config: {get_resource: CustomExtraConfig}
actions: ['CREATE','UPDATE']
input_values:
deploy_identifier: {get_param: DeployIdentifier}
templates/remove_manila.yaml 0000664 0001750 0001750 00000000362 13245566713 015571 0 ustar stack stack resource_registry:
OS::TripleO::Services::ManilaApi: OS::Heat::None
OS::TripleO::Services::ManilaScheduler: OS::Heat::None
OS::TripleO::Services::ManilaShare: OS::Heat::None
OS::TripleO::Services::ManilaBackendGeneric: OS::Heat::None
openstack-tripleo-heat-templates/ 0000755 0001750 0001750 00000000000 13245343355 016437 5 ustar stack stack openstack-tripleo-heat-templates/all-nodes-validation.yaml 0000644 0001750 0001750 00000002323 13245343354 023330 0 ustar stack stack heat_template_version: pike
description: >
Software Config to drive validations that occur on all nodes.
Note, you need the heat-config-script element built into your
images, due to the script group below.
parameters:
PingTestIps:
default: ''
description: A string containing a space separated list of IP addresses used to ping test each available network interface.
type: string
ValidateFqdn:
default: false
description: Optional validation to ensure FQDN as set by Nova matches the name set in /etc/hosts.
type: boolean
ValidateNtp:
default: true
description: Validation to ensure at least one time source is accessible.
type: boolean
resources:
AllNodesValidationsImpl:
type: OS::Heat::SoftwareConfig
properties:
group: script
inputs:
- name: ping_test_ips
default: {get_param: PingTestIps}
- name: validate_fqdn
default: {get_param: ValidateFqdn}
- name: validate_ntp
default: {get_param: ValidateNtp}
config: {get_file: ./validation-scripts/all-nodes.sh}
outputs:
OS::stack_id:
description: The ID of the AllNodesValidationsImpl resource.
value: {get_resource: AllNodesValidationsImpl}
openstack-tripleo-heat-templates/bootstrap-config.yaml 0000644 0001750 0001750 00000001101 13245343354 022573 0 ustar stack stack heat_template_version: pike
description: 'Bootstrap Config'
parameters:
bootstrap_nodeid:
type: string
bootstrap_nodeid_ip:
type: string
resources:
BootstrapNodeConfigImpl:
type: OS::Heat::StructuredConfig
properties:
group: os-apply-config
config:
bootstrap_host:
bootstrap_nodeid: {get_param: bootstrap_nodeid}
bootstrap_nodeid_ip: {get_param: bootstrap_nodeid_ip}
outputs:
config_id:
description: The ID of the BootstrapNodeConfigImpl resource.
value:
{get_resource: BootstrapNodeConfigImpl}
openstack-tripleo-heat-templates/capabilities-map.yaml 0000644 0001750 0001750 00000065434 13245343354 022542 0 ustar stack stack # This file holds metadata about the capabilities of the tripleo-heat-templates
# repository for deployment using puppet. It groups configuration by topic,
# describes possible combinations of environments and resource capabilities.
# topics:
# High Level grouping by purpose of environments
# Attributes:
# title: (required)
# description: (optional)
# environment_groups: (required)
# environment_groups:
# Identifies a group of environments.
# Attributes:
# title: (optional)
# description: (optional)
# tags: a list of tags to provide additional information for e.g. filtering (optional)
# environments: (required)
# mutually_exclusive: (optional) boolean to identify that environments in group are mutually exclusive
# environments:
# List of environments in environment group
# Attributes:
# file: a file name including path within repository (required)
# title: (required)
# description: (optional)
# requires: an array of environments which are required by this environment (optional)
topics:
- title: General Deployment Options
description:
environment_groups:
- name: general-deployment-options
title:
description: Enables base configuration for all resources required for OpenStack Deployment
environments:
- file: overcloud-resource-registry-puppet.yaml
title: Base resources configuration
description:
- title: Containerized Deployment
description: >
Configures Deployment to use containerized services
environments:
- file: environments/docker.yaml
title: Containerized Deployment
description:
requires:
- overcloud-resource-registry-puppet.yaml
- title: High Availability
description: Enables configuration of an Overcloud Controller with Pacemaker
environments:
- file: environments/puppet-pacemaker.yaml
title: High Availability (Pacemaker)
description:
requires:
- overcloud-resource-registry-puppet.yaml
- title: Network Configuration
description:
environment_groups:
- title: Network Isolation
description:
environments:
- file: environments/network-isolation.yaml
title: Network Isolation
description: >
Enable the creation of Neutron networks for
isolated Overcloud traffic and configure each role to assign ports
(related to that role) on these networks.
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/network-isolation-v6.yaml
title: Network Isolation IPv6
description: >
Enable the creation of IPv6 Neutron networks for isolated Overcloud
traffic and configure each role to assign ports (related
to that role) on these networks.
requires:
- overcloud-resource-registry-puppet.yaml
mutually_exclusive: true
- title: NICs, Bonding, VLANs Configuration
description: >
Choose one of the pre-defined configurations or provide custom
network-environment.yaml instead. Note that pre-defined configuration work
only with standard Roles and Networks. These options assume use of Network Isolation.
environments:
- file: environments/net-bond-with-vlans.yaml
title: Bond with Vlans
description: >
Configure each role to use a pair of bonded nics (nic2 and
nic3) and configures an IP address on each relevant isolated network
for each role. This option assumes use of Network Isolation.
requires:
- environments/network-isolation.yaml
- file: environments/net-bond-with-vlans-no-external.yaml
title: Bond with Vlans No External Ports
description: >
Configure each role to use a pair of bonded nics (nic2 and
nic3) and configures an IP address on each relevant isolated network
for each role. This option assumes use of Network Isolation.
Sets external ports to noop.
requires:
- environments/network-isolation.yaml
- file: environments/net-bond-with-vlans-v6.yaml
title: Bond with Vlans IPv6
description: >
Configure each role to use a pair of bonded nics (nic2 and
nic3) and configures an IP address on each relevant isolated network
for each role, with IPv6 on the External network.
This option assumes use of Network Isolation IPv6.
requires:
- environments/network-isolation-v6.yaml
- file: environments/net-multiple-nics.yaml
title: Multiple NICs
description: >
Configures each role to use a separate NIC for
each isolated network.
This option assumes use of Network Isolation.
requires:
- environments/network-isolation.yaml
- file: environments/net-multiple-nics-v6.yaml
title: Multiple NICs IPv6
description: >
Configure each role to use a separate NIC for
each isolated network with IPv6 on the External network.
This option assumes use of Network Isolation IPv6.
requires:
- environments/network-isolation-v6.yaml
- file: environments/net-single-nic-with-vlans.yaml
title: Single NIC with Vlans
description: >
Configure each role to use Vlans on a single NIC for
each isolated network. This option assumes use of Network Isolation.
requires:
- environments/network-isolation.yaml
- file: environments/net-single-nic-with-vlans-no-external.yaml
title: Single NIC with Vlans No External Ports
description: >
Configure each role to use Vlans on a single NIC for
each isolated network. This option assumes use of Network Isolation.
Sets external ports to noop.
requires:
- environments/network-isolation.yaml
- file: environments/net-single-nic-linux-bridge-with-vlans.yaml
title: Single NIC with Linux Bridge Vlans
description: >
Configure each role to use Vlans on a single NIC for
each isolated network. This option assumes use of Network Isolation.
requires:
- environments/network-isolation.yaml
- file: environments/net-single-nic-with-vlans-v6.yaml
title: Single NIC with Vlans IPv6
description: >
Configures each role to use Vlans on a single NIC for
each isolated network with IPv6 on the External network.
This option assumes use of Network Isolation IPv6
requires:
- environments/network-isolation-v6.yaml
mutually_exclusive: true
- title: Management Network
description: >
Enable the creation of a system management network. This
creates a Neutron network for isolated Overcloud
system management traffic and configures each role to
assign a port (related to that role) on that network.
environments:
- file: environments/network-management.yaml
title: Management Network
description:
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/network-management-v6.yaml
title: Management Network IPv6
description:
requires:
- overcloud-resource-registry-puppet.yaml
mutually_exclusive: true
- title: Docker Network
description: >
[Temporary] Use this option when deploying containerized deployment
without network isolation
environments:
- file: environments/docker-network.yaml
title: Docker network
description:
requires:
- environments/docker.yaml
- title: External load balancer
description: >
Enable external load balancer, requires network Isolation to be enabled.
Note that this option assumes standard isolated networks set.
environments:
- file: environments/external-loadbalancer-vip.yaml
title: External load balancer IPv4
description: >
requires:
- environments/network-isolation.yaml
- file: environments/external-loadbalancer-vip-v6.yaml
title: External load balancer IPv6
description: >
requires:
- environments/network-isolation-v6.yaml
mutually_exclusive: true
- title: Neutron Plugin Configuration
description:
environment_groups:
- title: Neutron Plugins
description: >
Enable various Neutron plugins and backends
environments:
- file: environments/neutron-bgpvpn.yaml
title: Neutron BGPVPN Service Plugin
description: Enables Neutron BGPVPN Service Plugin
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/services/neutron-lbaasv2.yaml
title: Neutron LBaaSv2 Service Plugin
description: Enables Neutron LBaaSv2 Service Plugin and Agent
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/neutron-ml2-bigswitch.yaml
title: BigSwitch Extensions
description: >
Enable Big Switch extensions, configured via puppet
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/neutron-ml2-cisco-n1kv.yaml
title: Cisco N1KV backend
description: >
Enable a Cisco N1KV backend, configured via puppet
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/neutron-ml2-cisco-nexus-ucsm.yaml
title: Cisco Neutron plugin
description:
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/networking/neutron-midonet.yaml
title: Neutron MidoNet Services
description:
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/neutron-nuage-config.yaml
title: Neutron Nuage backend
description: Enables Neutron Nuage backend on the controller
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/neutron-opendaylight.yaml
title: OpenDaylight
description: Enables OpenDaylight
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/neutron-ovs-dpdk.yaml
title: DPDK with OVS
description: Deploy DPDK with OVS
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/neutron-ovs-dvr.yaml
title: DVR
description: Enables DVR in the Overcloud
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/neutron-plumgrid.yaml
title: PLUMgrid extensions
description: Enables PLUMgrid extensions
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/neutron-ml2-fujitsu-cfab.yaml
title: Fujitsu Neutron plugin for C-Fabric
description: Enable C-Fabric in the overcloud
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/neutron-ml2-fujitsu-fossw.yaml
title: Fujitsu Neutron plugin for FOS
description: Enable FOS in the overcloud
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/neutron-nsx.yaml
title: Deploy NSX Services
description:
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/neutron-l2gw.yaml
title: Neutron L2 gateway Service Plugin
description: Enables Neutron L2 gateway Service Plugin and Agent
requires:
- overcloud-resource-registry-puppet.yaml
- title: Storage
description:
environment_groups:
- title: Cinder backends
description: >
Enable various Cinder backends
environments:
- file: environments/cinder-pure-config.yaml
title: Cinder Pure Storage FlashArray backend
description:
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/storage/cinder-netapp-config.yaml
title: Cinder NetApp backend
description:
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/cinder-dellsc-config.yaml
title: Cinder Dell EMC Storage Center ISCSI backend
description: >
Enables a Cinder Dell EMC Storage Center ISCSI backend
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/cinder-dellemc-unity-config.yaml
title: Cinder Dell EMC Unity backend
description: >
Enables a Cinder Dell EMC Unity backend,
- file: environments/cinder-dellemc-vmax-iscsi-config.yaml
title: Cinder Dell EMC VMAX ISCSI backend
description: >
Enables a Cinder Dell EMC VMAX ISCSI backend,
configured via puppet
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/cinder-hpelefthand-config.yaml
title: Cinder HPELeftHandISCSI backend
description: >
Enables a Cinder HPELeftHandISCSI backend
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/cinder-dellps-config.yaml
title: Cinder Dell EMC PS Series backend
description: >
Enables a Cinder Dell EMC PS Series backend
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/cinder-iser.yaml
title: Cinder iSER backend
description: >
Enable a Cinder iSER RDMA backend, configured via puppet
- file: environments/cinder-scaleio-config.yaml
title: Cinder Dell EMC ScaleIO backend
description: >
Enables a Cinder Dell EMC ScaleIO backend
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/cinder-veritas-hyperscale-config.yaml
title: Cinder Veritas HyperScale backend
description: >
Enables a Cinder Veritas HyperScale backend,
configured via puppet
requires:
- overcloud-resource-registry-puppet.yaml
- title: Cinder backup service
description:
environments:
- file: environments/cinder-backup.yaml
title: Cinder backup service
description: >
OpenStack Cinder Backup service with Pacemaker
requires:
- environments/puppet-pacemaker.yaml
- overcloud-resource-registry-puppet.yaml
- title: Ceph
description: >
Enable the use of Ceph in the overcloud
environments:
- file: environments/puppet-ceph.yaml
title: Ceph Storage Backend
description: >
Deploys a Ceph cluster via TripleO, requires at lease one CephStorage node or
use of hyperconverged-ceph.yaml environment for the HCI scenario, where CephOSD is
colocated with NovaCompute and configures the overcloud to use it, via RBD driver.
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/storage/external-ceph.yaml
title: Externally managed Ceph
description: >
Configures the overcloud to use an externally managed Ceph cluster, via RBD driver.
requires:
- overcloud-resource-registry-puppet.yaml
mutually_exclusive: true
- title: Additional Ceph Options
description:
environments:
- file: environments/services/ceph-mds.yaml
title: Deploys CephMDS
description: >
Deploys CephMDS via TripleO, an additional Ceph service needed to create shared
filesystems hosted in Ceph.
requires:
- environments/puppet-ceph.yaml
- file: environments/ceph-radosgw.yaml
title: Ceph Rados Gateway
description: >
Deploys CephRGW via TripleO, transparently replaces Swift providing a compatible API
which stores data in the Ceph cluster.
requires:
- environments/puppet-ceph.yaml
- file: environments/manila-cephfsnative-config.yaml
title: Manila with CephFS
description: >
Deploys Manila and configures it with the CephFS driver. This requires the deployment of
Ceph and CephMDS from TripleO or the use of an external Ceph cluster for the overcloud.
requires:
- overcloud-resource-registry-puppet.yaml
- title: Manila with Unity
description: >
Deploys Manila and configures it with the Unity driver.
environments:
- file: environments/manila-unity-config.yaml
title: Deploys Manila with Unity driver
description: Deploys Manila and configures Unity as its default backend.
- title: Manila with VNX
description: >
Deploys Manila and configures it with the VNX driver.
environments:
- file: environments/manila-vnx-config.yaml
title: Deploys Manila with VNX driver
description: Deploys Manila and configures VNX as its default backend.
- title: Manila with VMAX
description: >
Deploys Manila and configures it with the VMAX driver.
environments:
- file: environments/manila-vmax-config.yaml
title: Deploys Manila with VMAX driver
description: Deploys Manila and configures VMAX as its default backend.
- title: Manila with Isilon
description: >
Deploys Manila and configures it with the Isilon driver.
environments:
- file: environments/manila-isilon-config.yaml
title: Deploys Manila with Isilon driver
description: Deploys Manila and configures Isilon as its default backend.
requires:
- overcloud-resource-registry-puppet.yaml
- title: Glance backends
description:
environments:
- file: environments/storage/glance-nfs.yaml
title: Glance NFS Backend
description: |
Configure and enable this option to enable the use of an NFS
share as the backend for Glance.
requires:
- overcloud-resource-registry-puppet.yaml
- title: Security
description: Security Hardening Options
environment_groups:
- title: TLS
description:
environments:
- file: environments/ssl/enable-tls.yaml
title: SSL on OpenStack Public Endpoints
description: >
Use this option to pass in certificates for SSL deployments.
For these values to take effect, one of the TLS endpoints
options must also be used.
requires:
- overcloud-resource-registry-puppet.yaml
- title: TLS Endpoints
description:
environments:
- file: environments/ssl/tls-endpoints-public-dns.yaml
title: SSL-enabled deployment with DNS name as public endpoint
description: >
Use this option when deploying an SSL-enabled overcloud where the public
endpoint is a DNS name.
requires:
- environments/ssl/enable-tls.yaml
- file: environments/ssl/tls-everywhere-endpoints-dns.yaml
title: Deploy All SSL Endpoints as DNS names
description: >
Use this option when deploying an overcloud where all the endpoints are
DNS names and there's TLS in all endpoint types.
requires:
- environments/ssl/enable-tls.yaml
- file: environments/ssl/tls-endpoints-public-ip.yaml
title: SSL-enabled deployment with IP address as public endpoint
description: >
Use this option when deploying an SSL-enabled overcloud where the public
endpoint is an IP address.
requires:
- environments/ssl/enable-tls.yaml
mutually_exclusive: true
- title: SSH Banner Text
description: Enables population of SSH Banner Text
environments:
- file: environments/sshd-banner.yaml
title: SSH Banner Text
description:
requires:
- overcloud-resource-registry-puppet.yaml
- title: Horizon Password Validation
description: Enable Horizon Password validation
environments:
- file: environments/horizon_password_validation.yaml
title: Horizon Password Validation
description:
requires:
- overcloud-resource-registry-puppet.yaml
- title: AuditD Rules
description: Management of AuditD rules
environments:
- file: environments/auditd.yaml
title: AuditD Rule Management
description:
requires:
- overcloud-resource-registry-puppet.yaml
- title: Keystone CADF auditing
description: Enable CADF notifications in Keystone for auditing
environments:
- file: environments/cadf.yaml
title: Keystone CADF auditing
- title: SecureTTY Values
description: Set values within /etc/securetty
environments:
- file: environments/securetty.yaml
title: SecureTTY Values
- title: Additional Services
description:
environment_groups:
- title:
description: Deploy additional services
environments:
- file: environments/services/manila-generic-config.yaml
title: Barbican
description: Enable Barbican with the default secret store backend
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/manila-generic-config.yaml
title: Manila
description: Enable Manila with generic driver backend
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/services/sahara.yaml
title: Sahara
description: Deploy Sahara service
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/services/ironic.yaml
title: Ironic
description: Deploy Ironic service
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/services/mistral.yaml
title: Mistral
description: Deploy Mistral service
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/services/ec2-api.yaml
title: EC2 API
description: Enable EC2-API service
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/services/zaqar.yaml
title: Zaqar
description: Deploy Zaqar service
requires:
- overcloud-resource-registry-puppet.yaml
- title: Nova Extensions
description:
environment_groups:
- title: Nova Extensions
description:
environments:
- file: environments/nova-nuage-config.yaml
title: Nuage backend
description: >
Enables Nuage backend on the Compute
requires:
- overcloud-resource-registry-puppet.yaml
- title: Operational Tools
description:
environment_groups:
- title: Monitoring agents
description: Enable monitoring agents
environments:
- file: environments/monitoring-environment.yaml
title: Monitoring agents
description:
requires:
- overcloud-resource-registry-puppet.yaml
- title: Centralized logging support
description: Enable centralized logging clients (fluentd)
environments:
- file: environments/logging-environment.yaml
title: fluentd client
description:
requires:
- overcloud-resource-registry-puppet.yaml
- title: Performance monitoring
description: Enable performance monitoring agents
environments:
- file: environments/collectd-environment.yaml
title: Performance monitoring agents
description:
requires:
- overcloud-resource-registry-puppet.yaml
- title: Utilities
description:
environment_groups:
- title: Config Debug
description: Enable config management (e.g. Puppet) debugging
environments:
- file: environments/config-debug.yaml
title: Config Debug
description:
requires:
- overcloud-resource-registry-puppet.yaml
- title: Disable journal in MongoDb
description: >
Since, when journaling is enabled, MongoDb will create big journal
file it can take time. In a CI environment for example journaling is
not necessary.
environments:
- file: environments/mongodb-nojournal.yaml
title: Disable journal in MongoDb
description:
requires:
- overcloud-resource-registry-puppet.yaml
- title: Overcloud Steps
description: >
Specifies hooks/breakpoints where overcloud deployment should stop
Allows operator validation between steps, and/or more granular control.
Note: the wildcards relate to naming convention for some resource suffixes,
e.g see puppet/*-post.yaml, enabling this will mean we wait for
a user signal on every *Deployment_StepN resource defined in those files.
tags:
- no-gui
environments:
- file: environments/overcloud-steps.yaml
title: Overcloud Steps
description:
requires:
- overcloud-resource-registry-puppet.yaml
openstack-tripleo-heat-templates/ci/ 0000755 0001750 0001750 00000000000 13245343354 017031 5 ustar stack stack openstack-tripleo-heat-templates/ci/README.rst 0000644 0001750 0001750 00000000562 13245343354 020523 0 ustar stack stack =======================
TripleO CI environments
=======================
TripleO CI environments are exclusively used for Continuous Integration
purpose or for development usage.
They should not be used in production and we don't guarantee they work outside
TripleO CI.
For more informations about TripleO CI, please look:
https://github.com/openstack-infra/tripleo-ci
openstack-tripleo-heat-templates/ci/common/ 0000755 0001750 0001750 00000000000 13245343354 020321 5 ustar stack stack openstack-tripleo-heat-templates/ci/common/all-nodes-validation-disabled.yaml 0000644 0001750 0001750 00000002433 13245343354 026762 0 ustar stack stack heat_template_version: pike
description: >
Software Config to drive validations that occur on all nodes.
Note, you need the heat-config-script element built into your
images, due to the script group below.
This implementation of the validations is a noop that always reports success.
parameters:
PingTestIps:
default: ''
description: A string containing a space separated list of IP addresses used to ping test each available network interface.
type: string
ValidateFqdn:
default: false
description: Optional validation to ensure FQDN as set by Nova matches the name set in /etc/hosts.
type: boolean
ValidateNtp:
default: true
description: Validation to ensure at least one time source is accessible.
type: boolean
resources:
AllNodesValidationsImpl:
type: OS::Heat::SoftwareConfig
properties:
group: script
inputs:
- name: ping_test_ips
default: {get_param: PingTestIps}
- name: validate_fqdn
default: {get_param: ValidateFqdn}
- name: validate_ntp
default: {get_param: ValidateNtp}
config: |
#!/bin/bash
exit 0
outputs:
OS::stack_id:
description: The ID of the AllNodesValidationsImpl resource.
value: {get_resource: AllNodesValidationsImpl}
openstack-tripleo-heat-templates/ci/common/net-config-multinode-os-net-config.yaml 0000644 0001750 0001750 00000007754 13245343354 027717 0 ustar stack stack heat_template_version: pike
description: >
Software Config to drive os-net-config for a simple bridge configured
with a static IP address for the ctlplane network.
parameters:
ControlPlaneIp:
default: ''
description: IP address/subnet on the ctlplane network
type: string
ExternalIpSubnet:
default: ''
description: IP address/subnet on the external network
type: string
InternalApiIpSubnet:
default: ''
description: IP address/subnet on the internal_api network
type: string
StorageIpSubnet:
default: ''
description: IP address/subnet on the storage network
type: string
StorageMgmtIpSubnet:
default: ''
description: IP address/subnet on the storage_mgmt network
type: string
TenantIpSubnet:
default: ''
description: IP address/subnet on the tenant network
type: string
ManagementIpSubnet:
default: ''
description: IP address/subnet on the management network
type: string
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
type: string
OvSBridgeMtu:
default: 1300
description: The mtu of the OvS bridge
type: number
resources:
OsNetConfigImpl:
type: OS::Heat::SoftwareConfig
properties:
group: script
config:
list_join:
- ''
- - |
#!/bin/bash
function network_config_hook {
primary_private_ip=$(cat /etc/nodepool/primary_node_private)
sed -i "s/primary_private_ip/$primary_private_ip/" /etc/os-net-config/config.json
subnode_private_ip=$(cat /etc/nodepool/sub_nodes_private)
sed -i "s/subnode_private_ip/$subnode_private_ip/" /etc/os-net-config/config.json
# We start with an arbitrarily high vni key so that we don't
# overlap with Neutron created values. These will also match the
# values that we've been using previously from the devstack-gate
# code.
vni=1000002
subnode_index=$(grep -n $(cat /etc/nodepool/sub_nodes_private) /etc/nodepool/sub_nodes_private | cut -d: -f1)
let vni+=$subnode_index
sed -i "s/vni/$vni/" /etc/os-net-config/config.json
export interface_name="br-ex_$primary_private_ip"
# Until we are fully migrated to os-net-config we need to clean
# up the old bridge first created by devstack-gate
ovs-vsctl del-br br-ex
}
-
str_replace:
template:
get_file: ../../network/scripts/run-os-net-config.sh
params:
$network_config:
network_config:
- type: ovs_bridge
name: bridge_name
mtu:
get_param: OvSBridgeMtu
use_dhcp: false
addresses:
- ip_netmask:
list_join:
- "/"
- - get_param: ControlPlaneIp
- get_param: ControlPlaneSubnetCidr
members:
- type: ovs_tunnel
name: interface_name
tunnel_type: vxlan
ovs_options:
- list_join:
- "="
- - key
- vni
- list_join:
- "="
- - remote_ip
- primary_private_ip
- list_join:
- "="
- - local_ip
- subnode_private_ip
outputs:
OS::stack_id:
description: The OsNetConfigImpl resource.
value: {get_resource: OsNetConfigImpl}
openstack-tripleo-heat-templates/ci/common/net-config-multinode.yaml 0000644 0001750 0001750 00000003573 13245343354 025244 0 ustar stack stack heat_template_version: pike
description: >
Software Config to drive os-net-config for a simple bridge configured
with a static IP address for the ctlplane network.
parameters:
ControlPlaneIp:
default: ''
description: IP address/subnet on the ctlplane network
type: string
ExternalIpSubnet:
default: ''
description: IP address/subnet on the external network
type: string
InternalApiIpSubnet:
default: ''
description: IP address/subnet on the internal_api network
type: string
StorageIpSubnet:
default: ''
description: IP address/subnet on the storage network
type: string
StorageMgmtIpSubnet:
default: ''
description: IP address/subnet on the storage_mgmt network
type: string
TenantIpSubnet:
default: ''
description: IP address/subnet on the tenant network
type: string
ManagementIpSubnet:
default: ''
description: IP address/subnet on the management network
type: string
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
type: string
resources:
OsNetConfigImpl:
type: OS::Heat::SoftwareConfig
properties:
group: script
config:
str_replace:
template: |
#!/bin/bash
if ! ip addr show dev $bridge_name | grep CONTROLPLANEIP/CONTROLPLANESUBNETCIDR; then
ip addr add CONTROLPLANEIP/CONTROLPLANESUBNETCIDR dev $bridge_name
fi
params:
CONTROLPLANEIP: {get_param: ControlPlaneIp}
CONTROLPLANESUBNETCIDR: {get_param: ControlPlaneSubnetCidr}
inputs:
-
name: bridge_name
default: br-ex
description: bridge-name
type: String
outputs:
OS::stack_id:
description: The OsNetConfigImpl resource.
value: {get_resource: OsNetConfigImpl}
openstack-tripleo-heat-templates/ci/environments/ 0000755 0001750 0001750 00000000000 13245343354 021560 5 ustar stack stack openstack-tripleo-heat-templates/ci/environments/README.rst 0000644 0001750 0001750 00000000460 13245343354 023247 0 ustar stack stack This directory contains environments that are used in tripleo-ci. They may change from
release to release or within a release, and should not be relied upon in a production
environment. The top-level ``environments`` directory in tripleo-heat-templates
contains the production-ready environment files.
openstack-tripleo-heat-templates/ci/environments/ceph-min-osds.yaml 0000644 0001750 0001750 00000000055 13245343354 025112 0 ustar stack stack parameter_defaults:
CephPoolDefaultSize: 1
openstack-tripleo-heat-templates/ci/environments/multinode-3nodes.yaml 0000644 0001750 0001750 00000006450 13245343354 025642 0 ustar stack stack # Specifies which roles (groups of nodes) will be deployed
# Note this is used as an input to the various *.j2.yaml
# jinja2 templates, so that they are converted into *.yaml
# during the plan creation (via a mistral action/workflow).
#
# The format is a list, with the following format:
#
# * name: (string) mandatory, name of the role, must be unique
#
# CountDefault: (number) optional, default number of nodes, defaults to 0
# sets the default for the {{role.name}}Count parameter in overcloud.yaml
#
# HostnameFormatDefault: (string) optional default format string for hostname
# defaults to '%stackname%-{{role.name.lower()}}-%index%'
# sets the default for {{role.name}}HostnameFormat parameter in overcloud.yaml
#
# ServicesDefault: (list) optional default list of services to be deployed
# on the role, defaults to an empty list. Sets the default for the
# {{role.name}}Services parameter in overcloud.yaml
- name: ControllerApi
CountDefault: 1
ServicesDefault:
- OS::TripleO::Services::CACerts
- OS::TripleO::Services::CinderApi
- OS::TripleO::Services::CinderScheduler
- OS::TripleO::Services::Clustercheck
- OS::TripleO::Services::Docker
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Keystone
- OS::TripleO::Services::GlanceApi
- OS::TripleO::Services::HeatApi
- OS::TripleO::Services::HeatApiCfn
- OS::TripleO::Services::HeatApiCloudwatch
- OS::TripleO::Services::HeatEngine
- OS::TripleO::Services::NeutronDhcpAgent
- OS::TripleO::Services::NeutronL3Agent
- OS::TripleO::Services::NeutronMetadataAgent
- OS::TripleO::Services::NeutronApi
- OS::TripleO::Services::NeutronCorePlugin
- OS::TripleO::Services::NeutronOvsAgent
- OS::TripleO::Services::NovaConductor
- OS::TripleO::Services::NovaApi
- OS::TripleO::Services::NovaPlacement
- OS::TripleO::Services::NovaMetadata
- OS::TripleO::Services::NovaScheduler
- OS::TripleO::Services::NovaConsoleauth
- OS::TripleO::Services::NovaVncProxy
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::SwiftProxy
- OS::TripleO::Services::SwiftStorage
- OS::TripleO::Services::SwiftRingBuilder
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::NovaCompute
- OS::TripleO::Services::NovaLibvirt
- OS::TripleO::Services::NovaMigrationTarget
- OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::Sshd
- OS::TripleO::Services::Iscsid
- name: Controller
CountDefault: 1
ServicesDefault:
- OS::TripleO::Services::CACerts
- OS::TripleO::Services::CinderBackup
- OS::TripleO::Services::CinderVolume
- OS::TripleO::Services::Docker
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::MySQL
- OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::RabbitMQ
- OS::TripleO::Services::HAproxy
- OS::TripleO::Services::Keepalived
- OS::TripleO::Services::Memcached
- OS::TripleO::Services::Pacemaker
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::Sshd
- OS::TripleO::Services::Iscsid
openstack-tripleo-heat-templates/ci/environments/multinode-containers.yaml 0000644 0001750 0001750 00000006354 13245343354 026617 0 ustar stack stack # NOTE: This is an environment specific for containers upgrade
# CI. Mainly we deploy non-pacemakerized overcloud, as at the time
# being containerization of services managed by pacemaker is not
# complete, so we deploy and upgrade the non-HA services for now.
resource_registry:
OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml
OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml
# Some infra instances don't pass the ping test but are otherwise working.
# Since the OVB jobs also test this functionality we can shut it off here.
OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml
OS::TripleO::Services::NovaMigrationTarget: OS::Heat::None
parameter_defaults:
ControllerServices:
- OS::TripleO::Services::CephMon
- OS::TripleO::Services::CephOSD
- OS::TripleO::Services::CinderApi
- OS::TripleO::Services::CinderScheduler
- OS::TripleO::Services::CinderVolume
- OS::TripleO::Services::Clustercheck
- OS::TripleO::Services::Docker
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Keystone
- OS::TripleO::Services::GlanceApi
- OS::TripleO::Services::HeatApi
- OS::TripleO::Services::HeatApiCfn
- OS::TripleO::Services::HeatApiCloudwatch
- OS::TripleO::Services::HeatEngine
- OS::TripleO::Services::MySQL
- OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::NeutronDhcpAgent
- OS::TripleO::Services::NeutronL3Agent
- OS::TripleO::Services::NeutronMetadataAgent
- OS::TripleO::Services::NeutronServer
- OS::TripleO::Services::NeutronCorePlugin
- OS::TripleO::Services::NeutronOvsAgent
- OS::TripleO::Services::RabbitMQ
- OS::TripleO::Services::HAproxy
- OS::TripleO::Services::Keepalived
- OS::TripleO::Services::Memcached
- OS::TripleO::Services::Pacemaker
- OS::TripleO::Services::NovaConductor
- OS::TripleO::Services::NovaApi
- OS::TripleO::Services::NovaPlacement
- OS::TripleO::Services::NovaMetadata
- OS::TripleO::Services::NovaScheduler
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::ContainersLogrotateCrond
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::NovaCompute
- OS::TripleO::Services::NovaLibvirt
- OS::TripleO::Services::NovaMigrationTarget
- OS::TripleO::Services::Sshd
- OS::TripleO::Services::Iscsid
ControllerExtraConfig:
nova::compute::libvirt::services::libvirt_virt_type: qemu
nova::compute::libvirt::libvirt_virt_type: qemu
# Required for Centos 7.3 and Qemu 2.6.0
nova::compute::libvirt::libvirt_cpu_mode: 'none'
#NOTE(gfidente): not great but we need this to deploy on ext4
#http://docs.ceph.com/docs/jewel/rados/configuration/filesystem-recommendations/
ceph::profile::params::osd_max_object_name_len: 256
ceph::profile::params::osd_max_object_namespace_len: 64
#NOTE(gfidente): necessary when deploying a single OSD
ceph::profile::params::osd_pool_default_pg_num: 32
ceph::profile::params::osd_pool_default_pgp_num: 32
SwiftCeilometerPipelineEnabled: False
Debug: True
NotificationDriver: 'noop'
GlanceBackend: 'file'
openstack-tripleo-heat-templates/ci/environments/multinode-core.yaml 0000644 0001750 0001750 00000001736 13245343354 025401 0 ustar stack stack heat_template_version: pike
description: >
OpenStack Core Service
parameters:
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
Debug:
type: string
default: ''
description: Set to True to enable debugging on all services.
resources:
outputs:
role_data:
description: Role data for the multinode firewall configuration
value:
service_name: multinode_core
config_settings:
tripleo.core.firewall_rules:
'999 core':
proto: 'udp'
dport:
- 4789
openstack-tripleo-heat-templates/ci/environments/multinode.yaml 0000644 0001750 0001750 00000007214 13245343354 024450 0 ustar stack stack resource_registry:
OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml
OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml
OS::TripleO::Services::RabbitMQ: ../../puppet/services/pacemaker/rabbitmq.yaml
OS::TripleO::Services::HAproxy: ../../puppet/services/pacemaker/haproxy.yaml
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
OS::TripleO::Services::MySQL: ../../puppet/services/pacemaker/database/mysql.yaml
OS::TripleO::Services::CinderVolume: ../../puppet/services/pacemaker/cinder-volume.yaml
OS::TripleO::Services::Keepalived: OS::Heat::None
OS::TripleO::Tasks::ControllerPreConfig: ../../extraconfig/tasks/pre_puppet_pacemaker.yaml
OS::TripleO::Tasks::ControllerPostConfig: ../../extraconfig/tasks/post_puppet_pacemaker.yaml
OS::TripleO::Tasks::ControllerPostPuppetRestart: ../../extraconfig/tasks/post_puppet_pacemaker_restart.yaml
# Some infra instances don't pass the ping test but are otherwise working.
# Since the OVB jobs also test this functionality we can shut it off here.
OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml
parameter_defaults:
ControllerServices:
- OS::TripleO::Services::CephMon
- OS::TripleO::Services::CephOSD
- OS::TripleO::Services::CinderApi
- OS::TripleO::Services::CinderScheduler
- OS::TripleO::Services::CinderVolume
- OS::TripleO::Services::Clustercheck
- OS::TripleO::Services::Docker
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Keystone
- OS::TripleO::Services::GlanceApi
- OS::TripleO::Services::HeatApi
- OS::TripleO::Services::HeatApiCfn
- OS::TripleO::Services::HeatApiCloudwatch
- OS::TripleO::Services::HeatEngine
- OS::TripleO::Services::MySQL
- OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::NeutronDhcpAgent
- OS::TripleO::Services::NeutronL3Agent
- OS::TripleO::Services::NeutronMetadataAgent
- OS::TripleO::Services::NeutronServer
- OS::TripleO::Services::NeutronCorePlugin
- OS::TripleO::Services::NeutronOvsAgent
- OS::TripleO::Services::RabbitMQ
- OS::TripleO::Services::HAproxy
- OS::TripleO::Services::Keepalived
- OS::TripleO::Services::Memcached
- OS::TripleO::Services::Pacemaker
- OS::TripleO::Services::NovaConductor
- OS::TripleO::Services::NovaApi
- OS::TripleO::Services::NovaPlacement
- OS::TripleO::Services::NovaMetadata
- OS::TripleO::Services::NovaScheduler
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::NovaCompute
- OS::TripleO::Services::NovaLibvirt
- OS::TripleO::Services::Horizon
- OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::NovaMigrationTarget
- OS::TripleO::Services::Sshd
- OS::TripleO::Services::Iscsid
ControllerExtraConfig:
nova::compute::libvirt::services::libvirt_virt_type: qemu
nova::compute::libvirt::libvirt_virt_type: qemu
# Required for Centos 7.3 and Qemu 2.6.0
nova::compute::libvirt::libvirt_cpu_mode: 'none'
#NOTE(gfidente): not great but we need this to deploy on ext4
#http://docs.ceph.com/docs/jewel/rados/configuration/filesystem-recommendations/
ceph::profile::params::osd_max_object_name_len: 256
ceph::profile::params::osd_max_object_namespace_len: 64
#NOTE(gfidente): necessary when deploying a single OSD
ceph::profile::params::osd_pool_default_pg_num: 32
ceph::profile::params::osd_pool_default_pgp_num: 32
SwiftCeilometerPipelineEnabled: False
Debug: True
NotificationDriver: 'noop'
GlanceBackend: 'file'
openstack-tripleo-heat-templates/ci/environments/multinode_major_upgrade.yaml 0000644 0001750 0001750 00000006126 13245343354 027350 0 ustar stack stack resource_registry:
OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml
OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml
OS::TripleO::Services::RabbitMQ: ../../puppet/services/pacemaker/rabbitmq.yaml
OS::TripleO::Services::HAproxy: ../../puppet/services/pacemaker/haproxy.yaml
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
OS::TripleO::Services::MySQL: ../../puppet/services/pacemaker/database/mysql.yaml
OS::TripleO::Services::CinderVolume: ../../puppet/services/pacemaker/cinder-volume.yaml
OS::TripleO::Services::Keepalived: OS::Heat::None
OS::TripleO::Tasks::ControllerPreConfig: ../../extraconfig/tasks/pre_puppet_pacemaker.yaml
OS::TripleO::Tasks::ControllerPostConfig: ../../extraconfig/tasks/post_puppet_pacemaker.yaml
OS::TripleO::Tasks::ControllerPostPuppetRestart: ../../extraconfig/tasks/post_puppet_pacemaker_restart.yaml
parameter_defaults:
ControllerServices:
- OS::TripleO::Services::CACerts
- OS::TripleO::Services::Clustercheck
- OS::TripleO::Services::Docker
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Keystone
- OS::TripleO::Services::GlanceApi
- OS::TripleO::Services::GlanceRegistry
- OS::TripleO::Services::NeutronDhcpAgent
- OS::TripleO::Services::NeutronL3Agent
- OS::TripleO::Services::NeutronMetadataAgent
- OS::TripleO::Services::NeutronServer
- OS::TripleO::Services::NeutronCorePlugin
- OS::TripleO::Services::NeutronOvsAgent
- OS::TripleO::Services::CinderApi
- OS::TripleO::Services::CinderScheduler
- OS::TripleO::Services::CinderVolume
- OS::TripleO::Services::HeatApi
- OS::TripleO::Services::HeatApiCfn
- OS::TripleO::Services::HeatApiCloudwatch
- OS::TripleO::Services::HeatEngine
- OS::TripleO::Services::SaharaApi
- OS::TripleO::Services::SaharaEngine
- OS::TripleO::Services::MySQL
- OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::RabbitMQ
- OS::TripleO::Services::HAproxy
- OS::TripleO::Services::Keepalived
- OS::TripleO::Services::Memcached
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::NovaConductor
- OS::TripleO::Services::NovaApi
- OS::TripleO::Services::NovaPlacement
- OS::TripleO::Services::NovaMetadata
- OS::TripleO::Services::NovaScheduler
- OS::TripleO::Services::NovaCompute
- OS::TripleO::Services::NovaLibvirt
- OS::TripleO::Services::NovaMigrationTarget
- OS::TripleO::Services::Pacemaker
- OS::TripleO::Services::Horizon
- OS::TripleO::Services::Sshd
- OS::TripleO::Services::Iscsid
ControllerExtraConfig:
nova::compute::libvirt::services::libvirt_virt_type: qemu
nova::compute::libvirt::libvirt_virt_type: qemu
# Required for Centos 7.3 and Qemu 2.6.0
nova::compute::libvirt::libvirt_cpu_mode: 'none'
heat::rpc_response_timeout: 600
SwiftCeilometerPipelineEnabled: False
Debug: True
NotificationDriver: 'noop'
GlanceBackend: 'file'
openstack-tripleo-heat-templates/ci/environments/scenario001-multinode-containers.yaml 0000644 0001750 0001750 00000014760 13245343354 030641 0 ustar stack stack # NOTE: This is an environment specific for containers CI. Mainly we
# deploy non-pacemakerized overcloud. Once we are able to deploy and
# upgrade pacemakerized and containerized overcloud, we should remove
# this file and use normal CI multinode environments/scenarios.
resource_registry:
OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml
OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml
# TODO deploy ceph with ceph-ansible: https://review.openstack.org/#/c/465066/
OS::TripleO::Services::CephMon: ../../docker/services/ceph-ansible/ceph-mon.yaml
OS::TripleO::Services::CephOSD: ../../docker/services/ceph-ansible/ceph-osd.yaml
OS::TripleO::Services::CephClient: ../../docker/services/ceph-ansible/ceph-client.yaml
OS::TripleO::Services::PankoApi: ../../docker/services/panko-api.yaml
OS::TripleO::Services::Collectd: ../../docker/services/collectd.yaml
OS::TripleO::Services::Congress: ../../docker/services/congress.yaml
# FIXME(mandre) fluentd container image missing from tripleomaster registry
# https://bugs.launchpad.net/tripleo/+bug/1721723
# OS::TripleO::Services::FluentdClient: ../../docker/services/fluentd-client.yaml
OS::TripleO::Services::FluentdClient: ../../puppet/services/logging/fluentd-client.yaml
OS::TripleO::Services::SensuClient: ../../docker/services/sensu-client.yaml
# Some infra instances don't pass the ping test but are otherwise working.
# Since the OVB jobs also test this functionality we can shut it off here.
OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml
OS::TripleO::Services::NovaMigrationTarget: OS::Heat::None
parameter_defaults:
ControllerServices:
- OS::TripleO::Services::Clustercheck
- OS::TripleO::Services::Docker
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Keystone
- OS::TripleO::Services::GlanceApi
- OS::TripleO::Services::HeatApi
- OS::TripleO::Services::HeatApiCfn
- OS::TripleO::Services::HeatApiCloudwatch
- OS::TripleO::Services::HeatEngine
- OS::TripleO::Services::MySQL
- OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::NeutronDhcpAgent
- OS::TripleO::Services::NeutronL3Agent
- OS::TripleO::Services::NeutronMetadataAgent
- OS::TripleO::Services::NeutronServer
- OS::TripleO::Services::NeutronCorePlugin
- OS::TripleO::Services::NeutronOvsAgent
- OS::TripleO::Services::RabbitMQ
- OS::TripleO::Services::HAproxy
- OS::TripleO::Services::Keepalived
- OS::TripleO::Services::Memcached
- OS::TripleO::Services::Pacemaker
- OS::TripleO::Services::NovaConductor
- OS::TripleO::Services::NovaApi
- OS::TripleO::Services::NovaPlacement
- OS::TripleO::Services::NovaMetadata
- OS::TripleO::Services::NovaScheduler
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::Sshd
- OS::TripleO::Services::Securetty
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::NovaCompute
- OS::TripleO::Services::NovaLibvirt
- OS::TripleO::Services::NovaMigrationTarget
- OS::TripleO::Services::MongoDb
- OS::TripleO::Services::Redis
- OS::TripleO::Services::AodhApi
- OS::TripleO::Services::AodhEvaluator
- OS::TripleO::Services::AodhNotifier
- OS::TripleO::Services::AodhListener
- OS::TripleO::Services::CeilometerAgentCentral
- OS::TripleO::Services::CeilometerAgentIpmi
- OS::TripleO::Services::CeilometerAgentNotification
- OS::TripleO::Services::ComputeCeilometerAgent
- OS::TripleO::Services::GnocchiApi
- OS::TripleO::Services::GnocchiMetricd
- OS::TripleO::Services::GnocchiStatsd
- OS::TripleO::Services::PankoApi
- OS::TripleO::Services::CephMon
- OS::TripleO::Services::CephOSD
- OS::TripleO::Services::CephClient
- OS::TripleO::Services::CinderApi
- OS::TripleO::Services::CinderBackup
- OS::TripleO::Services::CinderScheduler
- OS::TripleO::Services::CinderVolume
- OS::TripleO::Services::Collectd
- OS::TripleO::Services::Congress
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::FluentdClient
- OS::TripleO::Services::SensuClient
- OS::TripleO::Services::Iscsid
ControllerExtraConfig:
nova::compute::libvirt::services::libvirt_virt_type: qemu
nova::compute::libvirt::libvirt_virt_type: qemu
# This makes the job twice as fast
ceilometer::agent::polling::polling_interval: 15
Debug: true
#NOTE(gfidente): not great but we need this to deploy on ext4
#http://docs.ceph.com/docs/jewel/rados/configuration/filesystem-recommendations/
CephAnsibleDisksConfig:
devices:
- /dev/loop3
journal_size: 512
osd_scenario: collocated
CephAnsibleExtraConfig:
ceph_conf_overrides:
global:
osd_pool_default_size: 1
osd_pool_default_pg_num: 32
osd_max_object_name_len: 256
osd_max_object_namespace_len: 64
centos_package_dependencies: []
CephAnsibleSkipTags: ''
#NOTE: These ID's and keys should be regenerated for
# a production deployment. What is here is suitable for
# developer and CI testing only.
CephClusterFSID: '4b5c8c0a-ff60-454b-a1b4-9747aa737d19'
CephMonKey: 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ=='
CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ=='
CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw=='
CephPoolDefaultSize: 1
DockerCephDaemonImage: ceph/daemon:tag-stable-3.0-jewel-centos-7
NovaEnableRbdBackend: true
CinderEnableRbdBackend: true
CinderBackupBackend: ceph
GlanceBackend: rbd
GnocchiBackend: rbd
CinderEnableIscsiBackend: false
GnocchiArchivePolicy: 'high'
BannerText: |
******************************************************************
* This system is for the use of authorized users only. Usage of *
* this system may be monitored and recorded by system personnel. *
* Anyone using this system expressly consents to such monitoring *
* and is advised that if such monitoring reveals possible *
* evidence of criminal activity, system personnel may provide *
* the evidence from such monitoring to law enforcement officials.*
******************************************************************
CollectdExtraPlugins:
- rrdtool
LoggingServers:
- host: 127.0.0.1
port: 24224
MonitoringRabbitHost: 127.0.0.1
MonitoringRabbitPort: 5676
MonitoringRabbitPassword: sensu
TtyValues:
- console
- tty1
- tty2
- tty3
- tty4
- tty5
- tty6
openstack-tripleo-heat-templates/ci/environments/scenario001-multinode.yaml 0000644 0001750 0001750 00000015334 13245343354 026474 0 ustar stack stack resource_registry:
OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml
OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml
OS::TripleO::Services::CephMon: ../../puppet/services/ceph-mon.yaml
OS::TripleO::Services::CephOSD: ../../puppet/services/ceph-osd.yaml
OS::TripleO::Services::CephClient: ../../puppet/services/ceph-client.yaml
OS::TripleO::Services::PankoApi: ../../puppet/services/panko-api.yaml
OS::TripleO::Services::Collectd: ../../puppet/services/metrics/collectd.yaml
OS::TripleO::Services::Tacker: ../../puppet/services/tacker.yaml
OS::TripleO::Services::Congress: ../../puppet/services/congress.yaml
OS::TripleO::Services::RabbitMQ: ../../puppet/services/pacemaker/rabbitmq.yaml
OS::TripleO::Services::HAproxy: ../../puppet/services/pacemaker/haproxy.yaml
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
OS::TripleO::Services::Redis: ../../puppet/services/pacemaker/database/redis.yaml
OS::TripleO::Services::MySQL: ../../puppet/services/pacemaker/database/mysql.yaml
OS::TripleO::Services::CinderBackup: ../../puppet/services/pacemaker/cinder-backup.yaml
OS::TripleO::Services::CinderVolume: ../../puppet/services/pacemaker/cinder-volume.yaml
OS::TripleO::Services::Keepalived: OS::Heat::None
OS::TripleO::Tasks::ControllerPreConfig: ../../extraconfig/tasks/pre_puppet_pacemaker.yaml
OS::TripleO::Tasks::ControllerPostConfig: ../../extraconfig/tasks/post_puppet_pacemaker.yaml
OS::TripleO::Tasks::ControllerPostPuppetRestart: ../../extraconfig/tasks/post_puppet_pacemaker_restart.yaml
OS::TripleO::Services::FluentdClient: ../../puppet/services/logging/fluentd-client.yaml
OS::TripleO::Services::SensuClient: ../../puppet/services/monitoring/sensu-client.yaml
# Some infra instances don't pass the ping test but are otherwise working.
# Since the OVB jobs also test this functionality we can shut it off here.
OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml
parameter_defaults:
ControllerServices:
- OS::TripleO::Services::Clustercheck
- OS::TripleO::Services::Docker
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Keystone
- OS::TripleO::Services::GlanceApi
- OS::TripleO::Services::HeatApi
- OS::TripleO::Services::HeatApiCfn
- OS::TripleO::Services::HeatApiCloudwatch
- OS::TripleO::Services::HeatEngine
- OS::TripleO::Services::MySQL
- OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::NeutronDhcpAgent
- OS::TripleO::Services::NeutronL3Agent
- OS::TripleO::Services::NeutronMetadataAgent
- OS::TripleO::Services::NeutronServer
- OS::TripleO::Services::NeutronCorePlugin
- OS::TripleO::Services::NeutronOvsAgent
- OS::TripleO::Services::RabbitMQ
- OS::TripleO::Services::HAproxy
- OS::TripleO::Services::Keepalived
- OS::TripleO::Services::Memcached
- OS::TripleO::Services::Pacemaker
- OS::TripleO::Services::NovaConductor
- OS::TripleO::Services::NovaApi
- OS::TripleO::Services::NovaPlacement
- OS::TripleO::Services::NovaMetadata
- OS::TripleO::Services::NovaScheduler
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::Sshd
- OS::TripleO::Services::Securetty
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::NovaCompute
- OS::TripleO::Services::NovaLibvirt
- OS::TripleO::Services::NovaMigrationTarget
- OS::TripleO::Services::MongoDb
- OS::TripleO::Services::Redis
- OS::TripleO::Services::AodhApi
- OS::TripleO::Services::AodhEvaluator
- OS::TripleO::Services::AodhNotifier
- OS::TripleO::Services::AodhListener
- OS::TripleO::Services::CeilometerAgentCentral
- OS::TripleO::Services::CeilometerAgentIpmi
- OS::TripleO::Services::CeilometerAgentNotification
- OS::TripleO::Services::ComputeCeilometerAgent
- OS::TripleO::Services::GnocchiApi
- OS::TripleO::Services::GnocchiMetricd
- OS::TripleO::Services::GnocchiStatsd
- OS::TripleO::Services::PankoApi
- OS::TripleO::Services::CephMon
- OS::TripleO::Services::CephOSD
- OS::TripleO::Services::CephClient
- OS::TripleO::Services::CinderApi
- OS::TripleO::Services::CinderBackup
- OS::TripleO::Services::CinderScheduler
- OS::TripleO::Services::CinderVolume
- OS::TripleO::Services::Collectd
- OS::TripleO::Services::Tacker
- OS::TripleO::Services::Congress
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::FluentdClient
- OS::TripleO::Services::SensuClient
- OS::TripleO::Services::Iscsid
ControllerExtraConfig:
nova::compute::libvirt::services::libvirt_virt_type: qemu
nova::compute::libvirt::libvirt_virt_type: qemu
# This makes the job twice as fast
ceilometer::agent::polling::polling_interval: 15
Debug: true
#NOTE(gfidente): not great but we need this to deploy on ext4
#http://docs.ceph.com/docs/jewel/rados/configuration/filesystem-recommendations/
ExtraConfig:
ceph::profile::params::osd_max_object_name_len: 256
ceph::profile::params::osd_max_object_namespace_len: 64
#NOTE(gfidente): necessary when deploying a single OSD
ceph::profile::params::osd_pool_default_pg_num: 32
ceph::profile::params::osd_pool_default_pgp_num: 32
#NOTE: These ID's and keys should be regenerated for
# a production deployment. What is here is suitable for
# developer and CI testing only.
CephClusterFSID: '4b5c8c0a-ff60-454b-a1b4-9747aa737d19'
CephMonKey: 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ=='
CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ=='
CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw=='
CephPoolDefaultSize: 1
NovaEnableRbdBackend: true
CinderEnableRbdBackend: true
CinderBackupBackend: ceph
GlanceBackend: rbd
GnocchiBackend: rbd
CinderEnableIscsiBackend: false
GnocchiArchivePolicy: 'high'
BannerText: |
******************************************************************
* This system is for the use of authorized users only. Usage of *
* this system may be monitored and recorded by system personnel. *
* Anyone using this system expressly consents to such monitoring *
* and is advised that if such monitoring reveals possible *
* evidence of criminal activity, system personnel may provide *
* the evidence from such monitoring to law enforcement officials.*
******************************************************************
CollectdExtraPlugins:
- rrdtool
LoggingServers:
- host: 127.0.0.1
port: 24224
MonitoringRabbitHost: 127.0.0.1
MonitoringRabbitPort: 5676
MonitoringRabbitPassword: sensu
TtyValues:
- console
- tty1
- tty2
- tty3
- tty4
- tty5
- tty6
openstack-tripleo-heat-templates/ci/environments/scenario002-multinode-containers.yaml 0000644 0001750 0001750 00000006207 13245343354 030637 0 ustar stack stack # NOTE: This is an environment specific for containers CI. Mainly we
# deploy non-pacemakerized overcloud. Once we are able to deploy and
# upgrade pacemakerized and containerized overcloud, we should remove
# this file and use normal CI multinode environments/scenarios.
resource_registry:
OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml
OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml
OS::TripleO::Services::BarbicanApi: ../../docker/services/barbican-api.yaml
OS::TripleO::Services::Zaqar: ../../docker/services/zaqar.yaml
OS::TripleO::Services::Ec2Api: ../../docker/services/ec2-api.yaml
# Some infra instances don't pass the ping test but are otherwise working.
# Since the OVB jobs also test this functionality we can shut it off here.
OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml
OS::TripleO::Services::NovaMigrationTarget: OS::Heat::None
parameter_defaults:
ControllerServices:
- OS::TripleO::Services::Clustercheck
- OS::TripleO::Services::Docker
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Keystone
- OS::TripleO::Services::GlanceApi
- OS::TripleO::Services::HeatApi
- OS::TripleO::Services::HeatApiCfn
- OS::TripleO::Services::HeatApiCloudwatch
- OS::TripleO::Services::HeatEngine
- OS::TripleO::Services::MySQL
- OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::NeutronDhcpAgent
- OS::TripleO::Services::NeutronL3Agent
- OS::TripleO::Services::NeutronMetadataAgent
- OS::TripleO::Services::NeutronServer
- OS::TripleO::Services::NeutronCorePlugin
- OS::TripleO::Services::NeutronOvsAgent
- OS::TripleO::Services::RabbitMQ
- OS::TripleO::Services::HAproxy
- OS::TripleO::Services::Keepalived
- OS::TripleO::Services::Memcached
- OS::TripleO::Services::Pacemaker
- OS::TripleO::Services::NovaConductor
- OS::TripleO::Services::NovaApi
- OS::TripleO::Services::NovaPlacement
- OS::TripleO::Services::NovaMetadata
- OS::TripleO::Services::NovaScheduler
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::NovaCompute
- OS::TripleO::Services::NovaLibvirt
- OS::TripleO::Services::NovaMigrationTarget
- OS::TripleO::Services::CinderApi
- OS::TripleO::Services::CinderBackup
- OS::TripleO::Services::CinderScheduler
- OS::TripleO::Services::CinderVolume
- OS::TripleO::Services::SwiftProxy
- OS::TripleO::Services::SwiftStorage
- OS::TripleO::Services::SwiftRingBuilder
- OS::TripleO::Services::BarbicanApi
- OS::TripleO::Services::Zaqar
- OS::TripleO::Services::Ec2Api
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::Sshd
- OS::TripleO::Services::Iscsid
ControllerExtraConfig:
nova::compute::libvirt::services::libvirt_virt_type: qemu
nova::compute::libvirt::libvirt_virt_type: qemu
Debug: true
ZaqarMessageStore: 'swift'
ZaqarManagementStore: 'sqlalchemy'
SwiftCeilometerPipelineEnabled: false
NotificationDriver: 'noop'
openstack-tripleo-heat-templates/ci/environments/scenario002-multinode.yaml 0000644 0001750 0001750 00000010352 13245343354 026470 0 ustar stack stack resource_registry:
OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml
OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml
OS::TripleO::Services::BarbicanApi: ../../puppet/services/barbican-api.yaml
OS::TripleO::Services::Zaqar: ../../puppet/services/zaqar-api.yaml
OS::TripleO::Services::Ec2Api: ../../puppet/services/ec2-api.yaml
OS::TripleO::Services::RabbitMQ: ../../puppet/services/pacemaker/rabbitmq.yaml
OS::TripleO::Services::Redis: ../../puppet/services/pacemaker/database/redis.yaml
OS::TripleO::Services::HAproxy: ../../puppet/services/pacemaker/haproxy.yaml
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
OS::TripleO::Services::MySQL: ../../puppet/services/pacemaker/database/mysql.yaml
OS::TripleO::Services::CinderBackup: ../../puppet/services/pacemaker/cinder-backup.yaml
OS::TripleO::Services::CinderVolume: ../../puppet/services/pacemaker/cinder-volume.yaml
OS::TripleO::Services::Keepalived: OS::Heat::None
OS::TripleO::Tasks::ControllerPreConfig: ../../extraconfig/tasks/pre_puppet_pacemaker.yaml
OS::TripleO::Tasks::ControllerPostConfig: ../../extraconfig/tasks/post_puppet_pacemaker.yaml
OS::TripleO::Tasks::ControllerPostPuppetRestart: ../../extraconfig/tasks/post_puppet_pacemaker_restart.yaml
# Some infra instances don't pass the ping test but are otherwise working.
# Since the OVB jobs also test this functionality we can shut it off here.
OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml
parameter_defaults:
ControllerServices:
- OS::TripleO::Services::Clustercheck
- OS::TripleO::Services::Docker
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Keystone
- OS::TripleO::Services::GlanceApi
- OS::TripleO::Services::HeatApi
- OS::TripleO::Services::HeatApiCfn
- OS::TripleO::Services::HeatApiCloudwatch
- OS::TripleO::Services::HeatEngine
- OS::TripleO::Services::MySQL
- OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::NeutronDhcpAgent
- OS::TripleO::Services::NeutronL3Agent
- OS::TripleO::Services::NeutronMetadataAgent
- OS::TripleO::Services::NeutronServer
- OS::TripleO::Services::NeutronCorePlugin
- OS::TripleO::Services::NeutronOvsAgent
- OS::TripleO::Services::RabbitMQ
- OS::TripleO::Services::HAproxy
- OS::TripleO::Services::Keepalived
- OS::TripleO::Services::Memcached
- OS::TripleO::Services::Pacemaker
- OS::TripleO::Services::NovaConductor
- OS::TripleO::Services::NovaApi
- OS::TripleO::Services::NovaPlacement
- OS::TripleO::Services::NovaMetadata
- OS::TripleO::Services::NovaScheduler
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::NovaCompute
- OS::TripleO::Services::NovaLibvirt
- OS::TripleO::Services::NovaMigrationTarget
- OS::TripleO::Services::CinderApi
- OS::TripleO::Services::CinderBackup
- OS::TripleO::Services::CinderScheduler
- OS::TripleO::Services::CinderVolume
- OS::TripleO::Services::SwiftProxy
- OS::TripleO::Services::SwiftStorage
- OS::TripleO::Services::SwiftRingBuilder
- OS::TripleO::Services::BarbicanApi
- OS::TripleO::Services::Zaqar
- OS::TripleO::Services::Ec2Api
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::Sshd
- OS::TripleO::Services::Iscsid
- OS::TripleO::Services::Redis
- OS::TripleO::Services::AodhApi
- OS::TripleO::Services::AodhEvaluator
- OS::TripleO::Services::AodhNotifier
- OS::TripleO::Services::AodhListener
- OS::TripleO::Services::CeilometerAgentCentral
- OS::TripleO::Services::CeilometerAgentIpmi
- OS::TripleO::Services::CeilometerAgentNotification
- OS::TripleO::Services::GnocchiApi
- OS::TripleO::Services::GnocchiMetricd
- OS::TripleO::Services::GnocchiStatsd
- OS::TripleO::Services::PankoApi
ControllerExtraConfig:
nova::compute::libvirt::services::libvirt_virt_type: qemu
nova::compute::libvirt::libvirt_virt_type: qemu
Debug: true
ZaqarMessageStore: 'swift'
ZaqarManagementStore: 'sqlalchemy'
SwiftCeilometerPipelineEnabled: false
NotificationDriver: 'noop'
openstack-tripleo-heat-templates/ci/environments/scenario003-multinode-containers.yaml 0000644 0001750 0001750 00000006172 13245343354 030641 0 ustar stack stack # NOTE: This is an environment specific for containers CI. Mainly we
# deploy non-pacemakerized overcloud. Once we are able to deploy and
# upgrade pacemakerized and containerized overcloud, we should remove
# this file and use normal CI multinode environments/scenarios.
resource_registry:
OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml
OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml
OS::TripleO::Services::SaharaApi: ../../docker/services/sahara-api.yaml
OS::TripleO::Services::SaharaEngine: ../../docker/services/sahara-engine.yaml
OS::TripleO::Services::MistralApi: ../../docker/services/mistral-api.yaml
OS::TripleO::Services::MistralEngine: ../../docker/services/mistral-engine.yaml
OS::TripleO::Services::MistralExecutor: ../../docker/services/mistral-executor.yaml
# Some infra instances don't pass the ping test but are otherwise working.
# Since the OVB jobs also test this functionality we can shut it off here.
OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml
OS::TripleO::Services::NovaMigrationTarget: OS::Heat::None
parameter_defaults:
ControllerServices:
- OS::TripleO::Services::Clustercheck
- OS::TripleO::Services::Docker
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Keystone
- OS::TripleO::Services::GlanceApi
- OS::TripleO::Services::HeatApi
- OS::TripleO::Services::HeatApiCfn
- OS::TripleO::Services::HeatApiCloudwatch
- OS::TripleO::Services::HeatEngine
- OS::TripleO::Services::MySQL
- OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::NeutronDhcpAgent
- OS::TripleO::Services::NeutronL3Agent
- OS::TripleO::Services::NeutronMetadataAgent
- OS::TripleO::Services::NeutronServer
- OS::TripleO::Services::NeutronCorePlugin
- OS::TripleO::Services::NeutronOvsAgent
- OS::TripleO::Services::RabbitMQ
- OS::TripleO::Services::HAproxy
- OS::TripleO::Services::Keepalived
- OS::TripleO::Services::Memcached
- OS::TripleO::Services::Pacemaker
- OS::TripleO::Services::NovaConductor
- OS::TripleO::Services::NovaApi
- OS::TripleO::Services::NovaPlacement
- OS::TripleO::Services::NovaMetadata
- OS::TripleO::Services::NovaScheduler
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::NovaCompute
- OS::TripleO::Services::NovaLibvirt
- OS::TripleO::Services::SaharaApi
- OS::TripleO::Services::SaharaEngine
- OS::TripleO::Services::MistralApi
- OS::TripleO::Services::MistralEngine
- OS::TripleO::Services::MistralExecutor
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::Sshd
- OS::TripleO::Services::Iscsid
ControllerExtraConfig:
nova::compute::libvirt::services::libvirt_virt_type: qemu
nova::compute::libvirt::libvirt_virt_type: qemu
Debug: true
# we don't deploy Swift so we switch to file backend.
GlanceBackend: 'file'
KeystoneTokenProvider: 'fernet'
SwiftCeilometerPipelineEnabled: false
NotificationDriver: 'noop'
openstack-tripleo-heat-templates/ci/environments/scenario003-multinode.yaml 0000644 0001750 0001750 00000006770 13245343354 026502 0 ustar stack stack resource_registry:
OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml
OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml
OS::TripleO::Services::SaharaApi: ../../puppet/services/sahara-api.yaml
OS::TripleO::Services::SaharaEngine: ../../puppet/services/sahara-engine.yaml
OS::TripleO::Services::MistralApi: ../../puppet/services/mistral-api.yaml
OS::TripleO::Services::MistralEngine: ../../puppet/services/mistral-engine.yaml
OS::TripleO::Services::MistralExecutor: ../../puppet/services/mistral-executor.yaml
OS::TripleO::Services::RabbitMQ: ../../puppet/services/pacemaker/rabbitmq.yaml
OS::TripleO::Services::HAproxy: ../../puppet/services/pacemaker/haproxy.yaml
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
OS::TripleO::Services::MySQL: ../../puppet/services/pacemaker/database/mysql.yaml
OS::TripleO::Services::Keepalived: OS::Heat::None
OS::TripleO::Tasks::ControllerPreConfig: ../../extraconfig/tasks/pre_puppet_pacemaker.yaml
OS::TripleO::Tasks::ControllerPostConfig: ../../extraconfig/tasks/post_puppet_pacemaker.yaml
OS::TripleO::Tasks::ControllerPostPuppetRestart: ../../extraconfig/tasks/post_puppet_pacemaker_restart.yaml
# Some infra instances don't pass the ping test but are otherwise working.
# Since the OVB jobs also test this functionality we can shut it off here.
OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml
parameter_defaults:
ControllerServices:
- OS::TripleO::Services::Clustercheck
- OS::TripleO::Services::Docker
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Keystone
- OS::TripleO::Services::GlanceApi
- OS::TripleO::Services::HeatApi
- OS::TripleO::Services::HeatApiCfn
- OS::TripleO::Services::HeatApiCloudwatch
- OS::TripleO::Services::HeatEngine
- OS::TripleO::Services::MySQL
- OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::NeutronDhcpAgent
- OS::TripleO::Services::NeutronL3Agent
- OS::TripleO::Services::NeutronMetadataAgent
- OS::TripleO::Services::NeutronServer
- OS::TripleO::Services::NeutronCorePlugin
- OS::TripleO::Services::NeutronOvsAgent
- OS::TripleO::Services::RabbitMQ
- OS::TripleO::Services::HAproxy
- OS::TripleO::Services::Keepalived
- OS::TripleO::Services::Memcached
- OS::TripleO::Services::Pacemaker
- OS::TripleO::Services::NovaConductor
- OS::TripleO::Services::NovaApi
- OS::TripleO::Services::NovaPlacement
- OS::TripleO::Services::NovaMetadata
- OS::TripleO::Services::NovaScheduler
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::NovaCompute
- OS::TripleO::Services::NovaMigrationTarget
- OS::TripleO::Services::NovaLibvirt
- OS::TripleO::Services::SaharaApi
- OS::TripleO::Services::SaharaEngine
- OS::TripleO::Services::MistralApi
- OS::TripleO::Services::MistralEngine
- OS::TripleO::Services::MistralExecutor
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::Sshd
- OS::TripleO::Services::Iscsid
ControllerExtraConfig:
nova::compute::libvirt::services::libvirt_virt_type: qemu
nova::compute::libvirt::libvirt_virt_type: qemu
Debug: true
# we don't deploy Swift so we switch to file backend.
GlanceBackend: 'file'
KeystoneTokenProvider: 'fernet'
SwiftCeilometerPipelineEnabled: false
NotificationDriver: 'noop'
openstack-tripleo-heat-templates/ci/environments/scenario004-multinode-containers.yaml 0000644 0001750 0001750 00000014214 13245343354 030636 0 ustar stack stack resource_registry:
OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml
OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml
# TODO deploy ceph with ceph-ansible: https://review.openstack.org/#/c/465066/
OS::TripleO::Services::CephMds: ../../puppet/services/ceph-mds.yaml
OS::TripleO::Services::CephMon: ../../puppet/services/ceph-mon.yaml
OS::TripleO::Services::CephOSD: ../../puppet/services/ceph-osd.yaml
OS::TripleO::Services::CephRgw: ../../puppet/services/ceph-rgw.yaml
OS::TripleO::Services::SwiftProxy: OS::Heat::None
OS::TripleO::Services::SwiftStorage: OS::Heat::None
OS::TripleO::Services::SwiftRingBuilder: OS::Heat::None
OS::TripleO::Services::ManilaApi: ../../docker/services/manila-api.yaml
OS::TripleO::Services::ManilaScheduler: ../../docker/services/manila-scheduler.yaml
OS::TripleO::Services::ManilaShare: ../../docker/services/pacemaker/manila-share.yaml
OS::TripleO::Services::ManilaBackendCephFs: ../../puppet/services/manila-backend-cephfs.yaml
# TODO: in Queens, re-add bgp-vpn and l2gw services when
# containerized.
# https://bugs.launchpad.net/bugs/1713612
# OS::TripleO::Services::NeutronBgpVpnApi: ../../puppet/services/neutron-bgpvpn-api.yaml
# OS::TripleO::Services::NeutronL2gwApi: ../../puppet/services/neutron-l2gw-api.yaml
# OS::TripleO::Services::NeutronL2gwAgent: ../../puppet/services/neutron-l2gw-agent.yaml
# These enable Pacemaker
OS::TripleO::Tasks::ControllerPreConfig: OS::Heat::None
OS::TripleO::Tasks::ControllerPostConfig: OS::Heat::None
OS::TripleO::Tasks::ControllerPostPuppetRestart: ../../extraconfig/tasks/post_puppet_pacemaker_restart.yaml
OS::TripleO::Services::RabbitMQ: ../../docker/services/pacemaker/rabbitmq.yaml
OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml
OS::TripleO::Services::Redis: ../../docker/services/pacemaker/database/redis.yaml
OS::TripleO::Services::MySQL: ../../docker/services/pacemaker/database/mysql.yaml
OS::TripleO::Services::Keepalived: OS::Heat::None
# Some infra instances don't pass the ping test but are otherwise working.
# Since the OVB jobs also test this functionality we can shut it off here.
OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml
parameter_defaults:
ControllerServices:
- OS::TripleO::Services::CephMds
- OS::TripleO::Services::CephMon
- OS::TripleO::Services::CephOSD
- OS::TripleO::Services::CephRgw
- OS::TripleO::Services::Clustercheck
- OS::TripleO::Services::Docker
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Keystone
- OS::TripleO::Services::GlanceApi
- OS::TripleO::Services::HeatApi
- OS::TripleO::Services::HeatApiCfn
- OS::TripleO::Services::HeatApiCloudwatch
- OS::TripleO::Services::HeatEngine
- OS::TripleO::Services::MySQL
- OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::NeutronDhcpAgent
- OS::TripleO::Services::NeutronL3Agent
- OS::TripleO::Services::NeutronMetadataAgent
- OS::TripleO::Services::NeutronServer
- OS::TripleO::Services::NeutronCorePlugin
- OS::TripleO::Services::NeutronOvsAgent
- OS::TripleO::Services::RabbitMQ
- OS::TripleO::Services::HAproxy
- OS::TripleO::Services::Keepalived
- OS::TripleO::Services::ManilaApi
- OS::TripleO::Services::ManilaScheduler
- OS::TripleO::Services::ManilaBackendCephFs
- OS::TripleO::Services::ManilaShare
- OS::TripleO::Services::Memcached
- OS::TripleO::Services::Pacemaker
- OS::TripleO::Services::NovaConductor
- OS::TripleO::Services::NovaApi
- OS::TripleO::Services::NovaPlacement
- OS::TripleO::Services::NovaMetadata
- OS::TripleO::Services::NovaScheduler
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::NovaCompute
- OS::TripleO::Services::NovaLibvirt
- OS::TripleO::Services::NovaMigrationTarget
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::Sshd
- OS::TripleO::Services::Iscsid
# TODO: in Queens, re-add bgp-vpn and l2gw services when
# containerized.
# https://bugs.launchpad.net/bugs/1713612
# - OS::TripleO::Services::NeutronBgpVpnApi
# - OS::TripleO::Services::NeutronL2gwApi
# - OS::TripleO::Services::NeutronL2gwAgent
ControllerExtraConfig:
nova::compute::libvirt::services::libvirt_virt_type: qemu
nova::compute::libvirt::libvirt_virt_type: qemu
Debug: true
#NOTE(gfidente): not great but we need this to deploy on ext4
#http://docs.ceph.com/docs/jewel/rados/configuration/filesystem-recommendations/
ExtraConfig:
ceph::profile::params::osd_max_object_name_len: 256
ceph::profile::params::osd_max_object_namespace_len: 64
#NOTE(gfidente): necessary when deploying a single OSD
ceph::profile::params::osd_pool_default_pg_num: 32
ceph::profile::params::osd_pool_default_pgp_num: 32
#NOTE: These ID's and keys should be regenerated for
# a production deployment. What is here is suitable for
# developer and CI testing only.
CephClusterFSID: '4b5c8c0a-ff60-454b-a1b4-9747aa737d19'
CephMonKey: 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ=='
CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ=='
CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw=='
CephPoolDefaultSize: 1
SwiftCeilometerPipelineEnabled: false
# TODO: in Queens, re-add bgp-vpn and l2gw services when
# containerized.
# https://bugs.launchpad.net/bugs/1713612
# NeutronServicePlugins: 'router, networking_bgpvpn.neutron.services.plugin.BGPVPNPlugin, networking_l2gw.services.l2gateway.plugin.L2GatewayPlugin'
# BgpvpnServiceProvider: 'BGPVPN:Dummy:networking_bgpvpn.neutron.services.service_drivers.driver_api.BGPVPNDriver:default'
# L2gwServiceProvider: ['L2GW:l2gw:networking_l2gw.services.l2gateway.service_drivers.L2gwDriver:default']
NotificationDriver: 'noop'
openstack-tripleo-heat-templates/ci/environments/scenario004-multinode.yaml 0000644 0001750 0001750 00000013115 13245343354 026472 0 ustar stack stack resource_registry:
OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml
OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml
OS::TripleO::Services::CephMds: ../../puppet/services/ceph-mds.yaml
OS::TripleO::Services::CephMon: ../../puppet/services/ceph-mon.yaml
OS::TripleO::Services::CephOSD: ../../puppet/services/ceph-osd.yaml
OS::TripleO::Services::CephRgw: ../../puppet/services/ceph-rgw.yaml
OS::TripleO::Services::SwiftProxy: OS::Heat::None
OS::TripleO::Services::SwiftStorage: OS::Heat::None
OS::TripleO::Services::SwiftRingBuilder: OS::Heat::None
OS::TripleO::Services::ManilaApi: ../../puppet/services/manila-api.yaml
OS::TripleO::Services::ManilaScheduler: ../../puppet/services/manila-scheduler.yaml
OS::TripleO::Services::ManilaShare: ../../puppet/services/pacemaker/manila-share.yaml
OS::TripleO::Services::ManilaBackendCephFs: ../../puppet/services/manila-backend-cephfs.yaml
OS::TripleO::Services::NeutronBgpVpnApi: ../../puppet/services/neutron-bgpvpn-api.yaml
OS::TripleO::Services::NeutronL2gwApi: ../../puppet/services/neutron-l2gw-api.yaml
OS::TripleO::Services::NeutronL2gwAgent: ../../puppet/services/neutron-l2gw-agent.yaml
# These enable Pacemaker
OS::TripleO::Tasks::ControllerPreConfig: ../../extraconfig/tasks/pre_puppet_pacemaker.yaml
OS::TripleO::Tasks::ControllerPostConfig: ../../extraconfig/tasks/post_puppet_pacemaker.yaml
OS::TripleO::Tasks::ControllerPostPuppetRestart: ../../extraconfig/tasks/post_puppet_pacemaker_restart.yaml
OS::TripleO::Services::RabbitMQ: ../../puppet/services/pacemaker/rabbitmq.yaml
OS::TripleO::Services::HAproxy: ../../puppet/services/pacemaker/haproxy.yaml
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
OS::TripleO::Services::Redis: ../../puppet/services/pacemaker/database/redis.yaml
OS::TripleO::Services::MySQL: ../../puppet/services/pacemaker/database/mysql.yaml
OS::TripleO::Services::Keepalived: OS::Heat::None
# Some infra instances don't pass the ping test but are otherwise working.
# Since the OVB jobs also test this functionality we can shut it off here.
OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml
parameter_defaults:
ControllerServices:
- OS::TripleO::Services::CephMds
- OS::TripleO::Services::CephMon
- OS::TripleO::Services::CephOSD
- OS::TripleO::Services::CephRgw
- OS::TripleO::Services::Clustercheck
- OS::TripleO::Services::Docker
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Keystone
- OS::TripleO::Services::GlanceApi
- OS::TripleO::Services::HeatApi
- OS::TripleO::Services::HeatApiCfn
- OS::TripleO::Services::HeatApiCloudwatch
- OS::TripleO::Services::HeatEngine
- OS::TripleO::Services::MySQL
- OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::NeutronBgpVpnApi
- OS::TripleO::Services::NeutronDhcpAgent
- OS::TripleO::Services::NeutronL3Agent
- OS::TripleO::Services::NeutronL2gwApi
- OS::TripleO::Services::NeutronL2gwAgent
- OS::TripleO::Services::NeutronMetadataAgent
- OS::TripleO::Services::NeutronServer
- OS::TripleO::Services::NeutronCorePlugin
- OS::TripleO::Services::NeutronOvsAgent
- OS::TripleO::Services::RabbitMQ
- OS::TripleO::Services::HAproxy
- OS::TripleO::Services::Keepalived
- OS::TripleO::Services::ManilaApi
- OS::TripleO::Services::ManilaScheduler
- OS::TripleO::Services::ManilaBackendCephFs
- OS::TripleO::Services::ManilaShare
- OS::TripleO::Services::Memcached
- OS::TripleO::Services::Pacemaker
- OS::TripleO::Services::NovaConductor
- OS::TripleO::Services::NovaApi
- OS::TripleO::Services::NovaPlacement
- OS::TripleO::Services::NovaMetadata
- OS::TripleO::Services::NovaScheduler
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::NovaCompute
- OS::TripleO::Services::NovaLibvirt
- OS::TripleO::Services::NovaMigrationTarget
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::Sshd
- OS::TripleO::Services::Iscsid
ControllerExtraConfig:
nova::compute::libvirt::services::libvirt_virt_type: qemu
nova::compute::libvirt::libvirt_virt_type: qemu
Debug: true
#NOTE(gfidente): not great but we need this to deploy on ext4
#http://docs.ceph.com/docs/jewel/rados/configuration/filesystem-recommendations/
ExtraConfig:
ceph::profile::params::osd_max_object_name_len: 256
ceph::profile::params::osd_max_object_namespace_len: 64
#NOTE(gfidente): necessary when deploying a single OSD
ceph::profile::params::osd_pool_default_pg_num: 32
ceph::profile::params::osd_pool_default_pgp_num: 32
#NOTE: These ID's and keys should be regenerated for
# a production deployment. What is here is suitable for
# developer and CI testing only.
CephClusterFSID: '4b5c8c0a-ff60-454b-a1b4-9747aa737d19'
CephMonKey: 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ=='
CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ=='
CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw=='
CephPoolDefaultSize: 1
SwiftCeilometerPipelineEnabled: false
NeutronServicePlugins: 'router, networking_bgpvpn.neutron.services.plugin.BGPVPNPlugin, networking_l2gw.services.l2gateway.plugin.L2GatewayPlugin'
BgpvpnServiceProvider: 'BGPVPN:Dummy:networking_bgpvpn.neutron.services.service_drivers.driver_api.BGPVPNDriver:default'
L2gwServiceProvider: ['L2GW:l2gw:networking_l2gw.services.l2gateway.service_drivers.L2gwDriver:default']
NotificationDriver: 'noop'
openstack-tripleo-heat-templates/ci/environments/scenario006-multinode-containers.yaml 0000644 0001750 0001750 00000005235 13245343354 030643 0 ustar stack stack resource_registry:
OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml
OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml
OS::TripleO::Services::NovaIronic: ../docker/services/nova-ironic.yaml
OS::TripleO::Services::IronicApi: ../docker/services/ironic-api.yaml
OS::TripleO::Services::IronicConductor: ../docker/services/ironic-conductor.yaml
OS::TripleO::Services::IronicPxe: ../docker/services/ironic-pxe.yaml
parameter_defaults:
ControllerServices:
- OS::TripleO::Services::Clustercheck
- OS::TripleO::Services::Docker
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Keystone
- OS::TripleO::Services::GlanceApi
- OS::TripleO::Services::IronicApi
- OS::TripleO::Services::IronicConductor
- OS::TripleO::Services::IronicPxe
- OS::TripleO::Services::MySQL
- OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::NeutronDhcpAgent
- OS::TripleO::Services::NeutronL3Agent
- OS::TripleO::Services::NeutronMetadataAgent
- OS::TripleO::Services::NeutronServer
- OS::TripleO::Services::NeutronCorePlugin
- OS::TripleO::Services::NeutronOvsAgent
- OS::TripleO::Services::RabbitMQ
- OS::TripleO::Services::HAproxy
- OS::TripleO::Services::Keepalived
- OS::TripleO::Services::Memcached
- OS::TripleO::Services::Pacemaker
- OS::TripleO::Services::NovaConductor
- OS::TripleO::Services::NovaApi
- OS::TripleO::Services::NovaIronic
- OS::TripleO::Services::NovaPlacement
- OS::TripleO::Services::NovaMetadata
- OS::TripleO::Services::NovaScheduler
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::Sshd
- OS::TripleO::Services::Securetty
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::MongoDb
- OS::TripleO::Services::Redis
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
Debug: true
BannerText: |
******************************************************************
* This system is for the use of authorized users only. Usage of *
* this system may be monitored and recorded by system personnel. *
* Anyone using this system expressly consents to such monitoring *
* and is advised that if such monitoring reveals possible *
* evidence of criminal activity, system personnel may provide *
* the evidence from such monitoring to law enforcement officials.*
******************************************************************
# we don't deploy Swift so we switch to file backend.
GlanceBackend: 'file'
IronicCleaningDiskErase: 'metadata'
NotificationDriver: 'noop'
openstack-tripleo-heat-templates/ci/environments/scenario007-multinode-containers.yaml 0000644 0001750 0001750 00000007073 13245343354 030646 0 ustar stack stack resource_registry:
OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml
OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml
OS::TripleO::Services::OVNController: ../../docker/services/ovn-controller.yaml
OS::TripleO::Services::OVNDBs: ../../docker/services/ovn-dbs.yaml
# Some infra instances don't pass the ping test but are otherwise working.
# Since the OVB jobs also test this functionality we can shut it off here.
OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml
OS::TripleO::Services::NovaMigrationTarget: OS::Heat::None
OS::TripleO::Services::SwiftProxy: OS::Heat::None
OS::TripleO::Services::SwiftStorage: OS::Heat::None
OS::TripleO::Services::SwiftRingBuilder: OS::Heat::None
parameter_defaults:
ControllerServices:
- OS::TripleO::Services::Clustercheck
- OS::TripleO::Services::Docker
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Keystone
- OS::TripleO::Services::GlanceApi
- OS::TripleO::Services::HeatApi
- OS::TripleO::Services::HeatApiCfn
- OS::TripleO::Services::HeatApiCloudwatch
- OS::TripleO::Services::HeatEngine
- OS::TripleO::Services::MySQL
- OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::NeutronServer
- OS::TripleO::Services::NeutronCorePlugin
- OS::TripleO::Services::OVNDBs
- OS::TripleO::Services::OVNController
- OS::TripleO::Services::RabbitMQ
- OS::TripleO::Services::HAproxy
- OS::TripleO::Services::Keepalived
- OS::TripleO::Services::Memcached
- OS::TripleO::Services::Pacemaker
- OS::TripleO::Services::NovaConductor
- OS::TripleO::Services::NovaApi
- OS::TripleO::Services::NovaPlacement
- OS::TripleO::Services::NovaMetadata
- OS::TripleO::Services::NovaScheduler
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::NovaCompute
- OS::TripleO::Services::NovaLibvirt
- OS::TripleO::Services::NovaMigrationTarget
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::Sshd
- OS::TripleO::Services::Iscsid
ControllerExtraConfig:
nova::compute::libvirt::services::libvirt_virt_type: qemu
nova::compute::libvirt::libvirt_virt_type: qemu
# Required for Centos 7.3 and Qemu 2.6.0
nova::compute::libvirt::libvirt_cpu_mode: 'none'
# For OVN.
NeutronMechanismDrivers: ovn
OVNVifType: ovs
OVNNeutronSyncMode: log
OVNQosDriver: ovn-qos
OVNTunnelEncapType: geneve
NeutronEnableDHCPAgent: false
NeutronTypeDrivers: 'geneve,vlan,flat,vxlan'
NeutronNetworkType: 'geneve'
NeutronServicePlugins: 'qos,networking_ovn.l3.l3_ovn.OVNL3RouterPlugin'
NeutronVniRanges: ['1:65536', ]
OVNBridgeMappings: 'datacentre:br-ex'
Debug: true
BannerText: |
******************************************************************
* This system is for the use of authorized users only. Usage of *
* this system may be monitored and recorded by system personnel. *
* Anyone using this system expressly consents to such monitoring *
* and is advised that if such monitoring reveals possible *
* evidence of criminal activity, system personnel may provide *
* the evidence from such monitoring to law enforcement officials.*
******************************************************************
# we don't deploy Swift so we switch to file backend.
GlanceBackend: 'file'
IronicCleaningDiskErase: 'metadata'
NotificationDriver: 'noop'
openstack-tripleo-heat-templates/ci/environments/scenario007-multinode.yaml 0000644 0001750 0001750 00000007024 13245343354 026477 0 ustar stack stack resource_registry:
OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml
OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml
OS::TripleO::Services::RabbitMQ: ../../puppet/services/pacemaker/rabbitmq.yaml
OS::TripleO::Services::HAproxy: ../../puppet/services/pacemaker/haproxy.yaml
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
OS::TripleO::Services::MySQL: ../../puppet/services/pacemaker/database/mysql.yaml
OS::TripleO::Services::Keepalived: OS::Heat::None
OS::TripleO::Tasks::ControllerPreConfig: ../../extraconfig/tasks/pre_puppet_pacemaker.yaml
OS::TripleO::Tasks::ControllerPostConfig: ../../extraconfig/tasks/post_puppet_pacemaker.yaml
OS::TripleO::Tasks::ControllerPostPuppetRestart: ../../extraconfig/tasks/post_puppet_pacemaker_restart.yaml
# Disable neutron services not required for OVN and enable services required for OVN.
OS::TripleO::Services::NeutronL3Agent: OS::Heat::None
OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None
OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None
OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginML2OVN
OS::TripleO::Services::ComputeNeutronCorePlugin: OS::Heat::None
OS::TripleO::Services::OVNController: ../../puppet/services/ovn-controller.yaml
OS::TripleO::Services::OVNDBs: ../../puppet/services/ovn-dbs.yaml
parameter_defaults:
ControllerServices:
- OS::TripleO::Services::Clustercheck
- OS::TripleO::Services::Docker
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Keystone
- OS::TripleO::Services::GlanceApi
- OS::TripleO::Services::HeatApi
- OS::TripleO::Services::HeatApiCfn
- OS::TripleO::Services::HeatApiCloudwatch
- OS::TripleO::Services::HeatEngine
- OS::TripleO::Services::MySQL
- OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::NeutronServer
- OS::TripleO::Services::NeutronCorePlugin
- OS::TripleO::Services::OVNDBs
- OS::TripleO::Services::OVNController
- OS::TripleO::Services::RabbitMQ
- OS::TripleO::Services::HAproxy
- OS::TripleO::Services::Keepalived
- OS::TripleO::Services::Memcached
- OS::TripleO::Services::Pacemaker
- OS::TripleO::Services::NovaConductor
- OS::TripleO::Services::NovaApi
- OS::TripleO::Services::NovaPlacement
- OS::TripleO::Services::NovaMetadata
- OS::TripleO::Services::NovaScheduler
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::NovaCompute
- OS::TripleO::Services::NovaLibvirt
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::Sshd
ControllerExtraConfig:
nova::compute::libvirt::services::libvirt_virt_type: qemu
nova::compute::libvirt::libvirt_virt_type: qemu
# For OVN.
NeutronMechanismDrivers: ovn
OVNVifType: ovs
OVNNeutronSyncMode: log
OVNQosDriver: ovn-qos
OVNTunnelEncapType: geneve
NeutronEnableDHCPAgent: false
NeutronTypeDrivers: 'geneve,vlan,flat,vxlan'
NeutronNetworkType: 'geneve'
NeutronServicePlugins: 'qos,networking_ovn.l3.l3_ovn.OVNL3RouterPlugin'
NeutronVniRanges: ['1:65536', ]
OVNBridgeMappings: 'datacentre:br-ex'
Debug: true
# we don't deploy Swift so we switch to file backend.
GlanceBackend: 'file'
KeystoneTokenProvider: 'fernet'
SwiftCeilometerPipelineEnabled: false
openstack-tripleo-heat-templates/ci/pingtests/ 0000755 0001750 0001750 00000000000 13245343354 021051 5 ustar stack stack openstack-tripleo-heat-templates/ci/pingtests/scenario001-multinode.yaml 0000644 0001750 0001750 00000011653 13245343354 025765 0 ustar stack stack heat_template_version: pike
description: >
HOT template to created resources deployed by scenario001.
parameters:
key_name:
type: string
description: Name of keypair to assign to servers
default: 'pingtest_key'
image:
type: string
description: Name of image to use for servers
default: 'pingtest_image'
public_net_name:
type: string
default: 'nova'
description: >
ID or name of public network for which floating IP addresses will be allocated
private_net_name:
type: string
description: Name of private network to be created
default: 'default-net'
private_net_cidr:
type: string
description: Private network address (CIDR notation)
default: '192.168.2.0/24'
private_net_gateway:
type: string
description: Private network gateway address
default: '192.168.2.1'
private_net_pool_start:
type: string
description: Start of private network IP address allocation pool
default: '192.168.2.100'
private_net_pool_end:
type: string
default: '192.168.2.200'
description: End of private network IP address allocation pool
resources:
key_pair:
type: OS::Nova::KeyPair
properties:
save_private_key: true
name: {get_param: key_name }
private_net:
type: OS::Neutron::Net
properties:
name: { get_param: private_net_name }
private_subnet:
type: OS::Neutron::Subnet
properties:
network_id: { get_resource: private_net }
cidr: { get_param: private_net_cidr }
gateway_ip: { get_param: private_net_gateway }
allocation_pools:
- start: { get_param: private_net_pool_start }
end: { get_param: private_net_pool_end }
router:
type: OS::Neutron::Router
properties:
external_gateway_info:
network: { get_param: public_net_name }
router_interface:
type: OS::Neutron::RouterInterface
properties:
router_id: { get_resource: router }
subnet_id: { get_resource: private_subnet }
volume1:
type: OS::Cinder::Volume
properties:
name: Volume1
image: { get_param: image }
size: 1
server1:
type: OS::Nova::Server
depends_on: volume1
properties:
name: Server1
block_device_mapping:
- device_name: vda
volume_id: { get_resource: volume1 }
flavor: { get_resource: test_flavor }
key_name: { get_resource: key_pair }
networks:
- port: { get_resource: server1_port }
server1_port:
type: OS::Neutron::Port
properties:
network_id: { get_resource: private_net }
fixed_ips:
- subnet_id: { get_resource: private_subnet }
security_groups: [{ get_resource: server_security_group }]
server1_floating_ip:
type: OS::Neutron::FloatingIP
# TODO: investigate why we need this depends_on and if we could
# replace it by router_id with get_resource: router_interface
depends_on: router_interface
properties:
floating_network: { get_param: public_net_name }
port_id: { get_resource: server1_port }
server_security_group:
type: OS::Neutron::SecurityGroup
properties:
description: Add security group rules for server
name: pingtest-security-group
rules:
- remote_ip_prefix: 0.0.0.0/0
protocol: tcp
port_range_min: 22
port_range_max: 22
- remote_ip_prefix: 0.0.0.0/0
protocol: icmp
test_flavor:
type: OS::Nova::Flavor
properties:
ram: 512
vcpus: 1
gnocchi_res_alarm:
type: OS::Aodh::GnocchiResourcesAlarm
properties:
description: Do stuff with gnocchi
metric: cpu_util
aggregation_method: mean
granularity: 60
evaluation_periods: 1
threshold: 50
alarm_actions: []
resource_type: instance
resource_id: { get_resource: server1 }
comparison_operator: gt
asg:
type: OS::Heat::AutoScalingGroup
properties:
max_size: 5
min_size: 1
resource:
type: OS::Heat::RandomString
scaleup_policy:
type: OS::Heat::ScalingPolicy
properties:
adjustment_type: change_in_capacity
auto_scaling_group_id: {get_resource: asg}
cooldown: 0
scaling_adjustment: 1
alarm:
type: OS::Aodh::Alarm
properties:
description: Scale-up if the average CPU > 50% for 1 minute
meter_name: test_meter
statistic: count
comparison_operator: ge
threshold: 1
period: 60
evaluation_periods: 1
alarm_actions:
- {get_attr: [scaleup_policy, alarm_url]}
matching_metadata:
metadata.metering.stack_id: {get_param: "OS::stack_id"}
outputs:
server1_private_ip:
description: IP address of server1 in private network
value: { get_attr: [ server1, first_address ] }
server1_public_ip:
description: Floating IP address of server1 in public network
value: { get_attr: [ server1_floating_ip, floating_ip_address ] }
asg_size:
value: {get_attr: [asg, current_size]}
openstack-tripleo-heat-templates/ci/pingtests/scenario002-multinode.yaml 0000644 0001750 0001750 00000010352 13245343354 025761 0 ustar stack stack heat_template_version: pike
description: >
HOT template to created resources deployed by scenario002.
parameters:
key_name:
type: string
description: Name of keypair to assign to servers
default: 'pingtest_key'
image:
type: string
description: Name of image to use for servers
default: 'pingtest_image'
public_net_name:
type: string
default: 'nova'
description: >
ID or name of public network for which floating IP addresses will be allocated
private_net_name:
type: string
description: Name of private network to be created
default: 'default-net'
private_net_cidr:
type: string
description: Private network address (CIDR notation)
default: '192.168.2.0/24'
private_net_gateway:
type: string
description: Private network gateway address
default: '192.168.2.1'
private_net_pool_start:
type: string
description: Start of private network IP address allocation pool
default: '192.168.2.100'
private_net_pool_end:
type: string
default: '192.168.2.200'
description: End of private network IP address allocation pool
resources:
key_pair:
type: OS::Nova::KeyPair
properties:
save_private_key: true
name: {get_param: key_name }
private_net:
type: OS::Neutron::Net
properties:
name: { get_param: private_net_name }
private_subnet:
type: OS::Neutron::Subnet
properties:
network_id: { get_resource: private_net }
cidr: { get_param: private_net_cidr }
gateway_ip: { get_param: private_net_gateway }
allocation_pools:
- start: { get_param: private_net_pool_start }
end: { get_param: private_net_pool_end }
router:
type: OS::Neutron::Router
properties:
external_gateway_info:
network: { get_param: public_net_name }
router_interface:
type: OS::Neutron::RouterInterface
properties:
router_id: { get_resource: router }
subnet_id: { get_resource: private_subnet }
luks_volume_type:
type: OS::Cinder::VolumeType
properties:
name: LUKS
encrypted_volume_type:
type: OS::Cinder::EncryptedVolumeType
properties:
volume_type: {get_resource: luks_volume_type}
provider: luks
cipher: aes-xts-plain64
control_location: front-end
key_size: 256
volume1:
type: OS::Cinder::Volume
depends_on: encrypted_volume_type
properties:
name: Volume1
image: { get_param: image }
size: 1
volume_type: {get_resource: luks_volume_type}
server1:
type: OS::Nova::Server
depends_on: volume1
properties:
name: Server1
block_device_mapping:
- device_name: vda
volume_id: { get_resource: volume1 }
flavor: { get_resource: test_flavor }
key_name: { get_resource: key_pair }
networks:
- port: { get_resource: server1_port }
server1_port:
type: OS::Neutron::Port
properties:
network_id: { get_resource: private_net }
fixed_ips:
- subnet_id: { get_resource: private_subnet }
security_groups: [{ get_resource: server_security_group }]
server1_floating_ip:
type: OS::Neutron::FloatingIP
# TODO: investigate why we need this depends_on and if we could
# replace it by router_id with get_resource: router_interface
depends_on: router_interface
properties:
floating_network: { get_param: public_net_name }
port_id: { get_resource: server1_port }
server_security_group:
type: OS::Neutron::SecurityGroup
properties:
description: Add security group rules for server
name: pingtest-security-group
rules:
- remote_ip_prefix: 0.0.0.0/0
protocol: tcp
port_range_min: 22
port_range_max: 22
- remote_ip_prefix: 0.0.0.0/0
protocol: icmp
test_flavor:
type: OS::Nova::Flavor
properties:
ram: 512
vcpus: 1
zaqar_queue:
type: OS::Zaqar::Queue
properties:
name: pingtest-queue
outputs:
server1_private_ip:
description: IP address of server1 in private network
value: { get_attr: [ server1, first_address ] }
server1_public_ip:
description: Floating IP address of server1 in public network
value: { get_attr: [ server1_floating_ip, floating_ip_address ] }
openstack-tripleo-heat-templates/ci/pingtests/scenario003-multinode.yaml 0000644 0001750 0001750 00000010237 13245343354 025764 0 ustar stack stack heat_template_version: pike
description: >
HOT template to created resources deployed by scenario003.
parameters:
key_name:
type: string
description: Name of keypair to assign to servers
default: 'pingtest_key'
image:
type: string
description: Name of image to use for servers
default: 'pingtest_image'
public_net_name:
type: string
default: 'nova'
description: >
ID or name of public network for which floating IP addresses will be allocated
private_net_name:
type: string
description: Name of private network to be created
default: 'default-net'
private_net_cidr:
type: string
description: Private network address (CIDR notation)
default: '192.168.2.0/24'
private_net_gateway:
type: string
description: Private network gateway address
default: '192.168.2.1'
private_net_pool_start:
type: string
description: Start of private network IP address allocation pool
default: '192.168.2.100'
private_net_pool_end:
type: string
default: '192.168.2.200'
description: End of private network IP address allocation pool
resources:
key_pair:
type: OS::Nova::KeyPair
properties:
save_private_key: true
name: {get_param: key_name }
private_net:
type: OS::Neutron::Net
properties:
name: { get_param: private_net_name }
private_subnet:
type: OS::Neutron::Subnet
properties:
network_id: { get_resource: private_net }
cidr: { get_param: private_net_cidr }
gateway_ip: { get_param: private_net_gateway }
allocation_pools:
- start: { get_param: private_net_pool_start }
end: { get_param: private_net_pool_end }
router:
type: OS::Neutron::Router
properties:
external_gateway_info:
network: { get_param: public_net_name }
router_interface:
type: OS::Neutron::RouterInterface
properties:
router_id: { get_resource: router }
subnet_id: { get_resource: private_subnet }
server1:
type: OS::Nova::Server
properties:
name: Server1
flavor: { get_resource: test_flavor }
image: { get_param: image }
key_name: { get_resource: key_pair }
networks:
- port: { get_resource: server1_port }
server1_port:
type: OS::Neutron::Port
properties:
network_id: { get_resource: private_net }
fixed_ips:
- subnet_id: { get_resource: private_subnet }
security_groups: [{ get_resource: server_security_group }]
server1_floating_ip:
type: OS::Neutron::FloatingIP
# TODO: investigate why we need this depends_on and if we could
# replace it by router_id with get_resource: router_interface
depends_on: router_interface
properties:
floating_network: { get_param: public_net_name }
port_id: { get_resource: server1_port }
server_security_group:
type: OS::Neutron::SecurityGroup
properties:
description: Add security group rules for server
name: pingtest-security-group
rules:
- remote_ip_prefix: 0.0.0.0/0
protocol: tcp
port_range_min: 22
port_range_max: 22
- remote_ip_prefix: 0.0.0.0/0
protocol: icmp
test_flavor:
type: OS::Nova::Flavor
properties:
ram: 512
vcpus: 1
sahara-image:
type: OS::Sahara::ImageRegistry
properties:
image: { get_param: image }
username: cirros
tags:
- tripleo
mistral_workflow:
type: OS::Mistral::Workflow
properties:
type: direct
name: test_workflow
description: Just testing workflow resource.
input:
phrase: Hello!
output:
out: <% $.word %>
tasks:
- name: hello
action: std.echo output=<% $.phrase %>
publish:
word: <% $.hello %>
outputs:
server1_private_ip:
description: IP address of server1 in private network
value: { get_attr: [ server1, first_address ] }
server1_public_ip:
description: Floating IP address of server1 in public network
value: { get_attr: [ server1_floating_ip, floating_ip_address ] }
exec:
description: Mistral output verifying execution
value: { get_attr: [mistral_workflow, executions]} openstack-tripleo-heat-templates/ci/pingtests/scenario004-multinode.yaml 0000644 0001750 0001750 00000007556 13245343354 025777 0 ustar stack stack heat_template_version: pike
description: >
HOT template to created resources deployed by scenario004.
parameters:
key_name:
type: string
description: Name of keypair to assign to servers
default: 'pingtest_key'
image:
type: string
description: Name of image to use for servers
default: 'pingtest_image'
public_net_name:
type: string
default: 'nova'
description: >
ID or name of public network for which floating IP addresses will be allocated
private_net_name:
type: string
description: Name of private network to be created
default: 'default-net'
private_net_cidr:
type: string
description: Private network address (CIDR notation)
default: '192.168.2.0/24'
private_net_gateway:
type: string
description: Private network gateway address
default: '192.168.2.1'
private_net_pool_start:
type: string
description: Start of private network IP address allocation pool
default: '192.168.2.100'
private_net_pool_end:
type: string
default: '192.168.2.200'
description: End of private network IP address allocation pool
resources:
key_pair:
type: OS::Nova::KeyPair
properties:
save_private_key: true
name: {get_param: key_name }
private_net:
type: OS::Neutron::Net
properties:
name: { get_param: private_net_name }
private_subnet:
type: OS::Neutron::Subnet
properties:
network_id: { get_resource: private_net }
cidr: { get_param: private_net_cidr }
gateway_ip: { get_param: private_net_gateway }
allocation_pools:
- start: { get_param: private_net_pool_start }
end: { get_param: private_net_pool_end }
router:
type: OS::Neutron::Router
properties:
external_gateway_info:
network: { get_param: public_net_name }
router_interface:
type: OS::Neutron::RouterInterface
properties:
router_id: { get_resource: router }
subnet_id: { get_resource: private_subnet }
server1:
type: OS::Nova::Server
properties:
name: Server1
flavor: { get_resource: test_flavor }
image: { get_param: image }
key_name: { get_resource: key_pair }
networks:
- port: { get_resource: server1_port }
server1_port:
type: OS::Neutron::Port
properties:
network_id: { get_resource: private_net }
fixed_ips:
- subnet_id: { get_resource: private_subnet }
security_groups: [{ get_resource: server_security_group }]
server1_floating_ip:
type: OS::Neutron::FloatingIP
# TODO: investigate why we need this depends_on and if we could
# replace it by router_id with get_resource: router_interface
depends_on: router_interface
properties:
floating_network: { get_param: public_net_name }
port_id: { get_resource: server1_port }
server_security_group:
type: OS::Neutron::SecurityGroup
properties:
description: Add security group rules for server
name: pingtest-security-group
rules:
- remote_ip_prefix: 0.0.0.0/0
protocol: tcp
port_range_min: 22
port_range_max: 22
- remote_ip_prefix: 0.0.0.0/0
protocol: icmp
test_flavor:
type: OS::Nova::Flavor
properties:
ram: 512
vcpus: 1
manila_share_type:
type: OS::Manila::ShareType
properties:
name: default
driver_handles_share_servers: false
snapshot_support: false
manila_share:
type: OS::Manila::Share
properties:
name: pingtest
share_type: { get_resource: manila_share_type }
share_protocol: CEPHFS
size: 1
outputs:
server1_private_ip:
description: IP address of server1 in private network
value: { get_attr: [ server1, first_address ] }
server1_public_ip:
description: Floating IP address of server1 in public network
value: { get_attr: [ server1_floating_ip, floating_ip_address ] }
openstack-tripleo-heat-templates/ci/pingtests/scenario007-multinode.yaml 0000644 0001750 0001750 00000007031 13245343354 025766 0 ustar stack stack heat_template_version: pike
description: >
HOT template to created resources deployed by scenario007.
parameters:
key_name:
type: string
description: Name of keypair to assign to servers
default: 'pingtest_key'
image:
type: string
description: Name of image to use for servers
default: 'pingtest_image'
public_net_name:
type: string
default: 'nova'
description: >
ID or name of public network for which floating IP addresses will be allocated
private_net_name:
type: string
description: Name of private network to be created
default: 'default-net'
private_net_cidr:
type: string
description: Private network address (CIDR notation)
default: '192.168.2.0/24'
private_net_gateway:
type: string
description: Private network gateway address
default: '192.168.2.1'
private_net_pool_start:
type: string
description: Start of private network IP address allocation pool
default: '192.168.2.100'
private_net_pool_end:
type: string
default: '192.168.2.200'
description: End of private network IP address allocation pool
resources:
key_pair:
type: OS::Nova::KeyPair
properties:
save_private_key: true
name: {get_param: key_name }
private_net:
type: OS::Neutron::Net
properties:
name: { get_param: private_net_name }
private_subnet:
type: OS::Neutron::Subnet
properties:
network_id: { get_resource: private_net }
cidr: { get_param: private_net_cidr }
gateway_ip: { get_param: private_net_gateway }
allocation_pools:
- start: { get_param: private_net_pool_start }
end: { get_param: private_net_pool_end }
router:
type: OS::Neutron::Router
properties:
external_gateway_info:
network: { get_param: public_net_name }
router_interface:
type: OS::Neutron::RouterInterface
properties:
router_id: { get_resource: router }
subnet_id: { get_resource: private_subnet }
server1:
type: OS::Nova::Server
properties:
name: Server1
flavor: { get_resource: test_flavor }
image: { get_param: image }
key_name: { get_resource: key_pair }
networks:
- port: { get_resource: server1_port }
server1_port:
type: OS::Neutron::Port
properties:
network_id: { get_resource: private_net }
fixed_ips:
- subnet_id: { get_resource: private_subnet }
security_groups: [{ get_resource: server_security_group }]
server1_floating_ip:
type: OS::Neutron::FloatingIP
# TODO: investigate why we need this depends_on and if we could
# replace it by router_id with get_resource: router_interface
depends_on: router_interface
properties:
floating_network: { get_param: public_net_name }
port_id: { get_resource: server1_port }
server_security_group:
type: OS::Neutron::SecurityGroup
properties:
description: Add security group rules for server
name: pingtest-security-group
rules:
- remote_ip_prefix: 0.0.0.0/0
protocol: tcp
port_range_min: 22
port_range_max: 22
- remote_ip_prefix: 0.0.0.0/0
protocol: icmp
test_flavor:
type: OS::Nova::Flavor
properties:
ram: 512
vcpus: 1
outputs:
server1_private_ip:
description: IP address of server1 in private network
value: { get_attr: [ server1, first_address ] }
server1_public_ip:
description: Floating IP address of server1 in public network
value: { get_attr: [ server1_floating_ip, floating_ip_address ] }
openstack-tripleo-heat-templates/ci/pingtests/tenantvm_floatingip.yaml 0000644 0001750 0001750 00000010156 13245343354 026010 0 ustar stack stack heat_template_version: pike
description: >
This template resides in tripleo-ci for Mitaka CI jobs only.
For Newton and beyond, please look in THT.
HOT template to create a new neutron network plus a router to the public
network, and for deploying a server into the new network. The template also
assigns a floating IP address and sets security group rules. ADAPTED FROM
https://raw.githubusercontent.com/openstack/heat-templates/master/hot/servers_in_new_neutron_net.yaml
parameters:
key_name:
type: string
description: Name of keypair to assign to servers
default: 'pingtest_key'
image:
type: string
description: Name of image to use for servers
default: 'pingtest_image'
public_net_name:
type: string
default: 'nova'
description: >
ID or name of public network for which floating IP addresses will be allocated
private_net_name:
type: string
description: Name of private network to be created
default: 'default-net'
private_net_cidr:
type: string
description: Private network address (CIDR notation)
default: '192.168.2.0/24'
private_net_gateway:
type: string
description: Private network gateway address
default: '192.168.2.1'
private_net_pool_start:
type: string
description: Start of private network IP address allocation pool
default: '192.168.2.100'
private_net_pool_end:
type: string
default: '192.168.2.200'
description: End of private network IP address allocation pool
resources:
key_pair:
type: OS::Nova::KeyPair
properties:
save_private_key: true
name: {get_param: key_name }
private_net:
type: OS::Neutron::Net
properties:
name: { get_param: private_net_name }
private_subnet:
type: OS::Neutron::Subnet
properties:
network_id: { get_resource: private_net }
cidr: { get_param: private_net_cidr }
gateway_ip: { get_param: private_net_gateway }
allocation_pools:
- start: { get_param: private_net_pool_start }
end: { get_param: private_net_pool_end }
router:
type: OS::Neutron::Router
properties:
external_gateway_info:
network: { get_param: public_net_name }
router_interface:
type: OS::Neutron::RouterInterface
properties:
router_id: { get_resource: router }
subnet_id: { get_resource: private_subnet }
volume1:
type: OS::Cinder::Volume
properties:
name: Volume1
image: { get_param: image }
size: 1
server1:
type: OS::Nova::Server
depends_on: volume1
properties:
name: Server1
block_device_mapping:
- device_name: vda
volume_id: { get_resource: volume1 }
flavor: { get_resource: test_flavor }
key_name: { get_resource: key_pair }
networks:
- port: { get_resource: server1_port }
server1_port:
type: OS::Neutron::Port
properties:
network_id: { get_resource: private_net }
fixed_ips:
- subnet_id: { get_resource: private_subnet }
security_groups: [{ get_resource: server_security_group }]
server1_floating_ip:
type: OS::Neutron::FloatingIP
# TODO: investigate why we need this depends_on and if we could
# replace it by router_id with get_resource: router_interface
depends_on: router_interface
properties:
floating_network: { get_param: public_net_name }
port_id: { get_resource: server1_port }
server_security_group:
type: OS::Neutron::SecurityGroup
properties:
description: Add security group rules for server
name: pingtest-security-group
rules:
- remote_ip_prefix: 0.0.0.0/0
protocol: tcp
port_range_min: 22
port_range_max: 22
- remote_ip_prefix: 0.0.0.0/0
protocol: icmp
test_flavor:
type: OS::Nova::Flavor
properties:
ram: 512
vcpus: 1
outputs:
server1_private_ip:
description: IP address of server1 in private network
value: { get_attr: [ server1, first_address ] }
server1_public_ip:
description: Floating IP address of server1 in public network
value: { get_attr: [ server1_floating_ip, floating_ip_address ] }
openstack-tripleo-heat-templates/ci/scripts/ 0000755 0001750 0001750 00000000000 13245343354 020520 5 ustar stack stack openstack-tripleo-heat-templates/ci/scripts/freeipa_setup.sh 0000644 0001750 0001750 00000007533 13245343354 023717 0 ustar stack stack #!/bin/bash
#
# Used environment variables:
#
# - Hostname
# - FreeIPAIP
# - DirectoryManagerPassword
# - AdminPassword
# - UndercloudFQDN
# - HostsSecret
# - ProvisioningCIDR: If set, it adds the given CIDR to the provisioning
# interface (which is hardcoded to eth1)
# - UsingNovajoin: If unset, we pre-provision the service principals
# needed for the overcloud deploy. If set, we skip this,
# since novajoin will do it.
#
set -eux
if [ -f "~/freeipa-setup.env" ]; then
source ~/freeipa-setup.env
elif [ -f "/tmp/freeipa-setup.env" ]; then
source /tmp/freeipa-setup.env
fi
export Hostname=${Hostname:-""}
export FreeIPAIP=${FreeIPAIP:-""}
export DirectoryManagerPassword=${DirectoryManagerPassword:-""}
export AdminPassword=${AdminPassword:-""}
export UndercloudFQDN=${UndercloudFQDN:-""}
export HostsSecret=${HostsSecret:-""}
export ProvisioningCIDR=${ProvisioningCIDR:-""}
export UsingNovajoin=${UsingNovajoin:-""}
if [ -n "$ProvisioningCIDR" ]; then
# Add address to provisioning network interface
ip link set dev eth1 up
ip addr add $ProvisioningCIDR dev eth1
fi
# Set DNS servers
echo "nameserver 8.8.8.8" >> /etc/resolv.conf
echo "nameserver 8.8.4.4" >> /etc/resolv.conf
yum -q -y remove openstack-dashboard
# Install the needed packages
yum -q install -y ipa-server ipa-server-dns epel-release rng-tools mod_nss git
yum -q install -y haveged
# Prepare hostname
hostnamectl set-hostname --static $Hostname
echo $FreeIPAIP `hostname` | tee -a /etc/hosts
# Set iptables rules
cat << EOF > freeipa-iptables-rules.txt
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
#TCP ports for FreeIPA
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 389 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 636 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 88 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 464 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT
#UDP ports for FreeIPA
-A INPUT -m state --state NEW -m udp -p udp --dport 88 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 464 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 123 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
EOF
iptables-restore < freeipa-iptables-rules.txt
# Entropy generation; otherwise, ipa-server-install will lag.
chkconfig haveged on
systemctl start haveged
# Remove conflicting httpd configuration
rm -f /etc/httpd/conf.d/ssl.conf
# Set up FreeIPA
ipa-server-install -U -r `hostname -d|tr "[a-z]" "[A-Z]"` \
-p $DirectoryManagerPassword -a $AdminPassword \
--hostname `hostname -f` \
--ip-address=$FreeIPAIP \
--setup-dns --auto-forwarders --auto-reverse
# Authenticate
echo $AdminPassword | kinit admin
# Verify we have TGT
klist
if [ "$?" = '1' ]; then
exit 1
fi
if [ -z "$UsingNovajoin" ]; then
# Create undercloud host
ipa host-add $UndercloudFQDN --password=$HostsSecret --force
# Create overcloud nodes and services
git clone https://github.com/JAORMX/freeipa-tripleo-incubator.git
cd freeipa-tripleo-incubator
python create_ipa_tripleo_host_setup.py -w $HostsSecret -d $(hostname -d) \
--controller-count 1 --compute-count 1
fi
openstack-tripleo-heat-templates/common/ 0000755 0001750 0001750 00000000000 13245343354 017726 5 ustar stack stack openstack-tripleo-heat-templates/common/deploy-steps-tasks.yaml 0000644 0001750 0001750 00000010314 13245343354 024364 0 ustar stack stack # Note the indentation here is required as it's joined
# to create a playbook in deploy-steps.j2
#####################################################
# Per step puppet configuration of the baremetal host
#####################################################
- name: Set host puppet debugging fact string
set_fact:
host_puppet_config_debug: "--debug --verbose"
when: enable_debug|default(false)
- name: Write the config_step hieradata
copy: content="{{dict(step=step|int)|to_json}}" dest=/etc/puppet/hieradata/config_step.json force=true mode=0600
- name: Run puppet host configuration for step {{step}}
command: >-
puppet apply {{ host_puppet_config_debug|default('') }}
--modulepath=/etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules
--detailed-exitcodes
--logdest syslog --logdest console --color=false
/var/lib/tripleo-config/puppet_step_config.pp
changed_when: outputs.rc == 2
check_mode: no
register: outputs
failed_when: false
no_log: true
- debug: var=(outputs.stderr|default('')).split('\n')|union(outputs.stdout_lines|default([]))
when: outputs.rc is defined
failed_when: outputs.rc not in [0, 2]
######################################
# Generate config via docker-puppet.py
######################################
- name: Run docker-puppet tasks (generate config)
shell: python /var/lib/docker-puppet/docker-puppet.py
environment:
NET_HOST: 'true'
DEBUG: '{{docker_puppet_debug|default(false)}}'
PROCESS_COUNT: '{{docker_puppet_process_count|default(3)}}'
when: step == "1"
changed_when: false
check_mode: no
register: outputs
failed_when: false
no_log: true
- debug: var=(outputs.stderr|default('')).split('\n')|union(outputs.stdout_lines|default([]))
when: outputs.rc is defined
failed_when: outputs.rc != 0
##################################################
# Per step starting of the containers using paunch
##################################################
- name: Check if /var/lib/hashed-tripleo-config/docker-container-startup-config-step_{{step}}.json exists
stat:
path: /var/lib/tripleo-config/hashed-docker-container-startup-config-step_{{step}}.json
register: docker_config_json
# Note docker-puppet.py generates the hashed-*.json file, which is a copy of
# the *step_n.json with a hash of the generated external config added
# This acts as a salt to enable restarting the container if config changes
- name: Start containers for step {{step}}
command: >-
paunch --debug apply
--file /var/lib/tripleo-config/hashed-docker-container-startup-config-step_{{step}}.json
--config-id tripleo_step{{step}} --managed-by tripleo-{{role_name}}
when: docker_config_json.stat.exists
changed_when: false
check_mode: no
register: outputs
failed_when: false
no_log: true
- debug: var=(outputs.stderr|default('')).split('\n')|union(outputs.stdout_lines|default([]))
when: outputs.rc is defined
failed_when: outputs.rc != 0
########################################################
# Bootstrap tasks, only performed on bootstrap_server_id
########################################################
- name: Check if /var/lib/docker-puppet/docker-puppet-tasks{{step}}.json exists
stat:
path: /var/lib/docker-puppet/docker-puppet-tasks{{step}}.json
register: docker_puppet_tasks_json
- name: Run docker-puppet tasks (bootstrap tasks)
shell: python /var/lib/docker-puppet/docker-puppet.py
environment:
CONFIG: /var/lib/docker-puppet/docker-puppet-tasks{{step}}.json
NET_HOST: "true"
NO_ARCHIVE: "true"
STEP: "{{step}}"
when: deploy_server_id == bootstrap_server_id and docker_puppet_tasks_json.stat.exists
changed_when: false
check_mode: no
register: outputs
failed_when: false
no_log: true
- debug: var=(outputs.stderr|default('')).split('\n')|union(outputs.stdout_lines|default([]))
when: outputs.rc is defined
failed_when: outputs.rc != 0
openstack-tripleo-heat-templates/common/deploy-steps.j2 0000644 0001750 0001750 00000036234 13245343354 022623 0 ustar stack stack # certain initialization steps (run in a container) will occur
# on the role marked as primary controller or the first role listed
{%- if enabled_roles is not defined -%}
# On upgrade certain roles can be disabled for operator driven upgrades
# See major_upgrade_steps.j2.yaml and post-upgrade.j2.yaml
{%- set enabled_roles = roles -%}
{%- set is_upgrade = false -%}
{%- else %}
{%- set is_upgrade = true -%}
{%- endif -%}
{%- set primary_role = [enabled_roles[0]] -%}
{%- for role in enabled_roles -%}
{%- if 'primary' in role.tags and 'controller' in role.tags -%}
{%- set _ = primary_role.pop() -%}
{%- set _ = primary_role.append(role) -%}
{%- endif -%}
{%- endfor -%}
{%- set primary_role_name = primary_role[0].name -%}
# primary role is: {{primary_role_name}}
{% set deploy_steps_max = 6 -%}
{% set update_steps_max = 6 -%}
{% set upgrade_steps_max = 6 -%}
heat_template_version: pike
description: >
Post-deploy configuration steps via puppet for all roles,
as defined in ../roles_data.yaml
parameters:
servers:
type: json
description: Mapping of Role name e.g Controller to a list of servers
stack_name:
type: string
description: Name of the topmost stack
role_data:
type: json
description: Mapping of Role name e.g Controller to the per-role data
DeployIdentifier:
default: ''
type: string
description: >
Setting this to a unique value will re-run any deployment tasks which
perform configuration on a Heat stack-update.
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ConfigDebug:
default: false
description: Whether to run config management (e.g. Puppet) in debug mode.
type: boolean
DockerPuppetDebug:
type: string
default: ''
description: Set to True to enable debug logging with docker-puppet.py
DockerPuppetProcessCount:
type: number
default: 3
description: Number of concurrent processes to use when running docker-puppet to generate config files.
ctlplane_service_ips:
type: json
conditions:
{% for step in range(1, deploy_steps_max) %}
WorkflowTasks_Step{{step}}_Enabled:
or:
{%- for role in enabled_roles %}
- not:
equals:
- get_param: [role_data, {{role.name}}, workflow_tasks, step{{step}}]
- ''
- False
{%- endfor %}
{% endfor %}
resources:
RoleConfig:
type: OS::Heat::SoftwareConfig
properties:
group: ansible
options:
modulepath: /usr/share/ansible-modules
inputs:
- name: step
- name: role_name
- name: update_identifier
- name: bootstrap_server_id
- name: enable_debug
- name: docker_puppet_debug
- name: docker_puppet_process_count
config:
str_replace:
template: |
- hosts: localhost
connection: local
tasks:
_TASKS
params:
_TASKS: {get_file: deploy-steps-tasks.yaml}
{%- for step in range(1, deploy_steps_max) %}
# BEGIN workflow_tasks handling
WorkflowTasks_Step{{step}}:
type: OS::Mistral::Workflow
condition: WorkflowTasks_Step{{step}}_Enabled
depends_on:
{%- if step == 1 %}
{%- for dep in enabled_roles %}
- {{dep.name}}PreConfig
- {{dep.name}}ArtifactsDeploy
{%- endfor %}
{%- else %}
{%- for dep in enabled_roles %}
- {{dep.name}}Deployment_Step{{step -1}}
{%- endfor %}
{%- endif %}
properties:
name: {list_join: [".", ["tripleo", {get_param: stack_name}, "workflow_tasks", "step{{step}}"]]}
type: direct
tasks:
yaql:
expression: $.data.where($ != '').select($.get('step{{step}}')).where($ != null).flatten()
data:
{%- for role in enabled_roles %}
- get_param: [role_data, {{role.name}}, workflow_tasks]
{%- endfor %}
WorkflowTasks_Step{{step}}_Execution:
type: OS::Mistral::ExternalResource
condition: WorkflowTasks_Step{{step}}_Enabled
depends_on: WorkflowTasks_Step{{step}}
properties:
actions:
CREATE:
workflow: { get_resource: WorkflowTasks_Step{{step}} }
params:
env:
service_ips: { get_param: ctlplane_service_ips }
role_merged_configs:
{%- for r in roles %}
{{r.name}}: {get_param: [role_data, {{r.name}}, merged_config_settings]}
{%- endfor %}
evaluate_env: false
UPDATE:
workflow: { get_resource: WorkflowTasks_Step{{step}} }
params:
env:
service_ips: { get_param: ctlplane_service_ips }
role_merged_configs:
{%- for r in roles %}
{{r.name}}: {get_param: [role_data, {{r.name}}, merged_config_settings]}
{%- endfor %}
evaluate_env: false
always_update: true
# END workflow_tasks handling
{% endfor %}
# Artifacts config and HostPrepConfig is done on all roles, not only
# enabled_roles, because on upgrade we need to write the json files
# for the operator driven upgrade scripts (the ansible steps consume them)
{% for role in roles %}
# Prepare host tasks for {{role.name}}
{{role.name}}ArtifactsConfig:
type: ../puppet/deploy-artifacts.yaml
{{role.name}}ArtifactsDeploy:
type: OS::Heat::StructuredDeploymentGroup
properties:
servers: {get_param: [servers, {{role.name}}]}
config: {get_resource: {{role.name}}ArtifactsConfig}
{{role.name}}HostPrepConfig:
type: OS::Heat::SoftwareConfig
properties:
group: ansible
options:
modulepath: /usr/share/ansible-modules
config:
str_replace:
template: _PLAYBOOK
params:
_PLAYBOOK:
- hosts: localhost
connection: local
vars:
puppet_config: {get_param: [role_data, {{role.name}}, puppet_config]}
docker_puppet_script: {get_file: ../docker/docker-puppet.py}
docker_puppet_tasks: {get_param: [role_data, {{role.name}}, docker_puppet_tasks]}
docker_startup_configs: {get_param: [role_data, {{role.name}}, docker_config]}
kolla_config: {get_param: [role_data, {{role.name}}, kolla_config]}
bootstrap_server_id: {get_param: [servers, {{primary_role_name}}, '0']}
puppet_step_config: {get_param: [role_data, {{role.name}}, step_config]}
docker_config_scripts: {get_param: [role_data, {{role.name}}, docker_config_scripts]}
tasks:
# Join host_prep_tasks with the other per-host configuration
list_concat:
{%- if is_upgrade|default(false) and role.disable_upgrade_deployment|default(false) %}
- []
{%- else %}
- {get_param: [role_data, {{role.name}}, host_prep_tasks]}
{%- endif %}
-
{%- raw %}
# Write the manifest for baremetal puppet configuration
- name: Create /var/lib/tripleo-config directory
file: path=/var/lib/tripleo-config state=directory
- name: Write the puppet step_config manifest
copy: content="{{puppet_step_config}}" dest=/var/lib/tripleo-config/puppet_step_config.pp force=yes mode=0600
# this creates a JSON config file for our docker-puppet.py script
- name: Create /var/lib/docker-puppet
file: path=/var/lib/docker-puppet state=directory
- name: Write docker-puppet-tasks json files
copy: content="{{puppet_config | to_json}}" dest=/var/lib/docker-puppet/docker-puppet.json force=yes mode=0600
# FIXME: can we move docker-puppet somewhere so it's installed via a package?
- name: Write docker-puppet.py
copy: content="{{docker_puppet_script}}" dest=/var/lib/docker-puppet/docker-puppet.py force=yes mode=0600
- name: Create /var/lib/docker-config-scripts
file: path=/var/lib/docker-config-scripts state=directory
- name: Write docker config scripts
copy: content="{{item.value.content}}" dest="/var/lib/docker-config-scripts/{{item.key}}" force=yes mode="{{item.value.mode|default('0600', true)}}"
with_dict: "{{docker_config_scripts}}"
# Here we are dumping all the docker container startup configuration data
# so that we can have access to how they are started outside of heat
# and docker-cmd. This lets us create command line tools to test containers.
# FIXME do we need the docker-container-startup-configs.json or is the new per-step
# data consumed by paunch enough?
- name: Write docker-container-startup-configs
copy: content="{{docker_startup_configs | to_json}}" dest=/var/lib/docker-container-startup-configs.json force=yes mode=0600
- name: Write per-step docker-container-startup-configs
copy: content="{{item.value|to_json}}" dest="/var/lib/tripleo-config/docker-container-startup-config-{{item.key}}.json" force=yes mode=0600
with_dict: "{{docker_startup_configs}}"
- name: Create /var/lib/kolla/config_files directory
file: path=/var/lib/kolla/config_files state=directory
- name: Write kolla config json files
copy: content="{{item.value|to_json}}" dest="{{item.key}}" force=yes mode=0600
with_dict: "{{kolla_config}}"
########################################################
# Bootstrap tasks, only performed on bootstrap_server_id
########################################################
- name: Clean /var/lib/docker-puppet/docker-puppet-tasks*.json files
file:
path: "{{item}}"
state: absent
with_fileglob:
- /var/lib/docker-puppet/docker-puppet-tasks*.json
when: deploy_server_id == bootstrap_server_id
- name: Write docker-puppet-tasks json files
copy: content="{{item.value|to_json}}" dest=/var/lib/docker-puppet/docker-puppet-tasks{{item.key.replace("step_", "")}}.json force=yes mode=0600
with_dict: "{{docker_puppet_tasks}}"
when: deploy_server_id == bootstrap_server_id
{%- endraw %}
{{role.name}}HostPrepDeployment:
type: OS::Heat::SoftwareDeploymentGroup
properties:
servers: {get_param: [servers, {{role.name}}]}
config: {get_resource: {{role.name}}HostPrepConfig}
{% endfor %}
# BEGIN CONFIG STEPS, only on enabled_roles
{%- for role in enabled_roles %}
{{role.name}}PreConfig:
type: OS::TripleO::Tasks::{{role.name}}PreConfig
depends_on: {{role.name}}HostPrepDeployment
properties:
servers: {get_param: [servers, {{role.name}}]}
input_values:
update_identifier: {get_param: DeployIdentifier}
# Deployment steps for {{role.name}}
# A single config is re-applied with an incrementing step number
{% for step in range(1, deploy_steps_max) %}
{{role.name}}Deployment_Step{{step}}:
type: OS::TripleO::DeploymentSteps
depends_on:
- WorkflowTasks_Step{{step}}_Execution
# TODO(gfidente): the following if/else condition
# replicates what is already defined for the
# WorkflowTasks_StepX resource and can be remove
# if https://bugs.launchpad.net/heat/+bug/1700569
# is fixed.
{%- if step == 1 %}
{%- for dep in enabled_roles %}
- {{dep.name}}PreConfig
- {{dep.name}}ArtifactsDeploy
{%- endfor %}
{%- else %}
{%- for dep in enabled_roles %}
- {{dep.name}}Deployment_Step{{step -1}}
{%- endfor %}
{%- endif %}
properties:
name: {{role.name}}Deployment_Step{{step}}
servers: {get_param: [servers, {{role.name}}]}
config: {get_resource: RoleConfig}
input_values:
step: {{step}}
role_name: {{role.name}}
update_identifier: {get_param: DeployIdentifier}
bootstrap_server_id: {get_param: [servers, {{primary_role_name}}, '0']}
enable_debug: {get_param: ConfigDebug}
docker_puppet_debug: {get_param: DockerPuppetDebug}
docker_puppet_process_count: {get_param: DockerPuppetProcessCount}
{% endfor %}
# END CONFIG STEPS
# Note, this should be the last step to execute configuration changes.
# Ensure that all {{role.name}}ExtraConfigPost steps are executed
# after all the previous deployment steps.
{{role.name}}ExtraConfigPost:
depends_on:
{%- for dep in enabled_roles %}
- {{dep.name}}Deployment_Step5
{%- endfor %}
type: OS::TripleO::NodeExtraConfigPost
properties:
servers: {get_param: [servers, {{role.name}}]}
# The {{role.name}}PostConfig steps are in charge of
# quiescing all services, i.e. in the Controller case,
# we should run a full service reload.
{{role.name}}PostConfig:
type: OS::TripleO::Tasks::{{role.name}}PostConfig
depends_on:
{%- for dep in enabled_roles %}
- {{dep.name}}ExtraConfigPost
{%- endfor %}
properties:
servers: {get_param: servers}
input_values:
update_identifier: {get_param: DeployIdentifier}
{% endfor %}
outputs:
RoleConfig:
description: Mapping of config data for all roles
value:
deploy_steps_tasks: {get_file: deploy-steps-tasks.yaml}
deploy_steps_playbook: |
- hosts: overcloud
tasks:
{%- for role in roles %}
- include: {{role.name}}/host_prep_tasks.yaml
when: role_name == '{{role.name}}'
{%- endfor %}
- include: deploy_steps_tasks.yaml
with_sequence: start=0 end={{deploy_steps_max-1}}
loop_control:
loop_var: step
update_steps_tasks: |
{%- for role in roles %}
- include: {{role.name}}/update_tasks.yaml
when: role_name == '{{role.name}}'
{%- endfor %}
update_steps_playbook: |
- hosts: overcloud
serial: 1
tasks:
- include: update_steps_tasks.yaml
with_sequence: start=0 end={{update_steps_max-1}}
loop_control:
loop_var: step
- include: deploy_steps_tasks.yaml
with_sequence: start=0 end={{deploy_steps_max-1}}
loop_control:
loop_var: step
upgrade_steps_tasks: |
{%- for role in roles %}
- include: {{role.name}}/upgrade_tasks.yaml
when: role_name == '{{role.name}}'
{%- endfor %}
upgrade_steps_playbook: |
- hosts: overcloud
tasks:
- include: upgrade_steps_tasks.yaml
with_sequence: start=0 end={{upgrade_steps_max-1}}
loop_control:
loop_var: step
openstack-tripleo-heat-templates/common/major_upgrade_steps.j2.yaml 0000644 0001750 0001750 00000020131 13245343354 025156 0 ustar stack stack {% set enabled_roles = roles|rejectattr('disable_upgrade_deployment')|list -%}
{% set batch_upgrade_steps_max = 3 -%}
{% set upgrade_steps_max = 6 -%}
{% set deliver_script = {'deliver': False} -%}
heat_template_version: pike
description: 'Upgrade steps for all roles'
parameters:
servers:
type: json
stack_name:
type: string
description: Name of the topmost stack
role_data:
type: json
description: Mapping of Role name e.g Controller to the per-role data
ctlplane_service_ips:
type: json
UpdateIdentifier:
type: string
default: ''
description: >
Setting to a previously unused value during stack-update will trigger
the Upgrade resources to re-run on all roles.
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
KeystoneRegion:
type: string
default: 'regionOne'
description: Keystone region for endpoint
NovaPassword:
description: The password for the nova service and db account
type: string
hidden: true
resources:
{% for role in roles if role.disable_upgrade_deployment|default(false) %}
{{role.name}}DeliverUpgradeScriptConfig:
type: OS::Heat::SoftwareConfig
properties:
group: script
config:
list_join:
- ''
- - "#!/bin/bash\n\n"
- "set -eu\n\n"
- str_replace:
template: |
ROLE='ROLE_NAME'
params:
ROLE_NAME: {{role.name}}
- get_file: ../extraconfig/tasks/pacemaker_common_functions.sh
- get_file: ../extraconfig/tasks/tripleo_upgrade_node.sh
{{role.name}}DeliverUpgradeScriptDeployment:
type: OS::Heat::SoftwareDeploymentGroup
properties:
servers: {get_param: [servers, {{role.name}}]}
config: {get_resource: {{role.name}}DeliverUpgradeScriptConfig}
{% endfor %}
# Upgrade Steps for all roles, batched updates
# The UpgradeConfig resources could actually be created without
# serialization, but the event output is easier to follow if we
# do, and there should be minimal performance hit (creating the
# config is cheap compared to the time to apply the deployment).
{% for step in range(0, batch_upgrade_steps_max) %}
# Batch config resources step {{step}}
{%- for role in roles %}
{{role.name}}UpgradeBatchConfig_Step{{step}}:
type: OS::TripleO::UpgradeConfig
{%- if step > 0 %}
depends_on:
{%- for role_inside in enabled_roles %}
- {{role_inside.name}}UpgradeBatch_Step{{step -1}}
{%- endfor %}
{% else %}
{% for role in roles if role.disable_upgrade_deployment|default(false) %}
{% if deliver_script.update({'deliver': True}) %} {% endif %}
{% endfor %}
{% if deliver_script.deliver %}
depends_on:
{% for dep in roles if dep.disable_upgrade_deployment|default(false) %}
- {{dep.name}}DeliverUpgradeScriptDeployment
{% endfor %}
{% endif %}
{% endif %}
properties:
UpgradeStepConfig: {get_param: [role_data, {{role.name}}, upgrade_batch_tasks]}
step: {{step}}
{%- endfor %}
# Batch deployment resources for step {{step}} (only for enabled roles)
{%- for role in enabled_roles %}
{{role.name}}UpgradeBatch_Step{{step}}:
type: OS::Heat::SoftwareDeploymentGroup
{%- if step > 0 %}
depends_on:
{%- for role_inside in enabled_roles %}
- {{role_inside.name}}UpgradeBatch_Step{{step -1}}
{%- endfor %}
{% else %}
{% for role in roles if role.disable_upgrade_deployment|default(false) %}
{% if deliver_script.update({'deliver': True}) %} {% endif %}
{% endfor %}
{% if deliver_script.deliver %}
depends_on:
{% for dep in roles if dep.disable_upgrade_deployment|default(false) %}
- {{dep.name}}DeliverUpgradeScriptDeployment
{% endfor %}
{% endif %}
{% endif %}
update_policy:
batch_create:
max_batch_size: {{role.upgrade_batch_size|default(1)}}
rolling_update:
max_batch_size: {{role.upgrade_batch_size|default(1)}}
properties:
servers: {get_param: [servers, {{role.name}}]}
config: {get_resource: {{role.name}}UpgradeBatchConfig_Step{{step}}}
input_values:
role: {{role.name}}
update_identifier: {get_param: UpdateIdentifier}
{%- endfor %}
{%- endfor %}
# Upgrade Steps for all roles
{%- for step in range(0, upgrade_steps_max) %}
# Config resources for step {{step}}
{%- for role in roles %}
{{role.name}}UpgradeConfig_Step{{step}}:
type: OS::TripleO::UpgradeConfig
# The UpgradeConfig resources could actually be created without
# serialization, but the event output is easier to follow if we
# do, and there should be minimal performance hit (creating the
# config is cheap compared to the time to apply the deployment).
depends_on:
{%- for role_inside in enabled_roles %}
{%- if step > 0 %}
- {{role_inside.name}}Upgrade_Step{{step -1}}
{%- else %}
- {{role_inside.name}}UpgradeBatch_Step{{batch_upgrade_steps_max -1}}
{%- endif %}
{%- endfor %}
properties:
UpgradeStepConfig: {get_param: [role_data, {{role.name}}, upgrade_tasks]}
step: {{step}}
{%- endfor %}
# Deployment resources for step {{step}} (only for enabled roles)
{%- for role in enabled_roles %}
{{role.name}}Upgrade_Step{{step}}:
type: OS::Heat::SoftwareDeploymentGroup
depends_on:
{%- for role_inside in enabled_roles %}
{%- if step > 0 %}
- {{role_inside.name}}Upgrade_Step{{step -1}}
{%- else %}
- {{role_inside.name}}UpgradeBatch_Step{{batch_upgrade_steps_max -1}}
{%- endif %}
{%- endfor %}
properties:
servers: {get_param: [servers, {{role.name}}]}
config: {get_resource: {{role.name}}UpgradeConfig_Step{{step}}}
input_values:
role: {{role.name}}
update_identifier: {get_param: UpdateIdentifier}
{%- endfor %}
{%- endfor %}
# Post upgrade deployment steps for all roles
# This runs the normal configuration (e.g puppet) steps unless upgrade
# is disabled for the role
AllNodesPostUpgradeSteps:
type: OS::TripleO::PostUpgradeSteps
depends_on:
{%- for dep in enabled_roles %}
- {{dep.name}}Upgrade_Step{{upgrade_steps_max - 1}}
{%- endfor %}
properties:
servers: {get_param: servers}
stack_name: {get_param: stack_name}
role_data: {get_param: role_data}
ctlplane_service_ips: {get_param: ctlplane_service_ips}
{%- for step in range(0, upgrade_steps_max) %}
{%- for role in roles %}
{{role.name}}PostUpgradeConfig_Config{{step}}:
type: OS::TripleO::UpgradeConfig
depends_on:
{%- for role_inside in enabled_roles %}
{%- if step > 0 %}
- {{role_inside.name}}PostUpgradeConfig_Deployment{{step -1}}
{%- else %}
- AllNodesPostUpgradeSteps
{%- endif %}
{%- endfor %}
properties:
UpgradeStepConfig: {get_param: [role_data, {{role.name}}, post_upgrade_tasks]}
step: {{step}}
{%- endfor %}
{%- for role in enabled_roles %}
{{role.name}}PostUpgradeConfig_Deployment{{step}}:
type: OS::Heat::SoftwareDeploymentGroup
depends_on:
{%- for role_inside in enabled_roles %}
{%- if step > 0 %}
- {{role_inside.name}}PostUpgradeConfig_Deployment{{step -1}}
{%- else %}
- AllNodesPostUpgradeSteps
{%- endif %}
{%- endfor %}
properties:
servers: {get_param: [servers, {{role.name}}]}
config: {get_resource: {{role.name}}PostUpgradeConfig_Config{{step}}}
input_values:
role: {{role.name}}
update_identifier: {get_param: UpdateIdentifier}
{%- endfor %}
{%- endfor %}
outputs:
# Output the config for each role, just use Step1 as the config should be
# the same for all steps (only the tag provided differs)
upgrade_configs:
description: The per-role upgrade configuration used
value:
{% for role in roles %}
{{role.name.lower()}}: {get_attr: [{{role.name}}UpgradeConfig_Step1, upgrade_config]}
{% endfor %}
RoleConfig:
description: Mapping of config data for all roles
value: {get_attr: [AllNodesPostUpgradeSteps, RoleConfig]}
openstack-tripleo-heat-templates/common/post-upgrade.j2.yaml 0000644 0001750 0001750 00000000375 13245343354 023543 0 ustar stack stack # Note the include here is the same as post.j2.yaml but the data used at
# # the time of rendering is different if any roles disable upgrades
{% set enabled_roles = roles|rejectattr('disable_upgrade_deployment')|list -%}
{% include 'deploy-steps.j2' %}
openstack-tripleo-heat-templates/common/post.j2.yaml 0000644 0001750 0001750 00000000040 13245343354 022103 0 ustar stack stack {% include 'deploy-steps.j2' %}
openstack-tripleo-heat-templates/common/services.yaml 0000644 0001750 0001750 00000027255 13245343354 022450 0 ustar stack stack heat_template_version: pike
description: >
Utility stack to convert an array of services into a set of combined
role configs.
parameters:
Services:
default: []
description: |
List nested stack service templates.
type: comma_delimited_list
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
DefaultPasswords:
default: {}
description: Mapping of service -> default password. Used to help
pass top level passwords managed by Heat into services.
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
description: Parameters specific to the role
default: {}
type: json
resources:
ServiceChain:
type: OS::Heat::ResourceChain
properties:
resources: {get_param: Services}
concurrent: true
resource_properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
EndpointMap: {get_param: EndpointMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
LoggingConfiguration:
type: OS::TripleO::LoggingConfiguration
ServiceServerMetadataHook:
type: OS::TripleO::ServiceServerMetadataHook
properties:
RoleData: {get_attr: [ServiceChain, role_data]}
PuppetStepConfig:
type: OS::Heat::Value
properties:
type: string
value:
yaql:
expression:
# select 'step_config' only from services that do not have a docker_config
coalesce($.data.service_names, []).zip(coalesce($.data.step_config, []), coalesce($.data.docker_config, [])).where($[2] = null).where($[1] != null).select($[1]).join("\n")
data:
service_names: {get_attr: [ServiceChain, role_data, service_name]}
step_config: {get_attr: [ServiceChain, role_data, step_config]}
docker_config: {get_attr: [ServiceChain, role_data, docker_config]}
DockerConfig:
type: OS::Heat::Value
properties:
type: json
value:
yaql:
expression:
# select 'docker_config' only from services that have it
coalesce($.data.service_names, []).zip(coalesce($.data.docker_config, [])).where($[1] != null).select($[1]).reduce($1.mergeWith($2), {})
data:
service_names: {get_attr: [ServiceChain, role_data, service_names]}
docker_config: {get_attr: [ServiceChain, role_data, docker_config]}
DockerConfigScripts:
type: OS::Heat::Value
properties:
type: json
value:
yaql:
expression:
# select 'docker_config_scripts' only from services that have it
coalesce($.data.service_names, []).zip(coalesce($.data.docker_config_scripts, [])).where($[1] != null).select($[1]).reduce($1.mergeWith($2), {})
data:
service_names: {get_attr: [ServiceChain, role_data, service_names]}
docker_config_scripts: {get_attr: [ServiceChain, role_data, docker_config_scripts]}
CellV2Discovery:
type: OS::Heat::Value
properties:
type: boolean
value:
yaql:
expression:
# If any service in this role requires cellv2_discovery then this value is true
coalesce($.data.cellv2_discovery, []).contains(true)
data:
cellv2_discovery: {get_attr: [ServiceChain, role_data, cellv2_discovery]}
LoggingSourcesConfig:
type: OS::Heat::Value
properties:
type: comma_delimited_list
value:
# Transform the individual logging_source configuration from
# each service in the chain into a global list, adding some
# default configuration at the same time.
yaql:
expression: >
let(
default_format => coalesce($.data.default_format, ''),
pos_file_path => coalesce($.data.pos_file_path, ''),
sources => coalesce($.data.sources, {}).flatten()
) ->
$sources.where($ != null).select({
'type' => 'tail',
'tag' => $.tag,
'path' => $.path,
'format' => $.get('format', $default_format),
'pos_file' => $.get('pos_file', $pos_file_path + '/' + $.tag + '.pos')
})
data:
sources:
- {get_attr: [LoggingConfiguration, LoggingDefaultSources]}
- yaql:
expression: list(coalesce($.data.role_data, []).where($ != null).select($.get('logging_source')).where($ != null))
data: {role_data: {get_attr: [ServiceChain, role_data]}}
- {get_attr: [LoggingConfiguration, LoggingExtraSources]}
default_format: {get_attr: [LoggingConfiguration, LoggingDefaultFormat]}
pos_file_path: {get_attr: [LoggingConfiguration, LoggingPosFilePath]}
LoggingGroupsConfig:
type: OS::Heat::Value
properties:
type: comma_delimited_list
value:
# Build a list of unique groups to which we should add the
# fluentd user.
yaql:
expression: >
set((coalesce($.data.default, []) + coalesce($.data.extra, []) + coalesce($.data.role_data, []).where($ != null).select($.get('logging_groups'))).flatten()).where($)
data:
default: {get_attr: [LoggingConfiguration, LoggingDefaultGroups]}
extra: {get_attr: [LoggingConfiguration, LoggingExtraGroups]}
role_data: {get_attr: [ServiceChain, role_data]}
MonitoringSubscriptionsConfig:
type: OS::Heat::Value
properties:
type: comma_delimited_list
value:
yaql:
expression: list(coalesce($.data.role_data, []).where($ != null).select($.get('monitoring_subscription')).where($ != null))
data: {role_data: {get_attr: [ServiceChain, role_data]}}
ServiceNames:
type: OS::Heat::Value
properties:
type: comma_delimited_list
value:
filter:
- [null]
- {get_attr: [ServiceChain, role_data, service_name]}
GlobalConfigSettings:
type: OS::Heat::Value
properties:
type: json
value:
map_merge:
yaql:
expression: list(coalesce($.data.role_data, []).where($ != null).select($.get('global_config_settings')).where($ != null))
data: {role_data: {get_attr: [ServiceChain, role_data]}}
ServiceConfigSettings:
type: OS::Heat::Value
properties:
type: json
value:
yaql:
expression: coalesce($.data.role_data, []).where($ != null).select($.get('service_config_settings')).where($ != null).reduce($1.mergeWith($2), {})
data: {role_data: {get_attr: [ServiceChain, role_data]}}
WorkflowTasks:
type: OS::Heat::Value
properties:
type: json
value:
yaql:
expression: coalesce($.data.role_data, []).where($ != null).select($.get('workflow_tasks')).where($ != null).reduce($1.mergeWith($2), {})
data: {role_data: {get_attr: [ServiceChain, role_data]}}
UpgradeTasks:
type: OS::Heat::Value
properties:
type: comma_delimited_list
value:
yaql:
# Note we use distinct() here to filter any identical tasks, e.g yum update for all services
expression: coalesce($.data, []).where($ != null).select($.get('upgrade_tasks')).where($ != null).flatten().distinct()
data: {get_attr: [ServiceChain, role_data]}
PostUpgradeTasks:
type: OS::Heat::Value
properties:
type: comma_delimited_list
value:
yaql:
# Note we use distinct() here to filter any identical tasks, e.g yum update for all services
expression: coalesce($.data, []).where($ != null).select($.get('post_upgrade_tasks')).where($ != null).flatten().distinct()
data: {get_attr: [ServiceChain, role_data]}
UpdateTasks:
type: OS::Heat::Value
properties:
type: comma_delimited_list
value:
yaql:
# Note we use distinct() here to filter any identical tasks, e.g yum update for all services
expression: coalesce($.data, []).where($ != null).select($.get('update_tasks')).where($ != null).flatten().distinct()
data: {get_attr: [ServiceChain, role_data]}
UpgradeBatchTasks:
type: OS::Heat::Value
properties:
type: comma_delimited_list
value:
yaql:
expression: coalesce($.data, []).where($ != null).select($.get('upgrade_batch_tasks')).where($ != null).flatten().distinct()
data: {get_attr: [ServiceChain, role_data]}
PuppetConfig:
type: OS::Heat::Value
properties:
type: comma_delimited_list
value:
yaql:
expression: coalesce($.data, []).where($ != null).select($.get('puppet_config')).where($ != null).distinct()
data: {get_attr: [ServiceChain, role_data]}
KollaConfig:
type: OS::Heat::Value
properties:
type: json
value:
yaql:
expression: coalesce($.data.role_data, []).where($ != null).select($.get('kolla_config')).where($ != null).reduce($1.mergeWith($2), {})
data: {role_data: {get_attr: [ServiceChain, role_data]}}
DockerPuppetTasks:
type: OS::Heat::Value
properties:
type: json
value:
yaql:
expression: dict(coalesce($.data, []).where($ != null).select($.get('docker_puppet_tasks')).where($ != null).selectMany($.items()).groupBy($[0], $[1]))
data: {get_attr: [ServiceChain, role_data]}
HostPrepTasks:
type: OS::Heat::Value
properties:
type: comma_delimited_list
value:
yaql:
# Note we use distinct() here to filter any identical tasks
expression: coalesce($.data, []).where($ != null).select($.get('host_prep_tasks')).where($ != null).flatten().distinct()
data: {get_attr: [ServiceChain, role_data]}
outputs:
role_data:
description: Combined Role data for this set of services.
value:
service_names: {get_attr: [ServiceNames, value]}
monitoring_subscriptions: {get_attr: [MonitoringSubscriptionsConfig, value]}
logging_sources: {get_attr: [LoggingSourcesConfig, value]}
logging_groups: {get_attr: [LoggingGroupsConfig, value]}
config_settings: {map_merge: {get_attr: [ServiceChain, role_data, config_settings]}}
global_config_settings: {get_attr: [GlobalConfigSettings, value]}
service_config_settings: {get_attr: [ServiceConfigSettings, value]}
workflow_tasks: {get_attr: [WorkflowTasks, value]}
step_config: {get_attr: [PuppetStepConfig, value]}
upgrade_tasks: {get_attr: [UpgradeTasks, value]}
post_upgrade_tasks: {get_attr: [PostUpgradeTasks, value]}
update_tasks: {get_attr: [UpdateTasks, value]}
upgrade_batch_tasks: {get_attr: [UpgradeBatchTasks, value]}
service_metadata_settings: {get_attr: [ServiceServerMetadataHook, metadata]}
# Keys to support docker/services
puppet_config: {get_attr: [PuppetConfig, value]}
kolla_config: {get_attr: [KollaConfig, value]}
docker_config: {get_attr: [DockerConfig, value]}
docker_config_scripts: {get_attr: [DockerConfigScripts, value]}
docker_puppet_tasks: {get_attr: [DockerPuppetTasks, value]}
host_prep_tasks: {get_attr: [HostPrepTasks, value]}
cellv2_discovery: {get_attr: [CellV2Discovery, value]}
openstack-tripleo-heat-templates/common/major_upgrade_steps.yaml 0000644 0001750 0001750 00000162574 13245343354 024666 0 ustar stack stack heat_template_version: pike
description: 'Upgrade steps for all roles'
parameters:
servers:
type: json
stack_name:
type: string
description: Name of the topmost stack
role_data:
type: json
description: Mapping of Role name e.g Controller to the per-role data
ctlplane_service_ips:
type: json
UpdateIdentifier:
type: string
default: ''
description: >
Setting to a previously unused value during stack-update will trigger
the Upgrade resources to re-run on all roles.
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
KeystoneRegion:
type: string
default: 'regionOne'
description: Keystone region for endpoint
NovaPassword:
description: The password for the nova service and db account
type: string
hidden: true
resources:
ComputeDeliverUpgradeScriptConfig:
type: OS::Heat::SoftwareConfig
properties:
group: script
config:
list_join:
- ''
- - "#!/bin/bash\n\n"
- "set -eu\n\n"
- str_replace:
template: |
ROLE='ROLE_NAME'
params:
ROLE_NAME: Compute
- get_file: ../extraconfig/tasks/pacemaker_common_functions.sh
- get_file: ../extraconfig/tasks/tripleo_upgrade_node.sh
ComputeDeliverUpgradeScriptDeployment:
type: OS::Heat::SoftwareDeploymentGroup
properties:
servers: {get_param: [servers, Compute]}
config: {get_resource: ComputeDeliverUpgradeScriptConfig}
ObjectStorageDeliverUpgradeScriptConfig:
type: OS::Heat::SoftwareConfig
properties:
group: script
config:
list_join:
- ''
- - "#!/bin/bash\n\n"
- "set -eu\n\n"
- str_replace:
template: |
ROLE='ROLE_NAME'
params:
ROLE_NAME: ObjectStorage
- get_file: ../extraconfig/tasks/pacemaker_common_functions.sh
- get_file: ../extraconfig/tasks/tripleo_upgrade_node.sh
ObjectStorageDeliverUpgradeScriptDeployment:
type: OS::Heat::SoftwareDeploymentGroup
properties:
servers: {get_param: [servers, ObjectStorage]}
config: {get_resource: ObjectStorageDeliverUpgradeScriptConfig}
# Upgrade Steps for all roles, batched updates
# The UpgradeConfig resources could actually be created without
# serialization, but the event output is easier to follow if we
# do, and there should be minimal performance hit (creating the
# config is cheap compared to the time to apply the deployment).
# Batch config resources step 0
ControllerUpgradeBatchConfig_Step0:
type: OS::TripleO::UpgradeConfig
depends_on:
- ComputeDeliverUpgradeScriptDeployment
- ObjectStorageDeliverUpgradeScriptDeployment
properties:
UpgradeStepConfig: {get_param: [role_data, Controller, upgrade_batch_tasks]}
step: 0
ComputeUpgradeBatchConfig_Step0:
type: OS::TripleO::UpgradeConfig
depends_on:
- ComputeDeliverUpgradeScriptDeployment
- ObjectStorageDeliverUpgradeScriptDeployment
properties:
UpgradeStepConfig: {get_param: [role_data, Compute, upgrade_batch_tasks]}
step: 0
BlockStorageUpgradeBatchConfig_Step0:
type: OS::TripleO::UpgradeConfig
depends_on:
- ComputeDeliverUpgradeScriptDeployment
- ObjectStorageDeliverUpgradeScriptDeployment
properties:
UpgradeStepConfig: {get_param: [role_data, BlockStorage, upgrade_batch_tasks]}
step: 0
ObjectStorageUpgradeBatchConfig_Step0:
type: OS::TripleO::UpgradeConfig
depends_on:
- ComputeDeliverUpgradeScriptDeployment
- ObjectStorageDeliverUpgradeScriptDeployment
properties:
UpgradeStepConfig: {get_param: [role_data, ObjectStorage, upgrade_batch_tasks]}
step: 0
CephStorageUpgradeBatchConfig_Step0:
type: OS::TripleO::UpgradeConfig
depends_on:
- ComputeDeliverUpgradeScriptDeployment
- ObjectStorageDeliverUpgradeScriptDeployment
properties:
UpgradeStepConfig: {get_param: [role_data, CephStorage, upgrade_batch_tasks]}
step: 0
# Batch deployment resources for step 0 (only for enabled roles)
ControllerUpgradeBatch_Step0:
type: OS::Heat::SoftwareDeploymentGroup
depends_on:
- ComputeDeliverUpgradeScriptDeployment
- ObjectStorageDeliverUpgradeScriptDeployment
update_policy:
batch_create:
max_batch_size: 1
rolling_update:
max_batch_size: 1
properties:
servers: {get_param: [servers, Controller]}
config: {get_resource: ControllerUpgradeBatchConfig_Step0}
input_values:
role: Controller
update_identifier: {get_param: UpdateIdentifier}
BlockStorageUpgradeBatch_Step0:
type: OS::Heat::SoftwareDeploymentGroup
depends_on:
- ComputeDeliverUpgradeScriptDeployment
- ObjectStorageDeliverUpgradeScriptDeployment
update_policy:
batch_create:
max_batch_size: 1
rolling_update:
max_batch_size: 1
properties:
servers: {get_param: [servers, BlockStorage]}
config: {get_resource: BlockStorageUpgradeBatchConfig_Step0}
input_values:
role: BlockStorage
update_identifier: {get_param: UpdateIdentifier}
CephStorageUpgradeBatch_Step0:
type: OS::Heat::SoftwareDeploymentGroup
depends_on:
- ComputeDeliverUpgradeScriptDeployment
- ObjectStorageDeliverUpgradeScriptDeployment
update_policy:
batch_create:
max_batch_size: 1
rolling_update:
max_batch_size: 1
properties:
servers: {get_param: [servers, CephStorage]}
config: {get_resource: CephStorageUpgradeBatchConfig_Step0}
input_values:
role: CephStorage
update_identifier: {get_param: UpdateIdentifier}
# Batch config resources step 1
ControllerUpgradeBatchConfig_Step1:
type: OS::TripleO::UpgradeConfig
depends_on:
- ControllerUpgradeBatch_Step0
- BlockStorageUpgradeBatch_Step0
- CephStorageUpgradeBatch_Step0
properties:
UpgradeStepConfig: {get_param: [role_data, Controller, upgrade_batch_tasks]}
step: 1
ComputeUpgradeBatchConfig_Step1:
type: OS::TripleO::UpgradeConfig
depends_on:
- ControllerUpgradeBatch_Step0
- BlockStorageUpgradeBatch_Step0
- CephStorageUpgradeBatch_Step0
properties:
UpgradeStepConfig: {get_param: [role_data, Compute, upgrade_batch_tasks]}
step: 1
BlockStorageUpgradeBatchConfig_Step1:
type: OS::TripleO::UpgradeConfig
depends_on:
- ControllerUpgradeBatch_Step0
- BlockStorageUpgradeBatch_Step0
- CephStorageUpgradeBatch_Step0
properties:
UpgradeStepConfig: {get_param: [role_data, BlockStorage, upgrade_batch_tasks]}
step: 1
ObjectStorageUpgradeBatchConfig_Step1:
type: OS::TripleO::UpgradeConfig
depends_on:
- ControllerUpgradeBatch_Step0
- BlockStorageUpgradeBatch_Step0
- CephStorageUpgradeBatch_Step0
properties:
UpgradeStepConfig: {get_param: [role_data, ObjectStorage, upgrade_batch_tasks]}
step: 1
CephStorageUpgradeBatchConfig_Step1:
type: OS::TripleO::UpgradeConfig
depends_on:
- ControllerUpgradeBatch_Step0
- BlockStorageUpgradeBatch_Step0
- CephStorageUpgradeBatch_Step0
properties:
UpgradeStepConfig: {get_param: [role_data, CephStorage, upgrade_batch_tasks]}
step: 1
# Batch deployment resources for step 1 (only for enabled roles)
ControllerUpgradeBatch_Step1:
type: OS::Heat::SoftwareDeploymentGroup
depends_on:
- ControllerUpgradeBatch_Step0
- BlockStorageUpgradeBatch_Step0
- CephStorageUpgradeBatch_Step0
update_policy:
batch_create:
max_batch_size: 1
rolling_update:
max_batch_size: 1
properties:
servers: {get_param: [servers, Controller]}
config: {get_resource: ControllerUpgradeBatchConfig_Step1}
input_values:
role: Controller
update_identifier: {get_param: UpdateIdentifier}
BlockStorageUpgradeBatch_Step1:
type: OS::Heat::SoftwareDeploymentGroup
depends_on:
- ControllerUpgradeBatch_Step0
- BlockStorageUpgradeBatch_Step0
- CephStorageUpgradeBatch_Step0
update_policy:
batch_create:
max_batch_size: 1
rolling_update:
max_batch_size: 1
properties:
servers: {get_param: [servers, BlockStorage]}
config: {get_resource: BlockStorageUpgradeBatchConfig_Step1}
input_values:
role: BlockStorage
update_identifier: {get_param: UpdateIdentifier}
CephStorageUpgradeBatch_Step1:
type: OS::Heat::SoftwareDeploymentGroup
depends_on:
- ControllerUpgradeBatch_Step0
- BlockStorageUpgradeBatch_Step0
- CephStorageUpgradeBatch_Step0
update_policy:
batch_create:
max_batch_size: 1
rolling_update:
max_batch_size: 1
properties:
servers: {get_param: [servers, CephStorage]}
config: {get_resource: CephStorageUpgradeBatchConfig_Step1}
input_values:
role: CephStorage
update_identifier: {get_param: UpdateIdentifier}
# Batch config resources step 2
ControllerUpgradeBatchConfig_Step2:
type: OS::TripleO::UpgradeConfig
depends_on:
- ControllerUpgradeBatch_Step1
- BlockStorageUpgradeBatch_Step1
- CephStorageUpgradeBatch_Step1
properties:
UpgradeStepConfig: {get_param: [role_data, Controller, upgrade_batch_tasks]}
step: 2
ComputeUpgradeBatchConfig_Step2:
type: OS::TripleO::UpgradeConfig
depends_on:
- ControllerUpgradeBatch_Step1
- BlockStorageUpgradeBatch_Step1
- CephStorageUpgradeBatch_Step1
properties:
UpgradeStepConfig: {get_param: [role_data, Compute, upgrade_batch_tasks]}
step: 2
BlockStorageUpgradeBatchConfig_Step2:
type: OS::TripleO::UpgradeConfig
depends_on:
- ControllerUpgradeBatch_Step1
- BlockStorageUpgradeBatch_Step1
- CephStorageUpgradeBatch_Step1
properties:
UpgradeStepConfig: {get_param: [role_data, BlockStorage, upgrade_batch_tasks]}
step: 2
ObjectStorageUpgradeBatchConfig_Step2:
type: OS::TripleO::UpgradeConfig
depends_on:
- ControllerUpgradeBatch_Step1
- BlockStorageUpgradeBatch_Step1
- CephStorageUpgradeBatch_Step1
properties:
UpgradeStepConfig: {get_param: [role_data, ObjectStorage, upgrade_batch_tasks]}
step: 2
CephStorageUpgradeBatchConfig_Step2:
type: OS::TripleO::UpgradeConfig
depends_on:
- ControllerUpgradeBatch_Step1
- BlockStorageUpgradeBatch_Step1
- CephStorageUpgradeBatch_Step1
properties:
UpgradeStepConfig: {get_param: [role_data, CephStorage, upgrade_batch_tasks]}
step: 2
# Batch deployment resources for step 2 (only for enabled roles)
ControllerUpgradeBatch_Step2:
type: OS::Heat::SoftwareDeploymentGroup
depends_on:
- ControllerUpgradeBatch_Step1
- BlockStorageUpgradeBatch_Step1
- CephStorageUpgradeBatch_Step1
update_policy:
batch_create:
max_batch_size: 1
rolling_update:
max_batch_size: 1
properties:
servers: {get_param: [servers, Controller]}
config: {get_resource: ControllerUpgradeBatchConfig_Step2}
input_values:
role: Controller
update_identifier: {get_param: UpdateIdentifier}
BlockStorageUpgradeBatch_Step2:
type: OS::Heat::SoftwareDeploymentGroup
depends_on:
- ControllerUpgradeBatch_Step1
- BlockStorageUpgradeBatch_Step1
- CephStorageUpgradeBatch_Step1
update_policy:
batch_create:
max_batch_size: 1
rolling_update:
max_batch_size: 1
properties:
servers: {get_param: [servers, BlockStorage]}
config: {get_resource: BlockStorageUpgradeBatchConfig_Step2}
input_values:
role: BlockStorage
update_identifier: {get_param: UpdateIdentifier}
CephStorageUpgradeBatch_Step2:
type: OS::Heat::SoftwareDeploymentGroup
depends_on:
- ControllerUpgradeBatch_Step1
- BlockStorageUpgradeBatch_Step1
- CephStorageUpgradeBatch_Step1
update_policy:
batch_create:
max_batch_size: 1
rolling_update:
max_batch_size: 1
properties:
servers: {get_param: [servers, CephStorage]}
config: {get_resource: CephStorageUpgradeBatchConfig_Step2}
input_values:
role: CephStorage
update_identifier: {get_param: UpdateIdentifier}
# Upgrade Steps for all roles
# Config resources for step 0
ControllerUpgradeConfig_Step0:
type: OS::TripleO::UpgradeConfig
# The UpgradeConfig resources could actually be created without
# serialization, but the event output is easier to follow if we
# do, and there should be minimal performance hit (creating the
# config is cheap compared to the time to apply the deployment).
depends_on:
- ControllerUpgradeBatch_Step2
- BlockStorageUpgradeBatch_Step2
- CephStorageUpgradeBatch_Step2
properties:
UpgradeStepConfig: {get_param: [role_data, Controller, upgrade_tasks]}
step: 0
ComputeUpgradeConfig_Step0:
type: OS::TripleO::UpgradeConfig
# The UpgradeConfig resources could actually be created without
# serialization, but the event output is easier to follow if we
# do, and there should be minimal performance hit (creating the
# config is cheap compared to the time to apply the deployment).
depends_on:
- ControllerUpgradeBatch_Step2
- BlockStorageUpgradeBatch_Step2
- CephStorageUpgradeBatch_Step2
properties:
UpgradeStepConfig: {get_param: [role_data, Compute, upgrade_tasks]}
step: 0
BlockStorageUpgradeConfig_Step0:
type: OS::TripleO::UpgradeConfig
# The UpgradeConfig resources could actually be created without
# serialization, but the event output is easier to follow if we
# do, and there should be minimal performance hit (creating the
# config is cheap compared to the time to apply the deployment).
depends_on:
- ControllerUpgradeBatch_Step2
- BlockStorageUpgradeBatch_Step2
- CephStorageUpgradeBatch_Step2
properties:
UpgradeStepConfig: {get_param: [role_data, BlockStorage, upgrade_tasks]}
step: 0
ObjectStorageUpgradeConfig_Step0:
type: OS::TripleO::UpgradeConfig
# The UpgradeConfig resources could actually be created without
# serialization, but the event output is easier to follow if we
# do, and there should be minimal performance hit (creating the
# config is cheap compared to the time to apply the deployment).
depends_on:
- ControllerUpgradeBatch_Step2
- BlockStorageUpgradeBatch_Step2
- CephStorageUpgradeBatch_Step2
properties:
UpgradeStepConfig: {get_param: [role_data, ObjectStorage, upgrade_tasks]}
step: 0
CephStorageUpgradeConfig_Step0:
type: OS::TripleO::UpgradeConfig
# The UpgradeConfig resources could actually be created without
# serialization, but the event output is easier to follow if we
# do, and there should be minimal performance hit (creating the
# config is cheap compared to the time to apply the deployment).
depends_on:
- ControllerUpgradeBatch_Step2
- BlockStorageUpgradeBatch_Step2
- CephStorageUpgradeBatch_Step2
properties:
UpgradeStepConfig: {get_param: [role_data, CephStorage, upgrade_tasks]}
step: 0
# Deployment resources for step 0 (only for enabled roles)
ControllerUpgrade_Step0:
type: OS::Heat::SoftwareDeploymentGroup
depends_on:
- ControllerUpgradeBatch_Step2
- BlockStorageUpgradeBatch_Step2
- CephStorageUpgradeBatch_Step2
properties:
servers: {get_param: [servers, Controller]}
config: {get_resource: ControllerUpgradeConfig_Step0}
input_values:
role: Controller
update_identifier: {get_param: UpdateIdentifier}
BlockStorageUpgrade_Step0:
type: OS::Heat::SoftwareDeploymentGroup
depends_on:
- ControllerUpgradeBatch_Step2
- BlockStorageUpgradeBatch_Step2
- CephStorageUpgradeBatch_Step2
properties:
servers: {get_param: [servers, BlockStorage]}
config: {get_resource: BlockStorageUpgradeConfig_Step0}
input_values:
role: BlockStorage
update_identifier: {get_param: UpdateIdentifier}
CephStorageUpgrade_Step0:
type: OS::Heat::SoftwareDeploymentGroup
depends_on:
- ControllerUpgradeBatch_Step2
- BlockStorageUpgradeBatch_Step2
- CephStorageUpgradeBatch_Step2
properties:
servers: {get_param: [servers, CephStorage]}
config: {get_resource: CephStorageUpgradeConfig_Step0}
input_values:
role: CephStorage
update_identifier: {get_param: UpdateIdentifier}
# Config resources for step 1
ControllerUpgradeConfig_Step1:
type: OS::TripleO::UpgradeConfig
# The UpgradeConfig resources could actually be created without
# serialization, but the event output is easier to follow if we
# do, and there should be minimal performance hit (creating the
# config is cheap compared to the time to apply the deployment).
depends_on:
- ControllerUpgrade_Step0
- BlockStorageUpgrade_Step0
- CephStorageUpgrade_Step0
properties:
UpgradeStepConfig: {get_param: [role_data, Controller, upgrade_tasks]}
step: 1
ComputeUpgradeConfig_Step1:
type: OS::TripleO::UpgradeConfig
# The UpgradeConfig resources could actually be created without
# serialization, but the event output is easier to follow if we
# do, and there should be minimal performance hit (creating the
# config is cheap compared to the time to apply the deployment).
depends_on:
- ControllerUpgrade_Step0
- BlockStorageUpgrade_Step0
- CephStorageUpgrade_Step0
properties:
UpgradeStepConfig: {get_param: [role_data, Compute, upgrade_tasks]}
step: 1
BlockStorageUpgradeConfig_Step1:
type: OS::TripleO::UpgradeConfig
# The UpgradeConfig resources could actually be created without
# serialization, but the event output is easier to follow if we
# do, and there should be minimal performance hit (creating the
# config is cheap compared to the time to apply the deployment).
depends_on:
- ControllerUpgrade_Step0
- BlockStorageUpgrade_Step0
- CephStorageUpgrade_Step0
properties:
UpgradeStepConfig: {get_param: [role_data, BlockStorage, upgrade_tasks]}
step: 1
ObjectStorageUpgradeConfig_Step1:
type: OS::TripleO::UpgradeConfig
# The UpgradeConfig resources could actually be created without
# serialization, but the event output is easier to follow if we
# do, and there should be minimal performance hit (creating the
# config is cheap compared to the time to apply the deployment).
depends_on:
- ControllerUpgrade_Step0
- BlockStorageUpgrade_Step0
- CephStorageUpgrade_Step0
properties:
UpgradeStepConfig: {get_param: [role_data, ObjectStorage, upgrade_tasks]}
step: 1
CephStorageUpgradeConfig_Step1:
type: OS::TripleO::UpgradeConfig
# The UpgradeConfig resources could actually be created without
# serialization, but the event output is easier to follow if we
# do, and there should be minimal performance hit (creating the
# config is cheap compared to the time to apply the deployment).
depends_on:
- ControllerUpgrade_Step0
- BlockStorageUpgrade_Step0
- CephStorageUpgrade_Step0
properties:
UpgradeStepConfig: {get_param: [role_data, CephStorage, upgrade_tasks]}
step: 1
# Deployment resources for step 1 (only for enabled roles)
ControllerUpgrade_Step1:
type: OS::Heat::SoftwareDeploymentGroup
depends_on:
- ControllerUpgrade_Step0
- BlockStorageUpgrade_Step0
- CephStorageUpgrade_Step0
properties:
servers: {get_param: [servers, Controller]}
config: {get_resource: ControllerUpgradeConfig_Step1}
input_values:
role: Controller
update_identifier: {get_param: UpdateIdentifier}
BlockStorageUpgrade_Step1:
type: OS::Heat::SoftwareDeploymentGroup
depends_on:
- ControllerUpgrade_Step0
- BlockStorageUpgrade_Step0
- CephStorageUpgrade_Step0
properties:
servers: {get_param: [servers, BlockStorage]}
config: {get_resource: BlockStorageUpgradeConfig_Step1}
input_values:
role: BlockStorage
update_identifier: {get_param: UpdateIdentifier}
CephStorageUpgrade_Step1:
type: OS::Heat::SoftwareDeploymentGroup
depends_on:
- ControllerUpgrade_Step0
- BlockStorageUpgrade_Step0
- CephStorageUpgrade_Step0
properties:
servers: {get_param: [servers, CephStorage]}
config: {get_resource: CephStorageUpgradeConfig_Step1}
input_values:
role: CephStorage
update_identifier: {get_param: UpdateIdentifier}
# Config resources for step 2
ControllerUpgradeConfig_Step2:
type: OS::TripleO::UpgradeConfig
# The UpgradeConfig resources could actually be created without
# serialization, but the event output is easier to follow if we
# do, and there should be minimal performance hit (creating the
# config is cheap compared to the time to apply the deployment).
depends_on:
- ControllerUpgrade_Step1
- BlockStorageUpgrade_Step1
- CephStorageUpgrade_Step1
properties:
UpgradeStepConfig: {get_param: [role_data, Controller, upgrade_tasks]}
step: 2
ComputeUpgradeConfig_Step2:
type: OS::TripleO::UpgradeConfig
# The UpgradeConfig resources could actually be created without
# serialization, but the event output is easier to follow if we
# do, and there should be minimal performance hit (creating the
# config is cheap compared to the time to apply the deployment).
depends_on:
- ControllerUpgrade_Step1
- BlockStorageUpgrade_Step1
- CephStorageUpgrade_Step1
properties:
UpgradeStepConfig: {get_param: [role_data, Compute, upgrade_tasks]}
step: 2
BlockStorageUpgradeConfig_Step2:
type: OS::TripleO::UpgradeConfig
# The UpgradeConfig resources could actually be created without
# serialization, but the event output is easier to follow if we
# do, and there should be minimal performance hit (creating the
# config is cheap compared to the time to apply the deployment).
depends_on:
- ControllerUpgrade_Step1
- BlockStorageUpgrade_Step1
- CephStorageUpgrade_Step1
properties:
UpgradeStepConfig: {get_param: [role_data, BlockStorage, upgrade_tasks]}
step: 2
ObjectStorageUpgradeConfig_Step2:
type: OS::TripleO::UpgradeConfig
# The UpgradeConfig resources could actually be created without
# serialization, but the event output is easier to follow if we
# do, and there should be minimal performance hit (creating the
# config is cheap compared to the time to apply the deployment).
depends_on:
- ControllerUpgrade_Step1
- BlockStorageUpgrade_Step1
- CephStorageUpgrade_Step1
properties:
UpgradeStepConfig: {get_param: [role_data, ObjectStorage, upgrade_tasks]}
step: 2
CephStorageUpgradeConfig_Step2:
type: OS::TripleO::UpgradeConfig
# The UpgradeConfig resources could actually be created without
# serialization, but the event output is easier to follow if we
# do, and there should be minimal performance hit (creating the
# config is cheap compared to the time to apply the deployment).
depends_on:
- ControllerUpgrade_Step1
- BlockStorageUpgrade_Step1
- CephStorageUpgrade_Step1
properties:
UpgradeStepConfig: {get_param: [role_data, CephStorage, upgrade_tasks]}
step: 2
# Deployment resources for step 2 (only for enabled roles)
ControllerUpgrade_Step2:
type: OS::Heat::SoftwareDeploymentGroup
depends_on:
- ControllerUpgrade_Step1
- BlockStorageUpgrade_Step1
- CephStorageUpgrade_Step1
properties:
servers: {get_param: [servers, Controller]}
config: {get_resource: ControllerUpgradeConfig_Step2}
input_values:
role: Controller
update_identifier: {get_param: UpdateIdentifier}
BlockStorageUpgrade_Step2:
type: OS::Heat::SoftwareDeploymentGroup
depends_on:
- ControllerUpgrade_Step1
- BlockStorageUpgrade_Step1
- CephStorageUpgrade_Step1
properties:
servers: {get_param: [servers, BlockStorage]}
config: {get_resource: BlockStorageUpgradeConfig_Step2}
input_values:
role: BlockStorage
update_identifier: {get_param: UpdateIdentifier}
CephStorageUpgrade_Step2:
type: OS::Heat::SoftwareDeploymentGroup
depends_on:
- ControllerUpgrade_Step1
- BlockStorageUpgrade_Step1
- CephStorageUpgrade_Step1
properties:
servers: {get_param: [servers, CephStorage]}
config: {get_resource: CephStorageUpgradeConfig_Step2}
input_values:
role: CephStorage
update_identifier: {get_param: UpdateIdentifier}
# Config resources for step 3
ControllerUpgradeConfig_Step3:
type: OS::TripleO::UpgradeConfig
# The UpgradeConfig resources could actually be created without
# serialization, but the event output is easier to follow if we
# do, and there should be minimal performance hit (creating the
# config is cheap compared to the time to apply the deployment).
depends_on:
- ControllerUpgrade_Step2
- BlockStorageUpgrade_Step2
- CephStorageUpgrade_Step2
properties:
UpgradeStepConfig: {get_param: [role_data, Controller, upgrade_tasks]}
step: 3
ComputeUpgradeConfig_Step3:
type: OS::TripleO::UpgradeConfig
# The UpgradeConfig resources could actually be created without
# serialization, but the event output is easier to follow if we
# do, and there should be minimal performance hit (creating the
# config is cheap compared to the time to apply the deployment).
depends_on:
- ControllerUpgrade_Step2
- BlockStorageUpgrade_Step2
- CephStorageUpgrade_Step2
properties:
UpgradeStepConfig: {get_param: [role_data, Compute, upgrade_tasks]}
step: 3
BlockStorageUpgradeConfig_Step3:
type: OS::TripleO::UpgradeConfig
# The UpgradeConfig resources could actually be created without
# serialization, but the event output is easier to follow if we
# do, and there should be minimal performance hit (creating the
# config is cheap compared to the time to apply the deployment).
depends_on:
- ControllerUpgrade_Step2
- BlockStorageUpgrade_Step2
- CephStorageUpgrade_Step2
properties:
UpgradeStepConfig: {get_param: [role_data, BlockStorage, upgrade_tasks]}
step: 3
ObjectStorageUpgradeConfig_Step3:
type: OS::TripleO::UpgradeConfig
# The UpgradeConfig resources could actually be created without
# serialization, but the event output is easier to follow if we
# do, and there should be minimal performance hit (creating the
# config is cheap compared to the time to apply the deployment).
depends_on:
- ControllerUpgrade_Step2
- BlockStorageUpgrade_Step2
- CephStorageUpgrade_Step2
properties:
UpgradeStepConfig: {get_param: [role_data, ObjectStorage, upgrade_tasks]}
step: 3
CephStorageUpgradeConfig_Step3:
type: OS::TripleO::UpgradeConfig
# The UpgradeConfig resources could actually be created without
# serialization, but the event output is easier to follow if we
# do, and there should be minimal performance hit (creating the
# config is cheap compared to the time to apply the deployment).
depends_on:
- ControllerUpgrade_Step2
- BlockStorageUpgrade_Step2
- CephStorageUpgrade_Step2
properties:
UpgradeStepConfig: {get_param: [role_data, CephStorage, upgrade_tasks]}
step: 3
# Deployment resources for step 3 (only for enabled roles)
ControllerUpgrade_Step3:
type: OS::Heat::SoftwareDeploymentGroup
depends_on:
- ControllerUpgrade_Step2
- BlockStorageUpgrade_Step2
- CephStorageUpgrade_Step2
properties:
servers: {get_param: [servers, Controller]}
config: {get_resource: ControllerUpgradeConfig_Step3}
input_values:
role: Controller
update_identifier: {get_param: UpdateIdentifier}
BlockStorageUpgrade_Step3:
type: OS::Heat::SoftwareDeploymentGroup
depends_on:
- ControllerUpgrade_Step2
- BlockStorageUpgrade_Step2
- CephStorageUpgrade_Step2
properties:
servers: {get_param: [servers, BlockStorage]}
config: {get_resource: BlockStorageUpgradeConfig_Step3}
input_values:
role: BlockStorage
update_identifier: {get_param: UpdateIdentifier}
CephStorageUpgrade_Step3:
type: OS::Heat::SoftwareDeploymentGroup
depends_on:
- ControllerUpgrade_Step2
- BlockStorageUpgrade_Step2
- CephStorageUpgrade_Step2
properties:
servers: {get_param: [servers, CephStorage]}
config: {get_resource: CephStorageUpgradeConfig_Step3}
input_values:
role: CephStorage
update_identifier: {get_param: UpdateIdentifier}
# Config resources for step 4
ControllerUpgradeConfig_Step4:
type: OS::TripleO::UpgradeConfig
# The UpgradeConfig resources could actually be created without
# serialization, but the event output is easier to follow if we
# do, and there should be minimal performance hit (creating the
# config is cheap compared to the time to apply the deployment).
depends_on:
- ControllerUpgrade_Step3
- BlockStorageUpgrade_Step3
- CephStorageUpgrade_Step3
properties:
UpgradeStepConfig: {get_param: [role_data, Controller, upgrade_tasks]}
step: 4
ComputeUpgradeConfig_Step4:
type: OS::TripleO::UpgradeConfig
# The UpgradeConfig resources could actually be created without
# serialization, but the event output is easier to follow if we
# do, and there should be minimal performance hit (creating the
# config is cheap compared to the time to apply the deployment).
depends_on:
- ControllerUpgrade_Step3
- BlockStorageUpgrade_Step3
- CephStorageUpgrade_Step3
properties:
UpgradeStepConfig: {get_param: [role_data, Compute, upgrade_tasks]}
step: 4
BlockStorageUpgradeConfig_Step4:
type: OS::TripleO::UpgradeConfig
# The UpgradeConfig resources could actually be created without
# serialization, but the event output is easier to follow if we
# do, and there should be minimal performance hit (creating the
# config is cheap compared to the time to apply the deployment).
depends_on:
- ControllerUpgrade_Step3
- BlockStorageUpgrade_Step3
- CephStorageUpgrade_Step3
properties:
UpgradeStepConfig: {get_param: [role_data, BlockStorage, upgrade_tasks]}
step: 4
ObjectStorageUpgradeConfig_Step4:
type: OS::TripleO::UpgradeConfig
# The UpgradeConfig resources could actually be created without
# serialization, but the event output is easier to follow if we
# do, and there should be minimal performance hit (creating the
# config is cheap compared to the time to apply the deployment).
depends_on:
- ControllerUpgrade_Step3
- BlockStorageUpgrade_Step3
- CephStorageUpgrade_Step3
properties:
UpgradeStepConfig: {get_param: [role_data, ObjectStorage, upgrade_tasks]}
step: 4
CephStorageUpgradeConfig_Step4:
type: OS::TripleO::UpgradeConfig
# The UpgradeConfig resources could actually be created without
# serialization, but the event output is easier to follow if we
# do, and there should be minimal performance hit (creating the
# config is cheap compared to the time to apply the deployment).
depends_on:
- ControllerUpgrade_Step3
- BlockStorageUpgrade_Step3
- CephStorageUpgrade_Step3
properties:
UpgradeStepConfig: {get_param: [role_data, CephStorage, upgrade_tasks]}
step: 4
# Deployment resources for step 4 (only for enabled roles)
ControllerUpgrade_Step4:
type: OS::Heat::SoftwareDeploymentGroup
depends_on:
- ControllerUpgrade_Step3
- BlockStorageUpgrade_Step3
- CephStorageUpgrade_Step3
properties:
servers: {get_param: [servers, Controller]}
config: {get_resource: ControllerUpgradeConfig_Step4}
input_values:
role: Controller
update_identifier: {get_param: UpdateIdentifier}
BlockStorageUpgrade_Step4:
type: OS::Heat::SoftwareDeploymentGroup
depends_on:
- ControllerUpgrade_Step3
- BlockStorageUpgrade_Step3
- CephStorageUpgrade_Step3
properties:
servers: {get_param: [servers, BlockStorage]}
config: {get_resource: BlockStorageUpgradeConfig_Step4}
input_values:
role: BlockStorage
update_identifier: {get_param: UpdateIdentifier}
CephStorageUpgrade_Step4:
type: OS::Heat::SoftwareDeploymentGroup
depends_on:
- ControllerUpgrade_Step3
- BlockStorageUpgrade_Step3
- CephStorageUpgrade_Step3
properties:
servers: {get_param: [servers, CephStorage]}
config: {get_resource: CephStorageUpgradeConfig_Step4}
input_values:
role: CephStorage
update_identifier: {get_param: UpdateIdentifier}
# Config resources for step 5
ControllerUpgradeConfig_Step5:
type: OS::TripleO::UpgradeConfig
# The UpgradeConfig resources could actually be created without
# serialization, but the event output is easier to follow if we
# do, and there should be minimal performance hit (creating the
# config is cheap compared to the time to apply the deployment).
depends_on:
- ControllerUpgrade_Step4
- BlockStorageUpgrade_Step4
- CephStorageUpgrade_Step4
properties:
UpgradeStepConfig: {get_param: [role_data, Controller, upgrade_tasks]}
step: 5
ComputeUpgradeConfig_Step5:
type: OS::TripleO::UpgradeConfig
# The UpgradeConfig resources could actually be created without
# serialization, but the event output is easier to follow if we
# do, and there should be minimal performance hit (creating the
# config is cheap compared to the time to apply the deployment).
depends_on:
- ControllerUpgrade_Step4
- BlockStorageUpgrade_Step4
- CephStorageUpgrade_Step4
properties:
UpgradeStepConfig: {get_param: [role_data, Compute, upgrade_tasks]}
step: 5
BlockStorageUpgradeConfig_Step5:
type: OS::TripleO::UpgradeConfig
# The UpgradeConfig resources could actually be created without
# serialization, but the event output is easier to follow if we
# do, and there should be minimal performance hit (creating the
# config is cheap compared to the time to apply the deployment).
depends_on:
- ControllerUpgrade_Step4
- BlockStorageUpgrade_Step4
- CephStorageUpgrade_Step4
properties:
UpgradeStepConfig: {get_param: [role_data, BlockStorage, upgrade_tasks]}
step: 5
ObjectStorageUpgradeConfig_Step5:
type: OS::TripleO::UpgradeConfig
# The UpgradeConfig resources could actually be created without
# serialization, but the event output is easier to follow if we
# do, and there should be minimal performance hit (creating the
# config is cheap compared to the time to apply the deployment).
depends_on:
- ControllerUpgrade_Step4
- BlockStorageUpgrade_Step4
- CephStorageUpgrade_Step4
properties:
UpgradeStepConfig: {get_param: [role_data, ObjectStorage, upgrade_tasks]}
step: 5
CephStorageUpgradeConfig_Step5:
type: OS::TripleO::UpgradeConfig
# The UpgradeConfig resources could actually be created without
# serialization, but the event output is easier to follow if we
# do, and there should be minimal performance hit (creating the
# config is cheap compared to the time to apply the deployment).
depends_on:
- ControllerUpgrade_Step4
- BlockStorageUpgrade_Step4
- CephStorageUpgrade_Step4
properties:
UpgradeStepConfig: {get_param: [role_data, CephStorage, upgrade_tasks]}
step: 5
# Deployment resources for step 5 (only for enabled roles)
ControllerUpgrade_Step5:
type: OS::Heat::SoftwareDeploymentGroup
depends_on:
- ControllerUpgrade_Step4
- BlockStorageUpgrade_Step4
- CephStorageUpgrade_Step4
properties:
servers: {get_param: [servers, Controller]}
config: {get_resource: ControllerUpgradeConfig_Step5}
input_values:
role: Controller
update_identifier: {get_param: UpdateIdentifier}
BlockStorageUpgrade_Step5:
type: OS::Heat::SoftwareDeploymentGroup
depends_on:
- ControllerUpgrade_Step4
- BlockStorageUpgrade_Step4
- CephStorageUpgrade_Step4
properties:
servers: {get_param: [servers, BlockStorage]}
config: {get_resource: BlockStorageUpgradeConfig_Step5}
input_values:
role: BlockStorage
update_identifier: {get_param: UpdateIdentifier}
CephStorageUpgrade_Step5:
type: OS::Heat::SoftwareDeploymentGroup
depends_on:
- ControllerUpgrade_Step4
- BlockStorageUpgrade_Step4
- CephStorageUpgrade_Step4
properties:
servers: {get_param: [servers, CephStorage]}
config: {get_resource: CephStorageUpgradeConfig_Step5}
input_values:
role: CephStorage
update_identifier: {get_param: UpdateIdentifier}
# Post upgrade deployment steps for all roles
# This runs the normal configuration (e.g puppet) steps unless upgrade
# is disabled for the role
AllNodesPostUpgradeSteps:
type: OS::TripleO::PostUpgradeSteps
depends_on:
- ControllerUpgrade_Step5
- BlockStorageUpgrade_Step5
- CephStorageUpgrade_Step5
properties:
servers: {get_param: servers}
stack_name: {get_param: stack_name}
role_data: {get_param: role_data}
ctlplane_service_ips: {get_param: ctlplane_service_ips}
ControllerPostUpgradeConfig_Config0:
type: OS::TripleO::UpgradeConfig
depends_on:
- AllNodesPostUpgradeSteps
- AllNodesPostUpgradeSteps
- AllNodesPostUpgradeSteps
properties:
UpgradeStepConfig: {get_param: [role_data, Controller, post_upgrade_tasks]}
step: 0
ComputePostUpgradeConfig_Config0:
type: OS::TripleO::UpgradeConfig
depends_on:
- AllNodesPostUpgradeSteps
- AllNodesPostUpgradeSteps
- AllNodesPostUpgradeSteps
properties:
UpgradeStepConfig: {get_param: [role_data, Compute, post_upgrade_tasks]}
step: 0
BlockStoragePostUpgradeConfig_Config0:
type: OS::TripleO::UpgradeConfig
depends_on:
- AllNodesPostUpgradeSteps
- AllNodesPostUpgradeSteps
- AllNodesPostUpgradeSteps
properties:
UpgradeStepConfig: {get_param: [role_data, BlockStorage, post_upgrade_tasks]}
step: 0
ObjectStoragePostUpgradeConfig_Config0:
type: OS::TripleO::UpgradeConfig
depends_on:
- AllNodesPostUpgradeSteps
- AllNodesPostUpgradeSteps
- AllNodesPostUpgradeSteps
properties:
UpgradeStepConfig: {get_param: [role_data, ObjectStorage, post_upgrade_tasks]}
step: 0
CephStoragePostUpgradeConfig_Config0:
type: OS::TripleO::UpgradeConfig
depends_on:
- AllNodesPostUpgradeSteps
- AllNodesPostUpgradeSteps
- AllNodesPostUpgradeSteps
properties:
UpgradeStepConfig: {get_param: [role_data, CephStorage, post_upgrade_tasks]}
step: 0
ControllerPostUpgradeConfig_Deployment0:
type: OS::Heat::SoftwareDeploymentGroup
depends_on:
- AllNodesPostUpgradeSteps
- AllNodesPostUpgradeSteps
- AllNodesPostUpgradeSteps
properties:
servers: {get_param: [servers, Controller]}
config: {get_resource: ControllerPostUpgradeConfig_Config0}
input_values:
role: Controller
update_identifier: {get_param: UpdateIdentifier}
BlockStoragePostUpgradeConfig_Deployment0:
type: OS::Heat::SoftwareDeploymentGroup
depends_on:
- AllNodesPostUpgradeSteps
- AllNodesPostUpgradeSteps
- AllNodesPostUpgradeSteps
properties:
servers: {get_param: [servers, BlockStorage]}
config: {get_resource: BlockStoragePostUpgradeConfig_Config0}
input_values:
role: BlockStorage
update_identifier: {get_param: UpdateIdentifier}
CephStoragePostUpgradeConfig_Deployment0:
type: OS::Heat::SoftwareDeploymentGroup
depends_on:
- AllNodesPostUpgradeSteps
- AllNodesPostUpgradeSteps
- AllNodesPostUpgradeSteps
properties:
servers: {get_param: [servers, CephStorage]}
config: {get_resource: CephStoragePostUpgradeConfig_Config0}
input_values:
role: CephStorage
update_identifier: {get_param: UpdateIdentifier}
ControllerPostUpgradeConfig_Config1:
type: OS::TripleO::UpgradeConfig
depends_on:
- ControllerPostUpgradeConfig_Deployment0
- BlockStoragePostUpgradeConfig_Deployment0
- CephStoragePostUpgradeConfig_Deployment0
properties:
UpgradeStepConfig: {get_param: [role_data, Controller, post_upgrade_tasks]}
step: 1
ComputePostUpgradeConfig_Config1:
type: OS::TripleO::UpgradeConfig
depends_on:
- ControllerPostUpgradeConfig_Deployment0
- BlockStoragePostUpgradeConfig_Deployment0
- CephStoragePostUpgradeConfig_Deployment0
properties:
UpgradeStepConfig: {get_param: [role_data, Compute, post_upgrade_tasks]}
step: 1
BlockStoragePostUpgradeConfig_Config1:
type: OS::TripleO::UpgradeConfig
depends_on:
- ControllerPostUpgradeConfig_Deployment0
- BlockStoragePostUpgradeConfig_Deployment0
- CephStoragePostUpgradeConfig_Deployment0
properties:
UpgradeStepConfig: {get_param: [role_data, BlockStorage, post_upgrade_tasks]}
step: 1
ObjectStoragePostUpgradeConfig_Config1:
type: OS::TripleO::UpgradeConfig
depends_on:
- ControllerPostUpgradeConfig_Deployment0
- BlockStoragePostUpgradeConfig_Deployment0
- CephStoragePostUpgradeConfig_Deployment0
properties:
UpgradeStepConfig: {get_param: [role_data, ObjectStorage, post_upgrade_tasks]}
step: 1
CephStoragePostUpgradeConfig_Config1:
type: OS::TripleO::UpgradeConfig
depends_on:
- ControllerPostUpgradeConfig_Deployment0
- BlockStoragePostUpgradeConfig_Deployment0
- CephStoragePostUpgradeConfig_Deployment0
properties:
UpgradeStepConfig: {get_param: [role_data, CephStorage, post_upgrade_tasks]}
step: 1
ControllerPostUpgradeConfig_Deployment1:
type: OS::Heat::SoftwareDeploymentGroup
depends_on:
- ControllerPostUpgradeConfig_Deployment0
- BlockStoragePostUpgradeConfig_Deployment0
- CephStoragePostUpgradeConfig_Deployment0
properties:
servers: {get_param: [servers, Controller]}
config: {get_resource: ControllerPostUpgradeConfig_Config1}
input_values:
role: Controller
update_identifier: {get_param: UpdateIdentifier}
BlockStoragePostUpgradeConfig_Deployment1:
type: OS::Heat::SoftwareDeploymentGroup
depends_on:
- ControllerPostUpgradeConfig_Deployment0
- BlockStoragePostUpgradeConfig_Deployment0
- CephStoragePostUpgradeConfig_Deployment0
properties:
servers: {get_param: [servers, BlockStorage]}
config: {get_resource: BlockStoragePostUpgradeConfig_Config1}
input_values:
role: BlockStorage
update_identifier: {get_param: UpdateIdentifier}
CephStoragePostUpgradeConfig_Deployment1:
type: OS::Heat::SoftwareDeploymentGroup
depends_on:
- ControllerPostUpgradeConfig_Deployment0
- BlockStoragePostUpgradeConfig_Deployment0
- CephStoragePostUpgradeConfig_Deployment0
properties:
servers: {get_param: [servers, CephStorage]}
config: {get_resource: CephStoragePostUpgradeConfig_Config1}
input_values:
role: CephStorage
update_identifier: {get_param: UpdateIdentifier}
ControllerPostUpgradeConfig_Config2:
type: OS::TripleO::UpgradeConfig
depends_on:
- ControllerPostUpgradeConfig_Deployment1
- BlockStoragePostUpgradeConfig_Deployment1
- CephStoragePostUpgradeConfig_Deployment1
properties:
UpgradeStepConfig: {get_param: [role_data, Controller, post_upgrade_tasks]}
step: 2
ComputePostUpgradeConfig_Config2:
type: OS::TripleO::UpgradeConfig
depends_on:
- ControllerPostUpgradeConfig_Deployment1
- BlockStoragePostUpgradeConfig_Deployment1
- CephStoragePostUpgradeConfig_Deployment1
properties:
UpgradeStepConfig: {get_param: [role_data, Compute, post_upgrade_tasks]}
step: 2
BlockStoragePostUpgradeConfig_Config2:
type: OS::TripleO::UpgradeConfig
depends_on:
- ControllerPostUpgradeConfig_Deployment1
- BlockStoragePostUpgradeConfig_Deployment1
- CephStoragePostUpgradeConfig_Deployment1
properties:
UpgradeStepConfig: {get_param: [role_data, BlockStorage, post_upgrade_tasks]}
step: 2
ObjectStoragePostUpgradeConfig_Config2:
type: OS::TripleO::UpgradeConfig
depends_on:
- ControllerPostUpgradeConfig_Deployment1
- BlockStoragePostUpgradeConfig_Deployment1
- CephStoragePostUpgradeConfig_Deployment1
properties:
UpgradeStepConfig: {get_param: [role_data, ObjectStorage, post_upgrade_tasks]}
step: 2
CephStoragePostUpgradeConfig_Config2:
type: OS::TripleO::UpgradeConfig
depends_on:
- ControllerPostUpgradeConfig_Deployment1
- BlockStoragePostUpgradeConfig_Deployment1
- CephStoragePostUpgradeConfig_Deployment1
properties:
UpgradeStepConfig: {get_param: [role_data, CephStorage, post_upgrade_tasks]}
step: 2
ControllerPostUpgradeConfig_Deployment2:
type: OS::Heat::SoftwareDeploymentGroup
depends_on:
- ControllerPostUpgradeConfig_Deployment1
- BlockStoragePostUpgradeConfig_Deployment1
- CephStoragePostUpgradeConfig_Deployment1
properties:
servers: {get_param: [servers, Controller]}
config: {get_resource: ControllerPostUpgradeConfig_Config2}
input_values:
role: Controller
update_identifier: {get_param: UpdateIdentifier}
BlockStoragePostUpgradeConfig_Deployment2:
type: OS::Heat::SoftwareDeploymentGroup
depends_on:
- ControllerPostUpgradeConfig_Deployment1
- BlockStoragePostUpgradeConfig_Deployment1
- CephStoragePostUpgradeConfig_Deployment1
properties:
servers: {get_param: [servers, BlockStorage]}
config: {get_resource: BlockStoragePostUpgradeConfig_Config2}
input_values:
role: BlockStorage
update_identifier: {get_param: UpdateIdentifier}
CephStoragePostUpgradeConfig_Deployment2:
type: OS::Heat::SoftwareDeploymentGroup
depends_on:
- ControllerPostUpgradeConfig_Deployment1
- BlockStoragePostUpgradeConfig_Deployment1
- CephStoragePostUpgradeConfig_Deployment1
properties:
servers: {get_param: [servers, CephStorage]}
config: {get_resource: CephStoragePostUpgradeConfig_Config2}
input_values:
role: CephStorage
update_identifier: {get_param: UpdateIdentifier}
ControllerPostUpgradeConfig_Config3:
type: OS::TripleO::UpgradeConfig
depends_on:
- ControllerPostUpgradeConfig_Deployment2
- BlockStoragePostUpgradeConfig_Deployment2
- CephStoragePostUpgradeConfig_Deployment2
properties:
UpgradeStepConfig: {get_param: [role_data, Controller, post_upgrade_tasks]}
step: 3
ComputePostUpgradeConfig_Config3:
type: OS::TripleO::UpgradeConfig
depends_on:
- ControllerPostUpgradeConfig_Deployment2
- BlockStoragePostUpgradeConfig_Deployment2
- CephStoragePostUpgradeConfig_Deployment2
properties:
UpgradeStepConfig: {get_param: [role_data, Compute, post_upgrade_tasks]}
step: 3
BlockStoragePostUpgradeConfig_Config3:
type: OS::TripleO::UpgradeConfig
depends_on:
- ControllerPostUpgradeConfig_Deployment2
- BlockStoragePostUpgradeConfig_Deployment2
- CephStoragePostUpgradeConfig_Deployment2
properties:
UpgradeStepConfig: {get_param: [role_data, BlockStorage, post_upgrade_tasks]}
step: 3
ObjectStoragePostUpgradeConfig_Config3:
type: OS::TripleO::UpgradeConfig
depends_on:
- ControllerPostUpgradeConfig_Deployment2
- BlockStoragePostUpgradeConfig_Deployment2
- CephStoragePostUpgradeConfig_Deployment2
properties:
UpgradeStepConfig: {get_param: [role_data, ObjectStorage, post_upgrade_tasks]}
step: 3
CephStoragePostUpgradeConfig_Config3:
type: OS::TripleO::UpgradeConfig
depends_on:
- ControllerPostUpgradeConfig_Deployment2
- BlockStoragePostUpgradeConfig_Deployment2
- CephStoragePostUpgradeConfig_Deployment2
properties:
UpgradeStepConfig: {get_param: [role_data, CephStorage, post_upgrade_tasks]}
step: 3
ControllerPostUpgradeConfig_Deployment3:
type: OS::Heat::SoftwareDeploymentGroup
depends_on:
- ControllerPostUpgradeConfig_Deployment2
- BlockStoragePostUpgradeConfig_Deployment2
- CephStoragePostUpgradeConfig_Deployment2
properties:
servers: {get_param: [servers, Controller]}
config: {get_resource: ControllerPostUpgradeConfig_Config3}
input_values:
role: Controller
update_identifier: {get_param: UpdateIdentifier}
BlockStoragePostUpgradeConfig_Deployment3:
type: OS::Heat::SoftwareDeploymentGroup
depends_on:
- ControllerPostUpgradeConfig_Deployment2
- BlockStoragePostUpgradeConfig_Deployment2
- CephStoragePostUpgradeConfig_Deployment2
properties:
servers: {get_param: [servers, BlockStorage]}
config: {get_resource: BlockStoragePostUpgradeConfig_Config3}
input_values:
role: BlockStorage
update_identifier: {get_param: UpdateIdentifier}
CephStoragePostUpgradeConfig_Deployment3:
type: OS::Heat::SoftwareDeploymentGroup
depends_on:
- ControllerPostUpgradeConfig_Deployment2
- BlockStoragePostUpgradeConfig_Deployment2
- CephStoragePostUpgradeConfig_Deployment2
properties:
servers: {get_param: [servers, CephStorage]}
config: {get_resource: CephStoragePostUpgradeConfig_Config3}
input_values:
role: CephStorage
update_identifier: {get_param: UpdateIdentifier}
ControllerPostUpgradeConfig_Config4:
type: OS::TripleO::UpgradeConfig
depends_on:
- ControllerPostUpgradeConfig_Deployment3
- BlockStoragePostUpgradeConfig_Deployment3
- CephStoragePostUpgradeConfig_Deployment3
properties:
UpgradeStepConfig: {get_param: [role_data, Controller, post_upgrade_tasks]}
step: 4
ComputePostUpgradeConfig_Config4:
type: OS::TripleO::UpgradeConfig
depends_on:
- ControllerPostUpgradeConfig_Deployment3
- BlockStoragePostUpgradeConfig_Deployment3
- CephStoragePostUpgradeConfig_Deployment3
properties:
UpgradeStepConfig: {get_param: [role_data, Compute, post_upgrade_tasks]}
step: 4
BlockStoragePostUpgradeConfig_Config4:
type: OS::TripleO::UpgradeConfig
depends_on:
- ControllerPostUpgradeConfig_Deployment3
- BlockStoragePostUpgradeConfig_Deployment3
- CephStoragePostUpgradeConfig_Deployment3
properties:
UpgradeStepConfig: {get_param: [role_data, BlockStorage, post_upgrade_tasks]}
step: 4
ObjectStoragePostUpgradeConfig_Config4:
type: OS::TripleO::UpgradeConfig
depends_on:
- ControllerPostUpgradeConfig_Deployment3
- BlockStoragePostUpgradeConfig_Deployment3
- CephStoragePostUpgradeConfig_Deployment3
properties:
UpgradeStepConfig: {get_param: [role_data, ObjectStorage, post_upgrade_tasks]}
step: 4
CephStoragePostUpgradeConfig_Config4:
type: OS::TripleO::UpgradeConfig
depends_on:
- ControllerPostUpgradeConfig_Deployment3
- BlockStoragePostUpgradeConfig_Deployment3
- CephStoragePostUpgradeConfig_Deployment3
properties:
UpgradeStepConfig: {get_param: [role_data, CephStorage, post_upgrade_tasks]}
step: 4
ControllerPostUpgradeConfig_Deployment4:
type: OS::Heat::SoftwareDeploymentGroup
depends_on:
- ControllerPostUpgradeConfig_Deployment3
- BlockStoragePostUpgradeConfig_Deployment3
- CephStoragePostUpgradeConfig_Deployment3
properties:
servers: {get_param: [servers, Controller]}
config: {get_resource: ControllerPostUpgradeConfig_Config4}
input_values:
role: Controller
update_identifier: {get_param: UpdateIdentifier}
BlockStoragePostUpgradeConfig_Deployment4:
type: OS::Heat::SoftwareDeploymentGroup
depends_on:
- ControllerPostUpgradeConfig_Deployment3
- BlockStoragePostUpgradeConfig_Deployment3
- CephStoragePostUpgradeConfig_Deployment3
properties:
servers: {get_param: [servers, BlockStorage]}
config: {get_resource: BlockStoragePostUpgradeConfig_Config4}
input_values:
role: BlockStorage
update_identifier: {get_param: UpdateIdentifier}
CephStoragePostUpgradeConfig_Deployment4:
type: OS::Heat::SoftwareDeploymentGroup
depends_on:
- ControllerPostUpgradeConfig_Deployment3
- BlockStoragePostUpgradeConfig_Deployment3
- CephStoragePostUpgradeConfig_Deployment3
properties:
servers: {get_param: [servers, CephStorage]}
config: {get_resource: CephStoragePostUpgradeConfig_Config4}
input_values:
role: CephStorage
update_identifier: {get_param: UpdateIdentifier}
ControllerPostUpgradeConfig_Config5:
type: OS::TripleO::UpgradeConfig
depends_on:
- ControllerPostUpgradeConfig_Deployment4
- BlockStoragePostUpgradeConfig_Deployment4
- CephStoragePostUpgradeConfig_Deployment4
properties:
UpgradeStepConfig: {get_param: [role_data, Controller, post_upgrade_tasks]}
step: 5
ComputePostUpgradeConfig_Config5:
type: OS::TripleO::UpgradeConfig
depends_on:
- ControllerPostUpgradeConfig_Deployment4
- BlockStoragePostUpgradeConfig_Deployment4
- CephStoragePostUpgradeConfig_Deployment4
properties:
UpgradeStepConfig: {get_param: [role_data, Compute, post_upgrade_tasks]}
step: 5
BlockStoragePostUpgradeConfig_Config5:
type: OS::TripleO::UpgradeConfig
depends_on:
- ControllerPostUpgradeConfig_Deployment4
- BlockStoragePostUpgradeConfig_Deployment4
- CephStoragePostUpgradeConfig_Deployment4
properties:
UpgradeStepConfig: {get_param: [role_data, BlockStorage, post_upgrade_tasks]}
step: 5
ObjectStoragePostUpgradeConfig_Config5:
type: OS::TripleO::UpgradeConfig
depends_on:
- ControllerPostUpgradeConfig_Deployment4
- BlockStoragePostUpgradeConfig_Deployment4
- CephStoragePostUpgradeConfig_Deployment4
properties:
UpgradeStepConfig: {get_param: [role_data, ObjectStorage, post_upgrade_tasks]}
step: 5
CephStoragePostUpgradeConfig_Config5:
type: OS::TripleO::UpgradeConfig
depends_on:
- ControllerPostUpgradeConfig_Deployment4
- BlockStoragePostUpgradeConfig_Deployment4
- CephStoragePostUpgradeConfig_Deployment4
properties:
UpgradeStepConfig: {get_param: [role_data, CephStorage, post_upgrade_tasks]}
step: 5
ControllerPostUpgradeConfig_Deployment5:
type: OS::Heat::SoftwareDeploymentGroup
depends_on:
- ControllerPostUpgradeConfig_Deployment4
- BlockStoragePostUpgradeConfig_Deployment4
- CephStoragePostUpgradeConfig_Deployment4
properties:
servers: {get_param: [servers, Controller]}
config: {get_resource: ControllerPostUpgradeConfig_Config5}
input_values:
role: Controller
update_identifier: {get_param: UpdateIdentifier}
BlockStoragePostUpgradeConfig_Deployment5:
type: OS::Heat::SoftwareDeploymentGroup
depends_on:
- ControllerPostUpgradeConfig_Deployment4
- BlockStoragePostUpgradeConfig_Deployment4
- CephStoragePostUpgradeConfig_Deployment4
properties:
servers: {get_param: [servers, BlockStorage]}
config: {get_resource: BlockStoragePostUpgradeConfig_Config5}
input_values:
role: BlockStorage
update_identifier: {get_param: UpdateIdentifier}
CephStoragePostUpgradeConfig_Deployment5:
type: OS::Heat::SoftwareDeploymentGroup
depends_on:
- ControllerPostUpgradeConfig_Deployment4
- BlockStoragePostUpgradeConfig_Deployment4
- CephStoragePostUpgradeConfig_Deployment4
properties:
servers: {get_param: [servers, CephStorage]}
config: {get_resource: CephStoragePostUpgradeConfig_Config5}
input_values:
role: CephStorage
update_identifier: {get_param: UpdateIdentifier}
outputs:
# Output the config for each role, just use Step1 as the config should be
# the same for all steps (only the tag provided differs)
upgrade_configs:
description: The per-role upgrade configuration used
value:
controller: {get_attr: [ControllerUpgradeConfig_Step1, upgrade_config]}
compute: {get_attr: [ComputeUpgradeConfig_Step1, upgrade_config]}
blockstorage: {get_attr: [BlockStorageUpgradeConfig_Step1, upgrade_config]}
objectstorage: {get_attr: [ObjectStorageUpgradeConfig_Step1, upgrade_config]}
cephstorage: {get_attr: [CephStorageUpgradeConfig_Step1, upgrade_config]}
RoleConfig:
description: Mapping of config data for all roles
value: {get_attr: [AllNodesPostUpgradeSteps, RoleConfig]}
openstack-tripleo-heat-templates/common/post-upgrade.yaml 0000644 0001750 0001750 00000202040 13245343354 023222 0 ustar stack stack # Note the include here is the same as post.j2.yaml but the data used at
# # the time of rendering is different if any roles disable upgrades
# certain initialization steps (run in a container) will occur
# on the role marked as primary controller or the first role listed# primary role is: Controller
heat_template_version: pike
description: >
Post-deploy configuration steps via puppet for all roles,
as defined in ../roles_data.yaml
parameters:
servers:
type: json
description: Mapping of Role name e.g Controller to a list of servers
stack_name:
type: string
description: Name of the topmost stack
role_data:
type: json
description: Mapping of Role name e.g Controller to the per-role data
DeployIdentifier:
default: ''
type: string
description: >
Setting this to a unique value will re-run any deployment tasks which
perform configuration on a Heat stack-update.
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ConfigDebug:
default: false
description: Whether to run config management (e.g. Puppet) in debug mode.
type: boolean
DockerPuppetDebug:
type: string
default: ''
description: Set to True to enable debug logging with docker-puppet.py
DockerPuppetProcessCount:
type: number
default: 3
description: Number of concurrent processes to use when running docker-puppet to generate config files.
ctlplane_service_ips:
type: json
conditions:
WorkflowTasks_Step1_Enabled:
or:
- not:
equals:
- get_param: [role_data, Controller, workflow_tasks, step1]
- ''
- False
- not:
equals:
- get_param: [role_data, BlockStorage, workflow_tasks, step1]
- ''
- False
- not:
equals:
- get_param: [role_data, CephStorage, workflow_tasks, step1]
- ''
- False
WorkflowTasks_Step2_Enabled:
or:
- not:
equals:
- get_param: [role_data, Controller, workflow_tasks, step2]
- ''
- False
- not:
equals:
- get_param: [role_data, BlockStorage, workflow_tasks, step2]
- ''
- False
- not:
equals:
- get_param: [role_data, CephStorage, workflow_tasks, step2]
- ''
- False
WorkflowTasks_Step3_Enabled:
or:
- not:
equals:
- get_param: [role_data, Controller, workflow_tasks, step3]
- ''
- False
- not:
equals:
- get_param: [role_data, BlockStorage, workflow_tasks, step3]
- ''
- False
- not:
equals:
- get_param: [role_data, CephStorage, workflow_tasks, step3]
- ''
- False
WorkflowTasks_Step4_Enabled:
or:
- not:
equals:
- get_param: [role_data, Controller, workflow_tasks, step4]
- ''
- False
- not:
equals:
- get_param: [role_data, BlockStorage, workflow_tasks, step4]
- ''
- False
- not:
equals:
- get_param: [role_data, CephStorage, workflow_tasks, step4]
- ''
- False
WorkflowTasks_Step5_Enabled:
or:
- not:
equals:
- get_param: [role_data, Controller, workflow_tasks, step5]
- ''
- False
- not:
equals:
- get_param: [role_data, BlockStorage, workflow_tasks, step5]
- ''
- False
- not:
equals:
- get_param: [role_data, CephStorage, workflow_tasks, step5]
- ''
- False
resources:
RoleConfig:
type: OS::Heat::SoftwareConfig
properties:
group: ansible
options:
modulepath: /usr/share/ansible-modules
inputs:
- name: step
- name: role_name
- name: update_identifier
- name: bootstrap_server_id
- name: enable_debug
- name: docker_puppet_debug
- name: docker_puppet_process_count
config:
str_replace:
template: |
- hosts: localhost
connection: local
tasks:
_TASKS
params:
_TASKS: {get_file: deploy-steps-tasks.yaml}
# BEGIN workflow_tasks handling
WorkflowTasks_Step1:
type: OS::Mistral::Workflow
condition: WorkflowTasks_Step1_Enabled
depends_on:
- ControllerPreConfig
- ControllerArtifactsDeploy
- BlockStoragePreConfig
- BlockStorageArtifactsDeploy
- CephStoragePreConfig
- CephStorageArtifactsDeploy
properties:
name: {list_join: [".", ["tripleo", {get_param: stack_name}, "workflow_tasks", "step1"]]}
type: direct
tasks:
yaql:
expression: $.data.where($ != '').select($.get('step1')).where($ != null).flatten()
data:
- get_param: [role_data, Controller, workflow_tasks]
- get_param: [role_data, BlockStorage, workflow_tasks]
- get_param: [role_data, CephStorage, workflow_tasks]
WorkflowTasks_Step1_Execution:
type: OS::Mistral::ExternalResource
condition: WorkflowTasks_Step1_Enabled
depends_on: WorkflowTasks_Step1
properties:
actions:
CREATE:
workflow: { get_resource: WorkflowTasks_Step1 }
params:
env:
service_ips: { get_param: ctlplane_service_ips }
role_merged_configs:
Controller: {get_param: [role_data, Controller, merged_config_settings]}
Compute: {get_param: [role_data, Compute, merged_config_settings]}
BlockStorage: {get_param: [role_data, BlockStorage, merged_config_settings]}
ObjectStorage: {get_param: [role_data, ObjectStorage, merged_config_settings]}
CephStorage: {get_param: [role_data, CephStorage, merged_config_settings]}
evaluate_env: false
UPDATE:
workflow: { get_resource: WorkflowTasks_Step1 }
params:
env:
service_ips: { get_param: ctlplane_service_ips }
role_merged_configs:
Controller: {get_param: [role_data, Controller, merged_config_settings]}
Compute: {get_param: [role_data, Compute, merged_config_settings]}
BlockStorage: {get_param: [role_data, BlockStorage, merged_config_settings]}
ObjectStorage: {get_param: [role_data, ObjectStorage, merged_config_settings]}
CephStorage: {get_param: [role_data, CephStorage, merged_config_settings]}
evaluate_env: false
always_update: true
# END workflow_tasks handling
# BEGIN workflow_tasks handling
WorkflowTasks_Step2:
type: OS::Mistral::Workflow
condition: WorkflowTasks_Step2_Enabled
depends_on:
- ControllerDeployment_Step1
- BlockStorageDeployment_Step1
- CephStorageDeployment_Step1
properties:
name: {list_join: [".", ["tripleo", {get_param: stack_name}, "workflow_tasks", "step2"]]}
type: direct
tasks:
yaql:
expression: $.data.where($ != '').select($.get('step2')).where($ != null).flatten()
data:
- get_param: [role_data, Controller, workflow_tasks]
- get_param: [role_data, BlockStorage, workflow_tasks]
- get_param: [role_data, CephStorage, workflow_tasks]
WorkflowTasks_Step2_Execution:
type: OS::Mistral::ExternalResource
condition: WorkflowTasks_Step2_Enabled
depends_on: WorkflowTasks_Step2
properties:
actions:
CREATE:
workflow: { get_resource: WorkflowTasks_Step2 }
params:
env:
service_ips: { get_param: ctlplane_service_ips }
role_merged_configs:
Controller: {get_param: [role_data, Controller, merged_config_settings]}
Compute: {get_param: [role_data, Compute, merged_config_settings]}
BlockStorage: {get_param: [role_data, BlockStorage, merged_config_settings]}
ObjectStorage: {get_param: [role_data, ObjectStorage, merged_config_settings]}
CephStorage: {get_param: [role_data, CephStorage, merged_config_settings]}
evaluate_env: false
UPDATE:
workflow: { get_resource: WorkflowTasks_Step2 }
params:
env:
service_ips: { get_param: ctlplane_service_ips }
role_merged_configs:
Controller: {get_param: [role_data, Controller, merged_config_settings]}
Compute: {get_param: [role_data, Compute, merged_config_settings]}
BlockStorage: {get_param: [role_data, BlockStorage, merged_config_settings]}
ObjectStorage: {get_param: [role_data, ObjectStorage, merged_config_settings]}
CephStorage: {get_param: [role_data, CephStorage, merged_config_settings]}
evaluate_env: false
always_update: true
# END workflow_tasks handling
# BEGIN workflow_tasks handling
WorkflowTasks_Step3:
type: OS::Mistral::Workflow
condition: WorkflowTasks_Step3_Enabled
depends_on:
- ControllerDeployment_Step2
- BlockStorageDeployment_Step2
- CephStorageDeployment_Step2
properties:
name: {list_join: [".", ["tripleo", {get_param: stack_name}, "workflow_tasks", "step3"]]}
type: direct
tasks:
yaql:
expression: $.data.where($ != '').select($.get('step3')).where($ != null).flatten()
data:
- get_param: [role_data, Controller, workflow_tasks]
- get_param: [role_data, BlockStorage, workflow_tasks]
- get_param: [role_data, CephStorage, workflow_tasks]
WorkflowTasks_Step3_Execution:
type: OS::Mistral::ExternalResource
condition: WorkflowTasks_Step3_Enabled
depends_on: WorkflowTasks_Step3
properties:
actions:
CREATE:
workflow: { get_resource: WorkflowTasks_Step3 }
params:
env:
service_ips: { get_param: ctlplane_service_ips }
role_merged_configs:
Controller: {get_param: [role_data, Controller, merged_config_settings]}
Compute: {get_param: [role_data, Compute, merged_config_settings]}
BlockStorage: {get_param: [role_data, BlockStorage, merged_config_settings]}
ObjectStorage: {get_param: [role_data, ObjectStorage, merged_config_settings]}
CephStorage: {get_param: [role_data, CephStorage, merged_config_settings]}
evaluate_env: false
UPDATE:
workflow: { get_resource: WorkflowTasks_Step3 }
params:
env:
service_ips: { get_param: ctlplane_service_ips }
role_merged_configs:
Controller: {get_param: [role_data, Controller, merged_config_settings]}
Compute: {get_param: [role_data, Compute, merged_config_settings]}
BlockStorage: {get_param: [role_data, BlockStorage, merged_config_settings]}
ObjectStorage: {get_param: [role_data, ObjectStorage, merged_config_settings]}
CephStorage: {get_param: [role_data, CephStorage, merged_config_settings]}
evaluate_env: false
always_update: true
# END workflow_tasks handling
# BEGIN workflow_tasks handling
WorkflowTasks_Step4:
type: OS::Mistral::Workflow
condition: WorkflowTasks_Step4_Enabled
depends_on:
- ControllerDeployment_Step3
- BlockStorageDeployment_Step3
- CephStorageDeployment_Step3
properties:
name: {list_join: [".", ["tripleo", {get_param: stack_name}, "workflow_tasks", "step4"]]}
type: direct
tasks:
yaql:
expression: $.data.where($ != '').select($.get('step4')).where($ != null).flatten()
data:
- get_param: [role_data, Controller, workflow_tasks]
- get_param: [role_data, BlockStorage, workflow_tasks]
- get_param: [role_data, CephStorage, workflow_tasks]
WorkflowTasks_Step4_Execution:
type: OS::Mistral::ExternalResource
condition: WorkflowTasks_Step4_Enabled
depends_on: WorkflowTasks_Step4
properties:
actions:
CREATE:
workflow: { get_resource: WorkflowTasks_Step4 }
params:
env:
service_ips: { get_param: ctlplane_service_ips }
role_merged_configs:
Controller: {get_param: [role_data, Controller, merged_config_settings]}
Compute: {get_param: [role_data, Compute, merged_config_settings]}
BlockStorage: {get_param: [role_data, BlockStorage, merged_config_settings]}
ObjectStorage: {get_param: [role_data, ObjectStorage, merged_config_settings]}
CephStorage: {get_param: [role_data, CephStorage, merged_config_settings]}
evaluate_env: false
UPDATE:
workflow: { get_resource: WorkflowTasks_Step4 }
params:
env:
service_ips: { get_param: ctlplane_service_ips }
role_merged_configs:
Controller: {get_param: [role_data, Controller, merged_config_settings]}
Compute: {get_param: [role_data, Compute, merged_config_settings]}
BlockStorage: {get_param: [role_data, BlockStorage, merged_config_settings]}
ObjectStorage: {get_param: [role_data, ObjectStorage, merged_config_settings]}
CephStorage: {get_param: [role_data, CephStorage, merged_config_settings]}
evaluate_env: false
always_update: true
# END workflow_tasks handling
# BEGIN workflow_tasks handling
WorkflowTasks_Step5:
type: OS::Mistral::Workflow
condition: WorkflowTasks_Step5_Enabled
depends_on:
- ControllerDeployment_Step4
- BlockStorageDeployment_Step4
- CephStorageDeployment_Step4
properties:
name: {list_join: [".", ["tripleo", {get_param: stack_name}, "workflow_tasks", "step5"]]}
type: direct
tasks:
yaql:
expression: $.data.where($ != '').select($.get('step5')).where($ != null).flatten()
data:
- get_param: [role_data, Controller, workflow_tasks]
- get_param: [role_data, BlockStorage, workflow_tasks]
- get_param: [role_data, CephStorage, workflow_tasks]
WorkflowTasks_Step5_Execution:
type: OS::Mistral::ExternalResource
condition: WorkflowTasks_Step5_Enabled
depends_on: WorkflowTasks_Step5
properties:
actions:
CREATE:
workflow: { get_resource: WorkflowTasks_Step5 }
params:
env:
service_ips: { get_param: ctlplane_service_ips }
role_merged_configs:
Controller: {get_param: [role_data, Controller, merged_config_settings]}
Compute: {get_param: [role_data, Compute, merged_config_settings]}
BlockStorage: {get_param: [role_data, BlockStorage, merged_config_settings]}
ObjectStorage: {get_param: [role_data, ObjectStorage, merged_config_settings]}
CephStorage: {get_param: [role_data, CephStorage, merged_config_settings]}
evaluate_env: false
UPDATE:
workflow: { get_resource: WorkflowTasks_Step5 }
params:
env:
service_ips: { get_param: ctlplane_service_ips }
role_merged_configs:
Controller: {get_param: [role_data, Controller, merged_config_settings]}
Compute: {get_param: [role_data, Compute, merged_config_settings]}
BlockStorage: {get_param: [role_data, BlockStorage, merged_config_settings]}
ObjectStorage: {get_param: [role_data, ObjectStorage, merged_config_settings]}
CephStorage: {get_param: [role_data, CephStorage, merged_config_settings]}
evaluate_env: false
always_update: true
# END workflow_tasks handling
# Artifacts config and HostPrepConfig is done on all roles, not only
# enabled_roles, because on upgrade we need to write the json files
# for the operator driven upgrade scripts (the ansible steps consume them)
# Prepare host tasks for Controller
ControllerArtifactsConfig:
type: ../puppet/deploy-artifacts.yaml
ControllerArtifactsDeploy:
type: OS::Heat::StructuredDeploymentGroup
properties:
servers: {get_param: [servers, Controller]}
config: {get_resource: ControllerArtifactsConfig}
ControllerHostPrepConfig:
type: OS::Heat::SoftwareConfig
properties:
group: ansible
options:
modulepath: /usr/share/ansible-modules
config:
str_replace:
template: _PLAYBOOK
params:
_PLAYBOOK:
- hosts: localhost
connection: local
vars:
puppet_config: {get_param: [role_data, Controller, puppet_config]}
docker_puppet_script: {get_file: ../docker/docker-puppet.py}
docker_puppet_tasks: {get_param: [role_data, Controller, docker_puppet_tasks]}
docker_startup_configs: {get_param: [role_data, Controller, docker_config]}
kolla_config: {get_param: [role_data, Controller, kolla_config]}
bootstrap_server_id: {get_param: [servers, Controller, '0']}
puppet_step_config: {get_param: [role_data, Controller, step_config]}
docker_config_scripts: {get_param: [role_data, Controller, docker_config_scripts]}
tasks:
# Join host_prep_tasks with the other per-host configuration
list_concat:
- {get_param: [role_data, Controller, host_prep_tasks]}
-
# Write the manifest for baremetal puppet configuration
- name: Create /var/lib/tripleo-config directory
file: path=/var/lib/tripleo-config state=directory
- name: Write the puppet step_config manifest
copy: content="{{puppet_step_config}}" dest=/var/lib/tripleo-config/puppet_step_config.pp force=yes mode=0600
# this creates a JSON config file for our docker-puppet.py script
- name: Create /var/lib/docker-puppet
file: path=/var/lib/docker-puppet state=directory
- name: Write docker-puppet-tasks json files
copy: content="{{puppet_config | to_json}}" dest=/var/lib/docker-puppet/docker-puppet.json force=yes mode=0600
# FIXME: can we move docker-puppet somewhere so it's installed via a package?
- name: Write docker-puppet.py
copy: content="{{docker_puppet_script}}" dest=/var/lib/docker-puppet/docker-puppet.py force=yes mode=0600
- name: Create /var/lib/docker-config-scripts
file: path=/var/lib/docker-config-scripts state=directory
- name: Write docker config scripts
copy: content="{{item.value.content}}" dest="/var/lib/docker-config-scripts/{{item.key}}" force=yes mode="{{item.value.mode|default('0600', true)}}"
with_dict: "{{docker_config_scripts}}"
# Here we are dumping all the docker container startup configuration data
# so that we can have access to how they are started outside of heat
# and docker-cmd. This lets us create command line tools to test containers.
# FIXME do we need the docker-container-startup-configs.json or is the new per-step
# data consumed by paunch enough?
- name: Write docker-container-startup-configs
copy: content="{{docker_startup_configs | to_json}}" dest=/var/lib/docker-container-startup-configs.json force=yes mode=0600
- name: Write per-step docker-container-startup-configs
copy: content="{{item.value|to_json}}" dest="/var/lib/tripleo-config/docker-container-startup-config-{{item.key}}.json" force=yes mode=0600
with_dict: "{{docker_startup_configs}}"
- name: Create /var/lib/kolla/config_files directory
file: path=/var/lib/kolla/config_files state=directory
- name: Write kolla config json files
copy: content="{{item.value|to_json}}" dest="{{item.key}}" force=yes mode=0600
with_dict: "{{kolla_config}}"
########################################################
# Bootstrap tasks, only performed on bootstrap_server_id
########################################################
- name: Clean /var/lib/docker-puppet/docker-puppet-tasks*.json files
file:
path: "{{item}}"
state: absent
with_fileglob:
- /var/lib/docker-puppet/docker-puppet-tasks*.json
when: deploy_server_id == bootstrap_server_id
- name: Write docker-puppet-tasks json files
copy: content="{{item.value|to_json}}" dest=/var/lib/docker-puppet/docker-puppet-tasks{{item.key.replace("step_", "")}}.json force=yes mode=0600
with_dict: "{{docker_puppet_tasks}}"
when: deploy_server_id == bootstrap_server_id
ControllerHostPrepDeployment:
type: OS::Heat::SoftwareDeploymentGroup
properties:
servers: {get_param: [servers, Controller]}
config: {get_resource: ControllerHostPrepConfig}
# Prepare host tasks for Compute
ComputeArtifactsConfig:
type: ../puppet/deploy-artifacts.yaml
ComputeArtifactsDeploy:
type: OS::Heat::StructuredDeploymentGroup
properties:
servers: {get_param: [servers, Compute]}
config: {get_resource: ComputeArtifactsConfig}
ComputeHostPrepConfig:
type: OS::Heat::SoftwareConfig
properties:
group: ansible
options:
modulepath: /usr/share/ansible-modules
config:
str_replace:
template: _PLAYBOOK
params:
_PLAYBOOK:
- hosts: localhost
connection: local
vars:
puppet_config: {get_param: [role_data, Compute, puppet_config]}
docker_puppet_script: {get_file: ../docker/docker-puppet.py}
docker_puppet_tasks: {get_param: [role_data, Compute, docker_puppet_tasks]}
docker_startup_configs: {get_param: [role_data, Compute, docker_config]}
kolla_config: {get_param: [role_data, Compute, kolla_config]}
bootstrap_server_id: {get_param: [servers, Controller, '0']}
puppet_step_config: {get_param: [role_data, Compute, step_config]}
docker_config_scripts: {get_param: [role_data, Compute, docker_config_scripts]}
tasks:
# Join host_prep_tasks with the other per-host configuration
list_concat:
- []
-
# Write the manifest for baremetal puppet configuration
- name: Create /var/lib/tripleo-config directory
file: path=/var/lib/tripleo-config state=directory
- name: Write the puppet step_config manifest
copy: content="{{puppet_step_config}}" dest=/var/lib/tripleo-config/puppet_step_config.pp force=yes mode=0600
# this creates a JSON config file for our docker-puppet.py script
- name: Create /var/lib/docker-puppet
file: path=/var/lib/docker-puppet state=directory
- name: Write docker-puppet-tasks json files
copy: content="{{puppet_config | to_json}}" dest=/var/lib/docker-puppet/docker-puppet.json force=yes mode=0600
# FIXME: can we move docker-puppet somewhere so it's installed via a package?
- name: Write docker-puppet.py
copy: content="{{docker_puppet_script}}" dest=/var/lib/docker-puppet/docker-puppet.py force=yes mode=0600
- name: Create /var/lib/docker-config-scripts
file: path=/var/lib/docker-config-scripts state=directory
- name: Write docker config scripts
copy: content="{{item.value.content}}" dest="/var/lib/docker-config-scripts/{{item.key}}" force=yes mode="{{item.value.mode|default('0600', true)}}"
with_dict: "{{docker_config_scripts}}"
# Here we are dumping all the docker container startup configuration data
# so that we can have access to how they are started outside of heat
# and docker-cmd. This lets us create command line tools to test containers.
# FIXME do we need the docker-container-startup-configs.json or is the new per-step
# data consumed by paunch enough?
- name: Write docker-container-startup-configs
copy: content="{{docker_startup_configs | to_json}}" dest=/var/lib/docker-container-startup-configs.json force=yes mode=0600
- name: Write per-step docker-container-startup-configs
copy: content="{{item.value|to_json}}" dest="/var/lib/tripleo-config/docker-container-startup-config-{{item.key}}.json" force=yes mode=0600
with_dict: "{{docker_startup_configs}}"
- name: Create /var/lib/kolla/config_files directory
file: path=/var/lib/kolla/config_files state=directory
- name: Write kolla config json files
copy: content="{{item.value|to_json}}" dest="{{item.key}}" force=yes mode=0600
with_dict: "{{kolla_config}}"
########################################################
# Bootstrap tasks, only performed on bootstrap_server_id
########################################################
- name: Clean /var/lib/docker-puppet/docker-puppet-tasks*.json files
file:
path: "{{item}}"
state: absent
with_fileglob:
- /var/lib/docker-puppet/docker-puppet-tasks*.json
when: deploy_server_id == bootstrap_server_id
- name: Write docker-puppet-tasks json files
copy: content="{{item.value|to_json}}" dest=/var/lib/docker-puppet/docker-puppet-tasks{{item.key.replace("step_", "")}}.json force=yes mode=0600
with_dict: "{{docker_puppet_tasks}}"
when: deploy_server_id == bootstrap_server_id
ComputeHostPrepDeployment:
type: OS::Heat::SoftwareDeploymentGroup
properties:
servers: {get_param: [servers, Compute]}
config: {get_resource: ComputeHostPrepConfig}
# Prepare host tasks for BlockStorage
BlockStorageArtifactsConfig:
type: ../puppet/deploy-artifacts.yaml
BlockStorageArtifactsDeploy:
type: OS::Heat::StructuredDeploymentGroup
properties:
servers: {get_param: [servers, BlockStorage]}
config: {get_resource: BlockStorageArtifactsConfig}
BlockStorageHostPrepConfig:
type: OS::Heat::SoftwareConfig
properties:
group: ansible
options:
modulepath: /usr/share/ansible-modules
config:
str_replace:
template: _PLAYBOOK
params:
_PLAYBOOK:
- hosts: localhost
connection: local
vars:
puppet_config: {get_param: [role_data, BlockStorage, puppet_config]}
docker_puppet_script: {get_file: ../docker/docker-puppet.py}
docker_puppet_tasks: {get_param: [role_data, BlockStorage, docker_puppet_tasks]}
docker_startup_configs: {get_param: [role_data, BlockStorage, docker_config]}
kolla_config: {get_param: [role_data, BlockStorage, kolla_config]}
bootstrap_server_id: {get_param: [servers, Controller, '0']}
puppet_step_config: {get_param: [role_data, BlockStorage, step_config]}
docker_config_scripts: {get_param: [role_data, BlockStorage, docker_config_scripts]}
tasks:
# Join host_prep_tasks with the other per-host configuration
list_concat:
- {get_param: [role_data, BlockStorage, host_prep_tasks]}
-
# Write the manifest for baremetal puppet configuration
- name: Create /var/lib/tripleo-config directory
file: path=/var/lib/tripleo-config state=directory
- name: Write the puppet step_config manifest
copy: content="{{puppet_step_config}}" dest=/var/lib/tripleo-config/puppet_step_config.pp force=yes mode=0600
# this creates a JSON config file for our docker-puppet.py script
- name: Create /var/lib/docker-puppet
file: path=/var/lib/docker-puppet state=directory
- name: Write docker-puppet-tasks json files
copy: content="{{puppet_config | to_json}}" dest=/var/lib/docker-puppet/docker-puppet.json force=yes mode=0600
# FIXME: can we move docker-puppet somewhere so it's installed via a package?
- name: Write docker-puppet.py
copy: content="{{docker_puppet_script}}" dest=/var/lib/docker-puppet/docker-puppet.py force=yes mode=0600
- name: Create /var/lib/docker-config-scripts
file: path=/var/lib/docker-config-scripts state=directory
- name: Write docker config scripts
copy: content="{{item.value.content}}" dest="/var/lib/docker-config-scripts/{{item.key}}" force=yes mode="{{item.value.mode|default('0600', true)}}"
with_dict: "{{docker_config_scripts}}"
# Here we are dumping all the docker container startup configuration data
# so that we can have access to how they are started outside of heat
# and docker-cmd. This lets us create command line tools to test containers.
# FIXME do we need the docker-container-startup-configs.json or is the new per-step
# data consumed by paunch enough?
- name: Write docker-container-startup-configs
copy: content="{{docker_startup_configs | to_json}}" dest=/var/lib/docker-container-startup-configs.json force=yes mode=0600
- name: Write per-step docker-container-startup-configs
copy: content="{{item.value|to_json}}" dest="/var/lib/tripleo-config/docker-container-startup-config-{{item.key}}.json" force=yes mode=0600
with_dict: "{{docker_startup_configs}}"
- name: Create /var/lib/kolla/config_files directory
file: path=/var/lib/kolla/config_files state=directory
- name: Write kolla config json files
copy: content="{{item.value|to_json}}" dest="{{item.key}}" force=yes mode=0600
with_dict: "{{kolla_config}}"
########################################################
# Bootstrap tasks, only performed on bootstrap_server_id
########################################################
- name: Clean /var/lib/docker-puppet/docker-puppet-tasks*.json files
file:
path: "{{item}}"
state: absent
with_fileglob:
- /var/lib/docker-puppet/docker-puppet-tasks*.json
when: deploy_server_id == bootstrap_server_id
- name: Write docker-puppet-tasks json files
copy: content="{{item.value|to_json}}" dest=/var/lib/docker-puppet/docker-puppet-tasks{{item.key.replace("step_", "")}}.json force=yes mode=0600
with_dict: "{{docker_puppet_tasks}}"
when: deploy_server_id == bootstrap_server_id
BlockStorageHostPrepDeployment:
type: OS::Heat::SoftwareDeploymentGroup
properties:
servers: {get_param: [servers, BlockStorage]}
config: {get_resource: BlockStorageHostPrepConfig}
# Prepare host tasks for ObjectStorage
ObjectStorageArtifactsConfig:
type: ../puppet/deploy-artifacts.yaml
ObjectStorageArtifactsDeploy:
type: OS::Heat::StructuredDeploymentGroup
properties:
servers: {get_param: [servers, ObjectStorage]}
config: {get_resource: ObjectStorageArtifactsConfig}
ObjectStorageHostPrepConfig:
type: OS::Heat::SoftwareConfig
properties:
group: ansible
options:
modulepath: /usr/share/ansible-modules
config:
str_replace:
template: _PLAYBOOK
params:
_PLAYBOOK:
- hosts: localhost
connection: local
vars:
puppet_config: {get_param: [role_data, ObjectStorage, puppet_config]}
docker_puppet_script: {get_file: ../docker/docker-puppet.py}
docker_puppet_tasks: {get_param: [role_data, ObjectStorage, docker_puppet_tasks]}
docker_startup_configs: {get_param: [role_data, ObjectStorage, docker_config]}
kolla_config: {get_param: [role_data, ObjectStorage, kolla_config]}
bootstrap_server_id: {get_param: [servers, Controller, '0']}
puppet_step_config: {get_param: [role_data, ObjectStorage, step_config]}
docker_config_scripts: {get_param: [role_data, ObjectStorage, docker_config_scripts]}
tasks:
# Join host_prep_tasks with the other per-host configuration
list_concat:
- []
-
# Write the manifest for baremetal puppet configuration
- name: Create /var/lib/tripleo-config directory
file: path=/var/lib/tripleo-config state=directory
- name: Write the puppet step_config manifest
copy: content="{{puppet_step_config}}" dest=/var/lib/tripleo-config/puppet_step_config.pp force=yes mode=0600
# this creates a JSON config file for our docker-puppet.py script
- name: Create /var/lib/docker-puppet
file: path=/var/lib/docker-puppet state=directory
- name: Write docker-puppet-tasks json files
copy: content="{{puppet_config | to_json}}" dest=/var/lib/docker-puppet/docker-puppet.json force=yes mode=0600
# FIXME: can we move docker-puppet somewhere so it's installed via a package?
- name: Write docker-puppet.py
copy: content="{{docker_puppet_script}}" dest=/var/lib/docker-puppet/docker-puppet.py force=yes mode=0600
- name: Create /var/lib/docker-config-scripts
file: path=/var/lib/docker-config-scripts state=directory
- name: Write docker config scripts
copy: content="{{item.value.content}}" dest="/var/lib/docker-config-scripts/{{item.key}}" force=yes mode="{{item.value.mode|default('0600', true)}}"
with_dict: "{{docker_config_scripts}}"
# Here we are dumping all the docker container startup configuration data
# so that we can have access to how they are started outside of heat
# and docker-cmd. This lets us create command line tools to test containers.
# FIXME do we need the docker-container-startup-configs.json or is the new per-step
# data consumed by paunch enough?
- name: Write docker-container-startup-configs
copy: content="{{docker_startup_configs | to_json}}" dest=/var/lib/docker-container-startup-configs.json force=yes mode=0600
- name: Write per-step docker-container-startup-configs
copy: content="{{item.value|to_json}}" dest="/var/lib/tripleo-config/docker-container-startup-config-{{item.key}}.json" force=yes mode=0600
with_dict: "{{docker_startup_configs}}"
- name: Create /var/lib/kolla/config_files directory
file: path=/var/lib/kolla/config_files state=directory
- name: Write kolla config json files
copy: content="{{item.value|to_json}}" dest="{{item.key}}" force=yes mode=0600
with_dict: "{{kolla_config}}"
########################################################
# Bootstrap tasks, only performed on bootstrap_server_id
########################################################
- name: Clean /var/lib/docker-puppet/docker-puppet-tasks*.json files
file:
path: "{{item}}"
state: absent
with_fileglob:
- /var/lib/docker-puppet/docker-puppet-tasks*.json
when: deploy_server_id == bootstrap_server_id
- name: Write docker-puppet-tasks json files
copy: content="{{item.value|to_json}}" dest=/var/lib/docker-puppet/docker-puppet-tasks{{item.key.replace("step_", "")}}.json force=yes mode=0600
with_dict: "{{docker_puppet_tasks}}"
when: deploy_server_id == bootstrap_server_id
ObjectStorageHostPrepDeployment:
type: OS::Heat::SoftwareDeploymentGroup
properties:
servers: {get_param: [servers, ObjectStorage]}
config: {get_resource: ObjectStorageHostPrepConfig}
# Prepare host tasks for CephStorage
CephStorageArtifactsConfig:
type: ../puppet/deploy-artifacts.yaml
CephStorageArtifactsDeploy:
type: OS::Heat::StructuredDeploymentGroup
properties:
servers: {get_param: [servers, CephStorage]}
config: {get_resource: CephStorageArtifactsConfig}
CephStorageHostPrepConfig:
type: OS::Heat::SoftwareConfig
properties:
group: ansible
options:
modulepath: /usr/share/ansible-modules
config:
str_replace:
template: _PLAYBOOK
params:
_PLAYBOOK:
- hosts: localhost
connection: local
vars:
puppet_config: {get_param: [role_data, CephStorage, puppet_config]}
docker_puppet_script: {get_file: ../docker/docker-puppet.py}
docker_puppet_tasks: {get_param: [role_data, CephStorage, docker_puppet_tasks]}
docker_startup_configs: {get_param: [role_data, CephStorage, docker_config]}
kolla_config: {get_param: [role_data, CephStorage, kolla_config]}
bootstrap_server_id: {get_param: [servers, Controller, '0']}
puppet_step_config: {get_param: [role_data, CephStorage, step_config]}
docker_config_scripts: {get_param: [role_data, CephStorage, docker_config_scripts]}
tasks:
# Join host_prep_tasks with the other per-host configuration
list_concat:
- {get_param: [role_data, CephStorage, host_prep_tasks]}
-
# Write the manifest for baremetal puppet configuration
- name: Create /var/lib/tripleo-config directory
file: path=/var/lib/tripleo-config state=directory
- name: Write the puppet step_config manifest
copy: content="{{puppet_step_config}}" dest=/var/lib/tripleo-config/puppet_step_config.pp force=yes mode=0600
# this creates a JSON config file for our docker-puppet.py script
- name: Create /var/lib/docker-puppet
file: path=/var/lib/docker-puppet state=directory
- name: Write docker-puppet-tasks json files
copy: content="{{puppet_config | to_json}}" dest=/var/lib/docker-puppet/docker-puppet.json force=yes mode=0600
# FIXME: can we move docker-puppet somewhere so it's installed via a package?
- name: Write docker-puppet.py
copy: content="{{docker_puppet_script}}" dest=/var/lib/docker-puppet/docker-puppet.py force=yes mode=0600
- name: Create /var/lib/docker-config-scripts
file: path=/var/lib/docker-config-scripts state=directory
- name: Write docker config scripts
copy: content="{{item.value.content}}" dest="/var/lib/docker-config-scripts/{{item.key}}" force=yes mode="{{item.value.mode|default('0600', true)}}"
with_dict: "{{docker_config_scripts}}"
# Here we are dumping all the docker container startup configuration data
# so that we can have access to how they are started outside of heat
# and docker-cmd. This lets us create command line tools to test containers.
# FIXME do we need the docker-container-startup-configs.json or is the new per-step
# data consumed by paunch enough?
- name: Write docker-container-startup-configs
copy: content="{{docker_startup_configs | to_json}}" dest=/var/lib/docker-container-startup-configs.json force=yes mode=0600
- name: Write per-step docker-container-startup-configs
copy: content="{{item.value|to_json}}" dest="/var/lib/tripleo-config/docker-container-startup-config-{{item.key}}.json" force=yes mode=0600
with_dict: "{{docker_startup_configs}}"
- name: Create /var/lib/kolla/config_files directory
file: path=/var/lib/kolla/config_files state=directory
- name: Write kolla config json files
copy: content="{{item.value|to_json}}" dest="{{item.key}}" force=yes mode=0600
with_dict: "{{kolla_config}}"
########################################################
# Bootstrap tasks, only performed on bootstrap_server_id
########################################################
- name: Clean /var/lib/docker-puppet/docker-puppet-tasks*.json files
file:
path: "{{item}}"
state: absent
with_fileglob:
- /var/lib/docker-puppet/docker-puppet-tasks*.json
when: deploy_server_id == bootstrap_server_id
- name: Write docker-puppet-tasks json files
copy: content="{{item.value|to_json}}" dest=/var/lib/docker-puppet/docker-puppet-tasks{{item.key.replace("step_", "")}}.json force=yes mode=0600
with_dict: "{{docker_puppet_tasks}}"
when: deploy_server_id == bootstrap_server_id
CephStorageHostPrepDeployment:
type: OS::Heat::SoftwareDeploymentGroup
properties:
servers: {get_param: [servers, CephStorage]}
config: {get_resource: CephStorageHostPrepConfig}
# BEGIN CONFIG STEPS, only on enabled_roles
ControllerPreConfig:
type: OS::TripleO::Tasks::ControllerPreConfig
depends_on: ControllerHostPrepDeployment
properties:
servers: {get_param: [servers, Controller]}
input_values:
update_identifier: {get_param: DeployIdentifier}
# Deployment steps for Controller
# A single config is re-applied with an incrementing step number
ControllerDeployment_Step1:
type: OS::TripleO::DeploymentSteps
depends_on:
- WorkflowTasks_Step1_Execution
# TODO(gfidente): the following if/else condition
# replicates what is already defined for the
# WorkflowTasks_StepX resource and can be remove
# if https://bugs.launchpad.net/heat/+bug/1700569
# is fixed.
- ControllerPreConfig
- ControllerArtifactsDeploy
- BlockStoragePreConfig
- BlockStorageArtifactsDeploy
- CephStoragePreConfig
- CephStorageArtifactsDeploy
properties:
name: ControllerDeployment_Step1
servers: {get_param: [servers, Controller]}
config: {get_resource: RoleConfig}
input_values:
step: 1
role_name: Controller
update_identifier: {get_param: DeployIdentifier}
bootstrap_server_id: {get_param: [servers, Controller, '0']}
enable_debug: {get_param: ConfigDebug}
docker_puppet_debug: {get_param: DockerPuppetDebug}
docker_puppet_process_count: {get_param: DockerPuppetProcessCount}
ControllerDeployment_Step2:
type: OS::TripleO::DeploymentSteps
depends_on:
- WorkflowTasks_Step2_Execution
# TODO(gfidente): the following if/else condition
# replicates what is already defined for the
# WorkflowTasks_StepX resource and can be remove
# if https://bugs.launchpad.net/heat/+bug/1700569
# is fixed.
- ControllerDeployment_Step1
- BlockStorageDeployment_Step1
- CephStorageDeployment_Step1
properties:
name: ControllerDeployment_Step2
servers: {get_param: [servers, Controller]}
config: {get_resource: RoleConfig}
input_values:
step: 2
role_name: Controller
update_identifier: {get_param: DeployIdentifier}
bootstrap_server_id: {get_param: [servers, Controller, '0']}
enable_debug: {get_param: ConfigDebug}
docker_puppet_debug: {get_param: DockerPuppetDebug}
docker_puppet_process_count: {get_param: DockerPuppetProcessCount}
ControllerDeployment_Step3:
type: OS::TripleO::DeploymentSteps
depends_on:
- WorkflowTasks_Step3_Execution
# TODO(gfidente): the following if/else condition
# replicates what is already defined for the
# WorkflowTasks_StepX resource and can be remove
# if https://bugs.launchpad.net/heat/+bug/1700569
# is fixed.
- ControllerDeployment_Step2
- BlockStorageDeployment_Step2
- CephStorageDeployment_Step2
properties:
name: ControllerDeployment_Step3
servers: {get_param: [servers, Controller]}
config: {get_resource: RoleConfig}
input_values:
step: 3
role_name: Controller
update_identifier: {get_param: DeployIdentifier}
bootstrap_server_id: {get_param: [servers, Controller, '0']}
enable_debug: {get_param: ConfigDebug}
docker_puppet_debug: {get_param: DockerPuppetDebug}
docker_puppet_process_count: {get_param: DockerPuppetProcessCount}
ControllerDeployment_Step4:
type: OS::TripleO::DeploymentSteps
depends_on:
- WorkflowTasks_Step4_Execution
# TODO(gfidente): the following if/else condition
# replicates what is already defined for the
# WorkflowTasks_StepX resource and can be remove
# if https://bugs.launchpad.net/heat/+bug/1700569
# is fixed.
- ControllerDeployment_Step3
- BlockStorageDeployment_Step3
- CephStorageDeployment_Step3
properties:
name: ControllerDeployment_Step4
servers: {get_param: [servers, Controller]}
config: {get_resource: RoleConfig}
input_values:
step: 4
role_name: Controller
update_identifier: {get_param: DeployIdentifier}
bootstrap_server_id: {get_param: [servers, Controller, '0']}
enable_debug: {get_param: ConfigDebug}
docker_puppet_debug: {get_param: DockerPuppetDebug}
docker_puppet_process_count: {get_param: DockerPuppetProcessCount}
ControllerDeployment_Step5:
type: OS::TripleO::DeploymentSteps
depends_on:
- WorkflowTasks_Step5_Execution
# TODO(gfidente): the following if/else condition
# replicates what is already defined for the
# WorkflowTasks_StepX resource and can be remove
# if https://bugs.launchpad.net/heat/+bug/1700569
# is fixed.
- ControllerDeployment_Step4
- BlockStorageDeployment_Step4
- CephStorageDeployment_Step4
properties:
name: ControllerDeployment_Step5
servers: {get_param: [servers, Controller]}
config: {get_resource: RoleConfig}
input_values:
step: 5
role_name: Controller
update_identifier: {get_param: DeployIdentifier}
bootstrap_server_id: {get_param: [servers, Controller, '0']}
enable_debug: {get_param: ConfigDebug}
docker_puppet_debug: {get_param: DockerPuppetDebug}
docker_puppet_process_count: {get_param: DockerPuppetProcessCount}
# END CONFIG STEPS
# Note, this should be the last step to execute configuration changes.
# Ensure that all ControllerExtraConfigPost steps are executed
# after all the previous deployment steps.
ControllerExtraConfigPost:
depends_on:
- ControllerDeployment_Step5
- BlockStorageDeployment_Step5
- CephStorageDeployment_Step5
type: OS::TripleO::NodeExtraConfigPost
properties:
servers: {get_param: [servers, Controller]}
# The ControllerPostConfig steps are in charge of
# quiescing all services, i.e. in the Controller case,
# we should run a full service reload.
ControllerPostConfig:
type: OS::TripleO::Tasks::ControllerPostConfig
depends_on:
- ControllerExtraConfigPost
- BlockStorageExtraConfigPost
- CephStorageExtraConfigPost
properties:
servers: {get_param: servers}
input_values:
update_identifier: {get_param: DeployIdentifier}
BlockStoragePreConfig:
type: OS::TripleO::Tasks::BlockStoragePreConfig
depends_on: BlockStorageHostPrepDeployment
properties:
servers: {get_param: [servers, BlockStorage]}
input_values:
update_identifier: {get_param: DeployIdentifier}
# Deployment steps for BlockStorage
# A single config is re-applied with an incrementing step number
BlockStorageDeployment_Step1:
type: OS::TripleO::DeploymentSteps
depends_on:
- WorkflowTasks_Step1_Execution
# TODO(gfidente): the following if/else condition
# replicates what is already defined for the
# WorkflowTasks_StepX resource and can be remove
# if https://bugs.launchpad.net/heat/+bug/1700569
# is fixed.
- ControllerPreConfig
- ControllerArtifactsDeploy
- BlockStoragePreConfig
- BlockStorageArtifactsDeploy
- CephStoragePreConfig
- CephStorageArtifactsDeploy
properties:
name: BlockStorageDeployment_Step1
servers: {get_param: [servers, BlockStorage]}
config: {get_resource: RoleConfig}
input_values:
step: 1
role_name: BlockStorage
update_identifier: {get_param: DeployIdentifier}
bootstrap_server_id: {get_param: [servers, Controller, '0']}
enable_debug: {get_param: ConfigDebug}
docker_puppet_debug: {get_param: DockerPuppetDebug}
docker_puppet_process_count: {get_param: DockerPuppetProcessCount}
BlockStorageDeployment_Step2:
type: OS::TripleO::DeploymentSteps
depends_on:
- WorkflowTasks_Step2_Execution
# TODO(gfidente): the following if/else condition
# replicates what is already defined for the
# WorkflowTasks_StepX resource and can be remove
# if https://bugs.launchpad.net/heat/+bug/1700569
# is fixed.
- ControllerDeployment_Step1
- BlockStorageDeployment_Step1
- CephStorageDeployment_Step1
properties:
name: BlockStorageDeployment_Step2
servers: {get_param: [servers, BlockStorage]}
config: {get_resource: RoleConfig}
input_values:
step: 2
role_name: BlockStorage
update_identifier: {get_param: DeployIdentifier}
bootstrap_server_id: {get_param: [servers, Controller, '0']}
enable_debug: {get_param: ConfigDebug}
docker_puppet_debug: {get_param: DockerPuppetDebug}
docker_puppet_process_count: {get_param: DockerPuppetProcessCount}
BlockStorageDeployment_Step3:
type: OS::TripleO::DeploymentSteps
depends_on:
- WorkflowTasks_Step3_Execution
# TODO(gfidente): the following if/else condition
# replicates what is already defined for the
# WorkflowTasks_StepX resource and can be remove
# if https://bugs.launchpad.net/heat/+bug/1700569
# is fixed.
- ControllerDeployment_Step2
- BlockStorageDeployment_Step2
- CephStorageDeployment_Step2
properties:
name: BlockStorageDeployment_Step3
servers: {get_param: [servers, BlockStorage]}
config: {get_resource: RoleConfig}
input_values:
step: 3
role_name: BlockStorage
update_identifier: {get_param: DeployIdentifier}
bootstrap_server_id: {get_param: [servers, Controller, '0']}
enable_debug: {get_param: ConfigDebug}
docker_puppet_debug: {get_param: DockerPuppetDebug}
docker_puppet_process_count: {get_param: DockerPuppetProcessCount}
BlockStorageDeployment_Step4:
type: OS::TripleO::DeploymentSteps
depends_on:
- WorkflowTasks_Step4_Execution
# TODO(gfidente): the following if/else condition
# replicates what is already defined for the
# WorkflowTasks_StepX resource and can be remove
# if https://bugs.launchpad.net/heat/+bug/1700569
# is fixed.
- ControllerDeployment_Step3
- BlockStorageDeployment_Step3
- CephStorageDeployment_Step3
properties:
name: BlockStorageDeployment_Step4
servers: {get_param: [servers, BlockStorage]}
config: {get_resource: RoleConfig}
input_values:
step: 4
role_name: BlockStorage
update_identifier: {get_param: DeployIdentifier}
bootstrap_server_id: {get_param: [servers, Controller, '0']}
enable_debug: {get_param: ConfigDebug}
docker_puppet_debug: {get_param: DockerPuppetDebug}
docker_puppet_process_count: {get_param: DockerPuppetProcessCount}
BlockStorageDeployment_Step5:
type: OS::TripleO::DeploymentSteps
depends_on:
- WorkflowTasks_Step5_Execution
# TODO(gfidente): the following if/else condition
# replicates what is already defined for the
# WorkflowTasks_StepX resource and can be remove
# if https://bugs.launchpad.net/heat/+bug/1700569
# is fixed.
- ControllerDeployment_Step4
- BlockStorageDeployment_Step4
- CephStorageDeployment_Step4
properties:
name: BlockStorageDeployment_Step5
servers: {get_param: [servers, BlockStorage]}
config: {get_resource: RoleConfig}
input_values:
step: 5
role_name: BlockStorage
update_identifier: {get_param: DeployIdentifier}
bootstrap_server_id: {get_param: [servers, Controller, '0']}
enable_debug: {get_param: ConfigDebug}
docker_puppet_debug: {get_param: DockerPuppetDebug}
docker_puppet_process_count: {get_param: DockerPuppetProcessCount}
# END CONFIG STEPS
# Note, this should be the last step to execute configuration changes.
# Ensure that all BlockStorageExtraConfigPost steps are executed
# after all the previous deployment steps.
BlockStorageExtraConfigPost:
depends_on:
- ControllerDeployment_Step5
- BlockStorageDeployment_Step5
- CephStorageDeployment_Step5
type: OS::TripleO::NodeExtraConfigPost
properties:
servers: {get_param: [servers, BlockStorage]}
# The BlockStoragePostConfig steps are in charge of
# quiescing all services, i.e. in the Controller case,
# we should run a full service reload.
BlockStoragePostConfig:
type: OS::TripleO::Tasks::BlockStoragePostConfig
depends_on:
- ControllerExtraConfigPost
- BlockStorageExtraConfigPost
- CephStorageExtraConfigPost
properties:
servers: {get_param: servers}
input_values:
update_identifier: {get_param: DeployIdentifier}
CephStoragePreConfig:
type: OS::TripleO::Tasks::CephStoragePreConfig
depends_on: CephStorageHostPrepDeployment
properties:
servers: {get_param: [servers, CephStorage]}
input_values:
update_identifier: {get_param: DeployIdentifier}
# Deployment steps for CephStorage
# A single config is re-applied with an incrementing step number
CephStorageDeployment_Step1:
type: OS::TripleO::DeploymentSteps
depends_on:
- WorkflowTasks_Step1_Execution
# TODO(gfidente): the following if/else condition
# replicates what is already defined for the
# WorkflowTasks_StepX resource and can be remove
# if https://bugs.launchpad.net/heat/+bug/1700569
# is fixed.
- ControllerPreConfig
- ControllerArtifactsDeploy
- BlockStoragePreConfig
- BlockStorageArtifactsDeploy
- CephStoragePreConfig
- CephStorageArtifactsDeploy
properties:
name: CephStorageDeployment_Step1
servers: {get_param: [servers, CephStorage]}
config: {get_resource: RoleConfig}
input_values:
step: 1
role_name: CephStorage
update_identifier: {get_param: DeployIdentifier}
bootstrap_server_id: {get_param: [servers, Controller, '0']}
enable_debug: {get_param: ConfigDebug}
docker_puppet_debug: {get_param: DockerPuppetDebug}
docker_puppet_process_count: {get_param: DockerPuppetProcessCount}
CephStorageDeployment_Step2:
type: OS::TripleO::DeploymentSteps
depends_on:
- WorkflowTasks_Step2_Execution
# TODO(gfidente): the following if/else condition
# replicates what is already defined for the
# WorkflowTasks_StepX resource and can be remove
# if https://bugs.launchpad.net/heat/+bug/1700569
# is fixed.
- ControllerDeployment_Step1
- BlockStorageDeployment_Step1
- CephStorageDeployment_Step1
properties:
name: CephStorageDeployment_Step2
servers: {get_param: [servers, CephStorage]}
config: {get_resource: RoleConfig}
input_values:
step: 2
role_name: CephStorage
update_identifier: {get_param: DeployIdentifier}
bootstrap_server_id: {get_param: [servers, Controller, '0']}
enable_debug: {get_param: ConfigDebug}
docker_puppet_debug: {get_param: DockerPuppetDebug}
docker_puppet_process_count: {get_param: DockerPuppetProcessCount}
CephStorageDeployment_Step3:
type: OS::TripleO::DeploymentSteps
depends_on:
- WorkflowTasks_Step3_Execution
# TODO(gfidente): the following if/else condition
# replicates what is already defined for the
# WorkflowTasks_StepX resource and can be remove
# if https://bugs.launchpad.net/heat/+bug/1700569
# is fixed.
- ControllerDeployment_Step2
- BlockStorageDeployment_Step2
- CephStorageDeployment_Step2
properties:
name: CephStorageDeployment_Step3
servers: {get_param: [servers, CephStorage]}
config: {get_resource: RoleConfig}
input_values:
step: 3
role_name: CephStorage
update_identifier: {get_param: DeployIdentifier}
bootstrap_server_id: {get_param: [servers, Controller, '0']}
enable_debug: {get_param: ConfigDebug}
docker_puppet_debug: {get_param: DockerPuppetDebug}
docker_puppet_process_count: {get_param: DockerPuppetProcessCount}
CephStorageDeployment_Step4:
type: OS::TripleO::DeploymentSteps
depends_on:
- WorkflowTasks_Step4_Execution
# TODO(gfidente): the following if/else condition
# replicates what is already defined for the
# WorkflowTasks_StepX resource and can be remove
# if https://bugs.launchpad.net/heat/+bug/1700569
# is fixed.
- ControllerDeployment_Step3
- BlockStorageDeployment_Step3
- CephStorageDeployment_Step3
properties:
name: CephStorageDeployment_Step4
servers: {get_param: [servers, CephStorage]}
config: {get_resource: RoleConfig}
input_values:
step: 4
role_name: CephStorage
update_identifier: {get_param: DeployIdentifier}
bootstrap_server_id: {get_param: [servers, Controller, '0']}
enable_debug: {get_param: ConfigDebug}
docker_puppet_debug: {get_param: DockerPuppetDebug}
docker_puppet_process_count: {get_param: DockerPuppetProcessCount}
CephStorageDeployment_Step5:
type: OS::TripleO::DeploymentSteps
depends_on:
- WorkflowTasks_Step5_Execution
# TODO(gfidente): the following if/else condition
# replicates what is already defined for the
# WorkflowTasks_StepX resource and can be remove
# if https://bugs.launchpad.net/heat/+bug/1700569
# is fixed.
- ControllerDeployment_Step4
- BlockStorageDeployment_Step4
- CephStorageDeployment_Step4
properties:
name: CephStorageDeployment_Step5
servers: {get_param: [servers, CephStorage]}
config: {get_resource: RoleConfig}
input_values:
step: 5
role_name: CephStorage
update_identifier: {get_param: DeployIdentifier}
bootstrap_server_id: {get_param: [servers, Controller, '0']}
enable_debug: {get_param: ConfigDebug}
docker_puppet_debug: {get_param: DockerPuppetDebug}
docker_puppet_process_count: {get_param: DockerPuppetProcessCount}
# END CONFIG STEPS
# Note, this should be the last step to execute configuration changes.
# Ensure that all CephStorageExtraConfigPost steps are executed
# after all the previous deployment steps.
CephStorageExtraConfigPost:
depends_on:
- ControllerDeployment_Step5
- BlockStorageDeployment_Step5
- CephStorageDeployment_Step5
type: OS::TripleO::NodeExtraConfigPost
properties:
servers: {get_param: [servers, CephStorage]}
# The CephStoragePostConfig steps are in charge of
# quiescing all services, i.e. in the Controller case,
# we should run a full service reload.
CephStoragePostConfig:
type: OS::TripleO::Tasks::CephStoragePostConfig
depends_on:
- ControllerExtraConfigPost
- BlockStorageExtraConfigPost
- CephStorageExtraConfigPost
properties:
servers: {get_param: servers}
input_values:
update_identifier: {get_param: DeployIdentifier}
outputs:
RoleConfig:
description: Mapping of config data for all roles
value:
deploy_steps_tasks: {get_file: deploy-steps-tasks.yaml}
deploy_steps_playbook: |
- hosts: overcloud
tasks:
- include: Controller/host_prep_tasks.yaml
when: role_name == 'Controller'
- include: Compute/host_prep_tasks.yaml
when: role_name == 'Compute'
- include: BlockStorage/host_prep_tasks.yaml
when: role_name == 'BlockStorage'
- include: ObjectStorage/host_prep_tasks.yaml
when: role_name == 'ObjectStorage'
- include: CephStorage/host_prep_tasks.yaml
when: role_name == 'CephStorage'
- include: deploy_steps_tasks.yaml
with_sequence: start=0 end=5
loop_control:
loop_var: step
update_steps_tasks: |
- include: Controller/update_tasks.yaml
when: role_name == 'Controller'
- include: Compute/update_tasks.yaml
when: role_name == 'Compute'
- include: BlockStorage/update_tasks.yaml
when: role_name == 'BlockStorage'
- include: ObjectStorage/update_tasks.yaml
when: role_name == 'ObjectStorage'
- include: CephStorage/update_tasks.yaml
when: role_name == 'CephStorage'
update_steps_playbook: |
- hosts: overcloud
serial: 1
tasks:
- include: update_steps_tasks.yaml
with_sequence: start=0 end=5
loop_control:
loop_var: step
- include: deploy_steps_tasks.yaml
with_sequence: start=0 end=5
loop_control:
loop_var: step
upgrade_steps_tasks: |
- include: Controller/upgrade_tasks.yaml
when: role_name == 'Controller'
- include: Compute/upgrade_tasks.yaml
when: role_name == 'Compute'
- include: BlockStorage/upgrade_tasks.yaml
when: role_name == 'BlockStorage'
- include: ObjectStorage/upgrade_tasks.yaml
when: role_name == 'ObjectStorage'
- include: CephStorage/upgrade_tasks.yaml
when: role_name == 'CephStorage'
upgrade_steps_playbook: |
- hosts: overcloud
tasks:
- include: upgrade_steps_tasks.yaml
with_sequence: start=0 end=5
loop_control:
loop_var: step openstack-tripleo-heat-templates/common/post.yaml 0000644 0001750 0001750 00000244646 13245343354 021617 0 ustar stack stack # certain initialization steps (run in a container) will occur
# on the role marked as primary controller or the first role listed# On upgrade certain roles can be disabled for operator driven upgrades
# See major_upgrade_steps.j2.yaml and post-upgrade.j2.yaml# primary role is: Controller
heat_template_version: pike
description: >
Post-deploy configuration steps via puppet for all roles,
as defined in ../roles_data.yaml
parameters:
servers:
type: json
description: Mapping of Role name e.g Controller to a list of servers
stack_name:
type: string
description: Name of the topmost stack
role_data:
type: json
description: Mapping of Role name e.g Controller to the per-role data
DeployIdentifier:
default: ''
type: string
description: >
Setting this to a unique value will re-run any deployment tasks which
perform configuration on a Heat stack-update.
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ConfigDebug:
default: false
description: Whether to run config management (e.g. Puppet) in debug mode.
type: boolean
DockerPuppetDebug:
type: string
default: ''
description: Set to True to enable debug logging with docker-puppet.py
DockerPuppetProcessCount:
type: number
default: 3
description: Number of concurrent processes to use when running docker-puppet to generate config files.
ctlplane_service_ips:
type: json
conditions:
WorkflowTasks_Step1_Enabled:
or:
- not:
equals:
- get_param: [role_data, Controller, workflow_tasks, step1]
- ''
- False
- not:
equals:
- get_param: [role_data, Compute, workflow_tasks, step1]
- ''
- False
- not:
equals:
- get_param: [role_data, BlockStorage, workflow_tasks, step1]
- ''
- False
- not:
equals:
- get_param: [role_data, ObjectStorage, workflow_tasks, step1]
- ''
- False
- not:
equals:
- get_param: [role_data, CephStorage, workflow_tasks, step1]
- ''
- False
WorkflowTasks_Step2_Enabled:
or:
- not:
equals:
- get_param: [role_data, Controller, workflow_tasks, step2]
- ''
- False
- not:
equals:
- get_param: [role_data, Compute, workflow_tasks, step2]
- ''
- False
- not:
equals:
- get_param: [role_data, BlockStorage, workflow_tasks, step2]
- ''
- False
- not:
equals:
- get_param: [role_data, ObjectStorage, workflow_tasks, step2]
- ''
- False
- not:
equals:
- get_param: [role_data, CephStorage, workflow_tasks, step2]
- ''
- False
WorkflowTasks_Step3_Enabled:
or:
- not:
equals:
- get_param: [role_data, Controller, workflow_tasks, step3]
- ''
- False
- not:
equals:
- get_param: [role_data, Compute, workflow_tasks, step3]
- ''
- False
- not:
equals:
- get_param: [role_data, BlockStorage, workflow_tasks, step3]
- ''
- False
- not:
equals:
- get_param: [role_data, ObjectStorage, workflow_tasks, step3]
- ''
- False
- not:
equals:
- get_param: [role_data, CephStorage, workflow_tasks, step3]
- ''
- False
WorkflowTasks_Step4_Enabled:
or:
- not:
equals:
- get_param: [role_data, Controller, workflow_tasks, step4]
- ''
- False
- not:
equals:
- get_param: [role_data, Compute, workflow_tasks, step4]
- ''
- False
- not:
equals:
- get_param: [role_data, BlockStorage, workflow_tasks, step4]
- ''
- False
- not:
equals:
- get_param: [role_data, ObjectStorage, workflow_tasks, step4]
- ''
- False
- not:
equals:
- get_param: [role_data, CephStorage, workflow_tasks, step4]
- ''
- False
WorkflowTasks_Step5_Enabled:
or:
- not:
equals:
- get_param: [role_data, Controller, workflow_tasks, step5]
- ''
- False
- not:
equals:
- get_param: [role_data, Compute, workflow_tasks, step5]
- ''
- False
- not:
equals:
- get_param: [role_data, BlockStorage, workflow_tasks, step5]
- ''
- False
- not:
equals:
- get_param: [role_data, ObjectStorage, workflow_tasks, step5]
- ''
- False
- not:
equals:
- get_param: [role_data, CephStorage, workflow_tasks, step5]
- ''
- False
resources:
RoleConfig:
type: OS::Heat::SoftwareConfig
properties:
group: ansible
options:
modulepath: /usr/share/ansible-modules
inputs:
- name: step
- name: role_name
- name: update_identifier
- name: bootstrap_server_id
- name: enable_debug
- name: docker_puppet_debug
- name: docker_puppet_process_count
config:
str_replace:
template: |
- hosts: localhost
connection: local
tasks:
_TASKS
params:
_TASKS: {get_file: deploy-steps-tasks.yaml}
# BEGIN workflow_tasks handling
WorkflowTasks_Step1:
type: OS::Mistral::Workflow
condition: WorkflowTasks_Step1_Enabled
depends_on:
- ControllerPreConfig
- ControllerArtifactsDeploy
- ComputePreConfig
- ComputeArtifactsDeploy
- BlockStoragePreConfig
- BlockStorageArtifactsDeploy
- ObjectStoragePreConfig
- ObjectStorageArtifactsDeploy
- CephStoragePreConfig
- CephStorageArtifactsDeploy
properties:
name: {list_join: [".", ["tripleo", {get_param: stack_name}, "workflow_tasks", "step1"]]}
type: direct
tasks:
yaql:
expression: $.data.where($ != '').select($.get('step1')).where($ != null).flatten()
data:
- get_param: [role_data, Controller, workflow_tasks]
- get_param: [role_data, Compute, workflow_tasks]
- get_param: [role_data, BlockStorage, workflow_tasks]
- get_param: [role_data, ObjectStorage, workflow_tasks]
- get_param: [role_data, CephStorage, workflow_tasks]
WorkflowTasks_Step1_Execution:
type: OS::Mistral::ExternalResource
condition: WorkflowTasks_Step1_Enabled
depends_on: WorkflowTasks_Step1
properties:
actions:
CREATE:
workflow: { get_resource: WorkflowTasks_Step1 }
params:
env:
service_ips: { get_param: ctlplane_service_ips }
role_merged_configs:
Controller: {get_param: [role_data, Controller, merged_config_settings]}
Compute: {get_param: [role_data, Compute, merged_config_settings]}
BlockStorage: {get_param: [role_data, BlockStorage, merged_config_settings]}
ObjectStorage: {get_param: [role_data, ObjectStorage, merged_config_settings]}
CephStorage: {get_param: [role_data, CephStorage, merged_config_settings]}
evaluate_env: false
UPDATE:
workflow: { get_resource: WorkflowTasks_Step1 }
params:
env:
service_ips: { get_param: ctlplane_service_ips }
role_merged_configs:
Controller: {get_param: [role_data, Controller, merged_config_settings]}
Compute: {get_param: [role_data, Compute, merged_config_settings]}
BlockStorage: {get_param: [role_data, BlockStorage, merged_config_settings]}
ObjectStorage: {get_param: [role_data, ObjectStorage, merged_config_settings]}
CephStorage: {get_param: [role_data, CephStorage, merged_config_settings]}
evaluate_env: false
always_update: true
# END workflow_tasks handling
# BEGIN workflow_tasks handling
WorkflowTasks_Step2:
type: OS::Mistral::Workflow
condition: WorkflowTasks_Step2_Enabled
depends_on:
- ControllerDeployment_Step1
- ComputeDeployment_Step1
- BlockStorageDeployment_Step1
- ObjectStorageDeployment_Step1
- CephStorageDeployment_Step1
properties:
name: {list_join: [".", ["tripleo", {get_param: stack_name}, "workflow_tasks", "step2"]]}
type: direct
tasks:
yaql:
expression: $.data.where($ != '').select($.get('step2')).where($ != null).flatten()
data:
- get_param: [role_data, Controller, workflow_tasks]
- get_param: [role_data, Compute, workflow_tasks]
- get_param: [role_data, BlockStorage, workflow_tasks]
- get_param: [role_data, ObjectStorage, workflow_tasks]
- get_param: [role_data, CephStorage, workflow_tasks]
WorkflowTasks_Step2_Execution:
type: OS::Mistral::ExternalResource
condition: WorkflowTasks_Step2_Enabled
depends_on: WorkflowTasks_Step2
properties:
actions:
CREATE:
workflow: { get_resource: WorkflowTasks_Step2 }
params:
env:
service_ips: { get_param: ctlplane_service_ips }
role_merged_configs:
Controller: {get_param: [role_data, Controller, merged_config_settings]}
Compute: {get_param: [role_data, Compute, merged_config_settings]}
BlockStorage: {get_param: [role_data, BlockStorage, merged_config_settings]}
ObjectStorage: {get_param: [role_data, ObjectStorage, merged_config_settings]}
CephStorage: {get_param: [role_data, CephStorage, merged_config_settings]}
evaluate_env: false
UPDATE:
workflow: { get_resource: WorkflowTasks_Step2 }
params:
env:
service_ips: { get_param: ctlplane_service_ips }
role_merged_configs:
Controller: {get_param: [role_data, Controller, merged_config_settings]}
Compute: {get_param: [role_data, Compute, merged_config_settings]}
BlockStorage: {get_param: [role_data, BlockStorage, merged_config_settings]}
ObjectStorage: {get_param: [role_data, ObjectStorage, merged_config_settings]}
CephStorage: {get_param: [role_data, CephStorage, merged_config_settings]}
evaluate_env: false
always_update: true
# END workflow_tasks handling
# BEGIN workflow_tasks handling
WorkflowTasks_Step3:
type: OS::Mistral::Workflow
condition: WorkflowTasks_Step3_Enabled
depends_on:
- ControllerDeployment_Step2
- ComputeDeployment_Step2
- BlockStorageDeployment_Step2
- ObjectStorageDeployment_Step2
- CephStorageDeployment_Step2
properties:
name: {list_join: [".", ["tripleo", {get_param: stack_name}, "workflow_tasks", "step3"]]}
type: direct
tasks:
yaql:
expression: $.data.where($ != '').select($.get('step3')).where($ != null).flatten()
data:
- get_param: [role_data, Controller, workflow_tasks]
- get_param: [role_data, Compute, workflow_tasks]
- get_param: [role_data, BlockStorage, workflow_tasks]
- get_param: [role_data, ObjectStorage, workflow_tasks]
- get_param: [role_data, CephStorage, workflow_tasks]
WorkflowTasks_Step3_Execution:
type: OS::Mistral::ExternalResource
condition: WorkflowTasks_Step3_Enabled
depends_on: WorkflowTasks_Step3
properties:
actions:
CREATE:
workflow: { get_resource: WorkflowTasks_Step3 }
params:
env:
service_ips: { get_param: ctlplane_service_ips }
role_merged_configs:
Controller: {get_param: [role_data, Controller, merged_config_settings]}
Compute: {get_param: [role_data, Compute, merged_config_settings]}
BlockStorage: {get_param: [role_data, BlockStorage, merged_config_settings]}
ObjectStorage: {get_param: [role_data, ObjectStorage, merged_config_settings]}
CephStorage: {get_param: [role_data, CephStorage, merged_config_settings]}
evaluate_env: false
UPDATE:
workflow: { get_resource: WorkflowTasks_Step3 }
params:
env:
service_ips: { get_param: ctlplane_service_ips }
role_merged_configs:
Controller: {get_param: [role_data, Controller, merged_config_settings]}
Compute: {get_param: [role_data, Compute, merged_config_settings]}
BlockStorage: {get_param: [role_data, BlockStorage, merged_config_settings]}
ObjectStorage: {get_param: [role_data, ObjectStorage, merged_config_settings]}
CephStorage: {get_param: [role_data, CephStorage, merged_config_settings]}
evaluate_env: false
always_update: true
# END workflow_tasks handling
# BEGIN workflow_tasks handling
WorkflowTasks_Step4:
type: OS::Mistral::Workflow
condition: WorkflowTasks_Step4_Enabled
depends_on:
- ControllerDeployment_Step3
- ComputeDeployment_Step3
- BlockStorageDeployment_Step3
- ObjectStorageDeployment_Step3
- CephStorageDeployment_Step3
properties:
name: {list_join: [".", ["tripleo", {get_param: stack_name}, "workflow_tasks", "step4"]]}
type: direct
tasks:
yaql:
expression: $.data.where($ != '').select($.get('step4')).where($ != null).flatten()
data:
- get_param: [role_data, Controller, workflow_tasks]
- get_param: [role_data, Compute, workflow_tasks]
- get_param: [role_data, BlockStorage, workflow_tasks]
- get_param: [role_data, ObjectStorage, workflow_tasks]
- get_param: [role_data, CephStorage, workflow_tasks]
WorkflowTasks_Step4_Execution:
type: OS::Mistral::ExternalResource
condition: WorkflowTasks_Step4_Enabled
depends_on: WorkflowTasks_Step4
properties:
actions:
CREATE:
workflow: { get_resource: WorkflowTasks_Step4 }
params:
env:
service_ips: { get_param: ctlplane_service_ips }
role_merged_configs:
Controller: {get_param: [role_data, Controller, merged_config_settings]}
Compute: {get_param: [role_data, Compute, merged_config_settings]}
BlockStorage: {get_param: [role_data, BlockStorage, merged_config_settings]}
ObjectStorage: {get_param: [role_data, ObjectStorage, merged_config_settings]}
CephStorage: {get_param: [role_data, CephStorage, merged_config_settings]}
evaluate_env: false
UPDATE:
workflow: { get_resource: WorkflowTasks_Step4 }
params:
env:
service_ips: { get_param: ctlplane_service_ips }
role_merged_configs:
Controller: {get_param: [role_data, Controller, merged_config_settings]}
Compute: {get_param: [role_data, Compute, merged_config_settings]}
BlockStorage: {get_param: [role_data, BlockStorage, merged_config_settings]}
ObjectStorage: {get_param: [role_data, ObjectStorage, merged_config_settings]}
CephStorage: {get_param: [role_data, CephStorage, merged_config_settings]}
evaluate_env: false
always_update: true
# END workflow_tasks handling
# BEGIN workflow_tasks handling
WorkflowTasks_Step5:
type: OS::Mistral::Workflow
condition: WorkflowTasks_Step5_Enabled
depends_on:
- ControllerDeployment_Step4
- ComputeDeployment_Step4
- BlockStorageDeployment_Step4
- ObjectStorageDeployment_Step4
- CephStorageDeployment_Step4
properties:
name: {list_join: [".", ["tripleo", {get_param: stack_name}, "workflow_tasks", "step5"]]}
type: direct
tasks:
yaql:
expression: $.data.where($ != '').select($.get('step5')).where($ != null).flatten()
data:
- get_param: [role_data, Controller, workflow_tasks]
- get_param: [role_data, Compute, workflow_tasks]
- get_param: [role_data, BlockStorage, workflow_tasks]
- get_param: [role_data, ObjectStorage, workflow_tasks]
- get_param: [role_data, CephStorage, workflow_tasks]
WorkflowTasks_Step5_Execution:
type: OS::Mistral::ExternalResource
condition: WorkflowTasks_Step5_Enabled
depends_on: WorkflowTasks_Step5
properties:
actions:
CREATE:
workflow: { get_resource: WorkflowTasks_Step5 }
params:
env:
service_ips: { get_param: ctlplane_service_ips }
role_merged_configs:
Controller: {get_param: [role_data, Controller, merged_config_settings]}
Compute: {get_param: [role_data, Compute, merged_config_settings]}
BlockStorage: {get_param: [role_data, BlockStorage, merged_config_settings]}
ObjectStorage: {get_param: [role_data, ObjectStorage, merged_config_settings]}
CephStorage: {get_param: [role_data, CephStorage, merged_config_settings]}
evaluate_env: false
UPDATE:
workflow: { get_resource: WorkflowTasks_Step5 }
params:
env:
service_ips: { get_param: ctlplane_service_ips }
role_merged_configs:
Controller: {get_param: [role_data, Controller, merged_config_settings]}
Compute: {get_param: [role_data, Compute, merged_config_settings]}
BlockStorage: {get_param: [role_data, BlockStorage, merged_config_settings]}
ObjectStorage: {get_param: [role_data, ObjectStorage, merged_config_settings]}
CephStorage: {get_param: [role_data, CephStorage, merged_config_settings]}
evaluate_env: false
always_update: true
# END workflow_tasks handling
# Artifacts config and HostPrepConfig is done on all roles, not only
# enabled_roles, because on upgrade we need to write the json files
# for the operator driven upgrade scripts (the ansible steps consume them)
# Prepare host tasks for Controller
ControllerArtifactsConfig:
type: ../puppet/deploy-artifacts.yaml
ControllerArtifactsDeploy:
type: OS::Heat::StructuredDeploymentGroup
properties:
servers: {get_param: [servers, Controller]}
config: {get_resource: ControllerArtifactsConfig}
ControllerHostPrepConfig:
type: OS::Heat::SoftwareConfig
properties:
group: ansible
options:
modulepath: /usr/share/ansible-modules
config:
str_replace:
template: _PLAYBOOK
params:
_PLAYBOOK:
- hosts: localhost
connection: local
vars:
puppet_config: {get_param: [role_data, Controller, puppet_config]}
docker_puppet_script: {get_file: ../docker/docker-puppet.py}
docker_puppet_tasks: {get_param: [role_data, Controller, docker_puppet_tasks]}
docker_startup_configs: {get_param: [role_data, Controller, docker_config]}
kolla_config: {get_param: [role_data, Controller, kolla_config]}
bootstrap_server_id: {get_param: [servers, Controller, '0']}
puppet_step_config: {get_param: [role_data, Controller, step_config]}
docker_config_scripts: {get_param: [role_data, Controller, docker_config_scripts]}
tasks:
# Join host_prep_tasks with the other per-host configuration
list_concat:
- {get_param: [role_data, Controller, host_prep_tasks]}
-
# Write the manifest for baremetal puppet configuration
- name: Create /var/lib/tripleo-config directory
file: path=/var/lib/tripleo-config state=directory
- name: Write the puppet step_config manifest
copy: content="{{puppet_step_config}}" dest=/var/lib/tripleo-config/puppet_step_config.pp force=yes mode=0600
# this creates a JSON config file for our docker-puppet.py script
- name: Create /var/lib/docker-puppet
file: path=/var/lib/docker-puppet state=directory
- name: Write docker-puppet-tasks json files
copy: content="{{puppet_config | to_json}}" dest=/var/lib/docker-puppet/docker-puppet.json force=yes mode=0600
# FIXME: can we move docker-puppet somewhere so it's installed via a package?
- name: Write docker-puppet.py
copy: content="{{docker_puppet_script}}" dest=/var/lib/docker-puppet/docker-puppet.py force=yes mode=0600
- name: Create /var/lib/docker-config-scripts
file: path=/var/lib/docker-config-scripts state=directory
- name: Write docker config scripts
copy: content="{{item.value.content}}" dest="/var/lib/docker-config-scripts/{{item.key}}" force=yes mode="{{item.value.mode|default('0600', true)}}"
with_dict: "{{docker_config_scripts}}"
# Here we are dumping all the docker container startup configuration data
# so that we can have access to how they are started outside of heat
# and docker-cmd. This lets us create command line tools to test containers.
# FIXME do we need the docker-container-startup-configs.json or is the new per-step
# data consumed by paunch enough?
- name: Write docker-container-startup-configs
copy: content="{{docker_startup_configs | to_json}}" dest=/var/lib/docker-container-startup-configs.json force=yes mode=0600
- name: Write per-step docker-container-startup-configs
copy: content="{{item.value|to_json}}" dest="/var/lib/tripleo-config/docker-container-startup-config-{{item.key}}.json" force=yes mode=0600
with_dict: "{{docker_startup_configs}}"
- name: Create /var/lib/kolla/config_files directory
file: path=/var/lib/kolla/config_files state=directory
- name: Write kolla config json files
copy: content="{{item.value|to_json}}" dest="{{item.key}}" force=yes mode=0600
with_dict: "{{kolla_config}}"
########################################################
# Bootstrap tasks, only performed on bootstrap_server_id
########################################################
- name: Clean /var/lib/docker-puppet/docker-puppet-tasks*.json files
file:
path: "{{item}}"
state: absent
with_fileglob:
- /var/lib/docker-puppet/docker-puppet-tasks*.json
when: deploy_server_id == bootstrap_server_id
- name: Write docker-puppet-tasks json files
copy: content="{{item.value|to_json}}" dest=/var/lib/docker-puppet/docker-puppet-tasks{{item.key.replace("step_", "")}}.json force=yes mode=0600
with_dict: "{{docker_puppet_tasks}}"
when: deploy_server_id == bootstrap_server_id
ControllerHostPrepDeployment:
type: OS::Heat::SoftwareDeploymentGroup
properties:
servers: {get_param: [servers, Controller]}
config: {get_resource: ControllerHostPrepConfig}
# Prepare host tasks for Compute
ComputeArtifactsConfig:
type: ../puppet/deploy-artifacts.yaml
ComputeArtifactsDeploy:
type: OS::Heat::StructuredDeploymentGroup
properties:
servers: {get_param: [servers, Compute]}
config: {get_resource: ComputeArtifactsConfig}
ComputeHostPrepConfig:
type: OS::Heat::SoftwareConfig
properties:
group: ansible
options:
modulepath: /usr/share/ansible-modules
config:
str_replace:
template: _PLAYBOOK
params:
_PLAYBOOK:
- hosts: localhost
connection: local
vars:
puppet_config: {get_param: [role_data, Compute, puppet_config]}
docker_puppet_script: {get_file: ../docker/docker-puppet.py}
docker_puppet_tasks: {get_param: [role_data, Compute, docker_puppet_tasks]}
docker_startup_configs: {get_param: [role_data, Compute, docker_config]}
kolla_config: {get_param: [role_data, Compute, kolla_config]}
bootstrap_server_id: {get_param: [servers, Controller, '0']}
puppet_step_config: {get_param: [role_data, Compute, step_config]}
docker_config_scripts: {get_param: [role_data, Compute, docker_config_scripts]}
tasks:
# Join host_prep_tasks with the other per-host configuration
list_concat:
- {get_param: [role_data, Compute, host_prep_tasks]}
-
# Write the manifest for baremetal puppet configuration
- name: Create /var/lib/tripleo-config directory
file: path=/var/lib/tripleo-config state=directory
- name: Write the puppet step_config manifest
copy: content="{{puppet_step_config}}" dest=/var/lib/tripleo-config/puppet_step_config.pp force=yes mode=0600
# this creates a JSON config file for our docker-puppet.py script
- name: Create /var/lib/docker-puppet
file: path=/var/lib/docker-puppet state=directory
- name: Write docker-puppet-tasks json files
copy: content="{{puppet_config | to_json}}" dest=/var/lib/docker-puppet/docker-puppet.json force=yes mode=0600
# FIXME: can we move docker-puppet somewhere so it's installed via a package?
- name: Write docker-puppet.py
copy: content="{{docker_puppet_script}}" dest=/var/lib/docker-puppet/docker-puppet.py force=yes mode=0600
- name: Create /var/lib/docker-config-scripts
file: path=/var/lib/docker-config-scripts state=directory
- name: Write docker config scripts
copy: content="{{item.value.content}}" dest="/var/lib/docker-config-scripts/{{item.key}}" force=yes mode="{{item.value.mode|default('0600', true)}}"
with_dict: "{{docker_config_scripts}}"
# Here we are dumping all the docker container startup configuration data
# so that we can have access to how they are started outside of heat
# and docker-cmd. This lets us create command line tools to test containers.
# FIXME do we need the docker-container-startup-configs.json or is the new per-step
# data consumed by paunch enough?
- name: Write docker-container-startup-configs
copy: content="{{docker_startup_configs | to_json}}" dest=/var/lib/docker-container-startup-configs.json force=yes mode=0600
- name: Write per-step docker-container-startup-configs
copy: content="{{item.value|to_json}}" dest="/var/lib/tripleo-config/docker-container-startup-config-{{item.key}}.json" force=yes mode=0600
with_dict: "{{docker_startup_configs}}"
- name: Create /var/lib/kolla/config_files directory
file: path=/var/lib/kolla/config_files state=directory
- name: Write kolla config json files
copy: content="{{item.value|to_json}}" dest="{{item.key}}" force=yes mode=0600
with_dict: "{{kolla_config}}"
########################################################
# Bootstrap tasks, only performed on bootstrap_server_id
########################################################
- name: Clean /var/lib/docker-puppet/docker-puppet-tasks*.json files
file:
path: "{{item}}"
state: absent
with_fileglob:
- /var/lib/docker-puppet/docker-puppet-tasks*.json
when: deploy_server_id == bootstrap_server_id
- name: Write docker-puppet-tasks json files
copy: content="{{item.value|to_json}}" dest=/var/lib/docker-puppet/docker-puppet-tasks{{item.key.replace("step_", "")}}.json force=yes mode=0600
with_dict: "{{docker_puppet_tasks}}"
when: deploy_server_id == bootstrap_server_id
ComputeHostPrepDeployment:
type: OS::Heat::SoftwareDeploymentGroup
properties:
servers: {get_param: [servers, Compute]}
config: {get_resource: ComputeHostPrepConfig}
# Prepare host tasks for BlockStorage
BlockStorageArtifactsConfig:
type: ../puppet/deploy-artifacts.yaml
BlockStorageArtifactsDeploy:
type: OS::Heat::StructuredDeploymentGroup
properties:
servers: {get_param: [servers, BlockStorage]}
config: {get_resource: BlockStorageArtifactsConfig}
BlockStorageHostPrepConfig:
type: OS::Heat::SoftwareConfig
properties:
group: ansible
options:
modulepath: /usr/share/ansible-modules
config:
str_replace:
template: _PLAYBOOK
params:
_PLAYBOOK:
- hosts: localhost
connection: local
vars:
puppet_config: {get_param: [role_data, BlockStorage, puppet_config]}
docker_puppet_script: {get_file: ../docker/docker-puppet.py}
docker_puppet_tasks: {get_param: [role_data, BlockStorage, docker_puppet_tasks]}
docker_startup_configs: {get_param: [role_data, BlockStorage, docker_config]}
kolla_config: {get_param: [role_data, BlockStorage, kolla_config]}
bootstrap_server_id: {get_param: [servers, Controller, '0']}
puppet_step_config: {get_param: [role_data, BlockStorage, step_config]}
docker_config_scripts: {get_param: [role_data, BlockStorage, docker_config_scripts]}
tasks:
# Join host_prep_tasks with the other per-host configuration
list_concat:
- {get_param: [role_data, BlockStorage, host_prep_tasks]}
-
# Write the manifest for baremetal puppet configuration
- name: Create /var/lib/tripleo-config directory
file: path=/var/lib/tripleo-config state=directory
- name: Write the puppet step_config manifest
copy: content="{{puppet_step_config}}" dest=/var/lib/tripleo-config/puppet_step_config.pp force=yes mode=0600
# this creates a JSON config file for our docker-puppet.py script
- name: Create /var/lib/docker-puppet
file: path=/var/lib/docker-puppet state=directory
- name: Write docker-puppet-tasks json files
copy: content="{{puppet_config | to_json}}" dest=/var/lib/docker-puppet/docker-puppet.json force=yes mode=0600
# FIXME: can we move docker-puppet somewhere so it's installed via a package?
- name: Write docker-puppet.py
copy: content="{{docker_puppet_script}}" dest=/var/lib/docker-puppet/docker-puppet.py force=yes mode=0600
- name: Create /var/lib/docker-config-scripts
file: path=/var/lib/docker-config-scripts state=directory
- name: Write docker config scripts
copy: content="{{item.value.content}}" dest="/var/lib/docker-config-scripts/{{item.key}}" force=yes mode="{{item.value.mode|default('0600', true)}}"
with_dict: "{{docker_config_scripts}}"
# Here we are dumping all the docker container startup configuration data
# so that we can have access to how they are started outside of heat
# and docker-cmd. This lets us create command line tools to test containers.
# FIXME do we need the docker-container-startup-configs.json or is the new per-step
# data consumed by paunch enough?
- name: Write docker-container-startup-configs
copy: content="{{docker_startup_configs | to_json}}" dest=/var/lib/docker-container-startup-configs.json force=yes mode=0600
- name: Write per-step docker-container-startup-configs
copy: content="{{item.value|to_json}}" dest="/var/lib/tripleo-config/docker-container-startup-config-{{item.key}}.json" force=yes mode=0600
with_dict: "{{docker_startup_configs}}"
- name: Create /var/lib/kolla/config_files directory
file: path=/var/lib/kolla/config_files state=directory
- name: Write kolla config json files
copy: content="{{item.value|to_json}}" dest="{{item.key}}" force=yes mode=0600
with_dict: "{{kolla_config}}"
########################################################
# Bootstrap tasks, only performed on bootstrap_server_id
########################################################
- name: Clean /var/lib/docker-puppet/docker-puppet-tasks*.json files
file:
path: "{{item}}"
state: absent
with_fileglob:
- /var/lib/docker-puppet/docker-puppet-tasks*.json
when: deploy_server_id == bootstrap_server_id
- name: Write docker-puppet-tasks json files
copy: content="{{item.value|to_json}}" dest=/var/lib/docker-puppet/docker-puppet-tasks{{item.key.replace("step_", "")}}.json force=yes mode=0600
with_dict: "{{docker_puppet_tasks}}"
when: deploy_server_id == bootstrap_server_id
BlockStorageHostPrepDeployment:
type: OS::Heat::SoftwareDeploymentGroup
properties:
servers: {get_param: [servers, BlockStorage]}
config: {get_resource: BlockStorageHostPrepConfig}
# Prepare host tasks for ObjectStorage
ObjectStorageArtifactsConfig:
type: ../puppet/deploy-artifacts.yaml
ObjectStorageArtifactsDeploy:
type: OS::Heat::StructuredDeploymentGroup
properties:
servers: {get_param: [servers, ObjectStorage]}
config: {get_resource: ObjectStorageArtifactsConfig}
ObjectStorageHostPrepConfig:
type: OS::Heat::SoftwareConfig
properties:
group: ansible
options:
modulepath: /usr/share/ansible-modules
config:
str_replace:
template: _PLAYBOOK
params:
_PLAYBOOK:
- hosts: localhost
connection: local
vars:
puppet_config: {get_param: [role_data, ObjectStorage, puppet_config]}
docker_puppet_script: {get_file: ../docker/docker-puppet.py}
docker_puppet_tasks: {get_param: [role_data, ObjectStorage, docker_puppet_tasks]}
docker_startup_configs: {get_param: [role_data, ObjectStorage, docker_config]}
kolla_config: {get_param: [role_data, ObjectStorage, kolla_config]}
bootstrap_server_id: {get_param: [servers, Controller, '0']}
puppet_step_config: {get_param: [role_data, ObjectStorage, step_config]}
docker_config_scripts: {get_param: [role_data, ObjectStorage, docker_config_scripts]}
tasks:
# Join host_prep_tasks with the other per-host configuration
list_concat:
- {get_param: [role_data, ObjectStorage, host_prep_tasks]}
-
# Write the manifest for baremetal puppet configuration
- name: Create /var/lib/tripleo-config directory
file: path=/var/lib/tripleo-config state=directory
- name: Write the puppet step_config manifest
copy: content="{{puppet_step_config}}" dest=/var/lib/tripleo-config/puppet_step_config.pp force=yes mode=0600
# this creates a JSON config file for our docker-puppet.py script
- name: Create /var/lib/docker-puppet
file: path=/var/lib/docker-puppet state=directory
- name: Write docker-puppet-tasks json files
copy: content="{{puppet_config | to_json}}" dest=/var/lib/docker-puppet/docker-puppet.json force=yes mode=0600
# FIXME: can we move docker-puppet somewhere so it's installed via a package?
- name: Write docker-puppet.py
copy: content="{{docker_puppet_script}}" dest=/var/lib/docker-puppet/docker-puppet.py force=yes mode=0600
- name: Create /var/lib/docker-config-scripts
file: path=/var/lib/docker-config-scripts state=directory
- name: Write docker config scripts
copy: content="{{item.value.content}}" dest="/var/lib/docker-config-scripts/{{item.key}}" force=yes mode="{{item.value.mode|default('0600', true)}}"
with_dict: "{{docker_config_scripts}}"
# Here we are dumping all the docker container startup configuration data
# so that we can have access to how they are started outside of heat
# and docker-cmd. This lets us create command line tools to test containers.
# FIXME do we need the docker-container-startup-configs.json or is the new per-step
# data consumed by paunch enough?
- name: Write docker-container-startup-configs
copy: content="{{docker_startup_configs | to_json}}" dest=/var/lib/docker-container-startup-configs.json force=yes mode=0600
- name: Write per-step docker-container-startup-configs
copy: content="{{item.value|to_json}}" dest="/var/lib/tripleo-config/docker-container-startup-config-{{item.key}}.json" force=yes mode=0600
with_dict: "{{docker_startup_configs}}"
- name: Create /var/lib/kolla/config_files directory
file: path=/var/lib/kolla/config_files state=directory
- name: Write kolla config json files
copy: content="{{item.value|to_json}}" dest="{{item.key}}" force=yes mode=0600
with_dict: "{{kolla_config}}"
########################################################
# Bootstrap tasks, only performed on bootstrap_server_id
########################################################
- name: Clean /var/lib/docker-puppet/docker-puppet-tasks*.json files
file:
path: "{{item}}"
state: absent
with_fileglob:
- /var/lib/docker-puppet/docker-puppet-tasks*.json
when: deploy_server_id == bootstrap_server_id
- name: Write docker-puppet-tasks json files
copy: content="{{item.value|to_json}}" dest=/var/lib/docker-puppet/docker-puppet-tasks{{item.key.replace("step_", "")}}.json force=yes mode=0600
with_dict: "{{docker_puppet_tasks}}"
when: deploy_server_id == bootstrap_server_id
ObjectStorageHostPrepDeployment:
type: OS::Heat::SoftwareDeploymentGroup
properties:
servers: {get_param: [servers, ObjectStorage]}
config: {get_resource: ObjectStorageHostPrepConfig}
# Prepare host tasks for CephStorage
CephStorageArtifactsConfig:
type: ../puppet/deploy-artifacts.yaml
CephStorageArtifactsDeploy:
type: OS::Heat::StructuredDeploymentGroup
properties:
servers: {get_param: [servers, CephStorage]}
config: {get_resource: CephStorageArtifactsConfig}
CephStorageHostPrepConfig:
type: OS::Heat::SoftwareConfig
properties:
group: ansible
options:
modulepath: /usr/share/ansible-modules
config:
str_replace:
template: _PLAYBOOK
params:
_PLAYBOOK:
- hosts: localhost
connection: local
vars:
puppet_config: {get_param: [role_data, CephStorage, puppet_config]}
docker_puppet_script: {get_file: ../docker/docker-puppet.py}
docker_puppet_tasks: {get_param: [role_data, CephStorage, docker_puppet_tasks]}
docker_startup_configs: {get_param: [role_data, CephStorage, docker_config]}
kolla_config: {get_param: [role_data, CephStorage, kolla_config]}
bootstrap_server_id: {get_param: [servers, Controller, '0']}
puppet_step_config: {get_param: [role_data, CephStorage, step_config]}
docker_config_scripts: {get_param: [role_data, CephStorage, docker_config_scripts]}
tasks:
# Join host_prep_tasks with the other per-host configuration
list_concat:
- {get_param: [role_data, CephStorage, host_prep_tasks]}
-
# Write the manifest for baremetal puppet configuration
- name: Create /var/lib/tripleo-config directory
file: path=/var/lib/tripleo-config state=directory
- name: Write the puppet step_config manifest
copy: content="{{puppet_step_config}}" dest=/var/lib/tripleo-config/puppet_step_config.pp force=yes mode=0600
# this creates a JSON config file for our docker-puppet.py script
- name: Create /var/lib/docker-puppet
file: path=/var/lib/docker-puppet state=directory
- name: Write docker-puppet-tasks json files
copy: content="{{puppet_config | to_json}}" dest=/var/lib/docker-puppet/docker-puppet.json force=yes mode=0600
# FIXME: can we move docker-puppet somewhere so it's installed via a package?
- name: Write docker-puppet.py
copy: content="{{docker_puppet_script}}" dest=/var/lib/docker-puppet/docker-puppet.py force=yes mode=0600
- name: Create /var/lib/docker-config-scripts
file: path=/var/lib/docker-config-scripts state=directory
- name: Write docker config scripts
copy: content="{{item.value.content}}" dest="/var/lib/docker-config-scripts/{{item.key}}" force=yes mode="{{item.value.mode|default('0600', true)}}"
with_dict: "{{docker_config_scripts}}"
# Here we are dumping all the docker container startup configuration data
# so that we can have access to how they are started outside of heat
# and docker-cmd. This lets us create command line tools to test containers.
# FIXME do we need the docker-container-startup-configs.json or is the new per-step
# data consumed by paunch enough?
- name: Write docker-container-startup-configs
copy: content="{{docker_startup_configs | to_json}}" dest=/var/lib/docker-container-startup-configs.json force=yes mode=0600
- name: Write per-step docker-container-startup-configs
copy: content="{{item.value|to_json}}" dest="/var/lib/tripleo-config/docker-container-startup-config-{{item.key}}.json" force=yes mode=0600
with_dict: "{{docker_startup_configs}}"
- name: Create /var/lib/kolla/config_files directory
file: path=/var/lib/kolla/config_files state=directory
- name: Write kolla config json files
copy: content="{{item.value|to_json}}" dest="{{item.key}}" force=yes mode=0600
with_dict: "{{kolla_config}}"
########################################################
# Bootstrap tasks, only performed on bootstrap_server_id
########################################################
- name: Clean /var/lib/docker-puppet/docker-puppet-tasks*.json files
file:
path: "{{item}}"
state: absent
with_fileglob:
- /var/lib/docker-puppet/docker-puppet-tasks*.json
when: deploy_server_id == bootstrap_server_id
- name: Write docker-puppet-tasks json files
copy: content="{{item.value|to_json}}" dest=/var/lib/docker-puppet/docker-puppet-tasks{{item.key.replace("step_", "")}}.json force=yes mode=0600
with_dict: "{{docker_puppet_tasks}}"
when: deploy_server_id == bootstrap_server_id
CephStorageHostPrepDeployment:
type: OS::Heat::SoftwareDeploymentGroup
properties:
servers: {get_param: [servers, CephStorage]}
config: {get_resource: CephStorageHostPrepConfig}
# BEGIN CONFIG STEPS, only on enabled_roles
ControllerPreConfig:
type: OS::TripleO::Tasks::ControllerPreConfig
depends_on: ControllerHostPrepDeployment
properties:
servers: {get_param: [servers, Controller]}
input_values:
update_identifier: {get_param: DeployIdentifier}
# Deployment steps for Controller
# A single config is re-applied with an incrementing step number
ControllerDeployment_Step1:
type: OS::TripleO::DeploymentSteps
depends_on:
- WorkflowTasks_Step1_Execution
# TODO(gfidente): the following if/else condition
# replicates what is already defined for the
# WorkflowTasks_StepX resource and can be remove
# if https://bugs.launchpad.net/heat/+bug/1700569
# is fixed.
- ControllerPreConfig
- ControllerArtifactsDeploy
- ComputePreConfig
- ComputeArtifactsDeploy
- BlockStoragePreConfig
- BlockStorageArtifactsDeploy
- ObjectStoragePreConfig
- ObjectStorageArtifactsDeploy
- CephStoragePreConfig
- CephStorageArtifactsDeploy
properties:
name: ControllerDeployment_Step1
servers: {get_param: [servers, Controller]}
config: {get_resource: RoleConfig}
input_values:
step: 1
role_name: Controller
update_identifier: {get_param: DeployIdentifier}
bootstrap_server_id: {get_param: [servers, Controller, '0']}
enable_debug: {get_param: ConfigDebug}
docker_puppet_debug: {get_param: DockerPuppetDebug}
docker_puppet_process_count: {get_param: DockerPuppetProcessCount}
ControllerDeployment_Step2:
type: OS::TripleO::DeploymentSteps
depends_on:
- WorkflowTasks_Step2_Execution
# TODO(gfidente): the following if/else condition
# replicates what is already defined for the
# WorkflowTasks_StepX resource and can be remove
# if https://bugs.launchpad.net/heat/+bug/1700569
# is fixed.
- ControllerDeployment_Step1
- ComputeDeployment_Step1
- BlockStorageDeployment_Step1
- ObjectStorageDeployment_Step1
- CephStorageDeployment_Step1
properties:
name: ControllerDeployment_Step2
servers: {get_param: [servers, Controller]}
config: {get_resource: RoleConfig}
input_values:
step: 2
role_name: Controller
update_identifier: {get_param: DeployIdentifier}
bootstrap_server_id: {get_param: [servers, Controller, '0']}
enable_debug: {get_param: ConfigDebug}
docker_puppet_debug: {get_param: DockerPuppetDebug}
docker_puppet_process_count: {get_param: DockerPuppetProcessCount}
ControllerDeployment_Step3:
type: OS::TripleO::DeploymentSteps
depends_on:
- WorkflowTasks_Step3_Execution
# TODO(gfidente): the following if/else condition
# replicates what is already defined for the
# WorkflowTasks_StepX resource and can be remove
# if https://bugs.launchpad.net/heat/+bug/1700569
# is fixed.
- ControllerDeployment_Step2
- ComputeDeployment_Step2
- BlockStorageDeployment_Step2
- ObjectStorageDeployment_Step2
- CephStorageDeployment_Step2
properties:
name: ControllerDeployment_Step3
servers: {get_param: [servers, Controller]}
config: {get_resource: RoleConfig}
input_values:
step: 3
role_name: Controller
update_identifier: {get_param: DeployIdentifier}
bootstrap_server_id: {get_param: [servers, Controller, '0']}
enable_debug: {get_param: ConfigDebug}
docker_puppet_debug: {get_param: DockerPuppetDebug}
docker_puppet_process_count: {get_param: DockerPuppetProcessCount}
ControllerDeployment_Step4:
type: OS::TripleO::DeploymentSteps
depends_on:
- WorkflowTasks_Step4_Execution
# TODO(gfidente): the following if/else condition
# replicates what is already defined for the
# WorkflowTasks_StepX resource and can be remove
# if https://bugs.launchpad.net/heat/+bug/1700569
# is fixed.
- ControllerDeployment_Step3
- ComputeDeployment_Step3
- BlockStorageDeployment_Step3
- ObjectStorageDeployment_Step3
- CephStorageDeployment_Step3
properties:
name: ControllerDeployment_Step4
servers: {get_param: [servers, Controller]}
config: {get_resource: RoleConfig}
input_values:
step: 4
role_name: Controller
update_identifier: {get_param: DeployIdentifier}
bootstrap_server_id: {get_param: [servers, Controller, '0']}
enable_debug: {get_param: ConfigDebug}
docker_puppet_debug: {get_param: DockerPuppetDebug}
docker_puppet_process_count: {get_param: DockerPuppetProcessCount}
ControllerDeployment_Step5:
type: OS::TripleO::DeploymentSteps
depends_on:
- WorkflowTasks_Step5_Execution
# TODO(gfidente): the following if/else condition
# replicates what is already defined for the
# WorkflowTasks_StepX resource and can be remove
# if https://bugs.launchpad.net/heat/+bug/1700569
# is fixed.
- ControllerDeployment_Step4
- ComputeDeployment_Step4
- BlockStorageDeployment_Step4
- ObjectStorageDeployment_Step4
- CephStorageDeployment_Step4
properties:
name: ControllerDeployment_Step5
servers: {get_param: [servers, Controller]}
config: {get_resource: RoleConfig}
input_values:
step: 5
role_name: Controller
update_identifier: {get_param: DeployIdentifier}
bootstrap_server_id: {get_param: [servers, Controller, '0']}
enable_debug: {get_param: ConfigDebug}
docker_puppet_debug: {get_param: DockerPuppetDebug}
docker_puppet_process_count: {get_param: DockerPuppetProcessCount}
# END CONFIG STEPS
# Note, this should be the last step to execute configuration changes.
# Ensure that all ControllerExtraConfigPost steps are executed
# after all the previous deployment steps.
ControllerExtraConfigPost:
depends_on:
- ControllerDeployment_Step5
- ComputeDeployment_Step5
- BlockStorageDeployment_Step5
- ObjectStorageDeployment_Step5
- CephStorageDeployment_Step5
type: OS::TripleO::NodeExtraConfigPost
properties:
servers: {get_param: [servers, Controller]}
# The ControllerPostConfig steps are in charge of
# quiescing all services, i.e. in the Controller case,
# we should run a full service reload.
ControllerPostConfig:
type: OS::TripleO::Tasks::ControllerPostConfig
depends_on:
- ControllerExtraConfigPost
- ComputeExtraConfigPost
- BlockStorageExtraConfigPost
- ObjectStorageExtraConfigPost
- CephStorageExtraConfigPost
properties:
servers: {get_param: servers}
input_values:
update_identifier: {get_param: DeployIdentifier}
ComputePreConfig:
type: OS::TripleO::Tasks::ComputePreConfig
depends_on: ComputeHostPrepDeployment
properties:
servers: {get_param: [servers, Compute]}
input_values:
update_identifier: {get_param: DeployIdentifier}
# Deployment steps for Compute
# A single config is re-applied with an incrementing step number
ComputeDeployment_Step1:
type: OS::TripleO::DeploymentSteps
depends_on:
- WorkflowTasks_Step1_Execution
# TODO(gfidente): the following if/else condition
# replicates what is already defined for the
# WorkflowTasks_StepX resource and can be remove
# if https://bugs.launchpad.net/heat/+bug/1700569
# is fixed.
- ControllerPreConfig
- ControllerArtifactsDeploy
- ComputePreConfig
- ComputeArtifactsDeploy
- BlockStoragePreConfig
- BlockStorageArtifactsDeploy
- ObjectStoragePreConfig
- ObjectStorageArtifactsDeploy
- CephStoragePreConfig
- CephStorageArtifactsDeploy
properties:
name: ComputeDeployment_Step1
servers: {get_param: [servers, Compute]}
config: {get_resource: RoleConfig}
input_values:
step: 1
role_name: Compute
update_identifier: {get_param: DeployIdentifier}
bootstrap_server_id: {get_param: [servers, Controller, '0']}
enable_debug: {get_param: ConfigDebug}
docker_puppet_debug: {get_param: DockerPuppetDebug}
docker_puppet_process_count: {get_param: DockerPuppetProcessCount}
ComputeDeployment_Step2:
type: OS::TripleO::DeploymentSteps
depends_on:
- WorkflowTasks_Step2_Execution
# TODO(gfidente): the following if/else condition
# replicates what is already defined for the
# WorkflowTasks_StepX resource and can be remove
# if https://bugs.launchpad.net/heat/+bug/1700569
# is fixed.
- ControllerDeployment_Step1
- ComputeDeployment_Step1
- BlockStorageDeployment_Step1
- ObjectStorageDeployment_Step1
- CephStorageDeployment_Step1
properties:
name: ComputeDeployment_Step2
servers: {get_param: [servers, Compute]}
config: {get_resource: RoleConfig}
input_values:
step: 2
role_name: Compute
update_identifier: {get_param: DeployIdentifier}
bootstrap_server_id: {get_param: [servers, Controller, '0']}
enable_debug: {get_param: ConfigDebug}
docker_puppet_debug: {get_param: DockerPuppetDebug}
docker_puppet_process_count: {get_param: DockerPuppetProcessCount}
ComputeDeployment_Step3:
type: OS::TripleO::DeploymentSteps
depends_on:
- WorkflowTasks_Step3_Execution
# TODO(gfidente): the following if/else condition
# replicates what is already defined for the
# WorkflowTasks_StepX resource and can be remove
# if https://bugs.launchpad.net/heat/+bug/1700569
# is fixed.
- ControllerDeployment_Step2
- ComputeDeployment_Step2
- BlockStorageDeployment_Step2
- ObjectStorageDeployment_Step2
- CephStorageDeployment_Step2
properties:
name: ComputeDeployment_Step3
servers: {get_param: [servers, Compute]}
config: {get_resource: RoleConfig}
input_values:
step: 3
role_name: Compute
update_identifier: {get_param: DeployIdentifier}
bootstrap_server_id: {get_param: [servers, Controller, '0']}
enable_debug: {get_param: ConfigDebug}
docker_puppet_debug: {get_param: DockerPuppetDebug}
docker_puppet_process_count: {get_param: DockerPuppetProcessCount}
ComputeDeployment_Step4:
type: OS::TripleO::DeploymentSteps
depends_on:
- WorkflowTasks_Step4_Execution
# TODO(gfidente): the following if/else condition
# replicates what is already defined for the
# WorkflowTasks_StepX resource and can be remove
# if https://bugs.launchpad.net/heat/+bug/1700569
# is fixed.
- ControllerDeployment_Step3
- ComputeDeployment_Step3
- BlockStorageDeployment_Step3
- ObjectStorageDeployment_Step3
- CephStorageDeployment_Step3
properties:
name: ComputeDeployment_Step4
servers: {get_param: [servers, Compute]}
config: {get_resource: RoleConfig}
input_values:
step: 4
role_name: Compute
update_identifier: {get_param: DeployIdentifier}
bootstrap_server_id: {get_param: [servers, Controller, '0']}
enable_debug: {get_param: ConfigDebug}
docker_puppet_debug: {get_param: DockerPuppetDebug}
docker_puppet_process_count: {get_param: DockerPuppetProcessCount}
ComputeDeployment_Step5:
type: OS::TripleO::DeploymentSteps
depends_on:
- WorkflowTasks_Step5_Execution
# TODO(gfidente): the following if/else condition
# replicates what is already defined for the
# WorkflowTasks_StepX resource and can be remove
# if https://bugs.launchpad.net/heat/+bug/1700569
# is fixed.
- ControllerDeployment_Step4
- ComputeDeployment_Step4
- BlockStorageDeployment_Step4
- ObjectStorageDeployment_Step4
- CephStorageDeployment_Step4
properties:
name: ComputeDeployment_Step5
servers: {get_param: [servers, Compute]}
config: {get_resource: RoleConfig}
input_values:
step: 5
role_name: Compute
update_identifier: {get_param: DeployIdentifier}
bootstrap_server_id: {get_param: [servers, Controller, '0']}
enable_debug: {get_param: ConfigDebug}
docker_puppet_debug: {get_param: DockerPuppetDebug}
docker_puppet_process_count: {get_param: DockerPuppetProcessCount}
# END CONFIG STEPS
# Note, this should be the last step to execute configuration changes.
# Ensure that all ComputeExtraConfigPost steps are executed
# after all the previous deployment steps.
ComputeExtraConfigPost:
depends_on:
- ControllerDeployment_Step5
- ComputeDeployment_Step5
- BlockStorageDeployment_Step5
- ObjectStorageDeployment_Step5
- CephStorageDeployment_Step5
type: OS::TripleO::NodeExtraConfigPost
properties:
servers: {get_param: [servers, Compute]}
# The ComputePostConfig steps are in charge of
# quiescing all services, i.e. in the Controller case,
# we should run a full service reload.
ComputePostConfig:
type: OS::TripleO::Tasks::ComputePostConfig
depends_on:
- ControllerExtraConfigPost
- ComputeExtraConfigPost
- BlockStorageExtraConfigPost
- ObjectStorageExtraConfigPost
- CephStorageExtraConfigPost
properties:
servers: {get_param: servers}
input_values:
update_identifier: {get_param: DeployIdentifier}
BlockStoragePreConfig:
type: OS::TripleO::Tasks::BlockStoragePreConfig
depends_on: BlockStorageHostPrepDeployment
properties:
servers: {get_param: [servers, BlockStorage]}
input_values:
update_identifier: {get_param: DeployIdentifier}
# Deployment steps for BlockStorage
# A single config is re-applied with an incrementing step number
BlockStorageDeployment_Step1:
type: OS::TripleO::DeploymentSteps
depends_on:
- WorkflowTasks_Step1_Execution
# TODO(gfidente): the following if/else condition
# replicates what is already defined for the
# WorkflowTasks_StepX resource and can be remove
# if https://bugs.launchpad.net/heat/+bug/1700569
# is fixed.
- ControllerPreConfig
- ControllerArtifactsDeploy
- ComputePreConfig
- ComputeArtifactsDeploy
- BlockStoragePreConfig
- BlockStorageArtifactsDeploy
- ObjectStoragePreConfig
- ObjectStorageArtifactsDeploy
- CephStoragePreConfig
- CephStorageArtifactsDeploy
properties:
name: BlockStorageDeployment_Step1
servers: {get_param: [servers, BlockStorage]}
config: {get_resource: RoleConfig}
input_values:
step: 1
role_name: BlockStorage
update_identifier: {get_param: DeployIdentifier}
bootstrap_server_id: {get_param: [servers, Controller, '0']}
enable_debug: {get_param: ConfigDebug}
docker_puppet_debug: {get_param: DockerPuppetDebug}
docker_puppet_process_count: {get_param: DockerPuppetProcessCount}
BlockStorageDeployment_Step2:
type: OS::TripleO::DeploymentSteps
depends_on:
- WorkflowTasks_Step2_Execution
# TODO(gfidente): the following if/else condition
# replicates what is already defined for the
# WorkflowTasks_StepX resource and can be remove
# if https://bugs.launchpad.net/heat/+bug/1700569
# is fixed.
- ControllerDeployment_Step1
- ComputeDeployment_Step1
- BlockStorageDeployment_Step1
- ObjectStorageDeployment_Step1
- CephStorageDeployment_Step1
properties:
name: BlockStorageDeployment_Step2
servers: {get_param: [servers, BlockStorage]}
config: {get_resource: RoleConfig}
input_values:
step: 2
role_name: BlockStorage
update_identifier: {get_param: DeployIdentifier}
bootstrap_server_id: {get_param: [servers, Controller, '0']}
enable_debug: {get_param: ConfigDebug}
docker_puppet_debug: {get_param: DockerPuppetDebug}
docker_puppet_process_count: {get_param: DockerPuppetProcessCount}
BlockStorageDeployment_Step3:
type: OS::TripleO::DeploymentSteps
depends_on:
- WorkflowTasks_Step3_Execution
# TODO(gfidente): the following if/else condition
# replicates what is already defined for the
# WorkflowTasks_StepX resource and can be remove
# if https://bugs.launchpad.net/heat/+bug/1700569
# is fixed.
- ControllerDeployment_Step2
- ComputeDeployment_Step2
- BlockStorageDeployment_Step2
- ObjectStorageDeployment_Step2
- CephStorageDeployment_Step2
properties:
name: BlockStorageDeployment_Step3
servers: {get_param: [servers, BlockStorage]}
config: {get_resource: RoleConfig}
input_values:
step: 3
role_name: BlockStorage
update_identifier: {get_param: DeployIdentifier}
bootstrap_server_id: {get_param: [servers, Controller, '0']}
enable_debug: {get_param: ConfigDebug}
docker_puppet_debug: {get_param: DockerPuppetDebug}
docker_puppet_process_count: {get_param: DockerPuppetProcessCount}
BlockStorageDeployment_Step4:
type: OS::TripleO::DeploymentSteps
depends_on:
- WorkflowTasks_Step4_Execution
# TODO(gfidente): the following if/else condition
# replicates what is already defined for the
# WorkflowTasks_StepX resource and can be remove
# if https://bugs.launchpad.net/heat/+bug/1700569
# is fixed.
- ControllerDeployment_Step3
- ComputeDeployment_Step3
- BlockStorageDeployment_Step3
- ObjectStorageDeployment_Step3
- CephStorageDeployment_Step3
properties:
name: BlockStorageDeployment_Step4
servers: {get_param: [servers, BlockStorage]}
config: {get_resource: RoleConfig}
input_values:
step: 4
role_name: BlockStorage
update_identifier: {get_param: DeployIdentifier}
bootstrap_server_id: {get_param: [servers, Controller, '0']}
enable_debug: {get_param: ConfigDebug}
docker_puppet_debug: {get_param: DockerPuppetDebug}
docker_puppet_process_count: {get_param: DockerPuppetProcessCount}
BlockStorageDeployment_Step5:
type: OS::TripleO::DeploymentSteps
depends_on:
- WorkflowTasks_Step5_Execution
# TODO(gfidente): the following if/else condition
# replicates what is already defined for the
# WorkflowTasks_StepX resource and can be remove
# if https://bugs.launchpad.net/heat/+bug/1700569
# is fixed.
- ControllerDeployment_Step4
- ComputeDeployment_Step4
- BlockStorageDeployment_Step4
- ObjectStorageDeployment_Step4
- CephStorageDeployment_Step4
properties:
name: BlockStorageDeployment_Step5
servers: {get_param: [servers, BlockStorage]}
config: {get_resource: RoleConfig}
input_values:
step: 5
role_name: BlockStorage
update_identifier: {get_param: DeployIdentifier}
bootstrap_server_id: {get_param: [servers, Controller, '0']}
enable_debug: {get_param: ConfigDebug}
docker_puppet_debug: {get_param: DockerPuppetDebug}
docker_puppet_process_count: {get_param: DockerPuppetProcessCount}
# END CONFIG STEPS
# Note, this should be the last step to execute configuration changes.
# Ensure that all BlockStorageExtraConfigPost steps are executed
# after all the previous deployment steps.
BlockStorageExtraConfigPost:
depends_on:
- ControllerDeployment_Step5
- ComputeDeployment_Step5
- BlockStorageDeployment_Step5
- ObjectStorageDeployment_Step5
- CephStorageDeployment_Step5
type: OS::TripleO::NodeExtraConfigPost
properties:
servers: {get_param: [servers, BlockStorage]}
# The BlockStoragePostConfig steps are in charge of
# quiescing all services, i.e. in the Controller case,
# we should run a full service reload.
BlockStoragePostConfig:
type: OS::TripleO::Tasks::BlockStoragePostConfig
depends_on:
- ControllerExtraConfigPost
- ComputeExtraConfigPost
- BlockStorageExtraConfigPost
- ObjectStorageExtraConfigPost
- CephStorageExtraConfigPost
properties:
servers: {get_param: servers}
input_values:
update_identifier: {get_param: DeployIdentifier}
ObjectStoragePreConfig:
type: OS::TripleO::Tasks::ObjectStoragePreConfig
depends_on: ObjectStorageHostPrepDeployment
properties:
servers: {get_param: [servers, ObjectStorage]}
input_values:
update_identifier: {get_param: DeployIdentifier}
# Deployment steps for ObjectStorage
# A single config is re-applied with an incrementing step number
ObjectStorageDeployment_Step1:
type: OS::TripleO::DeploymentSteps
depends_on:
- WorkflowTasks_Step1_Execution
# TODO(gfidente): the following if/else condition
# replicates what is already defined for the
# WorkflowTasks_StepX resource and can be remove
# if https://bugs.launchpad.net/heat/+bug/1700569
# is fixed.
- ControllerPreConfig
- ControllerArtifactsDeploy
- ComputePreConfig
- ComputeArtifactsDeploy
- BlockStoragePreConfig
- BlockStorageArtifactsDeploy
- ObjectStoragePreConfig
- ObjectStorageArtifactsDeploy
- CephStoragePreConfig
- CephStorageArtifactsDeploy
properties:
name: ObjectStorageDeployment_Step1
servers: {get_param: [servers, ObjectStorage]}
config: {get_resource: RoleConfig}
input_values:
step: 1
role_name: ObjectStorage
update_identifier: {get_param: DeployIdentifier}
bootstrap_server_id: {get_param: [servers, Controller, '0']}
enable_debug: {get_param: ConfigDebug}
docker_puppet_debug: {get_param: DockerPuppetDebug}
docker_puppet_process_count: {get_param: DockerPuppetProcessCount}
ObjectStorageDeployment_Step2:
type: OS::TripleO::DeploymentSteps
depends_on:
- WorkflowTasks_Step2_Execution
# TODO(gfidente): the following if/else condition
# replicates what is already defined for the
# WorkflowTasks_StepX resource and can be remove
# if https://bugs.launchpad.net/heat/+bug/1700569
# is fixed.
- ControllerDeployment_Step1
- ComputeDeployment_Step1
- BlockStorageDeployment_Step1
- ObjectStorageDeployment_Step1
- CephStorageDeployment_Step1
properties:
name: ObjectStorageDeployment_Step2
servers: {get_param: [servers, ObjectStorage]}
config: {get_resource: RoleConfig}
input_values:
step: 2
role_name: ObjectStorage
update_identifier: {get_param: DeployIdentifier}
bootstrap_server_id: {get_param: [servers, Controller, '0']}
enable_debug: {get_param: ConfigDebug}
docker_puppet_debug: {get_param: DockerPuppetDebug}
docker_puppet_process_count: {get_param: DockerPuppetProcessCount}
ObjectStorageDeployment_Step3:
type: OS::TripleO::DeploymentSteps
depends_on:
- WorkflowTasks_Step3_Execution
# TODO(gfidente): the following if/else condition
# replicates what is already defined for the
# WorkflowTasks_StepX resource and can be remove
# if https://bugs.launchpad.net/heat/+bug/1700569
# is fixed.
- ControllerDeployment_Step2
- ComputeDeployment_Step2
- BlockStorageDeployment_Step2
- ObjectStorageDeployment_Step2
- CephStorageDeployment_Step2
properties:
name: ObjectStorageDeployment_Step3
servers: {get_param: [servers, ObjectStorage]}
config: {get_resource: RoleConfig}
input_values:
step: 3
role_name: ObjectStorage
update_identifier: {get_param: DeployIdentifier}
bootstrap_server_id: {get_param: [servers, Controller, '0']}
enable_debug: {get_param: ConfigDebug}
docker_puppet_debug: {get_param: DockerPuppetDebug}
docker_puppet_process_count: {get_param: DockerPuppetProcessCount}
ObjectStorageDeployment_Step4:
type: OS::TripleO::DeploymentSteps
depends_on:
- WorkflowTasks_Step4_Execution
# TODO(gfidente): the following if/else condition
# replicates what is already defined for the
# WorkflowTasks_StepX resource and can be remove
# if https://bugs.launchpad.net/heat/+bug/1700569
# is fixed.
- ControllerDeployment_Step3
- ComputeDeployment_Step3
- BlockStorageDeployment_Step3
- ObjectStorageDeployment_Step3
- CephStorageDeployment_Step3
properties:
name: ObjectStorageDeployment_Step4
servers: {get_param: [servers, ObjectStorage]}
config: {get_resource: RoleConfig}
input_values:
step: 4
role_name: ObjectStorage
update_identifier: {get_param: DeployIdentifier}
bootstrap_server_id: {get_param: [servers, Controller, '0']}
enable_debug: {get_param: ConfigDebug}
docker_puppet_debug: {get_param: DockerPuppetDebug}
docker_puppet_process_count: {get_param: DockerPuppetProcessCount}
ObjectStorageDeployment_Step5:
type: OS::TripleO::DeploymentSteps
depends_on:
- WorkflowTasks_Step5_Execution
# TODO(gfidente): the following if/else condition
# replicates what is already defined for the
# WorkflowTasks_StepX resource and can be remove
# if https://bugs.launchpad.net/heat/+bug/1700569
# is fixed.
- ControllerDeployment_Step4
- ComputeDeployment_Step4
- BlockStorageDeployment_Step4
- ObjectStorageDeployment_Step4
- CephStorageDeployment_Step4
properties:
name: ObjectStorageDeployment_Step5
servers: {get_param: [servers, ObjectStorage]}
config: {get_resource: RoleConfig}
input_values:
step: 5
role_name: ObjectStorage
update_identifier: {get_param: DeployIdentifier}
bootstrap_server_id: {get_param: [servers, Controller, '0']}
enable_debug: {get_param: ConfigDebug}
docker_puppet_debug: {get_param: DockerPuppetDebug}
docker_puppet_process_count: {get_param: DockerPuppetProcessCount}
# END CONFIG STEPS
# Note, this should be the last step to execute configuration changes.
# Ensure that all ObjectStorageExtraConfigPost steps are executed
# after all the previous deployment steps.
ObjectStorageExtraConfigPost:
depends_on:
- ControllerDeployment_Step5
- ComputeDeployment_Step5
- BlockStorageDeployment_Step5
- ObjectStorageDeployment_Step5
- CephStorageDeployment_Step5
type: OS::TripleO::NodeExtraConfigPost
properties:
servers: {get_param: [servers, ObjectStorage]}
# The ObjectStoragePostConfig steps are in charge of
# quiescing all services, i.e. in the Controller case,
# we should run a full service reload.
ObjectStoragePostConfig:
type: OS::TripleO::Tasks::ObjectStoragePostConfig
depends_on:
- ControllerExtraConfigPost
- ComputeExtraConfigPost
- BlockStorageExtraConfigPost
- ObjectStorageExtraConfigPost
- CephStorageExtraConfigPost
properties:
servers: {get_param: servers}
input_values:
update_identifier: {get_param: DeployIdentifier}
CephStoragePreConfig:
type: OS::TripleO::Tasks::CephStoragePreConfig
depends_on: CephStorageHostPrepDeployment
properties:
servers: {get_param: [servers, CephStorage]}
input_values:
update_identifier: {get_param: DeployIdentifier}
# Deployment steps for CephStorage
# A single config is re-applied with an incrementing step number
CephStorageDeployment_Step1:
type: OS::TripleO::DeploymentSteps
depends_on:
- WorkflowTasks_Step1_Execution
# TODO(gfidente): the following if/else condition
# replicates what is already defined for the
# WorkflowTasks_StepX resource and can be remove
# if https://bugs.launchpad.net/heat/+bug/1700569
# is fixed.
- ControllerPreConfig
- ControllerArtifactsDeploy
- ComputePreConfig
- ComputeArtifactsDeploy
- BlockStoragePreConfig
- BlockStorageArtifactsDeploy
- ObjectStoragePreConfig
- ObjectStorageArtifactsDeploy
- CephStoragePreConfig
- CephStorageArtifactsDeploy
properties:
name: CephStorageDeployment_Step1
servers: {get_param: [servers, CephStorage]}
config: {get_resource: RoleConfig}
input_values:
step: 1
role_name: CephStorage
update_identifier: {get_param: DeployIdentifier}
bootstrap_server_id: {get_param: [servers, Controller, '0']}
enable_debug: {get_param: ConfigDebug}
docker_puppet_debug: {get_param: DockerPuppetDebug}
docker_puppet_process_count: {get_param: DockerPuppetProcessCount}
CephStorageDeployment_Step2:
type: OS::TripleO::DeploymentSteps
depends_on:
- WorkflowTasks_Step2_Execution
# TODO(gfidente): the following if/else condition
# replicates what is already defined for the
# WorkflowTasks_StepX resource and can be remove
# if https://bugs.launchpad.net/heat/+bug/1700569
# is fixed.
- ControllerDeployment_Step1
- ComputeDeployment_Step1
- BlockStorageDeployment_Step1
- ObjectStorageDeployment_Step1
- CephStorageDeployment_Step1
properties:
name: CephStorageDeployment_Step2
servers: {get_param: [servers, CephStorage]}
config: {get_resource: RoleConfig}
input_values:
step: 2
role_name: CephStorage
update_identifier: {get_param: DeployIdentifier}
bootstrap_server_id: {get_param: [servers, Controller, '0']}
enable_debug: {get_param: ConfigDebug}
docker_puppet_debug: {get_param: DockerPuppetDebug}
docker_puppet_process_count: {get_param: DockerPuppetProcessCount}
CephStorageDeployment_Step3:
type: OS::TripleO::DeploymentSteps
depends_on:
- WorkflowTasks_Step3_Execution
# TODO(gfidente): the following if/else condition
# replicates what is already defined for the
# WorkflowTasks_StepX resource and can be remove
# if https://bugs.launchpad.net/heat/+bug/1700569
# is fixed.
- ControllerDeployment_Step2
- ComputeDeployment_Step2
- BlockStorageDeployment_Step2
- ObjectStorageDeployment_Step2
- CephStorageDeployment_Step2
properties:
name: CephStorageDeployment_Step3
servers: {get_param: [servers, CephStorage]}
config: {get_resource: RoleConfig}
input_values:
step: 3
role_name: CephStorage
update_identifier: {get_param: DeployIdentifier}
bootstrap_server_id: {get_param: [servers, Controller, '0']}
enable_debug: {get_param: ConfigDebug}
docker_puppet_debug: {get_param: DockerPuppetDebug}
docker_puppet_process_count: {get_param: DockerPuppetProcessCount}
CephStorageDeployment_Step4:
type: OS::TripleO::DeploymentSteps
depends_on:
- WorkflowTasks_Step4_Execution
# TODO(gfidente): the following if/else condition
# replicates what is already defined for the
# WorkflowTasks_StepX resource and can be remove
# if https://bugs.launchpad.net/heat/+bug/1700569
# is fixed.
- ControllerDeployment_Step3
- ComputeDeployment_Step3
- BlockStorageDeployment_Step3
- ObjectStorageDeployment_Step3
- CephStorageDeployment_Step3
properties:
name: CephStorageDeployment_Step4
servers: {get_param: [servers, CephStorage]}
config: {get_resource: RoleConfig}
input_values:
step: 4
role_name: CephStorage
update_identifier: {get_param: DeployIdentifier}
bootstrap_server_id: {get_param: [servers, Controller, '0']}
enable_debug: {get_param: ConfigDebug}
docker_puppet_debug: {get_param: DockerPuppetDebug}
docker_puppet_process_count: {get_param: DockerPuppetProcessCount}
CephStorageDeployment_Step5:
type: OS::TripleO::DeploymentSteps
depends_on:
- WorkflowTasks_Step5_Execution
# TODO(gfidente): the following if/else condition
# replicates what is already defined for the
# WorkflowTasks_StepX resource and can be remove
# if https://bugs.launchpad.net/heat/+bug/1700569
# is fixed.
- ControllerDeployment_Step4
- ComputeDeployment_Step4
- BlockStorageDeployment_Step4
- ObjectStorageDeployment_Step4
- CephStorageDeployment_Step4
properties:
name: CephStorageDeployment_Step5
servers: {get_param: [servers, CephStorage]}
config: {get_resource: RoleConfig}
input_values:
step: 5
role_name: CephStorage
update_identifier: {get_param: DeployIdentifier}
bootstrap_server_id: {get_param: [servers, Controller, '0']}
enable_debug: {get_param: ConfigDebug}
docker_puppet_debug: {get_param: DockerPuppetDebug}
docker_puppet_process_count: {get_param: DockerPuppetProcessCount}
# END CONFIG STEPS
# Note, this should be the last step to execute configuration changes.
# Ensure that all CephStorageExtraConfigPost steps are executed
# after all the previous deployment steps.
CephStorageExtraConfigPost:
depends_on:
- ControllerDeployment_Step5
- ComputeDeployment_Step5
- BlockStorageDeployment_Step5
- ObjectStorageDeployment_Step5
- CephStorageDeployment_Step5
type: OS::TripleO::NodeExtraConfigPost
properties:
servers: {get_param: [servers, CephStorage]}
# The CephStoragePostConfig steps are in charge of
# quiescing all services, i.e. in the Controller case,
# we should run a full service reload.
CephStoragePostConfig:
type: OS::TripleO::Tasks::CephStoragePostConfig
depends_on:
- ControllerExtraConfigPost
- ComputeExtraConfigPost
- BlockStorageExtraConfigPost
- ObjectStorageExtraConfigPost
- CephStorageExtraConfigPost
properties:
servers: {get_param: servers}
input_values:
update_identifier: {get_param: DeployIdentifier}
outputs:
RoleConfig:
description: Mapping of config data for all roles
value:
deploy_steps_tasks: {get_file: deploy-steps-tasks.yaml}
deploy_steps_playbook: |
- hosts: overcloud
tasks:
- include: Controller/host_prep_tasks.yaml
when: role_name == 'Controller'
- include: Compute/host_prep_tasks.yaml
when: role_name == 'Compute'
- include: BlockStorage/host_prep_tasks.yaml
when: role_name == 'BlockStorage'
- include: ObjectStorage/host_prep_tasks.yaml
when: role_name == 'ObjectStorage'
- include: CephStorage/host_prep_tasks.yaml
when: role_name == 'CephStorage'
- include: deploy_steps_tasks.yaml
with_sequence: start=0 end=5
loop_control:
loop_var: step
update_steps_tasks: |
- include: Controller/update_tasks.yaml
when: role_name == 'Controller'
- include: Compute/update_tasks.yaml
when: role_name == 'Compute'
- include: BlockStorage/update_tasks.yaml
when: role_name == 'BlockStorage'
- include: ObjectStorage/update_tasks.yaml
when: role_name == 'ObjectStorage'
- include: CephStorage/update_tasks.yaml
when: role_name == 'CephStorage'
update_steps_playbook: |
- hosts: overcloud
serial: 1
tasks:
- include: update_steps_tasks.yaml
with_sequence: start=0 end=5
loop_control:
loop_var: step
- include: deploy_steps_tasks.yaml
with_sequence: start=0 end=5
loop_control:
loop_var: step
upgrade_steps_tasks: |
- include: Controller/upgrade_tasks.yaml
when: role_name == 'Controller'
- include: Compute/upgrade_tasks.yaml
when: role_name == 'Compute'
- include: BlockStorage/upgrade_tasks.yaml
when: role_name == 'BlockStorage'
- include: ObjectStorage/upgrade_tasks.yaml
when: role_name == 'ObjectStorage'
- include: CephStorage/upgrade_tasks.yaml
when: role_name == 'CephStorage'
upgrade_steps_playbook: |
- hosts: overcloud
tasks:
- include: upgrade_steps_tasks.yaml
with_sequence: start=0 end=5
loop_control:
loop_var: step openstack-tripleo-heat-templates/default_passwords.yaml 0000644 0001750 0001750 00000001243 13245343355 023054 0 ustar stack stack heat_template_version: pike
description: Passwords we manage at the top level
parameters:
DefaultMysqlRootPassword:
type: string
DefaultRabbitCookie:
type: string
DefaultHeatAuthEncryptionKey:
type: string
DefaultPcsdPassword:
type: string
DefaultHorizonSecret:
type: string
outputs:
passwords:
description: Password data
value:
mysql_root_password: {get_param: DefaultMysqlRootPassword}
rabbit_cookie: {get_param: DefaultRabbitCookie}
heat_auth_encryption_key: {get_param: DefaultHeatAuthEncryptionKey}
pcsd_password: {get_param: DefaultPcsdPassword}
horizon_secret: {get_param: DefaultHorizonSecret}
openstack-tripleo-heat-templates/deployed-server/ 0000755 0001750 0001750 00000000000 13245343355 021550 5 ustar stack stack openstack-tripleo-heat-templates/deployed-server/README.rst 0000644 0001750 0001750 00000013460 13245343355 023243 0 ustar stack stack TripleO with Deployed Servers
=============================
The deployed-server set of templates can be used to deploy TripleO via
tripleo-heat-templates to servers that are already installed with a base
operating system.
When OS::TripleO::Server is mapped to the deployed-server.yaml template via the
provided deployed-server-environment.yaml resource registry, Nova and Ironic
are not used to create any server instances. Heat continues to create the
SoftwareDeployment resources, and they are made available to the already
deployed and running servers.
Template Usage
--------------
To use these templates pass the included environment file to the deployment
command::
-e deployed-server/deployed-server-environment.yaml
Deployed Server configuration
-----------------------------
It is currently assumed that the deployed servers being used have the required
set of software and packages already installed on them. These exact
requirements must match how such a server would look if it were deployed the
standard way via Ironic using the TripleO overcloud-full image.
An easy way to help get this setup for development is to use an overcloud-full
image from an already existing TripleO setup. Create the vm's for the already
deployed server, and use the overcloud-full image as their disk.
Each server must have a fqdn set that resolves to an IP address on a routable
network (e.g., the hostname should not resolve to 127.0.0.1). The hostname
will be detected on each server via the hostnamectl --static command.
Each server also must have a route to the configured IP address on the
undercloud where the OpenStack services are listening. This is the value for
local_ip in the undercloud.conf.
It's recommended that each server have at least 2 nic's. One used for external
management such as ssh, and one used for the OpenStack deployment itself. Since
the overcloud deployment will reconfigure networking on the configured nic to
be used by OpenStack, the external management nic is needed as a fallback so
that all connectivity is not lost in case of a configuration error. Be sure to
use correct nic config templates as needed, since the nodes will not receive
dhcp from the undercloud neutron-dhcp-agent service.
For example, the net-config-static-bridge.yaml template could be used for
controllers, and the net-config-static.yaml template could be used for computes
by specifying:
resource_registry:
OS::TripleO::Controller::Net::SoftwareConfig: /home/stack/deployed-server/tripleo-heat-templates/net-config-static-bridge.yaml
OS::TripleO::Compute::Net::SoftwareConfig: /home/stack/deployed-server/tripleo-heat-templates/net-config-static.yaml
In a setup where the first nic on the servers is used for external management,
set the nic's to be used for OpenStack to nic2:
parameter_defaults:
NeutronPublicInterface: nic2
HypervisorNeutronPublicInterface: nic2
The above nic config templates also require a route to the ctlplane network to
be defined. Define the needed parameters as necessary for your environment, for
example:
parameter_defaults:
ControlPlaneDefaultRoute: 192.168.122.130
ControlPlaneSubnetCidr: "24"
EC2MetadataIp: "192.168.24.1"
In this example, 192.168.122.130 is the external management IP of an
undercloud, thus it is the default route for the configured local_ip value of
192.168.24.1.
os-collect-config
-----------------
os-collect-config on each deployed server must be manually configured to poll
the Heat API for the available SoftwareDeployments. An example configuration
for /etc/os-collect-config.conf looks like:
[DEFAULT]
collectors=heat
command=os-refresh-config
[heat]
# you can get these values from stackrc on the undercloud
user_id= # note this must be the ID, not the username
password=
auth_url=
project_id= # note, this must be the ID, not project name
stack_id=
resource_name=
Note that the stack_id value is the id of the nested stack containing the
resource (identified by resource_name) implemented by the deployed-server.yaml
templates.
Once the configuration for os-collect-config has been defined, the service
needs to be restarted. Once restarted, it will start polling Heat and applying
the SoftwareDeployments.
A sample script at deployed-server/scripts/get-occ-config.sh is included that
will automatically generate the os-collect-config configuration needed on each
server, ssh to each server, copy the configuration, and restart the
os-collect-config service.
.. warning::
The get-occ-config.sh script is not intended for production use, as it
copies admin credentials to each of the deployed nodes.
The script can only be used once the stack id's of the nested deployed-server
stacks have been created via Heat. This usually only takes a couple of minutes
once the deployment command has been started. Once the following output is seen
from the deployment command, the script should be ready to run:
[Controller]: CREATE_IN_PROGRESS state changed
[NovaCompute]: CREATE_IN_PROGRESS state changed
The user running the script must be able to ssh as root to each server. Define
the names of your custom roles (if applicable) and hostnames of the deployed
servers you intend to use for each role type. For each role name, a
corresponding _hosts variable should also be defined, e.g.::
export ROLES="Controller NewtorkNode StorageNode Compute"
export Controller_hosts="10.0.0.1 10.0.0.2 10.0.0.3"
export NetworkNode_hosts="10.0.0.4 10.0.0.5 10.0.0.6"
export StorageNode_hosts="10.0.0.7 10.0.08"
export Compute_hosts="10.0.0.9 10.0.0.10 10.0.0.11"
Then run the script on the undercloud with a stackrc file sourced, and
the script will copy the needed os-collect-config.conf configuration to each
server and restart the os-collect-config service.
openstack-tripleo-heat-templates/deployed-server/ctlplane-port.yaml 0000644 0001750 0001750 00000000737 13245343355 025227 0 ustar stack stack heat_template_version: pike
parameters:
network:
type: string
default: ctlplane
name:
type: string
replacement_policy:
type: string
default: AUTO
resources:
ControlPlanePort:
type: OS::Neutron::Port
properties:
network: ctlplane
name:
list_join:
- '-'
- - {get_param: name}
- port
replacement_policy: AUTO
outputs:
fixed_ips:
value: {get_attr: [ControlPlanePort, fixed_ips]}
openstack-tripleo-heat-templates/deployed-server/deployed-neutron-port.yaml 0000644 0001750 0001750 00000002635 13245343355 026721 0 ustar stack stack heat_template_version: pike
description: "
A fake OS::Neutron::Port stack which outputs fixed_ips and subnets based on
the input from the DeployedServerPortMap (set via parameter_defaults). This
lookup requires the use of port naming conventions. In order for this to work
with deployed-server the keys should be -.
Example:
parameter_defaults:
DeployedServerPortMap:
gatsby-ctlplane:
fixed_ips:
- ip_address: 127.0.0.1
subnets:
- cidr: 24"
parameters:
name:
default: ''
type: string
network:
default: ''
type: string
fixed_ips:
default: ''
type: comma_delimited_list
replacement_policy:
default: ''
type: string
DeployedServerPortMap:
default: {}
type: json
outputs:
fixed_ips:
value:
{get_param: [DeployedServerPortMap, {get_param: name}, fixed_ips]}
subnets:
value:
{get_param: [DeployedServerPortMap, {get_param: name}, subnets]}
name:
value: {get_param: name}
status:
value: DOWN
allowed_address_pairs:
value: {}
device_id:
value: ''
device_owner:
value: {get_param: network}
dns_assignment:
value: ''
port_security_enabled:
value: False
admin_state_up:
value: False
security_groups:
value: {}
network_id:
value: ''
tenant_id:
value: ''
qos_policy_id:
value: ''
mac_address:
value: ''
openstack-tripleo-heat-templates/deployed-server/deployed-server-bootstrap-centos.sh 0000644 0001750 0001750 00000000770 13245343355 030525 0 ustar stack stack #!/bin/bash
set -eux
yum install -y \
jq \
python-ipaddr \
openstack-puppet-modules \
os-net-config \
openvswitch \
python-heat-agent* \
openstack-selinux
ln -s -f /usr/share/openstack-puppet/modules/* /etc/puppet/modules
setenforce 0
sed -i 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config
echo '# empty ruleset created by deployed-server bootstrap' > /etc/sysconfig/iptables
echo '# empty ruleset created by deployed-server bootstrap' > /etc/sysconfig/ip6tables
openstack-tripleo-heat-templates/deployed-server/deployed-server-bootstrap-centos.yaml 0000644 0001750 0001750 00000001022 13245343355 031044 0 ustar stack stack heat_template_version: pike
description: 'Deployed Server Bootstrap Config'
parameters:
server:
type: string
resources:
DeployedServerBootstrapConfig:
type: OS::Heat::SoftwareConfig
properties:
group: script
config: {get_file: deployed-server-bootstrap-centos.sh}
DeployedServerBootstrapDeployment:
type: OS::Heat::SoftwareDeployment
properties:
name: DeployedServerBootstrapDeployment
config: {get_resource: DeployedServerBootstrapConfig}
server: {get_param: server}
openstack-tripleo-heat-templates/deployed-server/deployed-server-bootstrap-rhel.sh 0000644 0001750 0001750 00000000653 13245343355 030164 0 ustar stack stack #!/bin/bash
set -eux
yum install -y \
jq \
python-ipaddr \
openstack-puppet-modules \
os-net-config \
openvswitch \
python-heat-agent* \
openstack-selinux
ln -s -f /usr/share/openstack-puppet/modules/* /etc/puppet/modules
echo '# empty ruleset created by deployed-server bootstrap' > /etc/sysconfig/iptables
echo '# empty ruleset created by deployed-server bootstrap' > /etc/sysconfig/ip6tables
openstack-tripleo-heat-templates/deployed-server/deployed-server-bootstrap-rhel.yaml 0000644 0001750 0001750 00000001020 13245343355 030501 0 ustar stack stack heat_template_version: pike
description: 'Deployed Server Bootstrap Config'
parameters:
server:
type: string
resources:
DeployedServerBootstrapConfig:
type: OS::Heat::SoftwareConfig
properties:
group: script
config: {get_file: deployed-server-bootstrap-rhel.sh}
DeployedServerBootstrapDeployment:
type: OS::Heat::SoftwareDeployment
properties:
name: DeployedServerBootstrapDeployment
config: {get_resource: DeployedServerBootstrapConfig}
server: {get_param: server}
openstack-tripleo-heat-templates/deployed-server/deployed-server-environment-output.yaml 0000644 0001750 0001750 00000002673 13245343355 031455 0 ustar stack stack heat_template_version: pike
parameters:
RoleCounts:
type: json
default: {}
VipMap:
type: json
default: {}
DeployedServerPortMap:
type: json
default: {}
DeployedServerDeploymentSwiftDataMap:
type: json
default: {}
DefaultRouteIp:
type: string
default: 192.168.24.1
resources:
DeployedServerPortMapParameter:
type: OS::Heat::Value
properties:
type: json
value:
DeployedServerPortMap:
map_merge:
- {get_param: DeployedServerPortMap}
- control_virtual_ip:
fixed_ips:
- ip_address: {get_param: [VipMap, ctlplane]}
- redis_virtual_ip:
fixed_ips:
- ip_address: {get_param: [VipMap, redis]}
DeployedServerEnvironment:
type: OS::Heat::Value
properties:
type: json
value:
parameter_defaults:
map_merge:
- {get_attr: [DeployedServerPortMapParameter, value]}
- DeploymentSwiftDataMap: {get_param: DeployedServerDeploymentSwiftDataMap}
- EC2MetadataIp: {get_param: DefaultRouteIp}
- ControlPlaneDefaultRoute: {get_param: DefaultRouteIp}
- {get_param: RoleCounts}
outputs:
deployed_server_environment:
description:
Environment data that can be used as input into the services stack when
using split-stack.
value: {get_attr: [DeployedServerEnvironment, value]}
openstack-tripleo-heat-templates/deployed-server/deployed-server-roles-data.yaml 0000644 0001750 0001750 00000025751 13245343355 027610 0 ustar stack stack # Specifies which roles (groups of nodes) will be deployed
# Note this is used as an input to the various *.j2.yaml
# jinja2 templates, so that they are converted into *.yaml
# during the plan creation (via a mistral action/workflow).
#
# The format is a list, with the following format:
#
# * name: (string) mandatory, name of the role, must be unique
#
# CountDefault: (number) optional, default number of nodes, defaults to 0
# sets the default for the {{role.name}}Count parameter in overcloud.yaml
#
# HostnameFormatDefault: (string) optional default format string for hostname
# defaults to '%stackname%-{{role.name.lower()}}-%index%'
# sets the default for {{role.name}}HostnameFormat parameter in overcloud.yaml
#
# disable_constraints: (boolean) optional, whether to disable Nova and Glance
# constraints for each role specified in the templates.
#
# ServicesDefault: (list) optional default list of services to be deployed
# on the role, defaults to an empty list. Sets the default for the
# {{role.name}}Services parameter in overcloud.yaml
- name: ControllerDeployedServer
CountDefault: 1
disable_constraints: True
tags:
- primary
- controller
networks:
- External
- InternalApi
- Storage
- StorageMgmt
- Tenant
HostnameFormatDefault: '%stackname%-controller-%index%'
ServicesDefault:
- OS::TripleO::Services::AodhApi
- OS::TripleO::Services::AodhEvaluator
- OS::TripleO::Services::AodhListener
- OS::TripleO::Services::AodhNotifier
- OS::TripleO::Services::AuditD
- OS::TripleO::Services::BarbicanApi
- OS::TripleO::Services::CACerts
- OS::TripleO::Services::CeilometerAgentCentral
- OS::TripleO::Services::CeilometerAgentNotification
# FIXME: This service was disabled in Pike and this entry should be removed
# in Queens.
- OS::TripleO::Services::CeilometerApi
- OS::TripleO::Services::CeilometerCollector
- OS::TripleO::Services::CeilometerExpirer
- OS::TripleO::Services::CephExternal
- OS::TripleO::Services::CephMds
- OS::TripleO::Services::CephMon
- OS::TripleO::Services::CephRbdMirror
- OS::TripleO::Services::CephRgw
- OS::TripleO::Services::CertmongerUser
- OS::TripleO::Services::CinderApi
- OS::TripleO::Services::CinderBackendDellPs
- OS::TripleO::Services::CinderBackendDellSc
- OS::TripleO::Services::CinderBackendDellEMCUnity
- OS::TripleO::Services::CinderBackendDellEMCVMAXISCSI
- OS::TripleO::Services::CinderBackendNetApp
- OS::TripleO::Services::CinderBackendScaleIO
- OS::TripleO::Services::CinderBackendVRTSHyperScale
- OS::TripleO::Services::CinderBackup
- OS::TripleO::Services::CinderHPELeftHandISCSI
- OS::TripleO::Services::CinderScheduler
- OS::TripleO::Services::CinderVolume
- OS::TripleO::Services::Clustercheck
- OS::TripleO::Services::Collectd
- OS::TripleO::Services::Congress
- OS::TripleO::Services::Docker
- OS::TripleO::Services::Ec2Api
- OS::TripleO::Services::Etcd
- OS::TripleO::Services::ExternalSwiftProxy
- OS::TripleO::Services::FluentdClient
- OS::TripleO::Services::GlanceApi
- OS::TripleO::Services::GnocchiApi
- OS::TripleO::Services::GnocchiMetricd
- OS::TripleO::Services::GnocchiStatsd
- OS::TripleO::Services::HAproxy
- OS::TripleO::Services::HeatApi
- OS::TripleO::Services::HeatApiCfn
- OS::TripleO::Services::HeatApiCloudwatch
- OS::TripleO::Services::HeatEngine
- OS::TripleO::Services::Horizon
- OS::TripleO::Services::IronicApi
- OS::TripleO::Services::IronicConductor
- OS::TripleO::Services::IronicPxe
- OS::TripleO::Services::Iscsid
- OS::TripleO::Services::Keepalived
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Keystone
- OS::TripleO::Services::ManilaApi
- OS::TripleO::Services::ManilaBackendCephFs
- OS::TripleO::Services::ManilaBackendGeneric
- OS::TripleO::Services::ManilaBackendIsilon
- OS::TripleO::Services::ManilaBackendNetapp
- OS::TripleO::Services::ManilaBackendUnity
- OS::TripleO::Services::ManilaBackendVNX
- OS::TripleO::Services::ManilaBackendVMAX
- OS::TripleO::Services::ManilaScheduler
- OS::TripleO::Services::ManilaShare
- OS::TripleO::Services::Memcached
- OS::TripleO::Services::MongoDb
- OS::TripleO::Services::MySQL
- OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::NeutronApi
- OS::TripleO::Services::NeutronBgpVpnApi
- OS::TripleO::Services::NeutronCorePlugin
- OS::TripleO::Services::NeutronDhcpAgent
- OS::TripleO::Services::NeutronL2gwAgent
- OS::TripleO::Services::NeutronL2gwApi
- OS::TripleO::Services::NeutronL3Agent
- OS::TripleO::Services::NeutronLbaasv2Agent
- OS::TripleO::Services::NeutronLinuxbridgeAgent
- OS::TripleO::Services::NeutronMetadataAgent
- OS::TripleO::Services::NeutronML2FujitsuCfab
- OS::TripleO::Services::NeutronML2FujitsuFossw
- OS::TripleO::Services::NeutronOvsAgent
- OS::TripleO::Services::NeutronVppAgent
- OS::TripleO::Services::NovaApi
- OS::TripleO::Services::NovaConductor
- OS::TripleO::Services::NovaConsoleauth
- OS::TripleO::Services::NovaIronic
- OS::TripleO::Services::NovaMetadata
- OS::TripleO::Services::NovaPlacement
- OS::TripleO::Services::NovaScheduler
- OS::TripleO::Services::NovaVncProxy
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::ContainersLogrotateCrond
- OS::TripleO::Services::OctaviaApi
- OS::TripleO::Services::OctaviaHealthManager
- OS::TripleO::Services::OctaviaHousekeeping
- OS::TripleO::Services::OctaviaWorker
- OS::TripleO::Services::OpenDaylightApi
- OS::TripleO::Services::OpenDaylightOvs
- OS::TripleO::Services::OVNDBs
- OS::TripleO::Services::OVNController
- OS::TripleO::Services::Pacemaker
- OS::TripleO::Services::PankoApi
- OS::TripleO::Services::RabbitMQ
- OS::TripleO::Services::Redis
- OS::TripleO::Services::SaharaApi
- OS::TripleO::Services::SaharaEngine
- OS::TripleO::Services::Securetty
- OS::TripleO::Services::SensuClient
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::Sshd
- OS::TripleO::Services::SwiftProxy
- OS::TripleO::Services::SwiftRingBuilder
- OS::TripleO::Services::SwiftStorage
- OS::TripleO::Services::Tacker
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::Tuned
- OS::TripleO::Services::Vpp
- OS::TripleO::Services::Zaqar
- name: ComputeDeployedServer
CountDefault: 1
HostnameFormatDefault: '%stackname%-novacompute-%index%'
disable_constraints: True
disable_upgrade_deployment: True
networks:
- InternalApi
- Tenant
- Storage
ServicesDefault:
- OS::TripleO::Services::AuditD
- OS::TripleO::Services::CACerts
- OS::TripleO::Services::CephClient
- OS::TripleO::Services::CephExternal
- OS::TripleO::Services::CertmongerUser
- OS::TripleO::Services::Collectd
- OS::TripleO::Services::ComputeCeilometerAgent
- OS::TripleO::Services::ComputeNeutronCorePlugin
- OS::TripleO::Services::ComputeNeutronL3Agent
- OS::TripleO::Services::ComputeNeutronMetadataAgent
- OS::TripleO::Services::ComputeNeutronOvsAgent
- OS::TripleO::Services::Docker
- OS::TripleO::Services::FluentdClient
- OS::TripleO::Services::Iscsid
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::NeutronLinuxbridgeAgent
- OS::TripleO::Services::NeutronSriovAgent
- OS::TripleO::Services::NeutronSriovHostConfig
- OS::TripleO::Services::NeutronVppAgent
- OS::TripleO::Services::NovaCompute
- OS::TripleO::Services::NovaLibvirt
- OS::TripleO::Services::NovaMigrationTarget
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::ContainersLogrotateCrond
- OS::TripleO::Services::OpenDaylightOvs
- OS::TripleO::Services::Securetty
- OS::TripleO::Services::SensuClient
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::Sshd
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::Tuned
- OS::TripleO::Services::Vpp
- OS::TripleO::Services::OVNController
- name: BlockStorageDeployedServer
disable_constraints: True
networks:
- InternalApi
- Storage
- StorageMgmt
ServicesDefault:
- OS::TripleO::Services::AuditD
- OS::TripleO::Services::BlockStorageCinderVolume
- OS::TripleO::Services::CACerts
- OS::TripleO::Services::CertmongerUser
- OS::TripleO::Services::CinderBackendVRTSHyperScale
- OS::TripleO::Services::Collectd
- OS::TripleO::Services::Docker
- OS::TripleO::Services::FluentdClient
- OS::TripleO::Services::Iscsid
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::ContainersLogrotateCrond
- OS::TripleO::Services::Securetty
- OS::TripleO::Services::SensuClient
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::Sshd
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::Tuned
- name: ObjectStorageDeployedServer
disable_constraints: True
networks:
- InternalApi
- Storage
- StorageMgmt
disable_upgrade_deployment: True
ServicesDefault:
- OS::TripleO::Services::AuditD
- OS::TripleO::Services::CACerts
- OS::TripleO::Services::CertmongerUser
- OS::TripleO::Services::Collectd
- OS::TripleO::Services::Docker
- OS::TripleO::Services::FluentdClient
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::ContainersLogrotateCrond
- OS::TripleO::Services::Securetty
- OS::TripleO::Services::SensuClient
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::Sshd
- OS::TripleO::Services::SwiftRingBuilder
- OS::TripleO::Services::SwiftStorage
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::Tuned
- name: CephStorageDeployedServer
disable_constraints: True
networks:
- Storage
- StorageMgmt
ServicesDefault:
- OS::TripleO::Services::AuditD
- OS::TripleO::Services::CACerts
- OS::TripleO::Services::CephOSD
- OS::TripleO::Services::CertmongerUser
- OS::TripleO::Services::Collectd
- OS::TripleO::Services::Docker
- OS::TripleO::Services::FluentdClient
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::ContainersLogrotateCrond
- OS::TripleO::Services::Securetty
- OS::TripleO::Services::SensuClient
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::Sshd
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::Tuned
openstack-tripleo-heat-templates/deployed-server/deployed-server.yaml 0000644 0001750 0001750 00000007024 13245343355 025550 0 ustar stack stack heat_template_version: pike
parameters:
image:
type: string
default: unused
flavor:
type: string
default: unused
key_name:
type: string
default: unused
description: Name of keypair to assign to servers
security_groups:
type: json
default: []
# Require this so we can validate the parent passes the
# correct value
user_data_format:
type: string
user_data:
type: string
default: ''
name:
type: string
default: 'deployed-server'
image_update_policy:
type: string
default: ''
networks:
type: comma_delimited_list
default: ''
metadata:
type: json
default: {}
software_config_transport:
default: POLL_SERVER_CFN
type: string
scheduler_hints:
type: json
description: Optional scheduler hints to pass to nova
default: {}
UpgradeInitCommand:
type: string
description: |
Command or script snippet to run on all overcloud nodes to
initialize the upgrade process. E.g. a repository switch.
default: ''
deployment_swift_data:
type: json
default: {}
resources:
deployed-server:
type: OS::Heat::DeployedServer
properties:
name: {get_param: name}
software_config_transport: {get_param: software_config_transport}
deployment_swift_data: {get_param: deployment_swift_data}
UpgradeInitConfig:
type: OS::Heat::SoftwareConfig
properties:
group: script
config:
list_join:
- ''
- - "#!/bin/bash\n\n"
- "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n"
- get_param: UpgradeInitCommand
UpgradeInitDeployment:
type: OS::Heat::SoftwareDeployment
properties:
name: UpgradeInitDeployment
server: {get_resource: deployed-server}
config: {get_resource: UpgradeInitConfig}
InstanceIdConfig:
type: OS::Heat::StructuredConfig
properties:
group: apply-config
config:
instance-id: {get_resource: deployed-server}
InstanceIdDeployment:
type: OS::Heat::StructuredDeployment
properties:
name: InstanceIdDeployment
config: {get_resource: InstanceIdConfig}
server: {get_resource: deployed-server}
depends_on: UpgradeInitDeployment
HostsEntryConfig:
type: OS::Heat::SoftwareConfig
properties:
group: script
config: |
#!/bin/bash
set -eux
mkdir -p $heat_outputs_path
host=$(hostname -s)
echo -n $host > $heat_outputs_path.hostname
cat $heat_outputs_path.hostname
outputs:
- name: hostname
description: hostname
HostsEntryDeployment:
type: OS::Heat::SoftwareDeployment
properties:
name: HostsEntryDeployment
config: {get_resource: HostsEntryConfig}
server: {get_resource: deployed-server}
DeployedServerBootstrapConfig:
type: OS::TripleO::DeployedServer::Bootstrap
properties:
server: {get_resource: deployed-server}
ControlPlanePort:
type: OS::TripleO::DeployedServer::ControlPlanePort
properties:
network: ctlplane
name:
list_join:
- '-'
- - {get_attr: [HostsEntryDeployment, hostname]}
- ctlplane
replacement_policy: AUTO
outputs:
OS::stack_id:
value: {get_resource: deployed-server}
networks:
value:
ctlplane:
- {get_attr: [ControlPlanePort, fixed_ips, 0, ip_address]}
name:
value: {get_attr: [HostsEntryDeployment, hostname]}
os_collect_config:
value: {get_attr: [deployed-server, os_collect_config]}
openstack-tripleo-heat-templates/deployed-server/scripts/ 0000755 0001750 0001750 00000000000 13245343355 023237 5 ustar stack stack openstack-tripleo-heat-templates/deployed-server/scripts/enable-ssh-admin.sh 0000755 0001750 0001750 00000006224 13245343355 026711 0 ustar stack stack #!/bin/bash
set -eu
# whitespace (space or newline) separated list
OVERCLOUD_HOSTS=${OVERCLOUD_HOSTS:-""}
OVERCLOUD_SSH_USER=${OVERCLOUD_SSH_USER:-"$USER"}
# this is just for compatibility with CI
SUBNODES_SSH_KEY=${SUBNODES_SSH_KEY:-"$HOME/.ssh/id_rsa"}
# this is the intended variable for overriding
OVERCLOUD_SSH_KEY=${OVERCLOUD_SSH_KEY:-"$SUBNODES_SSH_KEY"}
SHORT_TERM_KEY_COMMENT="TripleO split stack short term key"
SLEEP_TIME=5
function overcloud_ssh_hosts_json {
echo "$OVERCLOUD_HOSTS" | python -c '
from __future__ import print_function
import json, re, sys
print(json.dumps(re.split("\s+", sys.stdin.read().strip())))'
}
function overcloud_ssh_key_json {
# we pass the contents to Mistral instead of just path, otherwise
# the key file would have to be readable for the mistral user
cat "$1" | python -c 'import json,sys; print(json.dumps(sys.stdin.read()))'
}
function workflow_finished {
local execution_id="$1"
openstack workflow execution show -f shell $execution_id | grep 'state="SUCCESS"' > /dev/null
}
function generate_short_term_keys {
local tmpdir=$(mktemp -d)
ssh-keygen -N '' -t rsa -b 4096 -f "$tmpdir/id_rsa" -C "$SHORT_TERM_KEY_COMMENT" > /dev/null
echo "$tmpdir"
}
if [ -z "$OVERCLOUD_HOSTS" ]; then
echo 'Please set $OVERCLOUD_HOSTS'
exit 1
fi
echo "Starting workflow to create ssh admin on deployed servers."
echo "SSH user: $OVERCLOUD_SSH_USER"
echo "SSH key file: $OVERCLOUD_SSH_KEY"
echo "Hosts: $OVERCLOUD_HOSTS"
echo
SHORT_TERM_KEY_DIR=$(generate_short_term_keys)
SHORT_TERM_KEY_PRIVATE="$SHORT_TERM_KEY_DIR/id_rsa"
SHORT_TERM_KEY_PUBLIC="$SHORT_TERM_KEY_DIR/id_rsa.pub"
SHORT_TERM_KEY_PUBLIC_CONTENT=$(cat $SHORT_TERM_KEY_PUBLIC)
for HOST in $OVERCLOUD_HOSTS; do
echo "Inserting TripleO short term key for $HOST"
# prepending an extra newline so that if authorized_keys didn't
# end with a newline previously, we don't end up garbling it up
ssh -i "$OVERCLOUD_SSH_KEY" -l "$OVERCLOUD_SSH_USER" "$HOST" "echo -e '\n$SHORT_TERM_KEY_PUBLIC_CONTENT' >> \$HOME/.ssh/authorized_keys"
done
echo "Starting ssh admin enablement workflow"
EXECUTION_PARAMS="{\"ssh_user\": \"$OVERCLOUD_SSH_USER\", \"ssh_servers\": $(overcloud_ssh_hosts_json), \"ssh_private_key\": $(overcloud_ssh_key_json "$SHORT_TERM_KEY_PRIVATE")}"
EXECUTION_CREATE_OUTPUT=$(openstack workflow execution create -f shell -d 'deployed server ssh admin creation' tripleo.access.v1.enable_ssh_admin "$EXECUTION_PARAMS")
echo "$EXECUTION_CREATE_OUTPUT"
EXECUTION_ID=$(echo "$EXECUTION_CREATE_OUTPUT" | grep '^id=' | awk '-F"' '{ print $2 }')
if [ -z "$EXECUTION_ID" ]; then
echo "Failed to get workflow execution ID for ssh admin creation workflow"
exit 1
fi
echo -n "Waiting for the workflow execution to finish (id $EXECUTION_ID)."
while ! workflow_finished $EXECUTION_ID; do
sleep $SLEEP_TIME
echo -n .
done
echo # newline after the previous dots
for HOST in $OVERCLOUD_HOSTS; do
echo "Removing TripleO short term key from $HOST"
ssh -l "$OVERCLOUD_SSH_USER" "$HOST" "sed -i -e '/$SHORT_TERM_KEY_COMMENT/d' \$HOME/.ssh/authorized_keys"
done
echo "Removing short term keys locally"
rm -r "$SHORT_TERM_KEY_DIR"
echo "Success."
openstack-tripleo-heat-templates/deployed-server/scripts/get-occ-config.sh 0000755 0001750 0001750 00000010024 13245343355 026357 0 ustar stack stack #!/bin/bash
set -eux
SLEEP_TIME=5
CONTROLLER_HOSTS=${CONTROLLER_HOSTS:-""}
COMPUTE_HOSTS=${COMPUTE_HOSTS:-""}
BLOCKSTORAGE_HOSTS=${BLOCKSTORAGE_HOSTS:-""}
OBJECTSTORAGE_HOSTS=${OBJECTSTORAGE_HOSTS:-""}
CEPHSTORAGE_HOSTS=${CEPHSTORAGE_HOSTS:-""}
SUBNODES_SSH_KEY=${SUBNODES_SSH_KEY:-"~/.ssh/id_rsa"}
SSH_OPTIONS="-tt -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=Verbose -o PasswordAuthentication=no -o ConnectionAttempts=32"
OVERCLOUD_ROLES=${OVERCLOUD_ROLES:-"Controller Compute BlockStorage ObjectStorage CephStorage"}
STACK_NAME=${STACK_NAME:-"overcloud"}
# Set the _hosts vars for the default roles based on the old var names that
# were all caps for backwards compatibility.
Controller_hosts=${Controller_hosts:-"$CONTROLLER_HOSTS"}
Compute_hosts=${Compute_hosts:-"$COMPUTE_HOSTS"}
BlockStorage_hosts=${BlockStorage_hosts:-"$BLOCKSTORAGE_HOSTS"}
ObjectStorage_hosts=${ObjectStorage_hosts:-"$OBJECTSTORAGE_HOSTS"}
CephStorage_hosts=${CephStorage_hosts:-"$CEPHSTORAGE_HOSTS"}
# Set the _hosts_a vars for each role defined
for role in $OVERCLOUD_ROLES; do
eval hosts=\${${role}_hosts}
read -a ${role}_hosts_a <<< $hosts
done
admin_user_id=$(openstack user show admin -c id -f value)
admin_project_id=$(openstack project show admin -c id -f value)
function check_stack {
local stack_to_check=${1:-""}
if [ "$stack_to_check" = "" ]; then
echo Stack not created
return 1
fi
echo Checking if $1 stack is created
set +e
openstack stack resource list $stack_to_check
rc=$?
set -e
if [ ! "$rc" = "0" ]; then
echo Stack $1 not yet created
fi
return $rc
}
for role in $OVERCLOUD_ROLES; do
while ! check_stack $STACK_NAME; do
sleep $SLEEP_TIME
done
rg_stack=$(openstack stack resource show $STACK_NAME $role -c physical_resource_id -f value)
while ! check_stack $rg_stack; do
sleep $SLEEP_TIME
rg_stack=$(openstack stack resource show $STACK_NAME $role -c physical_resource_id -f value)
done
stacks=$(openstack stack resource list $rg_stack -c resource_name -c physical_resource_id -f json | jq -r "sort_by(.resource_name) | .[] | .physical_resource_id")
i=0
for stack in $stacks; do
server_resource_name=$role
if [ "$server_resource_name" = "Compute" ]; then
server_resource_name="NovaCompute"
fi
server_stack=$(openstack stack resource show $stack $server_resource_name -c physical_resource_id -f value)
while ! check_stack $server_stack; do
sleep $SLEEP_TIME
server_stack=$(openstack stack resource show $stack $server_resource_name -c physical_resource_id -f value)
done
while true; do
deployed_server_metadata_url=$(openstack stack resource metadata $server_stack deployed-server | jq -r '.["os-collect-config"].request.metadata_url')
if [ "$deployed_server_metadata_url" = "null" ]; then
continue
else
break
fi
done
echo "======================"
echo "$role$i deployed-server.json configuration:"
config="{
\"os-collect-config\": {
\"collectors\": [\"request\", \"local\"],
\"request\": {
\"metadata_url\": \"$deployed_server_metadata_url\"
}
}
}"
echo "$config"
echo "======================"
echo
host=
eval host=\${${role}_hosts_a[i]}
if [ -n "$host" ]; then
ssh $SSH_OPTIONS -i $SUBNODES_SSH_KEY $host "echo '$config' > deployed-server.json"
ssh $SSH_OPTIONS -i $SUBNODES_SSH_KEY $host sudo mkdir -p -m 0700 /var/lib/os-collect-config/local-data/ || true
ssh $SSH_OPTIONS -i $SUBNODES_SSH_KEY $host sudo cp deployed-server.json /var/lib/os-collect-config/local-data/deployed-server.json
ssh $SSH_OPTIONS -i $SUBNODES_SSH_KEY $host sudo systemctl start os-collect-config
ssh $SSH_OPTIONS -i $SUBNODES_SSH_KEY $host sudo systemctl enable os-collect-config
fi
let i+=1
done
done
openstack-tripleo-heat-templates/docker/ 0000755 0001750 0001750 00000000000 13245343355 017706 5 ustar stack stack openstack-tripleo-heat-templates/docker/README-containers.md 0000644 0001750 0001750 00000000167 13245343355 023334 0 ustar stack stack # Containers based OpenStack deployment
https://docs.openstack.org/tripleo-docs/latest/install/containers_deployment/
openstack-tripleo-heat-templates/docker/docker-puppet.py 0000755 0001750 0001750 00000037126 13245343355 023056 0 ustar stack stack #!/usr/bin/env python
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# Shell script tool to run puppet inside of the given docker container image.
# Uses the config file at /var/lib/docker-puppet/docker-puppet.json as a source for a JSON
# array of [config_volume, puppet_tags, manifest, config_image, [volumes]] settings
# that can be used to generate config files or run ad-hoc puppet modules
# inside of a container.
import glob
import json
import logging
import os
import sys
import subprocess
import sys
import tempfile
import time
import multiprocessing
logger = None
def get_logger():
global logger
if logger is None:
logger = logging.getLogger()
ch = logging.StreamHandler(sys.stdout)
if os.environ.get('DEBUG', False):
logger.setLevel(logging.DEBUG)
ch.setLevel(logging.DEBUG)
else:
logger.setLevel(logging.INFO)
ch.setLevel(logging.INFO)
formatter = logging.Formatter('%(asctime)s %(levelname)s: '
'%(process)s -- %(message)s')
ch.setFormatter(formatter)
logger.addHandler(ch)
return logger
# this is to match what we do in deployed-server
def short_hostname():
subproc = subprocess.Popen(['hostname', '-s'],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
cmd_stdout, cmd_stderr = subproc.communicate()
return cmd_stdout.rstrip()
def pull_image(name):
log.info('Pulling image: %s' % name)
retval = -1
count = 0
while retval != 0:
count += 1
subproc = subprocess.Popen(['/usr/bin/docker', 'pull', name],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
cmd_stdout, cmd_stderr = subproc.communicate()
retval = subproc.returncode
if retval != 0:
time.sleep(3)
log.warning('docker pull failed: %s' % cmd_stderr)
log.warning('retrying pulling image: %s' % name)
if count >= 5:
log.error('Failed to pull image: %s' % name)
break
if cmd_stdout:
log.debug(cmd_stdout)
if cmd_stderr:
log.debug(cmd_stderr)
def match_config_volume(prefix, config):
# Match the mounted config volume - we can't just use the
# key as e.g "novacomute" consumes config-data/nova
volumes = config.get('volumes', [])
config_volume=None
for v in volumes:
if v.startswith(prefix):
config_volume = os.path.dirname(v.split(":")[0])
break
return config_volume
def get_config_hash(config_volume):
hashfile = "%s.md5sum" % config_volume
log.debug("Looking for hashfile %s for config_volume %s" % (hashfile, config_volume))
hash_data = None
if os.path.isfile(hashfile):
log.debug("Got hashfile %s for config_volume %s" % (hashfile, config_volume))
with open(hashfile) as f:
hash_data = f.read().rstrip()
return hash_data
def rm_container(name):
if os.environ.get('SHOW_DIFF', None):
log.info('Diffing container: %s' % name)
subproc = subprocess.Popen(['/usr/bin/docker', 'diff', name],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
cmd_stdout, cmd_stderr = subproc.communicate()
if cmd_stdout:
log.debug(cmd_stdout)
if cmd_stderr:
log.debug(cmd_stderr)
log.info('Removing container: %s' % name)
subproc = subprocess.Popen(['/usr/bin/docker', 'rm', name],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
cmd_stdout, cmd_stderr = subproc.communicate()
if cmd_stdout:
log.debug(cmd_stdout)
if cmd_stderr and \
cmd_stderr != 'Error response from daemon: ' \
'No such container: {}\n'.format(name):
log.debug(cmd_stderr)
process_count = int(os.environ.get('PROCESS_COUNT',
multiprocessing.cpu_count()))
log = get_logger()
log.info('Running docker-puppet')
config_file = os.environ.get('CONFIG', '/var/lib/docker-puppet/docker-puppet.json')
log.debug('CONFIG: %s' % config_file)
with open(config_file) as f:
json_data = json.load(f)
# To save time we support configuring 'shared' services at the same
# time. For example configuring all of the heat services
# in a single container pass makes sense and will save some time.
# To support this we merge shared settings together here.
#
# We key off of config_volume as this should be the same for a
# given group of services. We are also now specifying the container
# in which the services should be configured. This should match
# in all instances where the volume name is also the same.
configs = {}
for service in (json_data or []):
if service is None:
continue
if isinstance(service, dict):
service = [
service.get('config_volume'),
service.get('puppet_tags'),
service.get('step_config'),
service.get('config_image'),
service.get('volumes', []),
]
config_volume = service[0] or ''
puppet_tags = service[1] or ''
manifest = service[2] or ''
config_image = service[3] or ''
volumes = service[4] if len(service) > 4 else []
if not manifest or not config_image:
continue
log.info('config_volume %s' % config_volume)
log.info('puppet_tags %s' % puppet_tags)
log.info('manifest %s' % manifest)
log.info('config_image %s' % config_image)
log.info('volumes %s' % volumes)
# We key off of config volume for all configs.
if config_volume in configs:
# Append puppet tags and manifest.
log.info("Existing service, appending puppet tags and manifest")
if puppet_tags:
configs[config_volume][1] = '%s,%s' % (configs[config_volume][1],
puppet_tags)
if manifest:
configs[config_volume][2] = '%s\n%s' % (configs[config_volume][2],
manifest)
if configs[config_volume][3] != config_image:
log.warn("Config containers do not match even though"
" shared volumes are the same!")
else:
log.info("Adding new service")
configs[config_volume] = service
log.info('Service compilation completed.')
def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volumes)):
log = get_logger()
log.info('Started processing puppet configs')
log.debug('config_volume %s' % config_volume)
log.debug('puppet_tags %s' % puppet_tags)
log.debug('manifest %s' % manifest)
log.debug('config_image %s' % config_image)
log.debug('volumes %s' % volumes)
sh_script = '/var/lib/docker-puppet/docker-puppet.sh'
with open(sh_script, 'w') as script_file:
os.chmod(script_file.name, 0755)
script_file.write("""#!/bin/bash
set -ex
mkdir -p /etc/puppet
cp -a /tmp/puppet-etc/* /etc/puppet
rm -Rf /etc/puppet/ssl # not in use and causes permission errors
echo "{\\"step\\": $STEP}" > /etc/puppet/hieradata/docker.json
TAGS=""
if [ -n "$PUPPET_TAGS" ]; then
TAGS="--tags \"$PUPPET_TAGS\""
fi
# Create a reference timestamp to easily find all files touched by
# puppet. The sync ensures we get all the files we want due to
# different timestamp.
touch /tmp/the_origin_of_time
sync
set +e
FACTER_hostname=$HOSTNAME FACTER_uuid=docker /usr/bin/puppet apply \
--detailed-exitcodes --color=false --logdest syslog --logdest console $TAGS /etc/config.pp
rc=$?
set -e
if [ $rc -ne 2 -a $rc -ne 0 ]; then
exit $rc
fi
# Disables archiving
if [ -z "$NO_ARCHIVE" ]; then
archivedirs=("/etc" "/root" "/opt" "/var/lib/ironic/tftpboot" "/var/lib/ironic/httpboot" "/var/www" "/var/spool/cron" "/var/lib/nova/.ssh")
rsync_srcs=""
for d in "${archivedirs[@]}"; do
if [ -d "$d" ]; then
rsync_srcs+=" $d"
fi
done
rsync -a -R --delay-updates --delete-after $rsync_srcs /var/lib/config-data/${NAME}
# Also make a copy of files modified during puppet run
# This is useful for debugging
mkdir -p /var/lib/config-data/puppet-generated/${NAME}
rsync -a -R -0 --delay-updates --delete-after \
--files-from=<(find $rsync_srcs -newer /tmp/the_origin_of_time -not -path '/etc/puppet*' -print0) \
/ /var/lib/config-data/puppet-generated/${NAME}
# Write a checksum of the config-data dir, this is used as a
# salt to trigger container restart when the config changes
tar -c -f - /var/lib/config-data/${NAME} --mtime='1970-01-01' | md5sum | awk '{print $1}' > /var/lib/config-data/${NAME}.md5sum
tar -c -f - /var/lib/config-data/puppet-generated/${NAME} --mtime='1970-01-01' | md5sum | awk '{print $1}' > /var/lib/config-data/puppet-generated/${NAME}.md5sum
fi
""")
with tempfile.NamedTemporaryFile() as tmp_man:
with open(tmp_man.name, 'w') as man_file:
man_file.write('include ::tripleo::packages\n')
man_file.write(manifest)
rm_container('docker-puppet-%s' % config_volume)
pull_image(config_image)
dcmd = ['/usr/bin/docker', 'run',
'--user', 'root',
'--name', 'docker-puppet-%s' % config_volume,
'--health-cmd', '/bin/true',
'--env', 'PUPPET_TAGS=%s' % puppet_tags,
'--env', 'NAME=%s' % config_volume,
'--env', 'HOSTNAME=%s' % short_hostname(),
'--env', 'NO_ARCHIVE=%s' % os.environ.get('NO_ARCHIVE', ''),
'--env', 'STEP=%s' % os.environ.get('STEP', '6'),
'--volume', '%s:/etc/config.pp:ro' % tmp_man.name,
'--volume', '/etc/puppet/:/tmp/puppet-etc/:ro',
'--volume', '/usr/share/openstack-puppet/modules/:/usr/share/openstack-puppet/modules/:ro',
'--volume', '%s:/var/lib/config-data/:rw' % os.environ.get('CONFIG_VOLUME_PREFIX', '/var/lib/config-data'),
'--volume', 'tripleo_logs:/var/log/tripleo/',
# Syslog socket for puppet logs
'--volume', '/dev/log:/dev/log',
# OpenSSL trusted CA injection
'--volume', '/etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:ro',
'--volume', '/etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro',
'--volume', '/etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro',
'--volume', '/etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro',
# script injection
'--volume', '%s:%s:rw' % (sh_script, sh_script) ]
for volume in volumes:
if volume:
dcmd.extend(['--volume', volume])
dcmd.extend(['--entrypoint', sh_script])
env = {}
# NOTE(flaper87): Always copy the DOCKER_* environment variables as
# they contain the access data for the docker daemon.
for k in filter(lambda k: k.startswith('DOCKER'), os.environ.keys()):
env[k] = os.environ.get(k)
if os.environ.get('NET_HOST', 'false') == 'true':
log.debug('NET_HOST enabled')
dcmd.extend(['--net', 'host', '--volume',
'/etc/hosts:/etc/hosts:ro'])
dcmd.append(config_image)
log.debug('Running docker command: %s' % ' '.join(dcmd))
subproc = subprocess.Popen(dcmd, stdout=subprocess.PIPE,
stderr=subprocess.PIPE, env=env)
cmd_stdout, cmd_stderr = subproc.communicate()
# puppet with --detailed-exitcodes will return 0 for success and no changes
# and 2 for success and resource changes. Other numbers are failures
if subproc.returncode not in [0, 2]:
log.error('Failed running docker-puppet.py for %s' % config_volume)
if cmd_stdout:
log.error(cmd_stdout)
if cmd_stderr:
log.error(cmd_stderr)
else:
if cmd_stdout:
log.debug(cmd_stdout)
if cmd_stderr:
log.debug(cmd_stderr)
# only delete successful runs, for debugging
rm_container('docker-puppet-%s' % config_volume)
log.info('Finished processing puppet configs')
return subproc.returncode
# Holds all the information for each process to consume.
# Instead of starting them all linearly we run them using a process
# pool. This creates a list of arguments for the above function
# to consume.
process_map = []
for config_volume in configs:
service = configs[config_volume]
puppet_tags = service[1] or ''
manifest = service[2] or ''
config_image = service[3] or ''
volumes = service[4] if len(service) > 4 else []
if puppet_tags:
puppet_tags = "file,file_line,concat,augeas,cron,%s" % puppet_tags
else:
puppet_tags = "file,file_line,concat,augeas,cron"
process_map.append([config_volume, puppet_tags, manifest, config_image, volumes])
for p in process_map:
log.debug('- %s' % p)
# Fire off processes to perform each configuration. Defaults
# to the number of CPUs on the system.
p = multiprocessing.Pool(process_count)
returncodes = list(p.map(mp_puppet_config, process_map))
config_volumes = [pm[0] for pm in process_map]
success = True
for returncode, config_volume in zip(returncodes, config_volumes):
if returncode not in [0, 2]:
log.error('ERROR configuring %s' % config_volume)
success = False
# Update the startup configs with the config hash we generated above
config_volume_prefix = os.environ.get('CONFIG_VOLUME_PREFIX', '/var/lib/config-data')
log.debug('CONFIG_VOLUME_PREFIX: %s' % config_volume_prefix)
startup_configs = os.environ.get('STARTUP_CONFIG_PATTERN', '/var/lib/tripleo-config/docker-container-startup-config-step_*.json')
log.debug('STARTUP_CONFIG_PATTERN: %s' % startup_configs)
infiles = glob.glob('/var/lib/tripleo-config/docker-container-startup-config-step_*.json')
for infile in infiles:
with open(infile) as f:
infile_data = json.load(f)
for k, v in infile_data.iteritems():
config_volume = match_config_volume(config_volume_prefix, v)
if config_volume:
config_hash = get_config_hash(config_volume)
if config_hash:
env = v.get('environment', [])
env.append("TRIPLEO_CONFIG_HASH=%s" % config_hash)
log.debug("Updating config hash for %s, config_volume=%s hash=%s" % (k, config_volume, config_hash))
infile_data[k]['environment'] = env
outfile = os.path.join(os.path.dirname(infile), "hashed-" + os.path.basename(infile))
with open(outfile, 'w') as out_f:
os.chmod(out_f.name, 0600)
json.dump(infile_data, out_f)
if not success:
sys.exit(1)
openstack-tripleo-heat-templates/docker/docker-toool 0000755 0001750 0001750 00000016647 13245343355 022253 0 ustar stack stack #!/usr/bin/env python
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import argparse
import os
import shutil
import sys
import json
docker_cmd = '/bin/docker'
# Tool to start docker containers as configured via
# tripleo-heat-templates.
#
# This tool reads data from a json file generated from heat when the
# TripleO stack is run. All the configuration data used to start the
# containerized services is in this file.
#
# By default this tool lists all the containers that are started and
# their start order.
#
# If you wish to see the command line used to start a given container,
# specify it by name using the --container argument. --run can then be
# used with this to actually execute docker to run the container.\n
#
# Other options listed allow you to modify this command line for
# debugging purposes. For example:
#
# docker-toool -c swift-proxy -r -e /bin/bash -u root -i -n test
#
# will run the swift proxy container as user root, executing /bin/bash,
#
# named 'test', and will run interactively (eg -ti).
def parse_opts(argv):
parser = argparse.ArgumentParser("Tool to start docker containers via "
"TripleO configurations")
parser.add_argument('-f', '--config',
help="""File to use as docker startup configuration data.""",
default='/var/lib/docker-container-startup-configs.json')
parser.add_argument('-r', '--run',
action='store_true',
help="""Run the container as specified with --container.""",
default=False)
parser.add_argument('-e', '--command',
help="""Override the command used to run the container.""",
default='')
parser.add_argument('-c', '--container',
help="""Specify a container to run or show the command for.""",
default='')
parser.add_argument('-u', '--user',
help="""User to run container as.""",
default='')
parser.add_argument('-n', '--name',
help="""Name of container.""",
default='')
parser.add_argument('-i', '--interactive',
action='store_true',
help="""Start docker container interactively (-ti).""",
default=False)
parser.add_argument('-d', '--detach',
action='store_true',
help="""Start container detached.""",
default=False)
opts = parser.parse_args(argv[1:])
return opts
def docker_arg_map(key, value):
value = str(value).encode('ascii', 'ignore')
if len(value) == 0:
return ''
return {
'environment': "--env=%s" % value,
# 'image': value,
'net': "--net=%s" % value,
'pid': "--pid=%s" % value,
'privileged': "--privileged=%s" % value.lower(),
'user': "--user=%s" % value,
'volumes': "--volume=%s" % value,
'volumes_from': "--volumes-from=%s" % value,
}.get(key, None)
def run_docker_container(opts, container_name):
container_found = False
with open(opts.config) as f:
json_data = json.load(f)
for step in (json_data or []):
if step is None:
continue
for container in (json_data[step] or []):
if container == container_name:
print('container found: %s' % container)
container_found = True
# A few positional arguments:
command = ''
image = ''
cmd = [
docker_cmd,
'run',
'--name',
opts.name or container
]
for container_data in (json_data[step][container] or []):
if container_data == "environment":
for env in (json_data[step][container][container_data] or []):
arg = docker_arg_map("environment", env)
if arg:
cmd.append(arg)
elif container_data == "volumes":
for volume in (json_data[step][container][container_data] or []):
arg = docker_arg_map("volumes", volume)
if arg:
cmd.append(arg)
elif container_data == "volumes_from":
for volume in (json_data[step][container][container_data] or []):
arg = docker_arg_map("volumes_from", volume)
if arg:
cmd.append(arg)
elif container_data == 'command':
command = json_data[step][container][container_data]
elif container_data == 'image':
image = json_data[step][container][container_data]
else:
# Only add a restart if we're not interactive
if container_data == 'restart':
if opts.interactive:
continue
if container_data == 'user':
if opts.user:
continue
arg = docker_arg_map(container_data,
json_data[step][container][container_data])
if arg:
cmd.append(arg)
if opts.user:
cmd.append('--user')
cmd.append(opts.user)
if opts.detach:
cmd.append('--detach')
if opts.interactive:
cmd.append('-ti')
# May as well remove it when we're done too
cmd.append('--rm')
cmd.append(image)
if opts.command:
cmd.append(opts.command)
elif command:
cmd.extend(command)
print ' '.join(cmd)
if opts.run:
os.execl(docker_cmd, *cmd)
if not container_found:
print("Container '%s' not found!" % container_name)
def list_docker_containers(opts):
with open(opts.config) as f:
json_data = json.load(f)
for step in (json_data or []):
if step is None:
continue
for container in (json_data[step] or []):
print('\tcontainer: %s' % container)
for container_data in (json_data[step][container] or []):
if container_data == "start_order":
print('\t\tstart_order: %s' % json_data[step][container][container_data])
opts = parse_opts(sys.argv)
if opts.container:
run_docker_container(opts, opts.container)
else:
list_docker_containers(opts)
openstack-tripleo-heat-templates/docker/services/ 0000755 0001750 0001750 00000000000 13245343355 021531 5 ustar stack stack openstack-tripleo-heat-templates/docker/services/README.rst 0000644 0001750 0001750 00000014211 13245343355 023217 0 ustar stack stack ===============
Docker Services
===============
TripleO docker services are currently built on top of the puppet services.
To do this each of the docker services includes the output of the
t-h-t puppet/service templates where appropriate.
In general global docker specific service settings should reside in these
templates (templates in the docker/services directory.) The required and
optional items are specified in the docker settings section below.
If you are adding a config setting that applies to both docker and
baremetal that setting should (so long as we use puppet) go into the
puppet/services templates themselves.
Building Kolla Images
---------------------
TripleO currently relies on Kolla docker containers. Kolla supports container
customization and we are making use of this feature within TripleO to inject
puppet (our configuration tool of choice) into the Kolla base images. The
undercloud nova-scheduler also requires openstack-tripleo-common to
provide custom filters.
To build Kolla images for TripleO adjust your kolla config [*]_ to build your
centos base image with puppet using the example below:
.. code-block::
$ cat template-overrides.j2
{% extends parent_template %}
{% set base_centos_binary_packages_append = ['puppet'] %}
{% set nova_scheduler_packages_append = ['openstack-tripleo-common'] %}
kolla-build --base centos --template-override template-overrides.j2
..
.. [*] See the
`override file `_
which can be used to build Kolla packages that work with TripleO, and an
`example build script _.
Docker settings
---------------
Each service may define an output variable which returns a puppet manifest
snippet that will run at each of the following steps. Earlier manifests
are re-asserted when applying latter ones.
* config_settings: This setting is generally inherited from the
puppet/services templates and only need to be appended
to on accasion if docker specific config settings are required.
* step_config: This setting controls the manifest that is used to
create docker config files via puppet. The puppet tags below are
used along with this manifest to generate a config directory for
this container.
* kolla_config: Contains YAML that represents how to map config files
into the kolla container. This config file is typically mapped into
the container itself at the /var/lib/kolla/config_files/config.json
location and drives how kolla's external config mechanisms work.
* docker_config: Data that is passed to the docker-cmd hook to configure
a container, or step of containers at each step. See the available steps
below and the related docker-cmd hook documentation in the heat-agents
project.
* puppet_config: This section is a nested set of key value pairs
that drive the creation of config files using puppet.
Required parameters include:
* puppet_tags: Puppet resource tag names that are used to generate config
files with puppet. Only the named config resources are used to generate
a config file. Any service that specifies tags will have the default
tags of 'file,concat,file_line,augeas,cron' appended to the setting.
Example: keystone_config
* config_volume: The name of the volume (directory) where config files
will be generated for this service. Use this as the location to
bind mount into the running Kolla container for configuration.
* config_image: The name of the docker image that will be used for
generating configuration files. This is often the same container
that the runtime service uses. Some services share a common set of
config files which are generated in a common base container.
* step_config: This setting controls the manifest that is used to
create docker config files via puppet. The puppet tags below are
used along with this manifest to generate a config directory for
this container.
* docker_puppet_tasks: This section provides data to drive the
docker-puppet.py tool directly. The task is executed only once
within the cluster (not on each node) and is useful for several
puppet snippets we require for initialization of things like
keystone endpoints, database users, etc. See docker-puppet.py
for formatting.
Docker steps
------------
Similar to baremetal docker containers are brought up in a stepwise manner.
The current architecture supports bringing up baremetal services alongside
of containers. For each step the baremetal puppet manifests are executed
first and then any docker containers are brought up afterwards.
Steps correlate to the following:
Pre) Containers config files generated per hiera settings.
1) Load Balancer configuration baremetal
a) step 1 baremetal
b) step 1 containers
2) Core Services (Database/Rabbit/NTP/etc.)
a) step 2 baremetal
b) step 2 containers
3) Early Openstack Service setup (Ringbuilder, etc.)
a) step 3 baremetal
b) step 3 containers
4) General OpenStack Services
a) step 4 baremetal
b) step 4 containers
c) Keystone containers post initialization (tenant,service,endpoint creation)
5) Service activation (Pacemaker)
a) step 5 baremetal
b) step 5 containers
Update steps:
-------------
All services have an associated update_tasks output that is an ansible
snippet that will be run during update in an rolling update that is
expected to run in a rolling update fashion (one node at a time)
For Controller (where pacemaker is running) we have the following states:
1. Step=1: stop the cluster on the updated node;
2. Step=2: Pull the latest image and retag the it pcmklatest
3. Step=3: yum upgrade happens on the host.
4. Step=4: Restart the cluster on the node
5. Step=5: Verification:
Currently we test that the pacemaker services are running.
Then the usual deploy steps are run which pull in the latest image for
all containerized services and the updated configuration if any.
Note: as pacemaker is not containerized, the points 1 and 4 happen in
puppet/services/pacemaker.yaml.
openstack-tripleo-heat-templates/docker/services/nova-metadata.yaml 0000644 0001750 0001750 00000010135 13245343355 025136 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Nova Metadata service
parameters:
DockerNovaMetadataImage:
description: image
type: string
DockerNovaConfigImage:
description: The container image to use for the nova config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
resources:
ContainersCommon:
type: ./containers-common.yaml
NovaMetadataBase:
type: ../../puppet/services/nova-metadata.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Nova Metadata service.
value:
service_name: {get_attr: [NovaMetadataBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [NovaMetadataBase, role_data, config_settings]
logging_source: {get_attr: [NovaMetadataBase, role_data, logging_source]}
logging_groups: {get_attr: [NovaMetadataBase, role_data, logging_groups]}
step_config: &step_config
get_attr: [NovaMetadataBase, role_data, step_config]
service_config_settings: {get_attr: [NovaMetadataBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: nova
puppet_tags: nova_config
step_config: *step_config
config_image: {get_param: DockerNovaConfigImage}
kolla_config:
/var/lib/kolla/config_files/nova_metadata.json:
command: /usr/bin/nova-api-metadata
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/nova
owner: nova:nova
recurse: true
docker_config:
step_2:
nova_init_logs:
image: &nova_metadata_image {get_param: DockerNovaMetadataImage}
privileged: false
user: root
volumes:
- /var/log/containers/nova:/var/log/nova
command: ['/bin/bash', '-c', 'chown -R nova:nova /var/log/nova']
step_4:
nova_metadata:
start_order: 2
image: *nova_metadata_image
net: host
user: nova
privileged: true
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/nova_metadata.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/nova:/var/log/nova
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
metadata_settings:
get_attr: [NovaMetadataBase, role_data, metadata_settings]
host_prep_tasks:
- name: create persistent logs directory
file:
path: /var/log/containers/nova
state: directory
upgrade_tasks:
- name: Stop and disable nova_api service
tags: step2
service: name=openstack-nova-api state=stopped enabled=no
openstack-tripleo-heat-templates/docker/services/aodh-api.yaml 0000644 0001750 0001750 00000014052 13245343355 024101 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized aodh service
parameters:
DockerAodhApiImage:
description: image
type: string
DockerAodhConfigImage:
description: The container image to use for the aodh config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EnableInternalTLS:
type: boolean
default: false
UpgradeRemoveUnusedPackages:
default: false
description: Remove package if the service is being disabled during upgrade
type: boolean
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
ContainersCommon:
type: ./containers-common.yaml
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
AodhApiPuppetBase:
type: ../../puppet/services/aodh-api.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the aodh API role.
value:
service_name: {get_attr: [AodhApiPuppetBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [AodhApiPuppetBase, role_data, config_settings]
- apache::default_vhost: false
logging_source: {get_attr: [AodhApiPuppetBase, role_data, logging_source]}
logging_groups: {get_attr: [AodhApiPuppetBase, role_data, logging_groups]}
step_config: &step_config
list_join:
- "\n"
- - {get_attr: [AodhApiPuppetBase, role_data, step_config]}
- {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [AodhApiPuppetBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: aodh
puppet_tags: aodh_api_paste_ini,aodh_config
step_config: *step_config
config_image: {get_param: DockerAodhConfigImage}
kolla_config:
/var/lib/kolla/config_files/aodh_api.json:
command: /usr/sbin/httpd -DFOREGROUND
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/aodh
owner: aodh:aodh
recurse: true
docker_config:
# db sync runs before permissions set by kolla_config
step_2:
aodh_init_log:
image: &aodh_api_image {get_param: DockerAodhApiImage}
user: root
volumes:
- /var/log/containers/aodh:/var/log/aodh
- /var/log/containers/httpd/aodh-api:/var/log/httpd
command: ['/bin/bash', '-c', 'chown -R aodh:aodh /var/log/aodh']
step_3:
aodh_db_sync:
image: *aodh_api_image
net: host
privileged: false
detach: false
user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/aodh/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro
- /var/log/containers/aodh:/var/log/aodh
- /var/log/containers/httpd/aodh-api:/var/log/httpd
command: "/usr/bin/bootstrap_host_exec aodh_api su aodh -s /bin/bash -c /usr/bin/aodh-dbsync"
step_4:
aodh_api:
image: *aodh_api_image
net: host
privileged: false
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/aodh_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/aodh/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/aodh:/var/log/aodh
- /var/log/containers/httpd/aodh-api:/var/log/httpd
-
if:
- internal_tls_enabled
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
- ''
-
if:
- internal_tls_enabled
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
- ''
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent logs directory
file:
path: "{{ item }}"
state: directory
with_items:
- /var/log/containers/aodh
- /var/log/containers/httpd/aodh-api
upgrade_tasks:
- name: Stop and disable aodh service (running under httpd)
tags: step2
service: name=httpd state=stopped enabled=no
- name: Remove openstack-aodh-api package if operator requests it
yum: name=openstack-aodh-api state=removed
tags: step2
ignore_errors: True
when: {get_param: UpgradeRemoveUnusedPackages}
metadata_settings:
get_attr: [AodhApiPuppetBase, role_data, metadata_settings]
openstack-tripleo-heat-templates/docker/services/opendaylight-api.yaml 0000644 0001750 0001750 00000010032 13245343355 025647 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized OpenDaylight API service
parameters:
DockerOpendaylightApiImage:
description: image
type: string
DockerOpendaylightConfigImage:
description: image
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
resources:
ContainersCommon:
type: ./containers-common.yaml
OpenDaylightBase:
type: ../../puppet/services/opendaylight-api.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the OpenDaylight API role.
value:
service_name: {get_attr: [OpenDaylightBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [OpenDaylightBase, role_data, config_settings]
logging_source: {get_attr: [OpenDaylightBase, role_data, logging_source]}
logging_groups: {get_attr: [OpenDaylightBase, role_data, logging_groups]}
step_config: &step_config
get_attr: [OpenDaylightBase, role_data, step_config]
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: opendaylight
# 'file,concat,file_line,augeas' are included by default
puppet_tags: odl_user
step_config: *step_config
config_image: {get_param: DockerOpendaylightConfigImage}
kolla_config:
/var/lib/kolla/config_files/opendaylight_api.json:
command: /opt/opendaylight/bin/karaf
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /opt/opendaylight
owner: odl:odl
recurse: true
docker_config:
step_1:
opendaylight_api:
start_order: 0
image: &odl_api_image {get_param: DockerOpendaylightApiImage}
privileged: false
net: host
detach: true
user: odl
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/opendaylight_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/opendaylight/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/opendaylight:/opt/opendaylight/data/log
- /var/lib/opendaylight/journal:/opt/opendaylight/journal
- /var/lib/opendaylight/snapshots:/opt/opendaylight/snapshots
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent directories
file:
path: "{{ item }}"
state: directory
with_items:
- /var/log/containers/opendaylight
- /var/lib/opendaylight/snapshots
- /var/lib/opendaylight/journal
upgrade_tasks:
- name: Stop and disable opendaylight_api service
tags: step2
service: name=opendaylight state=stopped enabled=no openstack-tripleo-heat-templates/docker/services/aodh-evaluator.yaml 0000644 0001750 0001750 00000010377 13245343355 025340 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Aodh Evaluator service
parameters:
DockerAodhEvaluatorImage:
description: image
type: string
DockerAodhConfigImage:
description: The container image to use for the aodh config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
UpgradeRemoveUnusedPackages:
default: false
description: Remove package if the service is being disabled during upgrade
type: boolean
resources:
ContainersCommon:
type: ./containers-common.yaml
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
AodhEvaluatorBase:
type: ../../puppet/services/aodh-evaluator.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Aodh API role.
value:
service_name: {get_attr: [AodhEvaluatorBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [AodhEvaluatorBase, role_data, config_settings]
logging_source: {get_attr: [AodhEvaluatorBase, role_data, logging_source]}
logging_groups: {get_attr: [AodhEvaluatorBase, role_data, logging_groups]}
step_config: &step_config
list_join:
- "\n"
- - {get_attr: [AodhEvaluatorBase, role_data, step_config]}
- {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [AodhEvaluatorBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: aodh
puppet_tags: aodh_config
step_config: *step_config
config_image: {get_param: DockerAodhConfigImage}
kolla_config:
/var/lib/kolla/config_files/aodh_evaluator.json:
command: /usr/bin/aodh-evaluator
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/aodh
owner: aodh:aodh
recurse: true
docker_config:
step_4:
aodh_evaluator:
image: {get_param: DockerAodhEvaluatorImage}
net: host
privileged: false
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/aodh_evaluator.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/aodh/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/aodh:/var/log/aodh
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent logs directory
file:
path: /var/log/containers/aodh
state: directory
upgrade_tasks:
- name: Stop and disable openstack-aodh-evaluator service
tags: step2
service: name=openstack-aodh-evaluator.service state=stopped enabled=no
- name: Remove openstack-aodh-evaluator package if operator requests it
yum: name=openstack-aodh-evaluator state=removed
tags: step2
ignore_errors: True
when: {get_param: UpgradeRemoveUnusedPackages}
openstack-tripleo-heat-templates/docker/services/rabbitmq.yaml 0000644 0001750 0001750 00000021124 13245343355 024216 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Rabbitmq service
parameters:
DockerRabbitmqImage:
description: image
type: string
DockerRabbitmqConfigImage:
description: The container image to use for the rabbitmq config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
RabbitCookie:
type: string
default: ''
hidden: true
EnableInternalTLS:
type: boolean
default: false
InternalTLSCAFile:
default: '/etc/ipa/ca.crt'
type: string
description: Specifies the default CA cert to use if TLS is used for
services in the internal network.
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
ContainersCommon:
type: ./containers-common.yaml
RabbitmqBase:
type: ../../puppet/services/rabbitmq.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Rabbitmq API role.
value:
service_name: {get_attr: [RabbitmqBase, role_data, service_name]}
# RabbitMQ plugins initialization occurs on every node
config_settings:
map_merge:
- {get_attr: [RabbitmqBase, role_data, config_settings]}
- rabbitmq::admin_enable: false
- if:
- internal_tls_enabled
- tripleo::certmonger::rabbitmq::postsave_cmd: "true" # TODO: restart the rabbitmq container here
- {}
logging_source: {get_attr: [RabbitmqBase, role_data, logging_source]}
logging_groups: {get_attr: [RabbitmqBase, role_data, logging_groups]}
step_config: &step_config
list_join:
- "\n"
- - "['Rabbitmq_policy', 'Rabbitmq_user'].each |String $val| { noop_resource($val) }"
- get_attr: [RabbitmqBase, role_data, step_config]
service_config_settings: {get_attr: [RabbitmqBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: rabbitmq
step_config: *step_config
config_image: &rabbitmq_config_image {get_param: DockerRabbitmqConfigImage}
kolla_config:
/var/lib/kolla/config_files/rabbitmq.json:
command: /usr/lib/rabbitmq/bin/rabbitmq-server
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
- source: "/var/lib/kolla/config_files/src-tls/*"
dest: "/"
merge: true
preserve_properties: true
optional: true
permissions:
- path: /var/lib/rabbitmq
owner: rabbitmq:rabbitmq
recurse: true
- path: /etc/pki/tls/certs/rabbitmq.crt
owner: rabbitmq:rabbitmq
optional: true
- path: /etc/pki/tls/private/rabbitmq.key
owner: rabbitmq:rabbitmq
optional: true
docker_config:
# Kolla_bootstrap runs before permissions set by kolla_config
step_1:
rabbitmq_init_logs:
start_order: 0
detach: false
image: &rabbitmq_image {get_param: DockerRabbitmqImage}
privileged: false
user: root
volumes:
- /var/log/containers/rabbitmq:/var/log/rabbitmq
command: ['/bin/bash', '-c', 'chown -R rabbitmq:rabbitmq /var/log/rabbitmq']
rabbitmq_bootstrap:
start_order: 1
detach: false
image: *rabbitmq_image
net: host
privileged: false
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/rabbitmq/:/var/lib/kolla/config_files/src:ro
- /var/lib/rabbitmq:/var/lib/rabbitmq
- /var/log/containers/rabbitmq:/var/log/rabbitmq
- if:
- internal_tls_enabled
-
- list_join:
- ':'
- - {get_param: InternalTLSCAFile}
- {get_param: InternalTLSCAFile}
- 'ro'
- /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro
- /etc/pki/tls/private/rabbitmq.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/rabbitmq.key:ro
- null
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
- KOLLA_BOOTSTRAP=True
-
list_join:
- '='
- - 'RABBITMQ_CLUSTER_COOKIE'
-
yaql:
expression: $.data.passwords.where($ != '').first()
data:
passwords:
- {get_param: RabbitCookie}
- {get_param: [DefaultPasswords, rabbit_cookie]}
rabbitmq:
start_order: 2
image: *rabbitmq_image
net: host
privileged: false
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/rabbitmq/:/var/lib/kolla/config_files/src:ro
- /var/lib/rabbitmq:/var/lib/rabbitmq
- /var/log/containers/rabbitmq:/var/log/rabbitmq
- if:
- internal_tls_enabled
-
- list_join:
- ':'
- - {get_param: InternalTLSCAFile}
- {get_param: InternalTLSCAFile}
- 'ro'
- /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro
- /etc/pki/tls/private/rabbitmq.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/rabbitmq.key:ro
- null
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
docker_puppet_tasks:
# RabbitMQ users and policies initialization occurs only on single node
step_1:
config_volume: 'rabbit_init_tasks'
puppet_tags: 'rabbitmq_policy,rabbitmq_user'
step_config: 'include ::tripleo::profile::base::rabbitmq'
config_image: *rabbitmq_config_image
volumes:
- /var/lib/config-data/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/:ro
- /var/lib/rabbitmq:/var/lib/rabbitmq:ro
metadata_settings:
get_attr: [RabbitmqBase, role_data, metadata_settings]
host_prep_tasks:
- name: create persistent directories
file:
path: "{{ item }}"
state: directory
with_items:
- /var/log/containers/rabbitmq
- /var/lib/rabbitmq
upgrade_tasks:
- name: Stop and disable rabbitmq service
tags: step2
service: name=rabbitmq-server state=stopped enabled=no
update_tasks:
# TODO: Are we sure we want to support this. Rolling update
# without pacemaker may fail. Do we test this ? In any case,
# this is under paunch control so the latest image should be
# pulled in by the deploy steps. Same question for other
# usually managed by pacemaker container.
openstack-tripleo-heat-templates/docker/services/aodh-listener.yaml 0000644 0001750 0001750 00000010354 13245343355 025156 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Aodh Listener service
parameters:
DockerAodhListenerImage:
description: image
type: string
DockerAodhConfigImage:
description: The container image to use for the aodh config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
UpgradeRemoveUnusedPackages:
default: false
description: Remove package if the service is being disabled during upgrade
type: boolean
resources:
ContainersCommon:
type: ./containers-common.yaml
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
AodhListenerBase:
type: ../../puppet/services/aodh-listener.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Aodh API role.
value:
service_name: {get_attr: [AodhListenerBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [AodhListenerBase, role_data, config_settings]
logging_source: {get_attr: [AodhListenerBase, role_data, logging_source]}
logging_groups: {get_attr: [AodhListenerBase, role_data, logging_groups]}
step_config: &step_config
list_join:
- "\n"
- - {get_attr: [AodhListenerBase, role_data, step_config]}
- {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [AodhListenerBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: aodh
puppet_tags: aodh_config
step_config: *step_config
config_image: {get_param: DockerAodhConfigImage}
kolla_config:
/var/lib/kolla/config_files/aodh_listener.json:
command: /usr/bin/aodh-listener
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/aodh
owner: aodh:aodh
recurse: true
docker_config:
step_4:
aodh_listener:
image: {get_param: DockerAodhListenerImage}
net: host
privileged: false
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/aodh_listener.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/aodh/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/aodh:/var/log/aodh
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent logs directory
file:
path: /var/log/containers/aodh
state: directory
upgrade_tasks:
- name: Stop and disable openstack-aodh-listener service
tags: step2
service: name=openstack-aodh-listener.service state=stopped enabled=no
- name: Remove openstack-aodh-listener package if operator requests it
yum: name=openstack-aodh-listener state=removed
tags: step2
ignore_errors: True
when: {get_param: UpgradeRemoveUnusedPackages}
openstack-tripleo-heat-templates/docker/services/ovn-dbs.yaml 0000644 0001750 0001750 00000020051 13245343355 023763 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Ovn DBs service
parameters:
DockerOvnNbDbImage:
description: image
type: string
DockerOvnSbDbImage:
description: image
type: string
DockerOvnNorthdImage:
description: image
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
resources:
ContainersCommon:
type: ./containers-common.yaml
OVNDbsBase:
type: ../../puppet/services/ovn-dbs.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the OVN Dbs role.
value:
service_name: {get_attr: [OVNDbsBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [OVNDbsBase, role_data, config_settings]
logging_source: {get_attr: [OVNDbsBase, role_data, logging_source]}
logging_groups: {get_attr: [OVNDbsBase, role_data, logging_groups]}
step_config: &step_config
get_attr: [OVNDbsBase, role_data, step_config]
# BEGIN DOCKER SETTINGS
# puppet_config is not required for this service since we configure
# the NB and SB DB servers to listen on the proper IP address/port
# in the docker_config section.
# puppet_config is defined to satisfy the pep8 validations.
puppet_config:
config_volume: ''
config_image: ''
step_config: *step_config
kolla_config:
/var/lib/kolla/config_files/ovn_north_db_server.json:
command:
list_join:
- ' '
- - '/usr/sbin/ovsdb-server'
- '/var/lib/openvswitch/ovnnb.db'
- '--pidfile=/run/openvswitch/ovnnb_db.pid'
- '-vconsole:emer -vsyslog:err -vfile:info'
- '--remote=punix:/run/openvswitch/ovnnb_db.sock'
- '--unixctl=/run/openvswitch/ovnnb_db.ctl'
- '--remote=db:OVN_Northbound,NB_Global,connections'
- '--private-key=db:OVN_Northbound,SSL,private_key'
- '--certificate=db:OVN_Northbound,SSL,certificate'
- '--ca-cert=db:OVN_Northbound,SSL,ca_cert'
- '--log-file=/var/log/openvswitch/ovsdb-server-nb.log'
permissions:
- path: /var/log/openvswitch
owner: root:root
recurse: true
/var/lib/kolla/config_files/ovn_south_db_server.json:
command:
list_join:
- ' '
- - '/usr/sbin/ovsdb-server'
- '/var/lib/openvswitch/ovnsb.db'
- '--pidfile=/run/openvswitch/ovnsb_db.pid'
- '-vconsole:emer -vsyslog:err -vfile:info'
- '--remote=punix:/run/openvswitch/ovnsb_db.sock'
- '--unixctl=/run/openvswitch/ovnsb_db.ctl'
- '--remote=db:OVN_Southbound,SB_Global,connections'
- '--private-key=db:OVN_Southbound,SSL,private_key'
- '--certificate=db:OVN_Southbound,SSL,certificate'
- '--ca-cert=db:OVN_Southbound,SSL,ca_cert'
- '--log-file=/var/log/openvswitch/ovsdb-server-sb.log'
permissions:
- path: /var/log/openvswitch
owner: root:root
recurse: true
/var/lib/kolla/config_files/ovn_northd.json:
command:
list_join:
- ' '
- - '/usr/bin/ovn-northd -vconsole:emer -vsyslog:err -vfile:info'
- '--ovnnb-db=unix:/run/openvswitch/ovnnb_db.sock'
- '--ovnsb-db=unix:/run/openvswitch/ovnsb_db.sock'
- '--log-file=/var/log/openvswitch/ovn-northd.log'
- '--pidfile=/run/openvswitch/ovn-northd.pid'
permissions:
- path: /var/log/openvswitch
owner: root:root
recurse: true
docker_config:
step_4:
ovn_north_db_server:
start_order: 0
image: {get_param: DockerOvnNbDbImage}
net: host
privileged: false
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ovn_north_db_server.json:/var/lib/kolla/config_files/config.json:ro
- /lib/modules:/lib/modules:ro
- /var/lib/openvswitch/ovn:/var/lib/openvswitch
- /var/lib/openvswitch/ovn:/run/openvswitch
- /var/log/containers/openvswitch:/var/log/openvswitch
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
ovn_south_db_server:
start_order: 0
image: {get_param: DockerOvnSbDbImage}
net: host
privileged: false
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ovn_south_db_server.json:/var/lib/kolla/config_files/config.json:ro
- /lib/modules:/lib/modules:ro
- /var/lib/openvswitch/ovn:/var/lib/openvswitch
- /var/lib/openvswitch/ovn:/run/openvswitch
- /var/log/containers/openvswitch:/var/log/openvswitch
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
configure_ovn_north_db_server:
start_order: 1
action: exec
user: root
command: ['ovn_north_db_server', '/bin/bash', '-c', 'DBS_LISTEN_IP=`hiera ovn::northd::dbs_listen_ip -c /etc/puppet/hiera.yaml`; NB_DB_PORT=`hiera ovn::northbound::port -c /etc/puppet/hiera.yaml`; /usr/bin/bootstrap_host_exec ovn_dbs ovn-nbctl set-connection ptcp:$NB_DB_PORT:$DBS_LISTEN_IP']
configure_ovn_south_db_server:
start_order: 1
action: exec
user: root
command: ['ovn_south_db_server', '/bin/bash', '-c', 'DBS_LISTEN_IP=`hiera ovn::northd::dbs_listen_ip -c /etc/puppet/hiera.yaml`; SB_DB_PORT=`hiera ovn::southbound::port -c /etc/puppet/hiera.yaml`; /usr/bin/bootstrap_host_exec ovn_dbs ovn-sbctl set-connection ptcp:$SB_DB_PORT:$DBS_LISTEN_IP']
ovn_northd:
start_order: 2
image: {get_param: DockerOvnNorthdImage}
net: host
privileged: false
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ovn_northd.json:/var/lib/kolla/config_files/config.json:ro
- /lib/modules:/lib/modules:ro
- /var/lib/openvswitch/ovn:/run/openvswitch
- /var/log/containers/openvswitch:/var/log/openvswitch
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent directories
file:
path: "{{ item }}"
state: directory
with_items:
- /var/log/containers/openvswitch
- /var/lib/openvswitch/ovn
upgrade_tasks:
- name: Stop and disable ovn-northd service
tags: step2
service: name=ovn-northd state=stopped enabled=no
openstack-tripleo-heat-templates/docker/services/aodh-notifier.yaml 0000644 0001750 0001750 00000010354 13245343355 025150 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Aodh Notifier service
parameters:
DockerAodhNotifierImage:
description: image
type: string
DockerAodhConfigImage:
description: The container image to use for the aodh config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
UpgradeRemoveUnusedPackages:
default: false
description: Remove package if the service is being disabled during upgrade
type: boolean
resources:
ContainersCommon:
type: ./containers-common.yaml
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
AodhNotifierBase:
type: ../../puppet/services/aodh-notifier.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Aodh API role.
value:
service_name: {get_attr: [AodhNotifierBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [AodhNotifierBase, role_data, config_settings]
logging_source: {get_attr: [AodhNotifierBase, role_data, logging_source]}
logging_groups: {get_attr: [AodhNotifierBase, role_data, logging_groups]}
step_config: &step_config
list_join:
- "\n"
- - {get_attr: [AodhNotifierBase, role_data, step_config]}
- {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [AodhNotifierBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: aodh
puppet_tags: aodh_config
step_config: *step_config
config_image: {get_param: DockerAodhConfigImage}
kolla_config:
/var/lib/kolla/config_files/aodh_notifier.json:
command: /usr/bin/aodh-notifier
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/aodh
owner: aodh:aodh
recurse: true
docker_config:
step_4:
aodh_notifier:
image: {get_param: DockerAodhNotifierImage}
net: host
privileged: false
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/aodh_notifier.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/aodh/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/aodh:/var/log/aodh
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent logs directory
file:
path: /var/log/containers/aodh
state: directory
upgrade_tasks:
- name: Stop and disable openstack-aodh-notifier service
tags: step2
service: name=openstack-aodh-notifier.service state=stopped enabled=no
- name: Remove openstack-aodh-notifier package if operator requests it
yum: name=openstack-aodh-notifier state=removed
tags: step2
ignore_errors: True
when: {get_param: UpgradeRemoveUnusedPackages}
openstack-tripleo-heat-templates/docker/services/pacemaker/ 0000755 0001750 0001750 00000000000 13245343355 023461 5 ustar stack stack openstack-tripleo-heat-templates/docker/services/pacemaker/cinder-backup.yaml 0000644 0001750 0001750 00000023477 13245343355 027071 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Cinder Backup service
parameters:
DockerCinderBackupImage:
description: image
type: string
DockerCinderConfigImage:
description: The container image to use for the cinder config_volume
type: string
CinderBackupBackend:
default: swift
description: The short name of the Cinder Backup backend to use.
type: string
constraints:
- allowed_values: ['swift', 'ceph']
CinderBackupRbdPoolName:
default: backups
type: string
CephClientUserName:
default: openstack
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
resources:
MySQLClient:
type: ../../../puppet/services/database/mysql-client.yaml
CinderBackupBase:
type: ../../../puppet/services/cinder-backup.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
CinderBackupBackend: {get_param: CinderBackupBackend}
CinderBackupRbdPoolName: {get_param: CinderBackupRbdPoolName}
CephClientUserName: {get_param: CephClientUserName}
outputs:
role_data:
description: Role data for the Cinder Backup role.
value:
service_name: {get_attr: [CinderBackupBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [CinderBackupBase, role_data, config_settings]
- tripleo::profile::pacemaker::cinder::backup_bundle::cinder_backup_docker_image: &cinder_backup_image_pcmklatest
list_join:
- ':'
- - yaql:
data: {get_param: DockerCinderBackupImage}
expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0]
- 'pcmklatest'
cinder::backup::manage_service: false
cinder::backup::enabled: false
logging_source: {get_attr: [CinderBackupBase, role_data, logging_source]}
logging_groups: {get_attr: [CinderBackupBase, role_data, logging_groups]}
step_config: &step_config
list_join:
- "\n"
- - {get_attr: [CinderBackupBase, role_data, step_config]}
- {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [CinderBackupBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: cinder
puppet_tags: cinder_config,file,concat,file_line
step_config: *step_config
config_image: {get_param: DockerCinderConfigImage}
kolla_config:
/var/lib/kolla/config_files/cinder_backup.json:
command: /usr/bin/cinder-backup --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
- source: "/var/lib/kolla/config_files/src-ceph/"
dest: "/etc/ceph/"
merge: true
preserve_properties: true
- source: "/var/lib/kolla/config_files/src-iscsid/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/lib/cinder
owner: cinder:cinder
recurse: true
- path: /var/log/cinder
owner: cinder:cinder
recurse: true
docker_config:
step_1:
cinder_backup_image_tag:
start_order: 1
detach: false
net: host
user: root
command:
- '/bin/bash'
- '-c'
- str_replace:
template:
"/usr/bin/docker tag 'CINDERBACKUP_IMAGE' 'CINDERBACKUP_IMAGE_PCMKLATEST'"
params:
CINDERBACKUP_IMAGE: {get_param: DockerCinderBackupImage}
CINDERBACKUP_IMAGE_PCMKLATEST: *cinder_backup_image_pcmklatest
image: {get_param: DockerCinderBackupImage}
volumes:
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
- /dev/shm:/dev/shm:rw
- /etc/sysconfig/docker:/etc/sysconfig/docker:ro
- /usr/bin:/usr/bin:ro
- /var/run/docker.sock:/var/run/docker.sock:rw
step_3:
cinder_backup_init_logs:
start_order: 0
image: {get_param: DockerCinderBackupImage}
privileged: false
user: root
volumes:
- /var/log/containers/cinder:/var/log/cinder
command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder']
step_5:
cinder_backup_init_bundle:
start_order: 1
detach: false
net: host
user: root
command:
- '/bin/bash'
- '-c'
- str_replace:
template:
list_join:
- '; '
- - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 5}' > /etc/puppet/hieradata/docker.json"
- "FACTER_uuid=docker puppet apply --tags file_line,concat,augeas,TAGS --debug -v -e 'CONFIG'"
params:
TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::constraint::location'
CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::cinder::backup_bundle'
image: {get_param: DockerCinderBackupImage}
volumes:
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
- /etc/puppet:/tmp/puppet-etc:ro
- /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
- /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro
- /dev/shm:/dev/shm:rw
host_prep_tasks:
- name: create persistent directories
file:
path: "{{ item }}"
state: directory
with_items:
- /var/lib/cinder
- /var/log/containers/cinder
- name: ensure ceph configurations exist
file:
path: /etc/ceph
state: directory
upgrade_tasks:
- name: get bootstrap nodeid
tags: common
command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid
register: bootstrap_node
- name: set is_bootstrap_node fact
tags: common
set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}}
- name: Disable the openstack-cinder-backup cluster resource
tags: step2
pacemaker_resource:
resource: openstack-cinder-backup
state: disable
wait_for_resource: true
register: output
retries: 5
until: output.rc == 0
when: is_bootstrap_node
- name: Delete the stopped openstack-cinder-backup cluster resource.
tags: step2
pacemaker_resource:
resource: openstack-cinder-backup
state: delete
wait_for_resource: true
register: output
retries: 5
until: output.rc == 0
when: is_bootstrap_node
- name: Disable cinder_backup service
tags: step2
service: name=openstack-cinder-backup enabled=no
update_tasks:
- name: Get docker Cinder-Backup image
set_fact:
docker_image: {get_param: DockerCinderBackupImage}
docker_image_latest: *cinder_backup_image_pcmklatest
when: step == '2'
- name: Pull latest Cinder-Backup images
command: "docker pull {{docker_image}}"
when: step == "2"
- name: Get previous Cinder-Backup image id
shell: "docker images | awk '/cinder-backup.* pcmklatest/{print $3}'"
register: cinder_backup_image_id
- block:
- name: Get a list of container using Cinder-Backup image
shell: "docker ps -q -f 'ancestor={{cinder_backup_image_id.stdout}}'"
register: cinder_backup_containers_to_destroy
# It will be recreated with the delpoy step.
- name: Remove any container using the same Cinder-Backup image
shell: "docker rm -fv {{item}}"
with_items: "{{ cinder_backup_containers_to_destroy.stdout_lines }}"
- name: Remove previous Cinder-Backup images
shell: "docker rmi -f {{cinder_backup_image_id.stdout}}"
when:
- step == '2'
- cinder_backup_image_id.stdout != ''
- name: Retag pcmklatest to latest Cinder-Backup image
shell: "docker tag {{docker_image}} {{docker_image_latest}}"
when: step == "2"
# Got to check that pacemaker_is_active is working fine with bundle.
# TODO: pacemaker_is_active resource doesn't support bundle.
openstack-tripleo-heat-templates/docker/services/pacemaker/cinder-volume.yaml 0000644 0001750 0001750 00000025455 13245343355 027131 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Cinder Volume service
parameters:
DockerCinderVolumeImage:
description: image
type: string
DockerCinderConfigImage:
description: The container image to use for the cinder config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
# custom parameters for the Cinder volume role
CinderEnableIscsiBackend:
default: true
description: Whether to enable or not the Iscsi backend for Cinder
type: boolean
CinderLVMLoopDeviceSize:
default: 10280
description: The size of the loopback file used by the cinder LVM driver.
type: number
resources:
MySQLClient:
type: ../../../puppet/services/database/mysql-client.yaml
CinderBase:
type: ../../../puppet/services/cinder-volume.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Cinder Volume role.
value:
service_name: {get_attr: [CinderBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [CinderBase, role_data, config_settings]
- tripleo::profile::base::lvm::enable_udev: false
tripleo::profile::pacemaker::cinder::volume_bundle::cinder_volume_docker_image: &cinder_volume_image_pcmklatest
list_join:
- ':'
- - yaql:
data: {get_param: DockerCinderVolumeImage}
expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0]
- 'pcmklatest'
cinder::volume::manage_service: false
cinder::volume::enabled: false
cinder::host: hostgroup
logging_source: {get_attr: [CinderBase, role_data, logging_source]}
logging_groups: {get_attr: [CinderBase, role_data, logging_groups]}
step_config: &step_config
list_join:
- "\n"
- - "include ::tripleo::profile::base::lvm"
- get_attr: [CinderBase, role_data, step_config]
- get_attr: [MySQLClient, role_data, step_config]
service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: cinder
puppet_tags: cinder_config,file,concat,file_line
step_config: *step_config
config_image: {get_param: DockerCinderConfigImage}
kolla_config:
/var/lib/kolla/config_files/cinder_volume.json:
command: /usr/bin/cinder-volume --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
- source: "/var/lib/kolla/config_files/src-ceph/"
dest: "/etc/ceph/"
merge: true
preserve_properties: true
- source: "/var/lib/kolla/config_files/src-iscsid/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/cinder
owner: cinder:cinder
recurse: true
docker_config:
step_1:
cinder_volume_image_tag:
start_order: 1
detach: false
net: host
user: root
command:
- '/bin/bash'
- '-c'
- str_replace:
template:
"/usr/bin/docker tag 'CINDERVOLUME_IMAGE' 'CINDERVOLUME_IMAGE_PCMKLATEST'"
params:
CINDERVOLUME_IMAGE: {get_param: DockerCinderVolumeImage}
CINDERVOLUME_IMAGE_PCMKLATEST: *cinder_volume_image_pcmklatest
image: {get_param: DockerCinderVolumeImage}
volumes:
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
- /dev/shm:/dev/shm:rw
- /etc/sysconfig/docker:/etc/sysconfig/docker:ro
- /usr/bin:/usr/bin:ro
- /var/run/docker.sock:/var/run/docker.sock:rw
step_3:
cinder_volume_init_logs:
start_order: 0
image: {get_param: DockerCinderVolumeImage}
privileged: false
user: root
volumes:
- /var/log/containers/cinder:/var/log/cinder
command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder']
step_5:
cinder_volume_init_bundle:
start_order: 0
detach: false
net: host
user: root
command:
- '/bin/bash'
- '-c'
- str_replace:
template:
list_join:
- '; '
- - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 5}' > /etc/puppet/hieradata/docker.json"
- "FACTER_uuid=docker puppet apply --tags file_line,concat,augeas,TAGS --debug -v -e 'CONFIG'"
params:
TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::constraint::location'
CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::cinder::volume_bundle'
image: {get_param: DockerCinderVolumeImage}
volumes:
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
- /etc/puppet:/tmp/puppet-etc:ro
- /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
- /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro
- /dev/shm:/dev/shm:rw
host_prep_tasks:
- name: create persistent directories
file:
path: "{{ item }}"
state: directory
with_items:
- /var/log/containers/cinder
- /var/lib/cinder
- name: ensure ceph configurations exist
file:
path: /etc/ceph
state: directory
- name: cinder_enable_iscsi_backend fact
set_fact:
cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend}
- name: cinder create LVM volume group dd
command:
list_join:
- ''
- - 'dd if=/dev/zero of=/var/lib/cinder/cinder-volumes bs=1 count=0 seek='
- str_replace:
template: VALUE
params:
VALUE: {get_param: CinderLVMLoopDeviceSize}
- 'M'
args:
creates: /var/lib/cinder/cinder-volumes
when: cinder_enable_iscsi_backend
- name: cinder create LVM volume group
shell: |
if ! losetup /dev/loop2; then
losetup /dev/loop2 /var/lib/cinder/cinder-volumes
fi
if ! pvdisplay | grep cinder-volumes; then
pvcreate /dev/loop2
fi
if ! vgdisplay | grep cinder-volumes; then
vgcreate cinder-volumes /dev/loop2
fi
args:
executable: /bin/bash
creates: /dev/loop2
when: cinder_enable_iscsi_backend
upgrade_tasks:
- name: get bootstrap nodeid
tags: common
command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid
register: bootstrap_node
- name: set is_bootstrap_node fact
tags: common
set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}}
- name: Disable the openstack-cinder-volume cluster resource
tags: step2
pacemaker_resource:
resource: openstack-cinder-volume
state: disable
wait_for_resource: true
register: output
retries: 5
until: output.rc == 0
when: is_bootstrap_node
- name: Delete the stopped openstack-cinder-volume cluster resource.
tags: step2
pacemaker_resource:
resource: openstack-cinder-volume
state: delete
wait_for_resource: true
register: output
retries: 5
until: output.rc == 0
when: is_bootstrap_node
- name: Disable cinder_volume service from boot
tags: step2
service: name=openstack-cinder-volume enabled=no
update_tasks:
- name: Get docker Cinder-Volume image
set_fact:
docker_image: {get_param: DockerCinderVolumeImage}
docker_image_latest: *cinder_volume_image_pcmklatest
when: step == '2'
- name: Get previous Cinder-Volume image id
shell: "docker images | awk '/cinder-volume.* pcmklatest/{print $3}'"
register: cinder_volume_image_id
- block:
- name: Get a list of container using Cinder-Volume image
shell: "docker ps -q -f 'ancestor={{cinder_volume_image_id.stdout}}'"
register: cinder_volume_containers_to_destroy
# It will be recreated with the delpoy step.
- name: Remove any container using the same Cinder-Volume image
shell: "docker rm -fv {{item}}"
with_items: "{{ cinder_volume_containers_to_destroy.stdout_lines }}"
- name: Remove previous Cinder-Volume images
shell: "docker rmi -f {{cinder_volume_image_id.stdout}}"
when:
- step == '2'
- cinder_volume_image_id.stdout != ''
- name: Pull latest Cinder-Volume images
command: "docker pull {{docker_image}}"
when: step == "2"
- name: Retag pcmklatest to latest Cinder-Volume image
shell: "docker tag {{docker_image}} {{docker_image_latest}}"
when: step == "2"
# Got to check that pacemaker_is_active is working fine with bundle.
# TODO: pacemaker_is_active resource doesn't support bundle.
openstack-tripleo-heat-templates/docker/services/pacemaker/clustercheck.yaml 0000644 0001750 0001750 00000007125 13245343355 027031 0 ustar stack stack heat_template_version: pike
description: >
MySQL HA clustercheck service deployment using puppet
This service is used by HAProxy in a HA scenario to report whether
the local galera node is synced
parameters:
DockerClustercheckImage:
description: image
type: string
DockerClustercheckConfigImage:
description: The container image to use for the clustercheck config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
resources:
ContainersCommon:
type: ../containers-common.yaml
# We import from the corresponding docker service because otherwise we risk
# rewriting the tripleo.mysql.firewall_rules key with the baremetal firewall
# rules (see LP#1728918)
MysqlPuppetBase:
type: ../../../docker/services/pacemaker/database/mysql.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Containerized service clustercheck using composable services.
value:
service_name: clustercheck
config_settings: {get_attr: [MysqlPuppetBase, role_data, config_settings]}
logging_source: {get_attr: [MysqlPuppetBase, role_data, logging_source]}
logging_groups: {get_attr: [MysqlPuppetBase, role_data, logging_groups]}
step_config: "include ::tripleo::profile::pacemaker::clustercheck"
# BEGIN DOCKER SETTINGS #
puppet_config:
config_volume: clustercheck
puppet_tags: file # set this even though file is the default
step_config: "include ::tripleo::profile::pacemaker::clustercheck"
config_image: {get_param: DockerClustercheckConfigImage}
kolla_config:
/var/lib/kolla/config_files/clustercheck.json:
command: /usr/sbin/xinetd -dontfork
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
docker_config:
step_2:
clustercheck:
start_order: 1
image: {get_param: DockerClustercheckImage}
restart: always
net: host
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/clustercheck.json:/var/lib/kolla/config_files/config.json
- /var/lib/config-data/puppet-generated/clustercheck/:/var/lib/kolla/config_files/src:ro
- /var/lib/mysql:/var/lib/mysql
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
upgrade_tasks:
update_tasks:
# Nothing: It's not managed by pacemaker, so let paunch do it.
openstack-tripleo-heat-templates/docker/services/pacemaker/database/ 0000755 0001750 0001750 00000000000 13245343355 025225 5 ustar stack stack openstack-tripleo-heat-templates/docker/services/pacemaker/database/mysql.yaml 0000644 0001750 0001750 00000032473 13245343355 027267 0 ustar stack stack heat_template_version: pike
description: >
MySQL service deployment with pacemaker bundle
parameters:
DockerMysqlImage:
description: image
type: string
DockerMysqlConfigImage:
description: The container image to use for the mysql config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
MysqlRootPassword:
type: string
hidden: true
default: ''
MysqlClustercheckPassword:
type: string
hidden: true
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EnableInternalTLS:
type: boolean
default: false
InternalTLSCAFile:
default: '/etc/ipa/ca.crt'
type: string
description: Specifies the default CA cert to use if TLS is used for
services in the internal network.
resources:
ContainersCommon:
type: ../../containers-common.yaml
MysqlPuppetBase:
type: ../../../../puppet/services/pacemaker/database/mysql.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
outputs:
role_data:
description: Containerized service MySQL using composable services.
value:
service_name: {get_attr: [MysqlPuppetBase, role_data, service_name]}
config_settings:
map_merge:
- {get_attr: [MysqlPuppetBase, role_data, config_settings]}
- tripleo::profile::pacemaker::database::mysql_bundle::mysql_docker_image: &mysql_image_pcmklatest
list_join:
- ':'
- - yaql:
data: {get_param: DockerMysqlImage}
expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0]
- 'pcmklatest'
tripleo::profile::pacemaker::database::mysql_bundle::control_port: 3123
tripleo.mysql.firewall_rules:
'104 mysql galera-bundle':
dport:
- 873
- 3123
- 3306
- 4444
- 4567
- 4568
- 9200
tripleo::profile::pacemaker::database::mysql_bundle::bind_address:
str_replace:
template:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
-
if:
- internal_tls_enabled
-
tripleo::profile::pacemaker::database::mysql_bundle::ca_file:
get_param: InternalTLSCAFile
- {}
logging_source: {get_attr: [MysqlPuppetBase, role_data, logging_source]}
logging_groups: {get_attr: [MysqlPuppetBase, role_data, logging_groups]}
step_config: ""
# BEGIN DOCKER SETTINGS #
puppet_config:
config_volume: mysql
puppet_tags: file # set this even though file is the default
step_config:
list_join:
- "\n"
- - "['Mysql_datadir', 'Mysql_user', 'Mysql_database', 'Mysql_grant', 'Mysql_plugin'].each |String $val| { noop_resource($val) }"
- "exec {'wait-for-settle': command => '/bin/true' }"
- "include ::tripleo::profile::pacemaker::database::mysql_bundle"
config_image: {get_param: DockerMysqlConfigImage}
kolla_config:
/var/lib/kolla/config_files/mysql.json:
command: /usr/sbin/pacemaker_remoted
config_files:
- dest: /etc/libqb/force-filesystem-sockets
source: /dev/null
owner: root
perm: '0644'
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
- source: "/var/lib/kolla/config_files/src-tls/*"
dest: "/"
merge: true
optional: true
preserve_properties: true
permissions:
- path: /etc/pki/tls/certs/mysql.crt
owner: mysql:mysql
perm: '0600'
optional: true
- path: /etc/pki/tls/private/mysql.key
owner: mysql:mysql
perm: '0600'
optional: true
docker_config:
step_1:
mysql_data_ownership:
start_order: 0
detach: false
image: {get_param: DockerMysqlImage}
net: host
user: root
# Kolla does only non-recursive chown
command: ['chown', '-R', 'mysql:', '/var/lib/mysql']
volumes:
- /var/lib/mysql:/var/lib/mysql
mysql_bootstrap:
start_order: 1
detach: false
image: {get_param: DockerMysqlImage}
net: host
user: root
# Kolla bootstraps aren't idempotent, explicitly checking if bootstrap was done
command:
- 'bash'
- '-ecx'
-
list_join:
- "\n"
- - 'if [ -e /var/lib/mysql/mysql ]; then exit 0; fi'
- 'echo -e "\n[mysqld]\nwsrep_provider=none" >> /etc/my.cnf'
- 'sudo -u mysql -E kolla_start'
- 'mysqld_safe --skip-networking --wsrep-on=OFF &'
- 'timeout ${DB_MAX_TIMEOUT} /bin/bash -c ''until mysqladmin -uroot -p"${DB_ROOT_PASSWORD}" ping 2>/dev/null; do sleep 1; done'''
- 'mysql -uroot -p"${DB_ROOT_PASSWORD}" -e "CREATE USER ''clustercheck''@''localhost'' IDENTIFIED BY ''${DB_CLUSTERCHECK_PASSWORD}'';"'
- 'mysql -uroot -p"${DB_ROOT_PASSWORD}" -e "GRANT PROCESS ON *.* TO ''clustercheck''@''localhost'' WITH GRANT OPTION;"'
- 'timeout ${DB_MAX_TIMEOUT} mysqladmin -uroot -p"${DB_ROOT_PASSWORD}" shutdown'
volumes: &mysql_volumes
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/mysql.json:/var/lib/kolla/config_files/config.json
- /var/lib/config-data/puppet-generated/mysql/:/var/lib/kolla/config_files/src:ro
- /var/lib/mysql:/var/lib/mysql
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
- KOLLA_BOOTSTRAP=True
# NOTE(mandre) skip wsrep cluster status check
- KOLLA_KUBERNETES=True
- DB_MAX_TIMEOUT=60
-
list_join:
- '='
- - 'DB_CLUSTERCHECK_PASSWORD'
- {get_param: MysqlClustercheckPassword}
-
list_join:
- '='
- - 'DB_ROOT_PASSWORD'
-
yaql:
expression: $.data.passwords.where($ != '').first()
data:
passwords:
- {get_param: MysqlRootPassword}
- {get_param: [DefaultPasswords, mysql_root_password]}
mysql_image_tag:
start_order: 2
detach: false
net: host
user: root
command:
- '/bin/bash'
- '-c'
- str_replace:
template:
"/usr/bin/docker tag 'MYSQL_IMAGE' 'MYSQL_IMAGE_PCMKLATEST'"
params:
MYSQL_IMAGE: {get_param: DockerMysqlImage}
MYSQL_IMAGE_PCMKLATEST: *mysql_image_pcmklatest
image: {get_param: DockerMysqlImage}
volumes:
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
- /dev/shm:/dev/shm:rw
- /etc/sysconfig/docker:/etc/sysconfig/docker:ro
- /usr/bin:/usr/bin:ro
- /var/run/docker.sock:/var/run/docker.sock:rw
step_2:
mysql_init_bundle:
start_order: 1
detach: false
net: host
user: root
command:
- '/bin/bash'
- '-c'
- str_replace:
template:
list_join:
- '; '
- - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 2}' > /etc/puppet/hieradata/docker.json"
- "FACTER_uuid=docker puppet apply --tags file,file_line,concat,augeas,TAGS -v -e 'CONFIG'"
params:
TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation,galera_ready,mysql_database,mysql_grant,mysql_user'
CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::database::mysql_bundle'
image: {get_param: DockerMysqlImage}
volumes:
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
- /etc/puppet:/tmp/puppet-etc:ro
- /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
- /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro
- /dev/shm:/dev/shm:rw
- /var/lib/mysql:/var/lib/mysql:rw
host_prep_tasks:
- name: create /var/lib/mysql
file:
path: /var/lib/mysql
state: directory
metadata_settings:
get_attr: [MysqlPuppetBase, role_data, metadata_settings]
upgrade_tasks:
- name: get bootstrap nodeid
tags: common
command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid
register: bootstrap_node
- name: set is_bootstrap_node fact
tags: common
set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}}
- name: Check cluster resource status
tags: step2
pacemaker_resource:
resource: galera
state: master
check_mode: true
ignore_errors: true
register: galera_res
- name: Disable the galera cluster resource
tags: step2
pacemaker_resource:
resource: galera
state: disable
wait_for_resource: true
register: output
retries: 5
until: output.rc == 0
when: is_bootstrap_node and galera_res|succeeded
- name: Delete the stopped galera cluster resource.
tags: step2
pacemaker_resource:
resource: galera
state: delete
wait_for_resource: true
register: output
retries: 5
until: output.rc == 0
when: is_bootstrap_node and galera_res|succeeded
- name: Disable mysql service
tags: step2
service: name=mariadb enabled=no
- name: Remove clustercheck service from xinetd
tags: step2
file: state=absent path=/etc/xinetd.d/galera-monitor
- name: Restart xinetd service after clustercheck removal
tags: step2
service: name=xinetd state=restarted
update_tasks:
- name: Get docker Mariadb image
set_fact:
docker_image: {get_param: DockerMysqlImage}
docker_image_latest: *mysql_image_pcmklatest
when: step == '2'
- name: Get previous Mariadb image id
shell: "docker images | awk '/mariadb.* pcmklatest/{print $3}'"
register: mariadb_image_id
- block:
- name: Get a list of container using Mariadb image
shell: "docker ps -q -f 'ancestor={{mariadb_image_id.stdout}}'"
register: mariadb_containers_to_destroy
# It will be recreated with the delpoy step.
- name: Remove any container using the same Mariadb image
shell: "docker rm -fv {{item}}"
with_items: "{{ mariadb_containers_to_destroy.stdout_lines }}"
- name: Remove previous Mariadb images
shell: "docker rmi -f {{mariadb_image_id.stdout}}"
when:
- step == '2'
- mariadb_image_id.stdout != ''
- name: Pull latest Mariadb images
command: "docker pull {{docker_image}}"
when: step == "2"
- name: Retag pcmklatest to latest Mariadb image
shell: "docker tag {{docker_image}} {{docker_image_latest}}"
when: step == "2"
# Got to check that pacemaker_is_active is working fine with bundle.
# TODO: pacemaker_is_active resource doesn't support bundle.
openstack-tripleo-heat-templates/docker/services/pacemaker/database/redis.yaml 0000644 0001750 0001750 00000025722 13245343355 027227 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Redis services
parameters:
DockerRedisImage:
description: image
type: string
DockerRedisConfigImage:
description: The container image to use for the redis config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EnableInternalTLS:
type: boolean
default: false
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
ContainersCommon:
type: ../../containers-common.yaml
RedisBase:
type: ../../../../puppet/services/database/redis.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Redis API role.
value:
service_name: {get_attr: [RedisBase, role_data, service_name]}
config_settings:
map_merge:
- {get_attr: [RedisBase, role_data, config_settings]}
- redis::service_manage: false
redis::notify_service: false
redis::managed_by_cluster_manager: true
tripleo::profile::pacemaker::database::redis_bundle::redis_docker_image: &redis_image_pcmklatest
list_join:
- ':'
- - yaql:
data: {get_param: DockerRedisImage}
expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0]
- 'pcmklatest'
tripleo::profile::pacemaker::database::redis_bundle::control_port: 3124
tripleo.redis.firewall_rules:
'108 redis-bundle':
dport:
- 3124
- 6379
- 26379
tripleo::stunnel::manage_service: false
tripleo::stunnel::foreground: 'yes'
logging_source: {get_attr: [RedisBase, role_data, logging_source]}
logging_groups: {get_attr: [RedisBase, role_data, logging_groups]}
step_config: ""
service_config_settings: {get_attr: [RedisBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: 'redis'
# NOTE: we need the exec tag to copy /etc/redis.conf.puppet to
# /etc/redis.conf
# https://github.com/arioch/puppet-redis/commit/1c004143223e660cbd433422ff8194508aab9763
puppet_tags: 'exec'
step_config:
get_attr: [RedisBase, role_data, step_config]
config_image: &redis_config_image {get_param: DockerRedisConfigImage}
kolla_config:
/var/lib/kolla/config_files/redis.json:
command: /usr/sbin/pacemaker_remoted
config_files:
- dest: /etc/libqb/force-filesystem-sockets
source: /dev/null
owner: root
perm: '0644'
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
optional: true
permissions:
- path: /var/run/redis
owner: redis:redis
recurse: true
- path: /var/lib/redis
owner: redis:redis
recurse: true
- path: /var/log/redis
owner: redis:redis
recurse: true
/var/lib/kolla/config_files/redis_tls_proxy.json:
command: stunnel /etc/stunnel/stunnel.conf
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
docker_config:
step_1:
redis_image_tag:
start_order: 1
detach: false
net: host
user: root
command:
- '/bin/bash'
- '-c'
- str_replace:
template:
"/usr/bin/docker tag 'REDIS_IMAGE' 'REDIS_IMAGE_PCMKLATEST'"
params:
REDIS_IMAGE: {get_param: DockerRedisImage}
REDIS_IMAGE_PCMKLATEST: *redis_image_pcmklatest
image: {get_param: DockerRedisImage}
volumes:
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
- /dev/shm:/dev/shm:rw
- /etc/sysconfig/docker:/etc/sysconfig/docker:ro
- /usr/bin:/usr/bin:ro
- /var/run/docker.sock:/var/run/docker.sock:rw
step_2:
map_merge:
- redis_init_bundle:
start_order: 2
detach: false
net: host
user: root
config_volume: 'redis_init_bundle'
command:
- '/bin/bash'
- '-c'
- str_replace:
template:
list_join:
- '; '
- - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 2}' > /etc/puppet/hieradata/docker.json"
- "FACTER_uuid=docker puppet apply --tags file,file_line,concat,augeas,TAGS -v -e 'CONFIG'"
params:
TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation'
CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::database::redis_bundle'
image: *redis_config_image
volumes:
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
- /etc/puppet:/tmp/puppet-etc:ro
- /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
- /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro
- /dev/shm:/dev/shm:rw
- if:
- internal_tls_enabled
- redis_tls_proxy:
start_order: 3
image: *redis_image_pcmklatest
net: host
user: root
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/redis_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/redis/:/var/lib/kolla/config_files/src:ro
- /etc/pki/tls/certs/redis.crt:/etc/pki/tls/certs/redis.crt:ro
- /etc/pki/tls/private/redis.key:/etc/pki/tls/private/redis.key:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
- {}
metadata_settings:
get_attr: [RedisBase, role_data, metadata_settings]
host_prep_tasks:
- name: create /var/run/redis
file:
path: /var/run/redis
state: directory
- name: create /var/log/redis
file:
path: /var/log/redis
state: directory
- name: create /var/lib/redis
file:
path: /var/lib/redis
state: directory
upgrade_tasks:
- name: get bootstrap nodeid
tags: common
command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid
register: bootstrap_node
- name: set is_bootstrap_node fact
tags: common
set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}}
- name: Check cluster resource status
tags: step2
pacemaker_resource:
resource: {get_attr: [RedisBase, role_data, service_name]}
state: master
check_mode: true
ignore_errors: true
register: redis_res
- name: Disable the redis cluster resource
tags: step2
pacemaker_resource:
resource: {get_attr: [RedisBase, role_data, service_name]}
state: disable
wait_for_resource: true
register: output
retries: 5
until: output.rc == 0
when: is_bootstrap_node and redis_res|succeeded
- name: Delete the stopped redis cluster resource.
tags: step2
pacemaker_resource:
resource: {get_attr: [RedisBase, role_data, service_name]}
state: delete
wait_for_resource: true
register: output
retries: 5
until: output.rc == 0
when: is_bootstrap_node and redis_res|succeeded
- name: Disable redis service
tags: step2
service: name=redis enabled=no
update_tasks:
- name: Get docker Redis image
set_fact:
docker_image: {get_param: DockerRedisImage}
docker_image_latest: *redis_image_pcmklatest
when: step == '2'
- name: Get previous Redis image id
shell: "docker images | awk '/redis.* pcmklatest/{print $3}'"
register: redis_image_id
- block:
- name: Get a list of container using Redis image
shell: "docker ps -q -f 'ancestor={{redis_image_id.stdout}}'"
register: redis_containers_to_destroy
# It will be recreated with the delpoy step.
- name: Remove any container using the same Redis image
shell: "docker rm -fv {{item}}"
with_items: "{{ redis_containers_to_destroy.stdout_lines }}"
- name: Remove previous Redis images
shell: "docker rmi -f {{redis_image_id.stdout}}"
when:
- step == '2'
- redis_image_id.stdout != ''
- name: Pull latest Redis images
command: "docker pull {{docker_image}}"
when: step == "2"
- name: Retag pcmklatest to latest Redis image
shell: "docker tag {{docker_image}} {{docker_image_latest}}"
when: step == "2"
# Got to check that pacemaker_is_active is working fine with bundle.
# TODO: pacemaker_is_active resource doesn't support bundle.
openstack-tripleo-heat-templates/docker/services/pacemaker/haproxy.yaml 0000644 0001750 0001750 00000030054 13245343355 026041 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized HAproxy service for pacemaker
parameters:
DockerHAProxyImage:
description: image
type: string
DockerHAProxyConfigImage:
description: The container image to use for the haproxy config_volume
type: string
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
DeployedSSLCertificatePath:
default: '/etc/pki/tls/private/overcloud_endpoint.pem'
description: >
The filepath of the certificate as it will be stored in the controller.
type: string
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
InternalTLSCAFile:
default: '/etc/ipa/ca.crt'
type: string
description: Specifies the default CA cert to use if TLS is used for
services in the internal network.
InternalTLSCRLPEMFile:
default: '/etc/pki/CA/crl/overcloud-crl.pem'
type: string
description: Specifies the default CRL PEM file to use for revocation if
TLS is used for services in the internal network.
HAProxyInternalTLSCertsDirectory:
default: '/etc/pki/tls/certs/haproxy'
type: string
HAProxyInternalTLSKeysDirectory:
default: '/etc/pki/tls/private/haproxy'
type: string
resources:
HAProxyBase:
type: ../../../puppet/services/pacemaker/haproxy.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the HAproxy role.
value:
service_name: {get_attr: [HAProxyBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [HAProxyBase, role_data, config_settings]
- haproxy_docker: true
tripleo::profile::pacemaker::haproxy_bundle::haproxy_docker_image: &haproxy_image {get_param: DockerHAProxyImage}
# the list of directories that contain the certs to bind mount in the countainer
# bind-mounting the directories rather than all the cert, key and pem files ensures
# that docker won't create directories on the host when then pem files do not exist
tripleo::profile::pacemaker::haproxy_bundle::tls_mapping: &tls_mapping
- get_param: InternalTLSCAFile
- get_param: HAProxyInternalTLSKeysDirectory
- get_param: HAProxyInternalTLSCertsDirectory
- get_param: DeployedSSLCertificatePath
tripleo::profile::pacemaker::haproxy_bundle::internal_certs_directory: {get_param: HAProxyInternalTLSCertsDirectory}
tripleo::profile::pacemaker::haproxy_bundle::internal_keys_directory: {get_param: HAProxyInternalTLSKeysDirectory}
# disable the use CRL file until we can restart the container when the file expires
tripleo::haproxy::crl_file: null
tripleo::profile::pacemaker::haproxy_bundle::haproxy_docker_image: &haproxy_image_pcmklatest
list_join:
- ':'
- - yaql:
data: {get_param: DockerHAProxyImage}
expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0]
- 'pcmklatest'
logging_source: {get_attr: [HAProxyBase, role_data, logging_source]}
logging_groups: {get_attr: [HAProxyBase, role_data, logging_groups]}
step_config: ""
service_config_settings: {get_attr: [HAProxyBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: haproxy
puppet_tags: haproxy_config
step_config:
list_join:
- "\n"
- - "exec {'wait-for-settle': command => '/bin/true' }"
- "class tripleo::firewall(){}; define tripleo::firewall::rule( $port = undef, $dport = undef, $sport = undef, $proto = undef, $action = undef, $state = undef, $source = undef, $iniface = undef, $chain = undef, $destination = undef, $extras = undef){}"
- "['pcmk_bundle', 'pcmk_resource', 'pcmk_property', 'pcmk_constraint', 'pcmk_resource_default'].each |String $val| { noop_resource($val) }"
- 'include ::tripleo::profile::pacemaker::haproxy_bundle'
config_image: {get_param: DockerHAProxyConfigImage}
volumes: &deployed_cert_mount
yaql:
expression: $.data.select($+":"+$+":ro")
data: *tls_mapping
kolla_config:
/var/lib/kolla/config_files/haproxy.json:
command: /usr/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
optional: true
- source: "/var/lib/kolla/config_files/src-tls/*"
dest: "/"
merge: true
optional: true
preserve_properties: true
permissions:
- path:
list_join:
- ''
- - {get_param: HAProxyInternalTLSCertsDirectory}
- '/*'
owner: haproxy:haproxy
perm: '0600'
optional: true
- path:
list_join:
- ''
- - {get_param: HAProxyInternalTLSKeysDirectory}
- '/*'
owner: haproxy:haproxy
perm: '0600'
optional: true
docker_config:
step_1:
haproxy_image_tag:
start_order: 1
detach: false
net: host
user: root
command:
- '/bin/bash'
- '-c'
- str_replace:
template:
"/usr/bin/docker tag 'HAPROXY_IMAGE' 'HAPROXY_IMAGE_PCMKLATEST'"
params:
HAPROXY_IMAGE: {get_param: DockerHAProxyImage}
HAPROXY_IMAGE_PCMKLATEST: *haproxy_image_pcmklatest
image: {get_param: DockerHAProxyImage}
volumes:
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
- /dev/shm:/dev/shm:rw
- /etc/sysconfig/docker:/etc/sysconfig/docker:ro
- /usr/bin:/usr/bin:ro
- /var/run/docker.sock:/var/run/docker.sock:rw
image: {get_param: DockerHAProxyImage}
step_2:
haproxy_init_bundle:
start_order: 3
detach: false
net: host
user: root
privileged: true
command:
- '/bin/bash'
- '-c'
- str_replace:
template:
list_join:
- '; '
- - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 2}' > /etc/puppet/hieradata/docker.json"
- "FACTER_uuid=docker puppet apply --tags file,file_line,concat,augeas,TAGS -v -e 'CONFIG'"
params:
TAGS: 'tripleo::firewall::rule,pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ip,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation'
CONFIG:
list_join:
- ';'
- - 'include ::tripleo::profile::base::pacemaker'
- 'include ::tripleo::profile::pacemaker::haproxy_bundle'
image: {get_param: DockerHAProxyImage}
volumes:
list_concat:
- *deployed_cert_mount
-
# puppet saves iptables rules in /etc/sysconfig
- /etc/sysconfig:/etc/sysconfig:rw
# saving rules require accessing /usr/libexec/iptables/iptables.init, just bind-mount
# the necessary bit and prevent systemd to try to reload the service in the container
- /usr/libexec/iptables:/usr/libexec/iptables:ro
- /usr/libexec/initscripts/legacy-actions:/usr/libexec/initscripts/legacy-actions:ro
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
- /etc/puppet:/tmp/puppet-etc:ro
- /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
- /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro
- /dev/shm:/dev/shm:rw
metadata_settings:
get_attr: [HAProxyBase, role_data, metadata_settings]
upgrade_tasks:
- name: get bootstrap nodeid
tags: common
command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid
register: bootstrap_node
- name: set is_bootstrap_node fact
tags: common
set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}}
- name: Check cluster resource status
tags: step2
pacemaker_resource:
resource: {get_attr: [HAProxyBase, role_data, service_name]}
state: started
check_mode: true
ignore_errors: true
register: haproxy_res
- name: Disable the haproxy cluster resource.
tags: step2
pacemaker_resource:
resource: {get_attr: [HAProxyBase, role_data, service_name]}
state: disable
wait_for_resource: true
register: output
retries: 5
until: output.rc == 0
when: is_bootstrap_node and haproxy_res|succeeded
- name: Delete the stopped haproxy cluster resource.
tags: step2
pacemaker_resource:
resource: {get_attr: [HAProxyBase, role_data, service_name]}
state: delete
wait_for_resource: true
register: output
retries: 5
until: output.rc == 0
when: is_bootstrap_node and haproxy_res|succeeded
update_tasks:
- name: Get docker Haproxy image
set_fact:
docker_image: {get_param: DockerHAProxyImage}
docker_image_latest: *haproxy_image_pcmklatest
when: step == '2'
- name: Get previous Haproxy image id
shell: "docker images | awk '/haproxy.* pcmklatest/{print $3}'"
register: haproxy_image_id
- block:
- name: Get a list of container using Haproxy image
shell: "docker ps -q -f 'ancestor={{haproxy_image_id.stdout}}'"
register: haproxy_containers_to_destroy
# It will be recreated with the delpoy step.
- name: Remove any container using the same Haproxy image
shell: "docker rm -fv {{item}}"
with_items: "{{ haproxy_containers_to_destroy.stdout_lines }}"
- name: Remove previous Haproxy images
shell: "docker rmi -f {{haproxy_image_id.stdout}}"
when:
- step == '2'
- haproxy_image_id.stdout != ''
- name: Pull latest Haproxy images
command: "docker pull {{docker_image}}"
when: step == "2"
- name: Retag pcmklatest to latest Haproxy image
shell: "docker tag {{docker_image}} {{docker_image_latest}}"
when: step == "2"
# Got to check that pacemaker_is_active is working fine with bundle.
# TODO: pacemaker_is_active resource doesn't support bundle.
openstack-tripleo-heat-templates/docker/services/pacemaker/manila-share.yaml 0000644 0001750 0001750 00000017272 13245343355 026717 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Manila Share service
parameters:
DockerManilaShareImage:
description: image
type: string
DockerManilaConfigImage:
description: image
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
resources:
MySQLClient:
type: ../../../puppet/services/database/mysql-client.yaml
ManilaBase:
type: ../../../puppet/services/pacemaker/manila-share.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Manila Share role.
value:
service_name: {get_attr: [ManilaBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [ManilaBase, role_data, config_settings]
- tripleo::profile::pacemaker::manila::share_bundle::manila_share_docker_image: &manila_share_image_pcmklatest
list_join:
- ':'
- - yaql:
data: {get_param: DockerManilaShareImage}
expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0]
- 'pcmklatest'
manila::share::manage_service: false
manila::share::enabled: false
manila::host: hostgroup
logging_source: {get_attr: [ManilaBase, role_data, logging_source]}
logging_groups: {get_attr: [ManilaBase, role_data, logging_groups]}
step_config: ""
service_config_settings: {get_attr: [ManilaBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: manila
puppet_tags: manila_config,file,concat,file_line
step_config:
list_join:
- "\n"
- - {get_attr: [ManilaBase, role_data, step_config]}
- - {get_attr: [MySQLClient, role_data, step_config]}
config_image: {get_param: DockerManilaConfigImage}
kolla_config:
/var/lib/kolla/config_files/manila_share.json:
command: /usr/bin/manila-share --config-file /usr/share/manila/manila-dist.conf --config-file /etc/manila/manila.conf
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/manila
owner: manila:manila
recurse: true
docker_config:
step_1:
manila_share_image_tag:
start_order: 1
detach: false
net: host
user: root
command:
- '/bin/bash'
- '-c'
- str_replace:
template:
"/usr/bin/docker tag 'MANILASHARE_IMAGE' 'MANILASHARE_IMAGE_PCMKLATEST'"
params:
MANILASHARE_IMAGE: {get_param: DockerManilaShareImage}
MANILASHARE_IMAGE_PCMKLATEST: *manila_share_image_pcmklatest
image: {get_param: DockerManilaShareImage}
volumes:
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
- /dev/shm:/dev/shm:rw
- /etc/sysconfig/docker:/etc/sysconfig/docker:ro
- /usr/bin:/usr/bin:ro
- /var/run/docker.sock:/var/run/docker.sock:rw
step_3:
manila_share_init_logs:
start_order: 0
image: {get_param: DockerManilaShareImage}
privileged: false
user: root
volumes:
- /var/log/containers/manila:/var/log/manila
command: ['/bin/bash', '-c', 'chown -R manila:manila /var/log/manila']
step_5:
manila_share_init_bundle:
start_order: 0
detach: false
net: host
user: root
command:
- '/bin/bash'
- '-c'
- str_replace:
template:
list_join:
- '; '
- - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 5}' > /etc/puppet/hieradata/docker.json"
- "FACTER_uuid=docker puppet apply --tags file_line,concat,augeas,TAGS --debug -v -e 'CONFIG'"
params:
TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::constraint::location'
CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::manila::share_bundle'
image: {get_param: DockerManilaShareImage}
volumes:
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
- /etc/puppet:/tmp/puppet-etc:ro
- /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
- /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro
- /dev/shm:/dev/shm:rw
host_prep_tasks:
- name: create persistent directories
file:
path: "{{ item }}"
state: directory
with_items:
- /var/log/containers/manila
- /var/lib/manila
upgrade_tasks:
- name: Stop and disable manila_share service
tags: step2
service: name=openstack-manila-share state=stopped enabled=no
update_tasks:
- name: Get docker Manila-Share image
set_fact:
docker_image: {get_param: DockerManilaShareImage}
docker_image_latest: *manila_share_image_pcmklatest
when: step == '2'
- name: Get previous Manila-Share image id
shell: "docker images | awk '/manila-share.* pcmklatest/{print $3}'"
register: manila_share_image_id
- block:
- name: Get a list of container using Manila-Share image
shell: "docker ps -q -f 'ancestor={{manila_share_image_id.stdout}}'"
register: manila-share_containers_to_destroy
# It will be recreated with the delpoy step.
- name: Remove any container using the same Manila-Share image
shell: "docker rm -fv {{item}}"
with_items: "{{ manila_share_containers_to_destroy.stdout_lines }}"
- name: Remove previous Manila-Share images
shell: "docker rmi -f {{manila_share_image_id.stdout}}"
when:
- step == '2'
- manila_share_image_id.stdout != ''
- name: Pull latest Manila-Share images
command: "docker pull {{docker_image}}"
when: step == "2"
- name: Retag pcmklatest to latest Manila-Share image
shell: "docker tag {{docker_image}} {{docker_image_latest}}"
when: step == "2"
# Got to check that pacemaker_is_active is working fine with bundle.
# TODO: pacemaker_is_active resource doesn't support bundle.
openstack-tripleo-heat-templates/docker/services/pacemaker/ovn-dbs.yaml 0000644 0001750 0001750 00000012236 13245343355 025721 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized OVN DBs service managed by pacemaker
parameters:
DockerOvnDbsImage:
description: image
type: string
DockerOvnDbsConfigImage:
description: image
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
OVNNorthboundServerPort:
description: Port of the OVN Northbound DB server
type: number
default: 6641
OVNSouthboundServerPort:
description: Port of the OVN Southbound DB server
type: number
default: 6642
resources:
ContainersCommon:
type: ./../containers-common.yaml
OVNDbsBase:
type: ../../../puppet/services/pacemaker/ovn-dbs.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
OVNNorthboundServerPort: {get_param: OVNNorthboundServerPort}
OVNSouthboundServerPort: {get_param: OVNSouthboundServerPort}
outputs:
role_data:
description: Role data for the OVN Dbs HA role.
value:
service_name: {get_attr: [OVNDbsBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [OVNDbsBase, role_data, config_settings]
- tripleo::profile::pacemaker::ovn_dbs_bundle::ovn_dbs_docker_image: {get_param: DockerOvnDbsImage}
- tripleo::profile::pacemaker::ovn_dbs_bundle::nb_db_port: {get_param: OVNNorthboundServerPort}
- tripleo::profile::pacemaker::ovn_dbs_bundle::sb_db_port: {get_param: OVNSouthboundServerPort}
logging_source: {get_attr: [OVNDbsBase, role_data, logging_source]}
logging_groups: {get_attr: [OVNDbsBase, role_data, logging_groups]}
step_config: ''
service_config_settings: {get_attr: [OVNDbsBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: 'ovn_dbs'
puppet_tags: 'exec'
step_config: ''
config_image: &ovn_dbs_config_image {get_param: DockerOvnDbsConfigImage}
kolla_config:
/var/lib/kolla/config_files/ovn_dbs.json:
command: /usr/sbin/pacemaker_remoted
config_files:
- dest: /etc/libqb/force-filesystem-sockets
source: /dev/null
owner: root
perm: '0644'
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
optional: true
docker_config:
step_3:
ovn_dbs_init_bundle:
start_order: 1
detach: false
net: host
user: root
config_volume: 'ovn_dbs_init_bundle'
command:
- '/bin/bash'
- '-c'
- str_replace:
template:
list_join:
- '; '
- - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 3}' > /etc/puppet/hieradata/docker.json"
- "FACTER_uuid=docker puppet apply --tags file,file_line,concat,augeas,TAGS -v -e 'CONFIG'"
params:
TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ip,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation'
CONFIG:
list_join:
- ';'
- - 'include ::tripleo::profile::base::pacemaker'
- 'include ::tripleo::profile::pacemaker::ovn_dbs_bundle'
image: *ovn_dbs_config_image
volumes:
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
- /etc/puppet:/tmp/puppet-etc:ro
- /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
- /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro
- /dev/shm:/dev/shm:rw
host_prep_tasks:
- name: create persistent directories
file:
path: "{{ item }}"
state: directory
with_items:
- /var/log/containers/openvswitch
- /var/lib/openvswitch/ovn
upgrade_tasks:
- name: Stop and disable ovn-northd service
tags: step2
service: name=ovn-northd state=stopped enabled=no
openstack-tripleo-heat-templates/docker/services/pacemaker/rabbitmq.yaml 0000644 0001750 0001750 00000025665 13245343355 026164 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Rabbitmq service
parameters:
DockerRabbitmqImage:
description: image
type: string
DockerRabbitmqConfigImage:
description: The container image to use for the rabbitmq config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RabbitCookie:
type: string
default: ''
hidden: true
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
resources:
RabbitmqBase:
type: ../../../puppet/services/rabbitmq.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Rabbitmq API role.
value:
service_name: {get_attr: [RabbitmqBase, role_data, service_name]}
config_settings:
map_merge:
- {get_attr: [RabbitmqBase, role_data, config_settings]}
- rabbitmq::service_manage: false
tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image: &rabbitmq_image_pcmklatest
list_join:
- ':'
- - yaql:
data: {get_param: DockerRabbitmqImage}
expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0]
- 'pcmklatest'
tripleo::profile::pacemaker::rabbitmq_bundle::control_port: 3122
tripleo.rabbitmq.firewall_rules:
'109 rabbitmq-bundle':
dport:
- 3122
- 4369
- 5672
- 25672
logging_source: {get_attr: [RabbitmqBase, role_data, logging_source]}
logging_groups: {get_attr: [RabbitmqBase, role_data, logging_groups]}
step_config: &step_config
get_attr: [RabbitmqBase, role_data, step_config]
service_config_settings: {get_attr: [RabbitmqBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: rabbitmq
puppet_tags: file
step_config: *step_config
config_image: {get_param: DockerRabbitmqConfigImage}
kolla_config:
/var/lib/kolla/config_files/rabbitmq.json:
command: /usr/sbin/pacemaker_remoted
config_files:
- dest: /etc/libqb/force-filesystem-sockets
source: /dev/null
owner: root
perm: '0644'
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
- source: "/var/lib/kolla/config_files/src-tls/*"
dest: "/"
merge: true
optional: true
preserve_properties: true
permissions:
- path: /var/lib/rabbitmq
owner: rabbitmq:rabbitmq
recurse: true
- path: /var/log/rabbitmq
owner: rabbitmq:rabbitmq
recurse: true
- path: /etc/pki/tls/certs/rabbitmq.crt
owner: rabbitmq:rabbitmq
perm: '0600'
optional: true
- path: /etc/pki/tls/private/rabbitmq.key
owner: rabbitmq:rabbitmq
perm: '0600'
optional: true
# When using pacemaker we don't launch the container, instead that is done by pacemaker
# itself.
docker_config:
step_1:
rabbitmq_bootstrap:
start_order: 0
image: {get_param: DockerRabbitmqImage}
net: host
privileged: false
volumes:
- /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/rabbitmq/:/var/lib/kolla/config_files/src:ro
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
- /var/lib/rabbitmq:/var/lib/rabbitmq
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
- KOLLA_BOOTSTRAP=True
-
list_join:
- '='
- - 'RABBITMQ_CLUSTER_COOKIE'
-
yaql:
expression: $.data.passwords.where($ != '').first()
data:
passwords:
- {get_param: RabbitCookie}
- {get_param: [DefaultPasswords, rabbit_cookie]}
rabbitmq_image_tag:
start_order: 1
detach: false
net: host
user: root
command:
- '/bin/bash'
- '-c'
- str_replace:
template:
"/usr/bin/docker tag 'RABBITMQ_IMAGE' 'RABBITMQ_IMAGE_PCMKLATEST'"
params:
RABBITMQ_IMAGE: {get_param: DockerRabbitmqImage}
RABBITMQ_IMAGE_PCMKLATEST: *rabbitmq_image_pcmklatest
image: {get_param: DockerRabbitmqImage}
volumes:
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
- /dev/shm:/dev/shm:rw
- /etc/sysconfig/docker:/etc/sysconfig/docker:ro
- /usr/bin:/usr/bin:ro
- /var/run/docker.sock:/var/run/docker.sock:rw
step_2:
rabbitmq_init_bundle:
start_order: 0
detach: false
net: host
user: root
command:
- '/bin/bash'
- '-c'
- str_replace:
template:
list_join:
- '; '
- - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 2}' > /etc/puppet/hieradata/docker.json"
- "FACTER_uuid=docker puppet apply --tags file,file_line,concat,augeas,TAGS -v -e 'CONFIG'"
params:
TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation'
CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::rabbitmq_bundle'
image: {get_param: DockerRabbitmqImage}
volumes:
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
- /etc/puppet:/tmp/puppet-etc:ro
- /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
- /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro
- /dev/shm:/dev/shm:rw
host_prep_tasks:
- name: create /var/lib/rabbitmq
file:
path: /var/lib/rabbitmq
state: directory
- name: stop the Erlang port mapper on the host and make sure it cannot bind to the port used by container
shell: |
echo 'export ERL_EPMD_ADDRESS=127.0.0.1' > /etc/rabbitmq/rabbitmq-env.conf
echo 'export ERL_EPMD_PORT=4370' >> /etc/rabbitmq/rabbitmq-env.conf
for pid in $(pgrep epmd); do if [ "$(lsns -o NS -p $pid)" == "$(lsns -o NS -p 1)" ]; then kill $pid; break; fi; done
metadata_settings:
get_attr: [RabbitmqBase, role_data, metadata_settings]
upgrade_tasks:
- name: get bootstrap nodeid
tags: common
command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid
register: bootstrap_node
- name: set is_bootstrap_node fact
tags: common
set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}}
- name: Check cluster resource status
tags: step2
pacemaker_resource:
resource: {get_attr: [RabbitmqBase, role_data, service_name]}
state: started
check_mode: true
ignore_errors: true
register: rabbitmq_res
- name: Disable the rabbitmq cluster resource.
tags: step2
pacemaker_resource:
resource: {get_attr: [RabbitmqBase, role_data, service_name]}
state: disable
wait_for_resource: true
register: output
retries: 5
until: output.rc == 0
when: is_bootstrap_node and rabbitmq_res|succeeded
- name: Delete the stopped rabbitmq cluster resource.
tags: step2
pacemaker_resource:
resource: {get_attr: [RabbitmqBase, role_data, service_name]}
state: delete
wait_for_resource: true
register: output
retries: 5
until: output.rc == 0
when: is_bootstrap_node and rabbitmq_res|succeeded
- name: Disable rabbitmq service
tags: step2
service: name=rabbitmq-server enabled=no
update_tasks:
- name: Get docker Rabbitmq image
set_fact:
docker_image: {get_param: DockerRabbitmqImage}
docker_image_latest: *rabbitmq_image_pcmklatest
when: step == '2'
- name: Get previous Rabbitmq image id
shell: "docker images | awk '/rabbitmq.* pcmklatest/{print $3}'"
register: rabbitmq_image_id
- block:
- name: Get a list of container using Rabbitmq image
shell: "docker ps -q -f 'ancestor={{rabbitmq_image_id.stdout}}'"
register: rabbitmq_containers_to_destroy
# It will be recreated with the delpoy step.
- name: Remove any container using the same Rabbitmq image
shell: "docker rm -fv {{item}}"
with_items: "{{ rabbitmq_containers_to_destroy.stdout_lines }}"
- name: Remove previous Rabbitmq images
shell: "docker rmi -f {{rabbitmq_image_id.stdout}}"
when:
- step == '2'
- rabbitmq_image_id.stdout != ''
- name: Pull latest Rabbitmq images
command: "docker pull {{docker_image}}"
when: step == "2"
- name: Retag pcmklatest to latest Rabbitmq image
shell: "docker tag {{docker_image}} {{docker_image_latest}}"
when: step == "2"
# Got to check that pacemaker_is_active is working fine with bundle.
# TODO: pacemaker_is_active resource doesn't support bundle.
openstack-tripleo-heat-templates/docker/services/barbican-api.yaml 0000644 0001750 0001750 00000013467 13245343355 024740 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Barbican API service
parameters:
DockerBarbicanApiImage:
description: image
type: string
DockerBarbicanConfigImage:
description: The container image to use for the barbican config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EnableInternalTLS:
type: boolean
default: false
UpgradeRemoveUnusedPackages:
default: false
description: Remove package if the service is being disabled during upgrade
type: boolean
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
ContainersCommon:
type: ./containers-common.yaml
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
BarbicanApiBase:
type: ../../puppet/services/barbican-api.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Barbican API role.
value:
service_name: {get_attr: [BarbicanApiBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [BarbicanApiBase, role_data, config_settings]
- apache::default_vhost: false
logging_source: {get_attr: [BarbicanApiBase, role_data, logging_source]}
logging_groups: {get_attr: [BarbicanApiBase, role_data, logging_groups]}
step_config: &step_config
list_join:
- "\n"
- - {get_attr: [BarbicanApiBase, role_data, step_config]}
- {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [BarbicanApiBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: barbican
puppet_tags: barbican_api_paste_ini,barbican_config
step_config: *step_config
config_image: {get_param: DockerBarbicanConfigImage}
kolla_config:
/var/lib/kolla/config_files/barbican_api.json:
command: /usr/sbin/httpd -DFOREGROUND
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
docker_config:
# db sync runs before permissions set by kolla_config
step_2:
barbican_init_logs:
image: &barbican_api_image {get_param: DockerBarbicanApiImage}
privileged: false
user: root
volumes:
- /var/log/containers/barbican:/var/log/barbican
command: ['/bin/bash', '-c', 'chown -R barbican:barbican /var/log/barbican']
step_3:
barbican_api_db_sync:
start_order: 0
image: *barbican_api_image
net: host
detach: false
user: root
volumes: &barbican_api_volumes
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/barbican/etc/barbican/:/etc/barbican/:ro
- /var/log/containers/barbican:/var/log/barbican
command: "/usr/bin/bootstrap_host_exec barbican_api su barbican -s /bin/bash -c '/usr/bin/barbican-manage db upgrade'"
step_4:
barbican_api:
image: *barbican_api_image
net: host
privileged: false
restart: always
user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/barbican_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/log/containers/barbican:/var/log/barbican
- /var/lib/config-data/puppet-generated/barbican/:/var/lib/kolla/config_files/src:ro
-
if:
- internal_tls_enabled
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
- ''
-
if:
- internal_tls_enabled
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
- ''
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent logs directory
file:
path: /var/log/containers/barbican
state: directory
upgrade_tasks:
- name: Stop and disable barbican_api service
tags: step2
service: name=openstack-barbican-api state=stopped enabled=no
- name: Remove openstack-barbican-api package if operator requests it
yum: name=openstack-barbican-api state=removed
tags: step2
ignore_errors: True
when: {get_param: UpgradeRemoveUnusedPackages}
metadata_settings:
get_attr: [BarbicanApiBase, role_data, metadata_settings]
openstack-tripleo-heat-templates/docker/services/neutron-metadata.yaml 0000644 0001750 0001750 00000011443 13245343355 025670 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Neutron Metadata agent
parameters:
DockerNeutronMetadataImage:
description: image
type: string
DockerNeutronConfigImage:
description: The container image to use for the neutron config_volume
type: string
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
resources:
ContainersCommon:
type: ./containers-common.yaml
NeutronMetadataBase:
type: ../../puppet/services/neutron-metadata.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for Neutron Metadata agent
value:
service_name: {get_attr: [NeutronMetadataBase, role_data, service_name]}
config_settings: {get_attr: [NeutronMetadataBase, role_data, config_settings]}
logging_source: {get_attr: [NeutronMetadataBase, role_data, logging_source]}
logging_groups: {get_attr: [NeutronMetadataBase, role_data, logging_groups]}
step_config: &step_config
get_attr: [NeutronMetadataBase, role_data, step_config]
puppet_config:
puppet_tags: neutron_config,neutron_metadata_agent_config
config_volume: neutron
step_config: *step_config
config_image: {get_param: DockerNeutronConfigImage}
kolla_config:
/var/lib/kolla/config_files/neutron_metadata_agent.json:
command: /usr/bin/neutron-metadata-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/metadata_agent.ini --config-dir /etc/neutron/conf.d/common --config-dir /etc/neutron/conf.d/neutron-metadata-agent
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/neutron
owner: neutron:neutron
recurse: true
- path: /var/lib/neutron
owner: neutron:neutron
recurse: true
docker_config:
step_4:
neutron_metadata_agent:
image: {get_param: DockerNeutronMetadataImage}
net: host
pid: host
privileged: true
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/neutron_metadata_agent.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro
- /lib/modules:/lib/modules:ro
- /run:/run
- /var/lib/neutron:/var/lib/neutron
- /var/log/containers/neutron:/var/log/neutron
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create /var/lib/neutron
file:
path: /var/lib/neutron
state: directory
- name: create persistent logs directory
file:
path: /var/log/containers/neutron
state: directory
upgrade_tasks:
- name: Check if neutron_metadata_agent is deployed
command: systemctl is-enabled neutron-metadata-agent
tags: common
ignore_errors: True
register: neutron_metadata_agent_enabled
- name: "PreUpgrade step0,validation: Check service neutron-metadata-agent is running"
shell: /usr/bin/systemctl show 'neutron-metadata-agent' --property ActiveState | grep '\bactive\b'
when: neutron_metadata_agent_enabled.rc == 0
tags: step0,validation
- name: Stop and disable neutron_metadata service
tags: step2
when: neutron_metadata_agent_enabled.rc == 0
service: name=neutron-metadata-agent state=stopped enabled=no
openstack-tripleo-heat-templates/docker/services/ceilometer-agent-central.yaml 0000644 0001750 0001750 00000012372 13245343355 027274 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Ceilometer Agent Central service
parameters:
DockerCeilometerCentralImage:
description: image
type: string
DockerCeilometerConfigImage:
description: The container image to use for the ceilometer config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
UpgradeRemoveUnusedPackages:
default: false
description: Remove package if the service is being disabled during upgrade
type: boolean
resources:
ContainersCommon:
type: ./containers-common.yaml
CeilometerAgentCentralBase:
type: ../../puppet/services/ceilometer-agent-central.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Ceilometer Agent Central role.
value:
service_name: {get_attr: [CeilometerAgentCentralBase, role_data, service_name]}
config_settings: {get_attr: [CeilometerAgentCentralBase, role_data, config_settings]}
logging_source: {get_attr: [CeilometerAgentCentralBase, role_data, logging_source]}
logging_groups: {get_attr: [CeilometerAgentCentralBase, role_data, logging_groups]}
step_config: &step_config
get_attr: [CeilometerAgentCentralBase, role_data, step_config]
service_config_settings: {get_attr: [CeilometerAgentCentralBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: ceilometer
puppet_tags: ceilometer_config
step_config: *step_config
config_image: {get_param: DockerCeilometerConfigImage}
kolla_config:
/var/lib/kolla/config_files/ceilometer_agent_central.json:
command: /usr/bin/ceilometer-polling --polling-namespaces central --logfile /var/log/ceilometer/central.log
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
docker_config:
step_3:
ceilometer_init_log:
start_order: 0
image: &ceilometer_agent_central_image {get_param: DockerCeilometerCentralImage}
user: root
command: ['/bin/bash', '-c', 'chown -R ceilometer:ceilometer /var/log/ceilometer']
volumes:
- /var/log/containers/ceilometer:/var/log/ceilometer
step_4:
ceilometer_agent_central:
image: *ceilometer_agent_central_image
net: host
privileged: false
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ceilometer_agent_central.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/ceilometer/:/var/lib/kolla/config_files/src:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
step_5:
ceilometer_gnocchi_upgrade:
start_order: 1
image: *ceilometer_agent_central_image
net: host
detach: false
privileged: false
user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro
- /var/log/containers/ceilometer:/var/log/ceilometer
command:
- '/usr/bin/bootstrap_host_exec'
- 'ceilometer_agent_central'
- "su ceilometer -s /bin/bash -c 'for n in {1..10}; do /usr/bin/ceilometer-upgrade --skip-metering-database && exit 0 || sleep 5; done; exit 1'"
host_prep_tasks:
- name: create persistent logs directory
file:
path: /var/log/containers/ceilometer
state: directory
upgrade_tasks:
- name: Stop and disable ceilometer agent central service
tags: step2
service: name=openstack-ceilometer-central state=stopped enabled=no
- name: Remove openstack-ceilometer-central package if operator requests it
yum: name=openstack-ceilometer-central state=removed
tags: step2
ignore_errors: True
when: {get_param: UpgradeRemoveUnusedPackages}
openstack-tripleo-heat-templates/docker/services/neutron-ovs-agent.yaml 0000644 0001750 0001750 00000013164 13245343355 026015 0 ustar stack stack heat_template_version: pike
description: >
OpenStack Neutron openvswitch service
parameters:
DockerOpenvswitchImage:
description: image
type: string
DockerNeutronConfigImage:
description: The container image to use for the neutron config_volume
type: string
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
UpgradeRemoveUnusedPackages:
default: false
description: Remove package if the service is being disabled during upgrade
type: boolean
resources:
ContainersCommon:
type: ./containers-common.yaml
NeutronOvsAgentBase:
type: ../../puppet/services/neutron-ovs-agent.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for Neutron openvswitch service
value:
service_name: {get_attr: [NeutronOvsAgentBase, role_data, service_name]}
config_settings: {get_attr: [NeutronOvsAgentBase, role_data, config_settings]}
logging_source: {get_attr: [NeutronOvsAgentBase, role_data, logging_source]}
logging_groups: {get_attr: [NeutronOvsAgentBase, role_data, logging_groups]}
step_config: &step_config
get_attr: [NeutronOvsAgentBase, role_data, step_config]
puppet_config:
config_volume: neutron
puppet_tags: neutron_config,neutron_agent_ovs,neutron_plugin_ml2
step_config: *step_config
config_image: {get_param: DockerNeutronConfigImage}
kolla_config:
/var/lib/kolla/config_files/neutron_ovs_agent.json:
command: /usr/bin/neutron-openvswitch-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-dir /etc/neutron/conf.d/common
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/neutron
owner: neutron:neutron
recurse: true
docker_config:
step_3:
neutron_ovs_bridge:
detach: false
image: {get_param: DockerNeutronConfigImage}
net: host
pid: host
user: root
privileged: true
command:
- puppet
- apply
- --modulepath
- /etc/puppet/modules:/usr/share/openstack-puppet/modules
- --tags
- file,file_line,concat,augeas,neutron::plugins::ovs::bridge
- -v
- -e
- include neutron::agents::ml2::ovs
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/neutron_ovs_agent.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro
- /lib/modules:/lib/modules:ro
- /run:/run
- /etc/puppet:/etc/puppet:ro
- /usr/share/openstack-puppet/modules/:/usr/share/openstack-puppet/modules/:ro
- /var/run/openvswitch/db.sock:/var/run/openvswitch/db.sock
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
step_4:
neutron_ovs_agent:
image: {get_param: DockerOpenvswitchImage}
net: host
pid: host
privileged: true
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/neutron_ovs_agent.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro
- /lib/modules:/lib/modules:ro
- /run:/run
- /var/log/containers/neutron:/var/log/neutron
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent logs directory
file:
path: /var/log/containers/neutron
state: directory
upgrade_tasks:
- name: Stop and disable neutron_ovs_agent service
tags: step2
service: name=neutron-openvswitch-agent state=stopped enabled=no
- name: Remove openstack-neutron-openvswitch package if operator requests it
yum: name=openstack-neutron-openvswitch state=removed
tags: step2
ignore_errors: True
when: {get_param: UpgradeRemoveUnusedPackages}
openstack-tripleo-heat-templates/docker/services/ceilometer-agent-compute.yaml 0000644 0001750 0001750 00000012416 13245343355 027317 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Ceilometer Agent Compute service
parameters:
DockerCeilometerComputeImage:
description: image
type: string
DockerCeilometerConfigImage:
description: The container image to use for the ceilometer config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
UpgradeRemoveUnusedPackages:
default: false
description: Remove package if the service is being disabled during upgrade
type: boolean
resources:
ContainersCommon:
type: ./containers-common.yaml
CeilometerAgentComputeBase:
type: ../../puppet/services/ceilometer-agent-compute.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Ceilometer Agent Compute role.
value:
service_name: {get_attr: [CeilometerAgentComputeBase, role_data, service_name]}
config_settings: {get_attr: [CeilometerAgentComputeBase, role_data, config_settings]}
logging_source: {get_attr: [CeilometerAgentComputeBase, role_data, logging_source]}
logging_groups: {get_attr: [CeilometerAgentComputeBase, role_data, logging_groups]}
step_config: &step_config
get_attr: [CeilometerAgentComputeBase, role_data, step_config]
service_config_settings: {get_attr: [CeilometerAgentComputeBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: ceilometer
puppet_tags: ceilometer_config
step_config: *step_config
config_image: {get_param: DockerCeilometerConfigImage}
kolla_config:
/var/lib/kolla/config_files/ceilometer_agent_compute.json:
command: /usr/bin/ceilometer-polling --polling-namespaces compute --logfile /var/log/ceilometer/compute.log
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
docker_config:
step_4:
ceilometer_agent_compute:
image: {get_param: DockerCeilometerComputeImage}
net: host
privileged: false
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ceilometer_agent_compute.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/ceilometer/:/var/lib/kolla/config_files/src:ro
- /var/run/libvirt:/var/run/libvirt:ro
- /var/log/containers/ceilometer:/var/log/ceilometer
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent logs directory
file:
path: /var/log/containers/ceilometer
state: directory
upgrade_tasks:
- name: Check if openstack-ceilometer-compute is deployed
command: systemctl is-enabled openstack-ceilometer-compute
tags: step2
ignore_errors: True
register: openstack_ceilometer_compute_enabled
- name: Check if openstack-ceilometer-polling is deployed
command: systemctl is-enabled openstack-ceilometer-polling
tags: step2
ignore_errors: True
register: openstack_ceilometer_polling_enabled
- name: Stop and disable ceilometer compute agent
tags: step2
service: name=openstack-ceilometer-compute state=stopped enabled=no
when: openstack_ceilometer_compute_enabled.rc|default('') == 0
- name: Stop and disable ceilometer polling agent
tags: step2
service: name=openstack-ceilometer-polling state=stopped enabled=no
when: openstack_ceilometer_polling_enabled.rc|default('') == 0
- name: Remove openstack-ceilometer-compute package if operator requests it
yum: name=openstack-ceilometer-compute state=removed
tags: step2
ignore_errors: True
when: {get_param: UpgradeRemoveUnusedPackages}
- name: Remove openstack-ceilometer-polling package if operator requests it
yum: name=openstack-ceilometer-polling state=removed
tags: step2
ignore_errors: True
when: {get_param: UpgradeRemoveUnusedPackages}
openstack-tripleo-heat-templates/docker/services/neutron-sriov-agent.yaml 0000644 0001750 0001750 00000007555 13245343355 026357 0 ustar stack stack heat_template_version: pike
description: >
OpenStack Neutron SR-IOV service
parameters:
DockerNeutronSriovImage:
description: The container image to use for the Neutron SR-IOV agent
type: string
DockerNeutronConfigImage:
description: The container image to use for the neutron config_volume
type: string
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
resources:
ContainersCommon:
type: ./containers-common.yaml
NeutronSriovAgentBase:
type: ../../puppet/services/neutron-sriov-agent.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for Neutron sriov service
value:
service_name: {get_attr: [NeutronSriovAgentBase, role_data, service_name]}
config_settings: {get_attr: [NeutronSriovAgentBase, role_data, config_settings]}
step_config: &step_config
get_attr: [NeutronSriovAgentBase, role_data, step_config]
puppet_config:
config_volume: neutron
puppet_tags: neutron_config,neutron_agent_sriov_numvfs,neutron_sriov_agent_config
step_config: *step_config
config_image: {get_param: DockerNeutronConfigImage}
kolla_config:
/var/lib/kolla/config_files/neutron_sriov_agent.json:
command: /usr/bin/neutron-sriov-nic-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/sriov_agent.ini --config-dir /etc/neutron/conf.d/common
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/neutron
owner: neutron:neutron
recurse: true
docker_config:
step_4:
neutron_sriov_agent:
image: {get_param: DockerNeutronSriovImage}
net: host
pid: host
privileged: true
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/neutron_sriov_agent.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro
- /lib/modules:/lib/modules:ro
- /run:/run
- /var/log/containers/neutron:/var/log/neutron
- /sys/class/net:/sys/class/net:rw
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent logs directory
file:
path: /var/log/containers/neutron
state: directory
upgrade_tasks:
- name: Stop and disable neutron_sriov_agent service
tags: step2
service: name=neutron-sriov-nic-agent state=stopped enabled=no
openstack-tripleo-heat-templates/docker/services/ceilometer-agent-ipmi.yaml 0000644 0001750 0001750 00000010334 13245343355 026576 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Ceilometer Agent Ipmi service
parameters:
DockerCeilometerIpmiImage:
description: image
type: string
DockerCeilometerConfigImage:
description: The container image to use for the ceilometer config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
UpgradeRemoveUnusedPackages:
default: false
description: Remove package if the service is being disabled during upgrade
type: boolean
resources:
ContainersCommon:
type: ./containers-common.yaml
CeilometerAgentIpmiBase:
type: ../../puppet/services/ceilometer-agent-ipmi.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Ceilometer Agent Ipmi role.
value:
service_name: {get_attr: [CeilometerAgentIpmiBase, role_data, service_name]}
config_settings: {get_attr: [CeilometerAgentIpmiBase, role_data, config_settings]}
logging_source: {get_attr: [CeilometerAgentIpmiBase, role_data, logging_source]}
logging_groups: {get_attr: [CeilometerAgentIpmiBase, role_data, logging_groups]}
step_config: &step_config
get_attr: [CeilometerAgentIpmiBase, role_data, step_config]
service_config_settings: {get_attr: [CeilometerAgentIpmiBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: ceilometer
puppet_tags: ceilometer_config
step_config: *step_config
config_image: {get_param: DockerCeilometerConfigImage}
kolla_config:
/var/lib/kolla/config_files/ceilometer-agent-ipmi.json:
command: /usr/bin/ceilometer-polling --polling-namespaces ipmi
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
docker_config:
step_3:
ceilometer_init_log:
start_order: 0
image: &ceilometer_agent_ipmi_image {get_param: DockerCeilometerIpmiImage}
user: root
command: ['/bin/bash', '-c', 'chown -R ceilometer:ceilometer /var/log/ceilometer']
volumes:
- /var/log/containers/ceilometer:/var/log/ceilometer
step_4:
ceilometer_agent_ipmi:
image: *ceilometer_agent_ipmi_image
net: host
privileged: false
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ceilometer-agent-ipmi.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/ceilometer/:/var/lib/kolla/config_files/src:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
upgrade_tasks:
- name: Stop and disable ceilometer agent ipmi service
tags: step2
service: name=openstack-ceilometer-agent-ipmi state=stopped enabled=no
- name: Remove openstack-ceilometer-ipmi package if operator requests it
yum: name=openstack-ceilometer-ipmi state=removed
tags: step2
ignore_errors: True
when: {get_param: UpgradeRemoveUnusedPackages}
openstack-tripleo-heat-templates/docker/services/neutron-plugin-ml2.yaml 0000644 0001750 0001750 00000004324 13245343355 026076 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Neutron ML2 Plugin configured with Puppet
parameters:
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DockerNeutronConfigImage:
description: The container image to use for the neutron config_volume
type: string
DefaultPasswords:
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
resources:
NeutronBase:
type: OS::TripleO::Docker::NeutronMl2PluginBase
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Neutron ML2 Plugin role.
value:
service_name: {get_attr: [NeutronBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
logging_source: {get_attr: [NeutronBase, role_data, logging_source]}
logging_groups: {get_attr: [NeutronBase, role_data, logging_groups]}
step_config: &step_config
get_attr: [NeutronBase, role_data, step_config]
service_config_settings: {get_attr: [NeutronBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: 'neutron'
puppet_tags: neutron_plugin_ml2
step_config: *step_config
config_image: {get_param: DockerNeutronConfigImage}
kolla_config: {}
docker_config: {}
openstack-tripleo-heat-templates/docker/services/ceilometer-agent-notification.yaml 0000644 0001750 0001750 00000012015 13245343355 030324 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Ceilometer Agent Notification service
parameters:
DockerCeilometerNotificationImage:
description: image
type: string
DockerCeilometerConfigImage:
description: The container image to use for the ceilometer config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
UpgradeRemoveUnusedPackages:
default: false
description: Remove package if the service is being disabled during upgrade
type: boolean
resources:
ContainersCommon:
type: ./containers-common.yaml
CeilometerAgentNotificationBase:
type: ../../puppet/services/ceilometer-agent-notification.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Ceilometer Agent Notification role.
value:
service_name: {get_attr: [CeilometerAgentNotificationBase, role_data, service_name]}
config_settings: {get_attr: [CeilometerAgentNotificationBase, role_data, config_settings]}
logging_source: {get_attr: [CeilometerAgentNotificationBase, role_data, logging_source]}
logging_groups: {get_attr: [CeilometerAgentNotificationBase, role_data, logging_groups]}
step_config: &step_config
get_attr: [CeilometerAgentNotificationBase, role_data, step_config]
service_config_settings: {get_attr: [CeilometerAgentNotificationBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: ceilometer
puppet_tags: ceilometer_config
step_config: *step_config
config_image: {get_param: DockerCeilometerConfigImage}
kolla_config:
/var/lib/kolla/config_files/ceilometer_agent_notification.json:
command: /usr/bin/ceilometer-agent-notification --logfile /var/log/ceilometer/agent-notification.log
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
- source: "/var/lib/kolla/config_files/src-panko/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /etc/panko
owner: root:ceilometer
recurse: true
docker_config:
step_3:
ceilometer_init_log:
start_order: 0
image: &ceilometer_agent_notification_image {get_param: DockerCeilometerNotificationImage}
user: root
command: ['/bin/bash', '-c', 'chown -R ceilometer:ceilometer /var/log/ceilometer']
volumes:
- /var/log/containers/ceilometer:/var/log/ceilometer
step_4:
ceilometer_agent_notification:
image: *ceilometer_agent_notification_image
net: host
privileged: false
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ceilometer_agent_notification.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/ceilometer/:/var/lib/kolla/config_files/src:ro
- /var/lib/config-data/puppet-generated/panko/:/var/lib/kolla/config_files/src-panko:ro
- /var/log/containers/ceilometer:/var/log/ceilometer
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent logs directory
file:
path: /var/log/containers/ceilometer
state: directory
upgrade_tasks:
- name: Stop and disable ceilometer agent notification service
tags: step2
service: name=openstack-ceilometer-notification state=stopped enabled=no
- name: Remove openstack-ceilometer-notification package if operator requests it
yum: name=openstack-ceilometer-notification state=removed
tags: step2
ignore_errors: True
when: {get_param: UpgradeRemoveUnusedPackages}
openstack-tripleo-heat-templates/docker/services/ceph-ansible/ 0000755 0001750 0001750 00000000000 13245343355 024063 5 ustar stack stack openstack-tripleo-heat-templates/docker/services/ceph-ansible/ceph-base.yaml 0000644 0001750 0001750 00000024543 13245343355 026606 0 ustar stack stack heat_template_version: pike
description: >
Ceph base service. Shared by all Ceph services.
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
StackUpdateType:
type: string
description: >
Type of update, to differentiate between UPGRADE and UPDATE cases
when StackAction is UPDATE (both are the same stack action).
constraints:
- allowed_values: ['', 'UPGRADE']
default: ''
NodeDataLookup:
type: string
default: '{}'
description: json string containing per-node configuration map
CephAnsibleWorkflowName:
type: string
description: Name of the Mistral workflow to execute
default: tripleo.storage.v1.ceph-install
CephAnsiblePlaybook:
type: string
description: Path to the ceph-ansible playbook to execute
default: /usr/share/ceph-ansible/site-docker.yml.sample
CephAnsibleUpgradePlaybook:
type: string
description: Path to the ceph-ansible playbook to execute on upgrade
default: /usr/share/ceph-ansible/infrastructure-playbooks/switch-from-non-containerized-to-containerized-ceph-daemons.yml
CephAnsibleExtraConfig:
type: json
description: Extra vars for the ceph-ansible playbook
default: {}
CephAnsibleSkipTags:
type: string
description: List of ceph-ansible tags to skip
default: 'package-install,with_pkg'
CephConfigOverrides:
type: json
description: Extra config settings to dump into ceph.conf
default: {}
CephClusterFSID:
type: string
description: The Ceph cluster FSID. Must be a UUID.
CephPoolDefaultPgNum:
description: default pg_num to use for the RBD pools
type: number
default: 128
CephPools:
description: >
It can be used to override settings for one of the predefined pools, or to create
additional ones. Example:
[{"name": "volumes", "pg_num": 64, "rule_name": ""}]
default: []
type: json
CinderRbdPoolName:
default: volumes
type: string
CinderBackupRbdPoolName:
default: backups
type: string
GlanceRbdPoolName:
default: images
type: string
GnocchiRbdPoolName:
default: metrics
type: string
NovaRbdPoolName:
default: vms
type: string
CephClientKey:
description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
type: string
hidden: true
CephClientUserName:
default: openstack
type: string
CephRgwClientName:
default: radosgw
type: string
CephRgwKey:
description: The cephx key for the radosgw client. Can be created
with ceph-authtool --gen-print-key.
type: string
hidden: true
CephPoolDefaultSize:
description: default minimum replication for RBD copies
type: number
default: 3
ManilaCephFSNativeCephFSAuthId:
default: manila
type: string
CephManilaClientKey:
default: ''
description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
type: string
hidden: true
CephIPv6:
default: False
type: boolean
SwiftPassword:
description: The password for the swift service account
type: string
hidden: true
DockerCephDaemonImage:
description: image
type: string
CephAnsiblePlaybookVerbosity:
default: 0
description: number of '-v', '-vv', etc. passed to ansible-playbook command (max 5)
type: number
conditions:
custom_registry_host:
yaql:
data: {get_param: DockerCephDaemonImage}
expression: $.data.split('/')[0].matches('(\.|:)')
perform_upgrade:
equals: [{get_param: StackUpdateType}, 'UPGRADE']
resources:
DockerImageUrlParts:
type: OS::Heat::Value
properties:
type: json
value:
host:
if:
- custom_registry_host
- yaql:
expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*?)/(.*)').split($location)[1]
data: {get_param: DockerCephDaemonImage}
- docker.io
image:
if:
- custom_registry_host
- yaql:
expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*?)/(.*)').split($location)[2]
data: {get_param: DockerCephDaemonImage}
- yaql:
expression: $.data.rightSplit(':', 1)[0]
data: {get_param: DockerCephDaemonImage}
image_tag:
yaql:
expression: $.data.rightSplit(':', 1)[1]
data: {get_param: DockerCephDaemonImage}
outputs:
role_data:
description: Role data for the Ceph base service.
value:
service_name: ceph_base
upgrade_tasks: []
step_config: ''
puppet_config:
config_image: ''
config_volume: ''
step_config: ''
docker_config: {}
workflow_tasks:
step2:
- name: ceph_base_ansible_workflow
workflow: { get_param: CephAnsibleWorkflowName }
input:
ansible_skip_tags: {get_param: CephAnsibleSkipTags}
ceph_ansible_extra_vars: {get_param: CephAnsibleExtraConfig}
ceph_ansible_playbook:
if:
- perform_upgrade
- {get_param: CephAnsibleUpgradePlaybook}
- {get_param: CephAnsiblePlaybook}
ansible_playbook_verbosity: {get_param: CephAnsiblePlaybookVerbosity}
node_data_lookup: {get_param: NodeDataLookup}
config_settings:
ceph_common_ansible_vars:
ireallymeanit: 'yes'
fsid: { get_param: CephClusterFSID }
docker: true
ceph_release: jewel
ceph_docker_registry: {get_attr: [DockerImageUrlParts, value, host]}
ceph_docker_image: {get_attr: [DockerImageUrlParts, value, image]}
ceph_docker_image_tag: {get_attr: [DockerImageUrlParts, value, image_tag]}
containerized_deployment: true
public_network: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephMonNetwork]}]}
monitor_address_block: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephMonNetwork]}]}
cluster_network: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]}
user_config: true
ceph_stable: true
ceph_origin: distro
openstack_config: true
openstack_pools:
yaql:
expression: $.data.toDict($.get('name')).values()
data:
list_concat_unique:
- repeat:
template:
name: <%pool%>
pg_num: {get_param: CephPoolDefaultPgNum}
rule_name: ""
for_each:
<%pool%>:
- {get_param: CinderRbdPoolName}
- {get_param: CinderBackupRbdPoolName}
- {get_param: NovaRbdPoolName}
- {get_param: GlanceRbdPoolName}
- {get_param: GnocchiRbdPoolName}
- {get_param: CephPools}
openstack_keys: &openstack_keys
- name:
list_join:
- '.'
- - client
- {get_param: CephClientUserName}
key: {get_param: CephClientKey}
mon_cap: "allow r"
osd_cap:
str_replace:
template: "allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=CINDERBACKUP_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL, allow rwx pool=GNOCCHI_POOL"
params:
NOVA_POOL: {get_param: NovaRbdPoolName}
CINDER_POOL: {get_param: CinderRbdPoolName}
CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName}
GLANCE_POOL: {get_param: GlanceRbdPoolName}
GNOCCHI_POOL: {get_param: GnocchiRbdPoolName}
mode: "0644"
- name:
list_join:
- '.'
- - client
- {get_param: ManilaCephFSNativeCephFSAuthId}
key: {get_param: CephManilaClientKey}
mon_cap: 'allow r, allow command \\\"auth del\\\", allow command \\\"auth caps\\\", allow command \\\"auth get\\\", allow command \\\"auth get-or-create\\\"'
mds_cap: "allow *"
osd_cap: "allow rw"
mode: "0644"
- name:
list_join:
- '.'
- - client
- {get_param: CephRgwClientName}
key: {get_param: CephRgwKey}
mon_cap: "allow rw"
osd_cap: "allow rwx"
mode: "0644"
keys: *openstack_keys
pools: []
ceph_conf_overrides:
global:
map_merge:
- osd_pool_default_size: {get_param: CephPoolDefaultSize}
osd_pool_default_pg_num: {get_param: CephPoolDefaultPgNum}
osd_pool_default_pgp_num: {get_param: CephPoolDefaultPgNum}
rgw_keystone_api_version: 3
rgw_keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
rgw_keystone_accepted_roles: 'Member, _member_, admin'
rgw_keystone_admin_domain: default
rgw_keystone_admin_project: service
rgw_keystone_admin_user: swift
rgw_keystone_admin_password: {get_param: SwiftPassword}
rgw_s3_auth_use_keystone: 'true'
- {get_param: CephConfigOverrides}
ntp_service_enabled: false
generate_fsid: false
ip_version:
if:
- {get_param: CephIPv6}
- ipv6
- ipv4
openstack-tripleo-heat-templates/docker/services/ceph-ansible/ceph-client.yaml 0000644 0001750 0001750 00000003102 13245343355 027136 0 ustar stack stack heat_template_version: pike
description: >
Ceph Client service.
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
resources:
CephBase:
type: ./ceph-base.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Ceph Client service.
value:
service_name: ceph_client
upgrade_tasks: []
step_config: ''
puppet_config:
config_image: ''
config_volume: ''
step_config: ''
docker_config: {}
workflow_tasks: {get_attr: [CephBase, role_data, workflow_tasks]}
config_settings: {}
openstack-tripleo-heat-templates/docker/services/ceph-ansible/ceph-external.yaml 0000644 0001750 0001750 00000003671 13245343355 027515 0 ustar stack stack heat_template_version: pike
description: >
Ceph External service.
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
CephExternalMonHost:
default: ''
type: string
description: List of externally managed Ceph Mon Host IPs. Only used for external Ceph deployments.
resources:
CephBase:
type: ./ceph-base.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Ceph External service.
value:
service_name: ceph_client
upgrade_tasks: []
step_config: ''
puppet_config:
config_image: ''
config_volume: ''
step_config: ''
docker_config: {}
workflow_tasks: {get_attr: [CephBase, role_data, workflow_tasks]}
config_settings:
ceph_client_ansible_vars:
map_merge:
- {get_attr: [CephBase, role_data, config_settings, ceph_common_ansible_vars]}
- external_cluster_mon_ips: {get_param: CephExternalMonHost} openstack-tripleo-heat-templates/docker/services/ceph-ansible/ceph-mds.yaml 0000644 0001750 0001750 00000004665 13245343355 026462 0 ustar stack stack heat_template_version: pike
description: >
Ceph Metadata service.
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
CephMdsKey:
description: The cephx key for the MDS service. Can be created
with ceph-authtool --gen-print-key.
type: string
hidden: true
ManilaCephFSDataPoolName:
default: manila_data
type: string
ManilaCephFSMetadataPoolName:
default: manila_metadata
type: string
ManilaCephFSNativeShareBackendName:
default: cephfs
type: string
resources:
CephBase:
type: ./ceph-base.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Ceph Metadata service.
value:
service_name: ceph_mds
upgrade_tasks: []
step_config: ''
puppet_config:
config_image: ''
config_volume: ''
step_config: ''
docker_config: {}
workflow_tasks: {get_attr: [CephBase, role_data, workflow_tasks]}
config_settings:
map_merge:
- tripleo.ceph_mds.firewall_rules:
'112 ceph_mds':
dport:
- '6800-7300'
- ceph_mds_ansible_vars:
map_merge:
- {get_attr: [CephBase, role_data, config_settings, ceph_common_ansible_vars]}
- cephfs_data: {get_param: ManilaCephFSDataPoolName}
cephfs_metadata: {get_param: ManilaCephFSMetadataPoolName}
cephfs: {get_param: ManilaCephFSNativeShareBackendName}
openstack-tripleo-heat-templates/docker/services/ceph-ansible/ceph-mon.yaml 0000644 0001750 0001750 00000004741 13245343355 026463 0 ustar stack stack heat_template_version: pike
description: >
Ceph Monitor service.
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
CephMonKey:
description: The Ceph monitors key. Can be created with ceph-authtool --gen-print-key.
type: string
hidden: true
CephAdminKey:
default: ''
description: The Ceph admin client key. Can be created with ceph-authtool --gen-print-key.
type: string
hidden: true
CephValidationRetries:
type: number
default: 40
description: Number of retry attempts for Ceph validation
CephValidationDelay:
type: number
default: 30
description: Interval (in seconds) in between validation checks
resources:
CephBase:
type: ./ceph-base.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Ceph Monitor service.
value:
service_name: ceph_mon
upgrade_tasks: []
step_config: ''
puppet_config:
config_image: ''
config_volume: ''
step_config: ''
docker_config: {}
workflow_tasks: {get_attr: [CephBase, role_data, workflow_tasks]}
config_settings:
map_merge:
- tripleo.ceph_mon.firewall_rules:
'110 ceph_mon':
dport:
- 6789
- ceph_mon_ansible_vars:
map_merge:
- {get_attr: [CephBase, role_data, config_settings, ceph_common_ansible_vars]}
- monitor_secret: {get_param: CephMonKey}
admin_secret: {get_param: CephAdminKey}
openstack-tripleo-heat-templates/docker/services/ceph-ansible/ceph-osd.yaml 0000644 0001750 0001750 00000004163 13245343355 026455 0 ustar stack stack heat_template_version: pike
description: >
Ceph OSD service.
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
CephAnsibleDisksConfig:
type: json
description: Disks config settings for ceph-ansible
default:
devices:
- /dev/vdb
journal_size: 512
osd_scenario: collocated
resources:
CephBase:
type: ./ceph-base.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Ceph OSD service.
value:
service_name: ceph_osd
upgrade_tasks: []
step_config: ''
puppet_config:
config_image: ''
config_volume: ''
step_config: ''
docker_config: {}
workflow_tasks: {get_attr: [CephBase, role_data, workflow_tasks]}
config_settings:
map_merge:
- tripleo.ceph_osd.firewall_rules:
'111 ceph_osd':
dport:
- '6800-7300'
- ceph_osd_ansible_vars:
map_merge:
- {get_attr: [CephBase, role_data, config_settings, ceph_common_ansible_vars]}
- osd_objectstore: filestore
- {get_param: CephAnsibleDisksConfig} openstack-tripleo-heat-templates/docker/services/ceph-ansible/ceph-rgw.yaml 0000644 0001750 0001750 00000006007 13245343355 026466 0 ustar stack stack heat_template_version: pike
description: >
Ceph RadosGW service.
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
SwiftPassword:
description: The password for the swift service account
type: string
hidden: true
KeystoneRegion:
type: string
default: 'regionOne'
description: Keystone region for endpoint
resources:
CephBase:
type: ./ceph-base.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Ceph RadosGW service.
value:
service_name: ceph_rgw
upgrade_tasks: []
step_config: ''
puppet_config:
config_image: ''
config_volume: ''
step_config: ''
docker_config: {}
workflow_tasks: {get_attr: [CephBase, role_data, workflow_tasks]}
config_settings:
map_merge:
- tripleo.ceph_rgw.firewall_rules:
'122 ceph rgw':
dport: {get_param: [EndpointMap, CephRgwInternal, port]}
- ceph_rgw_ansible_vars:
map_merge:
- {get_attr: [CephBase, role_data, config_settings, ceph_common_ansible_vars]}
- radosgw_keystone: true
radosgw_keystone_ssl: false
radosgw_address_block: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephRgwNetwork]}]}
radosgw_civetweb_port: {get_param: [EndpointMap, CephRgwInternal, port]}
service_config_settings:
keystone:
ceph::rgw::keystone::auth::public_url: {get_param: [EndpointMap, CephRgwPublic, uri]}
ceph::rgw::keystone::auth::internal_url: {get_param: [EndpointMap, CephRgwInternal, uri]}
ceph::rgw::keystone::auth::admin_url: {get_param: [EndpointMap, CephRgwAdmin, uri]}
ceph::rgw::keystone::auth::region: {get_param: KeystoneRegion}
ceph::rgw::keystone::auth::roles: [ 'admin', 'Member', '_member_' ]
ceph::rgw::keystone::auth::tenant: service
ceph::rgw::keystone::auth::user: swift
ceph::rgw::keystone::auth::password: {get_param: SwiftPassword}
openstack-tripleo-heat-templates/docker/services/panko-api.yaml 0000644 0001750 0001750 00000013253 13245343355 024300 0 ustar stack stack heat_template_version: pike
description: >
OpenStack Panko service configured with docker.
Note, this service is deprecated in Pike release and
will be disabled in future releases.
parameters:
DockerPankoApiImage:
description: image
type: string
DockerPankoConfigImage:
description: The container image to use for the panko config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EnableInternalTLS:
type: boolean
default: false
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
ContainersCommon:
type: ./containers-common.yaml
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
PankoApiPuppetBase:
type: ../../puppet/services/panko-api.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Panko API role.
value:
service_name: {get_attr: [PankoApiPuppetBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [PankoApiPuppetBase, role_data, config_settings]
- apache::default_vhost: false
logging_source: {get_attr: [PankoApiPuppetBase, role_data, logging_source]}
logging_groups: {get_attr: [PankoApiPuppetBase, role_data, logging_groups]}
step_config: &step_config
list_join:
- "\n"
- - {get_attr: [PankoApiPuppetBase, role_data, step_config]}
- {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [PankoApiPuppetBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS #
puppet_config:
config_volume: panko
puppet_tags: panko_api_paste_ini,panko_config
step_config: *step_config
config_image: {get_param: DockerPankoConfigImage}
kolla_config:
/var/lib/kolla/config_files/panko_api.json:
command: /usr/sbin/httpd -DFOREGROUND
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/panko
owner: panko:panko
recurse: true
docker_config:
step_2:
panko_init_log:
image: &panko_api_image {get_param: DockerPankoApiImage}
user: root
volumes:
- /var/log/containers/panko:/var/log/panko
- /var/log/containers/httpd/panko-api:/var/log/httpd
command: ['/bin/bash', '-c', 'chown -R panko:panko /var/log/panko']
step_3:
panko_db_sync:
image: *panko_api_image
net: host
detach: false
privileged: false
user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/panko/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/panko/etc/panko:/etc/panko:ro
- /var/log/containers/panko:/var/log/panko
- /var/log/containers/httpd/panko-api:/var/log/httpd
command: "/usr/bin/bootstrap_host_exec panko_api su panko -s /bin/bash -c '/usr/bin/panko-dbsync'"
step_4:
panko_api:
start_order: 2
image: *panko_api_image
net: host
privileged: false
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/panko_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/panko/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/panko:/var/log/panko
- /var/log/containers/httpd/panko-api:/var/log/httpd
-
if:
- internal_tls_enabled
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
- ''
-
if:
- internal_tls_enabled
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
- ''
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent logs directory
file:
path: "{{ item }}"
state: directory
with_items:
- /var/log/containers/panko
- /var/log/containers/httpd/panko-api
metadata_settings:
get_attr: [PankoApiPuppetBase, role_data, metadata_settings]
openstack-tripleo-heat-templates/docker/services/cinder-api.yaml 0000644 0001750 0001750 00000016555 13245343355 024444 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Cinder API service
parameters:
DockerCinderApiImage:
description: image
type: string
DockerCinderConfigImage:
description: The container image to use for the cinder config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EnableInternalTLS:
type: boolean
default: false
UpgradeRemoveUnusedPackages:
default: false
description: Remove package if the service is being disabled during upgrade
type: boolean
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
ContainersCommon:
type: ./containers-common.yaml
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
CinderBase:
type: ../../puppet/services/cinder-api.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Cinder API role.
value:
service_name: {get_attr: [CinderBase, role_data, service_name]}
config_settings: {get_attr: [CinderBase, role_data, config_settings]}
logging_source: {get_attr: [CinderBase, role_data, logging_source]}
logging_groups: {get_attr: [CinderBase, role_data, logging_groups]}
step_config: &step_config
list_join:
- "\n"
- - {get_attr: [CinderBase, role_data, step_config]}
- {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: cinder
puppet_tags: cinder_config,file,concat,file_line
step_config: *step_config
config_image: {get_param: DockerCinderConfigImage}
kolla_config:
/var/lib/kolla/config_files/cinder_api.json:
command: /usr/sbin/httpd -DFOREGROUND
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/cinder
owner: cinder:cinder
recurse: true
/var/lib/kolla/config_files/cinder_api_cron.json:
command: /usr/sbin/crond -n
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/cinder
owner: cinder:cinder
recurse: true
docker_config:
step_2:
cinder_api_init_logs:
image: &cinder_api_image {get_param: DockerCinderApiImage}
privileged: false
user: root
volumes:
- /var/log/containers/cinder:/var/log/cinder
- /var/log/containers/httpd/cinder-api:/var/log/httpd
command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder']
step_3:
cinder_api_db_sync:
image: *cinder_api_image
net: host
privileged: false
detach: false
user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/cinder/etc/cinder/:/etc/cinder/:ro
- /var/log/containers/cinder:/var/log/cinder
- /var/log/containers/httpd/cinder-api:/var/log/httpd
command:
- '/usr/bin/bootstrap_host_exec'
- 'cinder_api'
- "su cinder -s /bin/bash -c 'cinder-manage db sync'"
step_4:
cinder_api:
image: *cinder_api_image
net: host
privileged: false
restart: always
# NOTE(mandre) kolla image changes the user to 'cinder', we need it
# to be root to run httpd
user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/cinder_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/cinder:/var/log/cinder
- /var/log/containers/httpd/cinder-api:/var/log/httpd
-
if:
- internal_tls_enabled
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
- ''
-
if:
- internal_tls_enabled
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
- ''
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
cinder_api_cron:
image: *cinder_api_image
net: host
user: root
privileged: false
restart: always
healthcheck:
test: /bin/true
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/cinder_api_cron.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/cinder:/var/log/cinder
- /var/log/containers/httpd/cinder-api:/var/log/httpd
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
metadata_settings:
get_attr: [CinderBase, role_data, metadata_settings]
host_prep_tasks:
- name: create persistent logs directory
file:
path: "{{ item }}"
state: directory
with_items:
- /var/log/containers/cinder
- /var/log/containers/httpd/cinder-api
upgrade_tasks:
- name: Stop and disable cinder_api service
tags: step2
service: name=httpd state=stopped enabled=no
- name: remove old cinder cron jobs
tags: step2
file:
path: /var/spool/cron/cinder
state: absent
- name: Remove httpd package if operator requests it
yum: name=httpd state=removed
tags: step2
ignore_errors: True
when: {get_param: UpgradeRemoveUnusedPackages}
openstack-tripleo-heat-templates/docker/services/sahara-api.yaml 0000644 0001750 0001750 00000012470 13245343355 024427 0 ustar stack stack heat_template_version: pike
description: >
OpenStack Sahara service configured with Puppet
parameters:
DockerSaharaApiImage:
description: image
type: string
DockerSaharaConfigImage:
description: The container image to use for the sahara config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
UpgradeRemoveUnusedPackages:
default: false
description: Remove package if the service is being disabled during upgrade
type: boolean
resources:
ContainersCommon:
type: ./containers-common.yaml
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
SaharaApiPuppetBase:
type: ../../puppet/services/sahara-api.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
outputs:
role_data:
description: Role data for the Sahara API role.
value:
service_name: {get_attr: [SaharaApiPuppetBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [SaharaApiPuppetBase, role_data, config_settings]
- sahara::sync_db: false
logging_source: {get_attr: [SaharaApiPuppetBase, role_data, logging_source]}
logging_groups: {get_attr: [SaharaApiPuppetBase, role_data, logging_groups]}
step_config: &step_config
list_join:
- "\n"
- - {get_attr: [SaharaApiPuppetBase, role_data, step_config]}
- {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [SaharaApiPuppetBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS #
puppet_config:
config_volume: sahara
puppet_tags: sahara_api_paste_ini,sahara_cluster_template,sahara_config,sahara_node_group_template
step_config: *step_config
config_image: {get_param: DockerSaharaConfigImage}
kolla_config:
/var/lib/kolla/config_files/sahara-api.json:
command: /usr/bin/sahara-api --config-file /etc/sahara/sahara.conf
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/lib/sahara
owner: sahara:sahara
recurse: true
- path: /var/log/sahara
owner: sahara:sahara
recurse: true
docker_config:
step_3:
sahara_db_sync:
image: &sahara_api_image {get_param: DockerSaharaApiImage}
net: host
privileged: false
detach: false
user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/sahara/etc/sahara/:/etc/sahara/:ro
- /lib/modules:/lib/modules:ro
- /var/lib/sahara:/var/lib/sahara
- /var/log/containers/sahara:/var/log/sahara
command: "/usr/bin/bootstrap_host_exec sahara_api su sahara -s /bin/bash -c 'sahara-db-manage --config-file /etc/sahara/sahara.conf upgrade head'"
step_4:
sahara_api:
image: *sahara_api_image
net: host
privileged: false
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/sahara-api.json:/var/lib/kolla/config_files/config.json
- /var/lib/config-data/puppet-generated/sahara/:/var/lib/kolla/config_files/src:ro
- /lib/modules:/lib/modules:ro
- /var/lib/sahara:/var/lib/sahara
- /var/log/containers/sahara:/var/log/sahara
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create /var/lib/sahara
file:
path: /var/lib/sahara
state: directory
- name: create persistent sahara logs directory
file:
path: /var/log/containers/sahara
state: directory
upgrade_tasks:
- name: Stop and disable sahara_api service
tags: step2
service: name=openstack-sahara-api state=stopped enabled=no
- name: Remove openstack-sahara-api package if operator requests it
yum: name=openstack-sahara-api state=removed
tags: step2
ignore_errors: True
when: {get_param: UpgradeRemoveUnusedPackages}
openstack-tripleo-heat-templates/docker/services/cinder-backup.yaml 0000644 0001750 0001750 00000012557 13245343355 025136 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Cinder Backup service
parameters:
DockerCinderBackupImage:
description: image
type: string
DockerCinderConfigImage:
description: The container image to use for the cinder config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
UpgradeRemoveUnusedPackages:
default: false
description: Remove package if the service is being disabled during upgrade
type: boolean
resources:
ContainersCommon:
type: ./containers-common.yaml
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
CinderBase:
type: ../../puppet/services/cinder-backup.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Cinder Backup role.
value:
service_name: {get_attr: [CinderBase, role_data, service_name]}
config_settings: {get_attr: [CinderBase, role_data, config_settings]}
logging_source: {get_attr: [CinderBase, role_data, logging_source]}
logging_groups: {get_attr: [CinderBase, role_data, logging_groups]}
step_config: &step_config
list_join:
- "\n"
- - {get_attr: [CinderBase, role_data, step_config]}
- {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: cinder
puppet_tags: cinder_config,file,concat,file_line
step_config: *step_config
config_image: {get_param: DockerCinderConfigImage}
kolla_config:
/var/lib/kolla/config_files/cinder_backup.json:
command: /usr/bin/cinder-backup --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
- source: "/var/lib/kolla/config_files/src-ceph/"
dest: "/etc/ceph/"
merge: true
preserve_properties: true
permissions:
- path: /var/lib/cinder
owner: cinder:cinder
recurse: true
- path: /var/log/cinder
owner: cinder:cinder
recurse: true
docker_config:
step_3:
cinder_backup_init_logs:
start_order: 0
image: &cinder_backup_image {get_param: DockerCinderBackupImage}
privileged: false
user: root
volumes:
- /var/log/containers/cinder:/var/log/cinder
command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder']
step_4:
cinder_backup:
image: *cinder_backup_image
net: host
privileged: false
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/cinder_backup.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro
- /etc/iscsi:/etc/iscsi
- /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
- /dev/:/dev/
- /run/:/run/
- /sys:/sys
- /lib/modules:/lib/modules:ro
- /var/lib/cinder:/var/lib/cinder
- /var/log/containers/cinder:/var/log/cinder
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent directories
file:
path: "{{ item }}"
state: directory
with_items:
- /var/lib/cinder
- /var/log/containers/cinder
- name: ensure ceph configurations exist
file:
path: /etc/ceph
state: directory
upgrade_tasks:
- name: Stop and disable cinder_backup service
tags: step2
service: name=openstack-cinder-backup state=stopped enabled=no
- name: Remove openstack-cinder package if operator requests it
yum: name=openstack-cinder state=removed
tags: step2
ignore_errors: True
when: {get_param: UpgradeRemoveUnusedPackages}
openstack-tripleo-heat-templates/docker/services/nova-api.yaml 0000644 0001750 0001750 00000033042 13245343355 024131 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Nova API service
parameters:
DockerNovaApiImage:
description: image
type: string
DockerNovaConfigImage:
description: The container image to use for the nova config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EnableInternalTLS:
type: boolean
default: false
UpgradeRemoveUnusedPackages:
default: false
description: Remove package if the service is being disabled during upgrade
type: boolean
DeployIdentifier:
default: ''
type: string
description: >
Setting this to a unique value will re-run any deployment tasks which
perform configuration on a Heat stack-update.
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
ContainersCommon:
type: ./containers-common.yaml
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
NovaApiBase:
type: ../../puppet/services/nova-api.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Nova API role.
value:
service_name: {get_attr: [NovaApiBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [NovaApiBase, role_data, config_settings]
- apache::default_vhost: false
logging_source: {get_attr: [NovaApiBase, role_data, logging_source]}
logging_groups: {get_attr: [NovaApiBase, role_data, logging_groups]}
step_config: &step_config
list_join:
- "\n"
- - "['Nova_cell_v2'].each |String $val| { noop_resource($val) }"
- {get_attr: [NovaApiBase, role_data, step_config]}
- {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [NovaApiBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: nova
puppet_tags: nova_config
step_config: *step_config
config_image: {get_param: DockerNovaConfigImage}
kolla_config:
/var/lib/kolla/config_files/nova_api.json:
command: /usr/sbin/httpd -DFOREGROUND
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/nova
owner: nova:nova
recurse: true
/var/lib/kolla/config_files/nova_api_cron.json:
command: /usr/sbin/crond -n
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/nova
owner: nova:nova
recurse: true
docker_config_scripts:
nova_api_discover_hosts.sh:
mode: "0700"
content: |
#!/bin/bash
export OS_PROJECT_DOMAIN_NAME=$(crudini --get /etc/nova/nova.conf keystone_authtoken project_domain_name)
export OS_USER_DOMAIN_NAME=$(crudini --get /etc/nova/nova.conf keystone_authtoken user_domain_name)
export OS_PROJECT_NAME=$(crudini --get /etc/nova/nova.conf keystone_authtoken project_name)
export OS_USERNAME=$(crudini --get /etc/nova/nova.conf keystone_authtoken username)
export OS_PASSWORD=$(crudini --get /etc/nova/nova.conf keystone_authtoken password)
export OS_AUTH_URL=$(crudini --get /etc/nova/nova.conf keystone_authtoken auth_url)
export OS_AUTH_TYPE=password
export OS_IDENTITY_API_VERSION=3
echo "(cellv2) Running cell_v2 host discovery"
timeout=600
loop_wait=30
declare -A discoverable_hosts
for host in $(hiera -c /etc/puppet/hiera.yaml cellv2_discovery_hosts | sed -e '/^nil$/d' | tr "," " "); do discoverable_hosts[$host]=1; done
timeout_at=$(( $(date +"%s") + ${timeout} ))
echo "(cellv2) Waiting ${timeout} seconds for hosts to register"
finished=0
while : ; do
for host in $(openstack -q compute service list -c 'Host' -c 'Zone' -f value | awk '$2 != "internal" { print $1 }'); do
if (( discoverable_hosts[$host] == 1 )); then
echo "(cellv2) compute node $host has registered"
unset discoverable_hosts[$host]
fi
done
finished=1
for host in "${!discoverable_hosts[@]}"; do
if (( ${discoverable_hosts[$host]} == 1 )); then
echo "(cellv2) compute node $host has not registered"
finished=0
fi
done
remaining=$(( $timeout_at - $(date +"%s") ))
if (( $finished == 1 )); then
echo "(cellv2) All nodes registered"
break
elif (( $remaining <= 0 )); then
echo "(cellv2) WARNING: timeout waiting for nodes to register, running host discovery regardless"
echo "(cellv2) Expected host list:" $(hiera -c /etc/puppet/hiera.yaml cellv2_discovery_hosts | sed -e '/^nil$/d' | sort -u | tr ',' ' ')
echo "(cellv2) Detected host list:" $(openstack -q compute service list -c 'Host' -c 'Zone' -f value | awk '$2 != "internal" { print $1 }' | sort -u | tr '\n', ' ')
break
else
echo "(cellv2) Waiting ${remaining} seconds for hosts to register"
sleep $loop_wait
fi
done
echo "(cellv2) Running host discovery..."
su nova -s /bin/bash -c "/usr/bin/nova-manage cell_v2 discover_hosts --verbose"
nova_api_ensure_default_cell.sh:
mode: "0700"
content: |
#!/bin/bash
DEFID=$(nova-manage cell_v2 list_cells | sed -e '1,3d' -e '$d' | awk -F ' *| *' '$2 == "default" {print $4}')
if [ "$DEFID" ]; then
echo "(cellv2) Updating default cell_v2 cell $DEFID"
su nova -s /bin/bash -c "/usr/bin/nova-manage cell_v2 update_cell --cell_uuid $DEFID --name=default"
else
echo "(cellv2) Creating default cell_v2 cell"
su nova -s /bin/bash -c "/usr/bin/nova-manage cell_v2 create_cell --name=default"
fi
docker_config:
# db sync runs before permissions set by kolla_config
step_2:
nova_init_logs:
image: &nova_api_image {get_param: DockerNovaApiImage}
privileged: false
user: root
volumes:
- /var/log/containers/nova:/var/log/nova
- /var/log/containers/httpd/nova-api:/var/log/httpd
command: ['/bin/bash', '-c', 'chown -R nova:nova /var/log/nova']
step_3:
nova_api_db_sync:
start_order: 0
image: *nova_api_image
net: host
detach: false
user: root
volumes: &nova_api_bootstrap_volumes
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/nova/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro
- /var/log/containers/nova:/var/log/nova
- /var/log/containers/httpd/nova-api:/var/log/httpd
command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage api_db sync'"
nova_api_map_cell0:
start_order: 1
image: *nova_api_image
net: host
detach: false
user: root
volumes: *nova_api_bootstrap_volumes
command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 map_cell0'"
nova_api_ensure_default_cell:
start_order: 2
image: *nova_api_image
net: host
detach: false
volumes:
list_concat:
- *nova_api_bootstrap_volumes
-
- /var/lib/config-data/nova/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro
- /var/log/containers/nova:/var/log/nova
- /var/lib/docker-config-scripts/nova_api_ensure_default_cell.sh:/nova_api_ensure_default_cell.sh:ro
user: root
command: "/usr/bin/bootstrap_host_exec nova_api /nova_api_ensure_default_cell.sh"
nova_db_sync:
start_order: 3
image: *nova_api_image
net: host
detach: false
volumes: *nova_api_bootstrap_volumes
user: root
command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage db sync'"
step_4:
nova_api:
start_order: 2
image: *nova_api_image
net: host
user: root
privileged: true
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/nova_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/nova:/var/log/nova
- /var/log/containers/httpd/nova-api:/var/log/httpd
-
if:
- internal_tls_enabled
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
- ''
-
if:
- internal_tls_enabled
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
- ''
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
nova_api_cron:
image: *nova_api_image
net: host
user: root
privileged: false
restart: always
healthcheck:
test: /bin/true
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/nova_api_cron.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/nova:/var/log/nova
- /var/log/containers/httpd/nova-api:/var/log/httpd
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
step_5:
nova_api_discover_hosts:
start_order: 1
image: *nova_api_image
net: host
detach: false
volumes:
list_concat:
- *nova_api_bootstrap_volumes
-
- /var/lib/config-data/nova/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro
- /var/log/containers/nova:/var/log/nova
- /var/lib/docker-config-scripts/nova_api_discover_hosts.sh:/nova_api_discover_hosts.sh:ro
user: root
command: "/usr/bin/bootstrap_host_exec nova_api /nova_api_discover_hosts.sh"
environment:
# NOTE: this should force this container to re-run on each
# update (scale-out, etc.)
- list_join:
- ''
- - 'TRIPLEO_DEPLOY_IDENTIFIER='
- {get_param: DeployIdentifier}
metadata_settings:
get_attr: [NovaApiBase, role_data, metadata_settings]
host_prep_tasks:
- name: create persistent logs directory
file:
path: "{{ item }}"
state: directory
with_items:
- /var/log/containers/nova
- /var/log/containers/httpd/nova-api
upgrade_tasks:
- name: Stop and disable nova_api service
tags: step2
service: name=openstack-nova-api state=stopped enabled=no
- name: Remove openstack-nova-api package if operator requests it
yum: name=openstack-nova-api state=removed
tags: step2
ignore_errors: True
when: {get_param: UpgradeRemoveUnusedPackages}
- name: remove old nova cron jobs
tags: step2
file:
path: /var/spool/cron/nova
state: absent
openstack-tripleo-heat-templates/docker/services/cinder-scheduler.yaml 0000644 0001750 0001750 00000011257 13245343355 025643 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Cinder Scheduler service
parameters:
DockerCinderSchedulerImage:
description: image
type: string
DockerCinderConfigImage:
description: The container image to use for the cinder config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
UpgradeRemoveUnusedPackages:
default: false
description: Remove package if the service is being disabled during upgrade
type: boolean
resources:
ContainersCommon:
type: ./containers-common.yaml
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
CinderBase:
type: ../../puppet/services/cinder-scheduler.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Cinder Scheduler role.
value:
service_name: {get_attr: [CinderBase, role_data, service_name]}
config_settings: {get_attr: [CinderBase, role_data, config_settings]}
logging_source: {get_attr: [CinderBase, role_data, logging_source]}
logging_groups: {get_attr: [CinderBase, role_data, logging_groups]}
step_config: &step_config
list_join:
- "\n"
- - {get_attr: [CinderBase, role_data, step_config]}
- {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: cinder
puppet_tags: cinder_config,file,concat,file_line
step_config: *step_config
config_image: {get_param: DockerCinderConfigImage}
kolla_config:
/var/lib/kolla/config_files/cinder_scheduler.json:
command: /usr/bin/cinder-scheduler --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/cinder
owner: cinder:cinder
recurse: true
docker_config:
step_2:
cinder_scheduler_init_logs:
image: &cinder_scheduler_image {get_param: DockerCinderSchedulerImage}
privileged: false
user: root
volumes:
- /var/log/containers/cinder:/var/log/cinder
command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder']
step_4:
cinder_scheduler:
image: *cinder_scheduler_image
net: host
privileged: false
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/cinder_scheduler.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/cinder:/var/log/cinder
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent directories
file:
path: "{{ item }}"
state: directory
with_items:
- /var/log/containers/cinder
upgrade_tasks:
- name: Stop and disable cinder_scheduler service
tags: step2
service: name=openstack-cinder-scheduler state=stopped enabled=no
- name: Remove openstack-cinder package if operator requests it
yum: name=openstack-cinder state=removed
tags: step2
ignore_errors: True
when: {get_param: UpgradeRemoveUnusedPackages}
openstack-tripleo-heat-templates/docker/services/sahara-engine.yaml 0000644 0001750 0001750 00000011162 13245343355 025120 0 ustar stack stack heat_template_version: pike
description: >
OpenStack Sahara service configured with Puppet
parameters:
DockerSaharaEngineImage:
description: image
type: string
DockerSaharaConfigImage:
description: The container image to use for the sahara config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
UpgradeRemoveUnusedPackages:
default: false
description: Remove package if the service is being disabled during upgrade
type: boolean
resources:
ContainersCommon:
type: ./containers-common.yaml
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
SaharaEnginePuppetBase:
type: ../../puppet/services/sahara-engine.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
outputs:
role_data:
description: Role data for the Sahara Engine role.
value:
service_name: {get_attr: [SaharaEnginePuppetBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [SaharaEnginePuppetBase, role_data, config_settings]
- sahara::sync_db: false
logging_source: {get_attr: [SaharaEnginePuppetBase, role_data, logging_source]}
logging_groups: {get_attr: [SaharaEnginePuppetBase, role_data, logging_groups]}
step_config: &step_config
list_join:
- "\n"
- - {get_attr: [SaharaEnginePuppetBase, role_data, step_config]}
- {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [SaharaEnginePuppetBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS #
puppet_config:
config_volume: sahara
puppet_tags: sahara_engine_paste_ini,sahara_cluster_template,sahara_config,sahara_node_group_template
step_config: *step_config
config_image: {get_param: DockerSaharaConfigImage}
kolla_config:
/var/lib/kolla/config_files/sahara-engine.json:
command: /usr/bin/sahara-engine --config-file /etc/sahara/sahara.conf
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/lib/sahara
owner: sahara:sahara
recurse: true
- path: /var/log/sahara
owner: sahara:sahara
recurse: true
docker_config:
step_4:
sahara_engine:
image: {get_param: DockerSaharaEngineImage}
net: host
privileged: false
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/sahara-engine.json:/var/lib/kolla/config_files/config.json
- /var/lib/config-data/puppet-generated/sahara/:/var/lib/kolla/config_files/src:ro
- /var/lib/sahara:/var/lib/sahara
- /var/log/containers/sahara:/var/log/sahara
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create /var/lib/sahara
file:
path: /var/lib/sahara
state: directory
- name: create persistent sahara logs directory
file:
path: /var/log/containers/sahara
state: directory
upgrade_tasks:
- name: Stop and disable sahara_engine service
tags: step2
service: name=openstack-sahara-engine state=stopped enabled=no
- name: Remove openstack-sahara-engine package if operator requests it
yum: name=openstack-sahara-engine state=removed
tags: step2
ignore_errors: True
when: {get_param: UpgradeRemoveUnusedPackages}
openstack-tripleo-heat-templates/docker/services/cinder-volume.yaml 0000644 0001750 0001750 00000015576 13245343355 025204 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Cinder Volume service
parameters:
DockerCinderVolumeImage:
description: image
type: string
DockerCinderConfigImage:
description: The container image to use for the cinder config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
# custom parameters for the Cinder volume role
CinderEnableIscsiBackend:
default: true
description: Whether to enable or not the Iscsi backend for Cinder
type: boolean
CinderLVMLoopDeviceSize:
default: 10280
description: The size of the loopback file used by the cinder LVM driver.
type: number
UpgradeRemoveUnusedPackages:
default: false
description: Remove package if the service is being disabled during upgrade
type: boolean
resources:
ContainersCommon:
type: ./containers-common.yaml
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
CinderBase:
type: ../../puppet/services/cinder-volume.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Cinder Volume role.
value:
service_name: {get_attr: [CinderBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [CinderBase, role_data, config_settings]
- tripleo::profile::base::lvm::enable_udev: false
logging_source: {get_attr: [CinderBase, role_data, logging_source]}
logging_groups: {get_attr: [CinderBase, role_data, logging_groups]}
step_config: &step_config
list_join:
- "\n"
- - "include ::tripleo::profile::base::lvm"
- get_attr: [CinderBase, role_data, step_config]
- get_attr: [MySQLClient, role_data, step_config]
service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: cinder
puppet_tags: cinder_config,file,concat,file_line
step_config: *step_config
config_image: {get_param: DockerCinderConfigImage}
kolla_config:
/var/lib/kolla/config_files/cinder_volume.json:
command: /usr/bin/cinder-volume --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
- source: "/var/lib/kolla/config_files/src-ceph/"
dest: "/etc/ceph/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/cinder
owner: cinder:cinder
recurse: true
docker_config:
step_3:
cinder_volume_init_logs:
start_order: 0
image: &cinder_volume_image {get_param: DockerCinderVolumeImage}
privileged: false
user: root
volumes:
- /var/log/containers/cinder:/var/log/cinder
command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder']
step_4:
cinder_volume:
image: *cinder_volume_image
ipc: host
net: host
privileged: true
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/cinder_volume.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro
- /etc/iscsi:/etc/iscsi
- /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
- /lib/modules:/lib/modules:ro
- /dev/:/dev/
- /run/:/run/
- /sys:/sys
- /var/lib/cinder:/var/lib/cinder
- /var/log/containers/cinder:/var/log/cinder
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent directories
file:
path: "{{ item }}"
state: directory
with_items:
- /var/log/containers/cinder
- /var/lib/cinder
- name: ensure ceph configurations exist
file:
path: /etc/ceph
state: directory
- name: cinder_enable_iscsi_backend fact
set_fact:
cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend}
- name: cinder create LVM volume group dd
command:
list_join:
- ''
- - 'dd if=/dev/zero of=/var/lib/cinder/cinder-volumes bs=1 count=0 seek='
- str_replace:
template: VALUE
params:
VALUE: {get_param: CinderLVMLoopDeviceSize}
- 'M'
args:
creates: /var/lib/cinder/cinder-volumes
when: cinder_enable_iscsi_backend
- name: cinder create LVM volume group
shell: |
if ! losetup /dev/loop2; then
losetup /dev/loop2 /var/lib/cinder/cinder-volumes
fi
if ! pvdisplay | grep cinder-volumes; then
pvcreate /dev/loop2
fi
if ! vgdisplay | grep cinder-volumes; then
vgcreate cinder-volumes /dev/loop2
fi
args:
executable: /bin/bash
creates: /dev/loop2
when: cinder_enable_iscsi_backend
upgrade_tasks:
- name: Stop and disable cinder_volume service
tags: step2
service: name=openstack-cinder-volume state=stopped enabled=no
- name: Remove openstack-cinder package if operator requests it
yum: name=openstack-cinder state=removed
tags: step2
ignore_errors: True
when: {get_param: UpgradeRemoveUnusedPackages}
openstack-tripleo-heat-templates/docker/services/sensu-client.yaml 0000644 0001750 0001750 00000012601 13245343355 025026 0 ustar stack stack heat_template_version: pike
description: >
Containerized Sensu client service
parameters:
DockerSensuClientImage:
description: image
type: string
DockerSensuConfigImage:
description: The container image to use for the sensu config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
SensuDockerCheckCommand:
type: string
default: |
output=''
for i in $(docker ps --format '{{.ID}}'); do
if result=$(docker inspect --format='{{.State.Health.Status}}' $i 2>/dev/null); then
if [ "$result" != 'healthy' ]; then
output="${output} ; $(docker inspect --format='{{.Name}}' $i) ($i): $(docker inspect --format='{{(index .State.Health.Log 0).Output}}' $i)";
fi
fi
done
if [ ! -z "${output}" ]; then
echo ${output:3} && exit 2;
fi
SensuDockerCheckInterval:
type: number
description: The frequency in seconds the docker health check is executed.
default: 10
SensuDockerCheckHandlers:
default: []
description: The Sensu event handler to use for events
created by the docker health check.
type: comma_delimited_list
SensuDockerCheckOccurrences:
type: number
description: The number of event occurrences before sensu-plugin-aware handler should take action.
default: 3
SensuDockerCheckRefresh:
type: number
description: The number of seconds sensu-plugin-aware handlers should wait before taking second action.
default: 90
resources:
ContainersCommon:
type: ./containers-common.yaml
SensuClientBase:
type: ../../puppet/services/monitoring/sensu-client.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
outputs:
role_data:
description: Role data for the Sensu client role.
value:
service_name: {get_attr: [SensuClientBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [SensuClientBase, role_data, config_settings]
- sensu::checks:
check-docker-health:
standalone: true
command: {get_param: SensuDockerCheckCommand}
interval: {get_param: SensuDockerCheckInterval}
handlers: {get_param: SensuDockerCheckHandlers}
occurrences: {get_param: SensuDockerCheckOccurrences}
refresh: {get_param: SensuDockerCheckRefresh}
step_config: &step_config
get_attr: [SensuClientBase, role_data, step_config]
service_config_settings: {get_attr: [SensuClientBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: sensu
puppet_tags: sensu_rabbitmq_config,sensu_client_config,sensu_check_config,sensu_check
step_config: *step_config
config_image: {get_param: DockerSensuConfigImage}
kolla_config:
/var/lib/kolla/config_files/sensu-client.json:
command: /usr/bin/sensu-client -d /etc/sensu/conf.d/ -l /var/log/sensu/sensu-client.log
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/sensu
owner: sensu:sensu
recurse: true
docker_config:
step_3:
sensu_client:
image: {get_param: DockerSensuClientImage}
net: host
privileged: true
# NOTE(mmagr) kolla image changes the user to 'sensu', we need it
# to be root have rw permission to docker.sock to run successfully
# "docker inspect" command
user: root
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/run/docker.sock:/var/run/docker.sock:rw
- /var/lib/kolla/config_files/sensu-client.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/sensu/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/sensu:/var/log/sensu:rw
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent logs directory
file:
path: /var/log/containers/sensu
state: directory
upgrade_tasks:
- name: Stop and disable sensu-client service
tags: step2
service: name=sensu-client.service state=stopped enabled=no
openstack-tripleo-heat-templates/docker/services/collectd.yaml 0000644 0001750 0001750 00000010301 13245343355 024201 0 ustar stack stack heat_template_version: pike
description: >
Containerized collectd service
parameters:
DockerCollectdImage:
description: image
type: string
DockerCollectdConfigImage:
description: The container image to use for the collectd config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
UpgradeRemoveUnusedPackages:
default: false
description: Remove package if the service is being disabled during upgrade
type: boolean
resources:
ContainersCommon:
type: ./containers-common.yaml
CollectdBase:
type: ../../puppet/services/metrics/collectd.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the collectd role.
value:
service_name: {get_attr: [CollectdBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [CollectdBase, role_data, config_settings]
- tripleo::profile::base::metrics::collectd::enable_file_logging: true
collectd::plugin::logfile::log_file: /var/log/collectd/collectd.log
logging_source: {get_attr: [CollectdBase, role_data, logging_source]}
logging_groups: {get_attr: [CollectdBase, role_data, logging_groups]}
step_config: &step_config
get_attr: [CollectdBase, role_data, step_config]
service_config_settings: {get_attr: [CollectdBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: collectd
puppet_tags: collectd_client_config
step_config: *step_config
config_image: {get_param: DockerCollectdConfigImage}
kolla_config:
/var/lib/kolla/config_files/collectd.json:
command: /usr/sbin/collectd -f
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/collectd
owner: collectd:collectd
recurse: true
docker_config:
step_3:
collectd:
image: {get_param: DockerCollectdImage}
net: host
pid: host
privileged: true
user: root
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/collectd.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/collectd/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/collectd:/var/log/collectd:rw
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent logs directory
file:
path: /var/log/containers/collectd
state: directory
upgrade_tasks:
- name: Stop and disable collectd service
tags: step2
service: name=collectd.service state=stopped enabled=no
- name: Remove collectd package if operator requests it
yum: name=collectd state=removed
tags: step2
ignore_errors: True
when: {get_param: UpgradeRemoveUnusedPackages}
openstack-tripleo-heat-templates/docker/services/sshd.yaml 0000644 0001750 0001750 00000004031 13245343355 023354 0 ustar stack stack heat_template_version: pike
description: >
Configure sshd_config
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
MigrationSshPort:
default: 2022
description: Target port for migration over ssh
type: number
conditions:
# During Ocata->Pike upgrade initially configure the ssh service on port 22
# to proxy migration commands to the containerized sshd on port 2022.
# When the upgrade converges we can switch migrations over to port 2022.
enable_migration_proxy:
equals:
- {get_param: MigrationSshPort}
- 22
resources:
SshdBase:
type: ../../puppet/services/sshd.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the ssh
value:
service_name: sshd
config_settings: {get_attr: [SshdBase, role_data, config_settings]}
step_config:
list_join:
- "\n"
- - get_attr: [SshdBase, role_data, step_config]
- if:
- enable_migration_proxy
- |
include tripleo::profile::base::nova::migration::proxy
- ''
openstack-tripleo-heat-templates/docker/services/congress.yaml 0000644 0001750 0001750 00000012772 13245343355 024251 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Congress API service
parameters:
DockerCongressApiImage:
description: image
type: string
DockerCongressConfigImage:
description: The container image to use for the congress config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
UpgradeRemoveUnusedPackages:
default: false
description: Remove package if the service is being disabled during upgrade
type: boolean
resources:
ContainersCommon:
type: ./containers-common.yaml
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
CongressBase:
type: ../../puppet/services/congress.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Congress API role.
value:
service_name: {get_attr: [CongressBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [CongressBase, role_data, config_settings]
logging_source: {get_attr: [CongressBase, role_data, logging_source]}
logging_groups: {get_attr: [CongressBase, role_data, logging_groups]}
step_config: &step_config
list_join:
- "\n"
- - {get_attr: [CongressBase, role_data, step_config]}
- {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [CongressBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: congress
puppet_tags: congress_config
step_config: *step_config
config_image: {get_param: DockerCongressConfigImage}
kolla_config:
/var/lib/kolla/config_files/congress_api.json:
command: /usr/bin/congress-server --config-file=/etc/congress/congress.conf --log-file=/var/log/congress/api.log
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/congress
owner: congress:congress
recurse: true
docker_config:
# db sync runs before permissions set by kolla_config
step_2:
congress_init_logs:
image: &congress_api_image {get_param: DockerCongressApiImage}
privileged: false
user: root
volumes:
- /var/log/containers/congress:/var/log/congress
command: ['/bin/bash', '-c', 'chown -R congress:congress /var/log/congress']
step_3:
congress_db_sync:
image: *congress_api_image
net: host
privileged: false
detach: false
user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
# FIXME(mandre) mounting /etc rw to workaround LP1696283
# This should go away anyway and mount the exact files it
# needs or use kolla set_configs.py
- /var/lib/config-data/congress/etc/:/etc/
- /var/log/containers/congress:/var/log/congress
command: "/usr/bin/bootstrap_host_exec congress su congress -s /bin/bash -c 'congress-db-manage --config-file /etc/congress/congress.conf upgrade head'"
step_4:
congress_api:
start_order: 15
image: *congress_api_image
net: host
privileged: false
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/congress_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/congress/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/congress:/var/log/congress
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent logs directory
file:
path: /var/log/containers/congress
state: directory
upgrade_tasks:
- name: Stop and disable congress_api service
tags: step2
service: name=openstack-congress-server state=stopped enabled=no
- name: Remove openstack-congress package if operator requests it
yum: name=openstack-congress state=removed
tags: step2
ignore_errors: True
when: {get_param: UpgradeRemoveUnusedPackages}
openstack-tripleo-heat-templates/docker/services/nova-conductor.yaml 0000644 0001750 0001750 00000011156 13245343355 025362 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Nova Conductor service
parameters:
DockerNovaConductorImage:
description: image
type: string
DockerNovaConfigImage:
description: The container image to use for the nova config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
UpgradeLevelNovaCompute:
type: string
description: Nova Compute upgrade level
default: ''
UpgradeRemoveUnusedPackages:
default: false
description: Remove package if the service is being disabled during upgrade
type: boolean
resources:
ContainersCommon:
type: ./containers-common.yaml
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
NovaConductorBase:
type: ../../puppet/services/nova-conductor.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Nova Conductor service.
value:
service_name: {get_attr: [NovaConductorBase, role_data, service_name]}
config_settings: {get_attr: [NovaConductorBase, role_data, config_settings]}
logging_source: {get_attr: [NovaConductorBase, role_data, logging_source]}
logging_groups: {get_attr: [NovaConductorBase, role_data, logging_groups]}
step_config: &step_config
list_join:
- "\n"
- - {get_attr: [NovaConductorBase, role_data, step_config]}
- {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [NovaConductorBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: nova
puppet_tags: nova_config
step_config: *step_config
config_image: {get_param: DockerNovaConfigImage}
kolla_config:
/var/lib/kolla/config_files/nova_conductor.json:
command: /usr/bin/nova-conductor
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/nova
owner: nova:nova
recurse: true
docker_config:
step_4:
nova_conductor:
image: {get_param: DockerNovaConductorImage}
net: host
privileged: false
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/nova_conductor.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/nova:/var/log/nova
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent logs directory
file:
path: /var/log/containers/nova
state: directory
upgrade_tasks:
- name: Set compute upgrade level to auto
tags: step1
ini_file:
str_replace:
template: "dest=/etc/nova/nova.conf section=upgrade_levels option=compute value=LEVEL"
params:
LEVEL: {get_param: UpgradeLevelNovaCompute}
- name: Stop and disable nova_conductor service
tags: step2
service: name=openstack-nova-conductor state=stopped enabled=no
- name: Remove openstack-nova-conductor package if operator requests it
yum: name=openstack-nova-conductor state=removed
tags: step2
ignore_errors: True
when: {get_param: UpgradeRemoveUnusedPackages}
openstack-tripleo-heat-templates/docker/services/containers-common.yaml 0000644 0001750 0001750 00000004274 13245343355 026057 0 ustar stack stack heat_template_version: pike
description: >
Contains a static list of common things necessary for containers
parameters:
# Required parameters
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EnableInternalTLS:
type: boolean
default: false
InternalTLSCAFile:
default: '/etc/ipa/ca.crt'
type: string
description: Specifies the default CA cert to use if TLS is used for
services in the internal network.
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
outputs:
volumes:
description: Common volumes for the containers.
value:
list_concat:
- - /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
# required for bootstrap_host_exec
- /etc/puppet:/etc/puppet:ro
# OpenSSL trusted CAs
- /etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:ro
- /etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro
- /etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro
- /etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro
# Syslog socket
- /dev/log:/dev/log
- /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro
- if:
- internal_tls_enabled
- - list_join:
- ':'
- - {get_param: InternalTLSCAFile}
- {get_param: InternalTLSCAFile}
- 'ro'
- null
openstack-tripleo-heat-templates/docker/services/database/ 0000755 0001750 0001750 00000000000 13245343355 023275 5 ustar stack stack openstack-tripleo-heat-templates/docker/services/database/mongodb.yaml 0000644 0001750 0001750 00000014256 13245343355 025616 0 ustar stack stack heat_template_version: pike
description: >
MongoDB service deployment using puppet and docker
parameters:
DockerMongodbImage:
description: image
type: string
DockerMongodbConfigImage:
description: The container image to use for the mongodb config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EnableInternalTLS:
type: boolean
default: false
InternalTLSCAFile:
default: '/etc/ipa/ca.crt'
type: string
description: Specifies the default CA cert to use if TLS is used for
services in the internal network.
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
MongodbPuppetBase:
type: ../../../puppet/services/database/mongodb.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Containerized service Mongodb using composable services.
value:
service_name: {get_attr: [MongodbPuppetBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [MongodbPuppetBase, role_data, config_settings]
- mongodb::server::fork: false
logging_source: {get_attr: [MongodbPuppetBase, role_data, logging_source]}
logging_groups: {get_attr: [MongodbPuppetBase, role_data, logging_groups]}
step_config: &step_config
list_join:
- "\n"
- - "['Mongodb_database', 'Mongodb_user', 'Mongodb_replset'].each |String $val| { noop_resource($val) }"
- {get_attr: [MongodbPuppetBase, role_data, step_config]}
# BEGIN DOCKER SETTINGS #
puppet_config:
config_volume: mongodb
puppet_tags: file # set this even though file is the default
step_config: *step_config
config_image: &mongodb_config_image {get_param: DockerMongodbConfigImage}
kolla_config:
/var/lib/kolla/config_files/mongodb.json:
command: /usr/bin/mongod --unixSocketPrefix=/var/run/mongodb --config /etc/mongod.conf run
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
- source: "/var/lib/kolla/config_files/src-tls/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/lib/mongodb
owner: mongodb:mongodb
recurse: true
- path: /var/log/mongodb
owner: mongodb:mongodb
recurse: true
- path: /etc/pki/tls/certs/mongodb.pem
owner: mongodb:mongodb
docker_config:
step_2:
mongodb:
image: {get_param: DockerMongodbImage}
net: host
privileged: false
volumes: &mongodb_volumes
list_concat:
- - /var/lib/kolla/config_files/mongodb.json:/var/lib/kolla/config_files/config.json
- /var/lib/config-data/puppet-generated/mongodb/:/var/lib/kolla/config_files/src:ro
- /etc/localtime:/etc/localtime:ro
- /var/log/containers/mongodb:/var/log/mongodb
- /var/lib/mongodb:/var/lib/mongodb
- if:
- internal_tls_enabled
- - list_join:
- ':'
- - {get_param: InternalTLSCAFile}
- {get_param: InternalTLSCAFile}
- 'ro'
- /etc/pki/tls/certs/mongodb.pem:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/mongodb.pem:ro
- null
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
docker_puppet_tasks:
# MySQL database initialization occurs only on single node
step_2:
config_volume: 'mongodb_init_tasks'
puppet_tags: 'mongodb_database,mongodb_user,mongodb_replset'
step_config: 'include ::tripleo::profile::base::database::mongodb'
config_image: *mongodb_config_image
volumes:
list_concat:
- - /var/lib/mongodb:/var/lib/mongodb
- /var/log/containers/mongodb:/var/log/mongodb
- if:
- internal_tls_enabled
- - list_join:
- ':'
- - {get_param: InternalTLSCAFile}
- {get_param: InternalTLSCAFile}
- 'ro'
- /etc/pki/tls/certs/mongodb.pem:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/mongodb.pem:ro
- null
host_prep_tasks:
- name: create persistent directories
file:
path: "{{ item }}"
state: directory
with_items:
- /var/log/containers/mongodb
- /var/lib/mongodb
metadata_settings:
get_attr: [MongodbPuppetBase, role_data, metadata_settings]
upgrade_tasks:
- name: Check for mongodb service
stat: path=/usr/lib/systemd/system/mongod.service
tags: common
register: mongod_service
- name: Stop and disable mongodb service
tags: step2
service: name=mongod state=stopped enabled=no
when: mongod_service.stat.exists
openstack-tripleo-heat-templates/docker/services/database/mysql.yaml 0000644 0001750 0001750 00000021475 13245343355 025337 0 ustar stack stack heat_template_version: pike
description: >
MySQL service deployment using puppet
parameters:
DockerMysqlImage:
description: image
type: string
DockerMysqlConfigImage:
description: The container image to use for the mysql config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
MysqlRootPassword:
type: string
hidden: true
default: ''
EnableInternalTLS:
type: boolean
default: false
InternalTLSCAFile:
default: '/etc/ipa/ca.crt'
type: string
description: Specifies the default CA cert to use if TLS is used for
services in the internal network.
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
MysqlPuppetBase:
type: ../../../puppet/services/database/mysql.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Containerized service MySQL using composable services.
value:
service_name: {get_attr: [MysqlPuppetBase, role_data, service_name]}
config_settings:
map_merge:
- {get_attr: [MysqlPuppetBase, role_data, config_settings]}
# Set PID file to what kolla mariadb bootstrap script expects
- tripleo::profile::base::database::mysql::mysql_server_options:
mysqld:
pid-file: /var/lib/mysql/mariadb.pid
mysqld_safe:
pid-file: /var/lib/mysql/mariadb.pid
logging_source: {get_attr: [MysqlPuppetBase, role_data, logging_source]}
logging_groups: {get_attr: [MysqlPuppetBase, role_data, logging_groups]}
step_config: &step_config
list_join:
- "\n"
- - "['Mysql_datadir', 'Mysql_user', 'Mysql_database', 'Mysql_grant', 'Mysql_plugin'].each |String $val| { noop_resource($val) }"
- {get_attr: [MysqlPuppetBase, role_data, step_config]}
# BEGIN DOCKER SETTINGS #
puppet_config:
config_volume: mysql
puppet_tags: file # set this even though file is the default
step_config: *step_config
config_image: &mysql_config_image {get_param: DockerMysqlConfigImage}
kolla_config:
/var/lib/kolla/config_files/mysql.json:
command: /usr/bin/mysqld_safe
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
- source: "/var/lib/kolla/config_files/src-tls/*"
dest: "/"
merge: true
preserve_properties: true
optional: true
permissions:
- path: /var/lib/mysql
owner: mysql:mysql
recurse: true
- path: /etc/pki/tls/certs/mysql.crt
owner: mysql:mysql
optional: true
- path: /etc/pki/tls/private/mysql.key
owner: mysql:mysql
optional: true
docker_config:
# Kolla_bootstrap runs before permissions set by kolla_config
step_1:
mysql_init_logs:
image: &mysql_image {get_param: DockerMysqlImage}
privileged: false
user: root
volumes:
- /var/log/containers/mysql:/var/log/mariadb
command: ['/bin/bash', '-c', 'chown -R mysql:mysql /var/log/mariadb']
step_2:
mysql_bootstrap:
start_order: 1
detach: false
image: *mysql_image
net: host
user: root
# Kolla bootstraps aren't idempotent, explicitly checking if bootstrap was done
command:
- 'bash'
- '-ecx'
-
list_join:
- "\n"
- - 'if [ -e /var/lib/mysql/mysql ]; then exit 0; fi'
- 'echo -e "\n[mysqld]\nwsrep_provider=none" >> /etc/my.cnf'
- 'sudo -u mysql -E kolla_start'
- 'mysqld_safe --skip-networking --wsrep-on=OFF &'
- 'timeout ${DB_MAX_TIMEOUT} /bin/bash -c ''until mysqladmin -uroot -p"${DB_ROOT_PASSWORD}" ping 2>/dev/null; do sleep 1; done'''
- 'mysql -uroot -p"${DB_ROOT_PASSWORD}" -e "CREATE USER ''mysql''@''localhost'';"'
- 'mysql -uroot -p"${DB_ROOT_PASSWORD}" -e "REVOKE ALL PRIVILEGES, GRANT OPTION FROM ''mysql''@''localhost'';"'
- 'timeout ${DB_MAX_TIMEOUT} mysqladmin -uroot -p"${DB_ROOT_PASSWORD}" shutdown'
volumes: &mysql_volumes
list_concat:
-
- /var/lib/kolla/config_files/mysql.json:/var/lib/kolla/config_files/config.json
- /var/lib/config-data/puppet-generated/mysql/:/var/lib/kolla/config_files/src:ro
- /etc/localtime:/etc/localtime:ro
- /etc/hosts:/etc/hosts:ro
- /var/lib/mysql:/var/lib/mysql
- /var/log/containers/mysql:/var/log/mariadb
- if:
- internal_tls_enabled
-
- list_join:
- ':'
- - {get_param: InternalTLSCAFile}
- {get_param: InternalTLSCAFile}
- 'ro'
- /etc/pki/tls/certs/mysql.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/mysql.crt:ro
- /etc/pki/tls/private/mysql.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/mysql.key:ro
- null
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
- KOLLA_BOOTSTRAP=True
# NOTE(mandre) skip wsrep cluster status check
- KOLLA_KUBERNETES=True
- DB_MAX_TIMEOUT=60
-
list_join:
- '='
- - 'DB_ROOT_PASSWORD'
-
yaql:
expression: $.data.passwords.where($ != '').first()
data:
passwords:
- {get_param: MysqlRootPassword}
- {get_param: [DefaultPasswords, mysql_root_password]}
mysql:
start_order: 2
image: *mysql_image
restart: always
net: host
volumes: *mysql_volumes
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
docker_puppet_tasks:
# MySQL database initialization occurs only on single node
step_2:
config_volume: 'mysql_init_tasks'
puppet_tags: 'mysql_database,mysql_grant,mysql_user'
step_config: 'include ::tripleo::profile::base::database::mysql'
config_image: *mysql_config_image
volumes:
list_concat:
-
- /var/lib/mysql:/var/lib/mysql/:ro
- /var/log/containers/mysql:/var/log/mariadb
- /var/lib/config-data/mysql/root:/root:ro #provides .my.cnf
- if:
- internal_tls_enabled
-
- list_join:
- ':'
- - {get_param: InternalTLSCAFile}
- {get_param: InternalTLSCAFile}
- 'ro'
- /etc/pki/tls/certs/mysql.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/mysql.crt:ro
- /etc/pki/tls/private/mysql.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/mysql.key:ro
- null
metadata_settings:
get_attr: [MysqlPuppetBase, role_data, metadata_settings]
host_prep_tasks:
- name: create persistent directories
file:
path: "{{ item }}"
state: directory
with_items:
- /var/log/containers/mysql
- /var/lib/mysql
upgrade_tasks:
- name: Stop and disable mysql service
tags: step2
service: name=mariadb state=stopped enabled=no
openstack-tripleo-heat-templates/docker/services/database/redis.yaml 0000644 0001750 0001750 00000013340 13245343355 025270 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Redis services
parameters:
DockerRedisImage:
description: image
type: string
DockerRedisConfigImage:
description: The container image to use for the redis config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EnableInternalTLS:
type: boolean
default: false
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
ContainersCommon:
type: ../containers-common.yaml
RedisBase:
type: ../../../puppet/services/database/redis.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
outputs:
role_data:
description: Role data for the Redis API role.
value:
service_name: {get_attr: [RedisBase, role_data, service_name]}
config_settings:
map_merge:
- {get_attr: [RedisBase, role_data, config_settings]}
- redis::daemonize: false
tripleo::stunnel::manage_service: false
tripleo::stunnel::foreground: 'yes'
logging_source: {get_attr: [RedisBase, role_data, logging_source]}
logging_groups: {get_attr: [RedisBase, role_data, logging_groups]}
step_config: &step_config
get_attr: [RedisBase, role_data, step_config]
service_config_settings: {get_attr: [RedisBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: 'redis'
# NOTE: we need the exec tag to copy /etc/redis.conf.puppet to
# /etc/redis.conf
# https://github.com/arioch/puppet-redis/commit/1c004143223e660cbd433422ff8194508aab9763
puppet_tags: 'exec'
step_config: *step_config
config_image: {get_param: DockerRedisConfigImage}
kolla_config:
/var/lib/kolla/config_files/redis.json:
command: /usr/bin/redis-server /etc/redis.conf
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/run/redis
owner: redis:redis
recurse: true
/var/lib/kolla/config_files/redis_tls_proxy.json:
command: stunnel /etc/stunnel/stunnel.conf
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
docker_config:
step_1:
map_merge:
- redis_init_logs:
start_order: 0
detach: false
image: &redis_image {get_param: DockerRedisImage}
privileged: false
user: root
volumes:
- /var/log/containers/redis:/var/log/redis
command: ['/bin/bash', '-c', 'chown -R redis:redis /var/log/redis']
- redis:
start_order: 1
image: *redis_image
net: host
privileged: false
restart: always
volumes:
- /run:/run
- /var/lib/kolla/config_files/redis.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/redis/:/var/lib/kolla/config_files/src:ro
- /etc/localtime:/etc/localtime:ro
- /var/log/containers/redis:/var/log/redis
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
- if:
- internal_tls_enabled
- redis_tls_proxy:
start_order: 2
image: *redis_image
net: host
user: root
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/redis_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/redis/:/var/lib/kolla/config_files/src:ro
- /etc/pki/tls/certs/redis.crt:/etc/pki/tls/certs/redis.crt:ro
- /etc/pki/tls/private/redis.key:/etc/pki/tls/private/redis.key:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
- {}
metadata_settings:
get_attr: [RedisBase, role_data, metadata_settings]
host_prep_tasks:
- name: create persistent directories
file:
path: "{{ item }}"
state: directory
with_items:
- /var/log/containers/redis
- /var/run/redis
upgrade_tasks:
- name: Stop and disable redis service
tags: step2
service: name=redis state=stopped enabled=no
openstack-tripleo-heat-templates/docker/services/swift-proxy.yaml 0000644 0001750 0001750 00000015105 13245343355 024732 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized swift proxy service
parameters:
DockerSwiftProxyImage:
description: image
type: string
DockerSwiftConfigImage:
description: The container image to use for the swift config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EnableInternalTLS:
type: boolean
default: false
UpgradeRemoveUnusedPackages:
default: false
description: Remove package if the service is being disabled during upgrade
type: boolean
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
ContainersCommon:
type: ./containers-common.yaml
SwiftProxyBase:
type: ../../puppet/services/swift-proxy.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the swift proxy.
value:
service_name: {get_attr: [SwiftProxyBase, role_data, service_name]}
config_settings: {get_attr: [SwiftProxyBase, role_data, config_settings]}
step_config: &step_config
get_attr: [SwiftProxyBase, role_data, step_config]
logging_source: {get_attr: [SwiftProxyBase, role_data, logging_source]}
logging_groups: {get_attr: [SwiftProxyBase, role_data, logging_groups]}
service_config_settings: {get_attr: [SwiftProxyBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: swift
puppet_tags: swift_proxy_config
step_config: *step_config
config_image: {get_param: DockerSwiftConfigImage}
kolla_config:
/var/lib/kolla/config_files/swift_proxy.json:
command: /usr/bin/swift-proxy-server /etc/swift/proxy-server.conf
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/swift
owner: swift:swift
recurse: true
/var/lib/kolla/config_files/swift_proxy_tls_proxy.json:
command: /usr/sbin/httpd -DFOREGROUND
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
docker_config:
step_4:
map_merge:
- swift_proxy:
image: &swift_proxy_image {get_param: DockerSwiftProxyImage}
net: host
user: swift
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/swift_proxy.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro
- /run:/run
- /srv/node:/srv/node
- /dev:/dev
- /var/log/containers/swift:/var/log/swift
- /var/log/containers/httpd/swift-proxy:/var/log/httpd
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
- if:
- internal_tls_enabled
- swift_proxy_tls_proxy:
image: *swift_proxy_image
net: host
user: root
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/swift_proxy_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
- {}
host_prep_tasks:
- name: create persistent directories
file:
path: "{{ item }}"
state: directory
with_items:
- /var/log/containers/swift
- /var/log/containers/httpd/swift-proxy
- /srv/node
upgrade_tasks:
- name: Check if swift-proxy or swift-object-expirer are deployed
command: systemctl is-enabled --quiet "{{ item }}"
tags: common
ignore_errors: True
register: swift_proxy_services_enabled
with_items:
- openstack-swift-proxy
- openstack-swift-object-expirer
- name: "PreUpgrade step0,validation: Check service openstack-swift-proxy and openstack-swift-object-expirer are running"
command: systemctl is-active --quiet "{{ item.item }}"
when: item.rc == 0
tags: step0,validation
with_items: "{{ swift_proxy_services_enabled.results }}"
- name: Stop and disable swift-proxy and swift-object-expirer services
tags: step2
when: item.rc == 0
service: name={{ item.item }} state=stopped enabled=no
with_items: "{{ swift_proxy_services_enabled.results }}"
- name: Remove openstack-swift-proxy package if operator requests it
yum: name=openstack-swift-proxy state=removed
tags: step2
ignore_errors: True
when: {get_param: UpgradeRemoveUnusedPackages}
metadata_settings:
get_attr: [SwiftProxyBase, role_data, metadata_settings]
openstack-tripleo-heat-templates/docker/services/ec2-api.yaml 0000644 0001750 0001750 00000017222 13245343355 023641 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized EC2 API service
parameters:
DockerEc2ApiImage:
description: image
type: string
DockerEc2ApiConfigImage:
description: The container image to use for the ec2_api config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EnableInternalTLS:
type: boolean
default: false
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
ContainersCommon:
type: ./containers-common.yaml
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
Ec2ApiPuppetBase:
type: ../../puppet/services/ec2-api.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the EC2 API role.
value:
service_name: {get_attr: [Ec2ApiPuppetBase, role_data, service_name]}
config_settings: {get_attr: [Ec2ApiPuppetBase, role_data, config_settings]}
logging_source: {get_attr: [Ec2ApiPuppetBase, role_data, logging_source]}
logging_groups: {get_attr: [Ec2ApiPuppetBase, role_data, logging_groups]}
step_config: &step_config
list_join:
- "\n"
- - {get_attr: [Ec2ApiPuppetBase, role_data, step_config]}
- {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [Ec2ApiPuppetBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: ec2_api
puppet_tags: ec2api_api_paste_ini,ec2api_config
step_config: *step_config
config_image: {get_param: DockerEc2ApiConfigImage}
kolla_config:
/var/lib/kolla/config_files/ec2_api.json:
command: /usr/bin/ec2-api
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/ec2api
owner: ec2api:ec2api
recurse: true
/var/lib/kolla/config_files/ec2_api_tls_proxy.json:
command: /usr/sbin/httpd -DFOREGROUND
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
/var/lib/kolla/config_files/ec2_api_metadata.json:
command: /usr/bin/ec2-api-metadata
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/ec2api # default log dir for metadata service as well
owner: ec2api:ec2api
recurse: true
docker_config:
# db sync runs before permissions set by kolla_config
step_2:
ec2_api_init_logs:
image: &ec2_api_image {get_param: DockerEc2ApiImage}
privileged: false
user: root
volumes:
- /var/log/containers/ec2_api:/var/log/ec2api
# mount ec2_api_metadata to "ec2api-metadata" only here to fix
# permissions of both directories in one go
- /var/log/containers/ec2_api_metadata:/var/log/ec2api-metadata
command: ['/bin/bash', '-c', 'chown -R ec2api:ec2api /var/log/ec2api /var/log/ec2api-metadata']
step_3:
ec2_api_db_sync:
image: *ec2_api_image
net: host
detach: false
privileged: false
user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/ec2_api/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/ec2_api/etc/ec2api/:/etc/ec2api/:ro
- /var/log/containers/ec2_api:/var/log/ec2api
command: "/usr/bin/bootstrap_host_exec ec2_api su ec2api -s /bin/bash -c '/usr/bin/ec2-api-manage db_sync'"
step_4:
map_merge:
- ec2_api:
image: *ec2_api_image
net: host
privileged: false
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ec2_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/ec2_api/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/ec2_api:/var/log/ec2api
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
ec2_api_metadata:
image: *ec2_api_image
net: host
privileged: false
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ec2_api_metadata.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/ec2_api/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/ec2_api_metadata:/var/log/ec2api
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
- if:
- internal_tls_enabled
- ec2_api_tls_proxy:
image: *ec2_api_image
net: host
user: root
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ec2_api_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/ec2_api/:/var/lib/kolla/config_files/src:ro
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
- {}
host_prep_tasks:
- name: create persistent log directories
file:
path: /var/log/containers/{{ item }}
state: directory
with_items:
- ec2_api
- ec2_api_metadata
upgrade_tasks:
- name: Stop and disable EC2-API services
tags: step2
service: name={{ item }} state=stopped enabled=no
with_items:
- openstack-ec2-api
- openstack-ec2-api-metadata
openstack-tripleo-heat-templates/docker/services/etcd.yaml 0000644 0001750 0001750 00000007760 13245343355 023346 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized etcd services
parameters:
DockerEtcdImage:
description: image
type: string
DockerEtcdConfigImage:
description: The container image to use for the etcd config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EtcdInitialClusterToken:
description: Initial cluster token for the etcd cluster during bootstrap.
type: string
hidden: true
resources:
EtcdPuppetBase:
type: ../../puppet/services/etcd.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EtcdInitialClusterToken: {get_param: EtcdInitialClusterToken}
outputs:
role_data:
description: Role data for the etcd role.
value:
service_name: {get_attr: [EtcdPuppetBase, role_data, service_name]}
logging_source: {get_attr: [EtcdPuppetBase, role_data, logging_source]}
logging_groups: {get_attr: [EtcdPuppetBase, role_data, logging_groups]}
step_config: &step_config
list_join:
- "\n"
- - "['Etcd_key'].each |String $val| { noop_resource($val) }"
- get_attr: [EtcdPuppetBase, role_data, step_config]
config_settings:
map_merge:
- {get_attr: [EtcdPuppetBase, role_data, config_settings]}
- etcd::manage_service: false
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: etcd
step_config: *step_config
config_image: &etcd_config_image {get_param: DockerEtcdConfigImage}
kolla_config:
/var/lib/kolla/config_files/etcd.json:
command: /usr/bin/etcd --config-file /etc/etcd/etcd.yml
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/lib/etcd
owner: etcd:etcd
recurse: true
docker_config:
step_2:
etcd:
image: {get_param: DockerEtcdImage}
net: host
privileged: false
restart: always
volumes:
- /var/lib/etcd:/var/lib/etcd
- /etc/localtime:/etc/localtime:ro
- /var/lib/kolla/config_files/etcd.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/etcd/:/var/lib/kolla/config_files/src:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
docker_puppet_tasks:
# Etcd keys initialization occurs only on single node
step_2:
config_volume: 'etcd_init_tasks'
puppet_tags: 'etcd_key'
step_config: 'include ::tripleo::profile::base::etcd'
config_image: *etcd_config_image
volumes:
- /var/lib/config-data/etcd/etc/etcd/:/etc/etcd:ro
- /var/lib/etcd:/var/lib/etcd:ro
host_prep_tasks:
- name: create /var/lib/etcd
file:
path: /var/lib/etcd
state: directory
upgrade_tasks:
- name: Stop and disable etcd service
tags: step2
service: name=etcd state=stopped enabled=no
openstack-tripleo-heat-templates/docker/services/tacker.yaml 0000644 0001750 0001750 00000011741 13245343355 023672 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Tacker service
parameters:
DockerTackerImage:
description: image
type: string
DockerTackerConfigImage:
description: The container image to use for the tacker config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
resources:
ContainersCommon:
type: ./containers-common.yaml
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
TackerBase:
type: ../../puppet/services/tacker.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Tacker role.
value:
service_name: {get_attr: [TackerBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [TackerBase, role_data, config_settings]
logging_source: {get_attr: [TackerBase, role_data, logging_source]}
logging_groups: {get_attr: [TackerBase, role_data, logging_groups]}
step_config: &step_config
list_join:
- "\n"
- - {get_attr: [TackerBase, role_data, step_config]}
- {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [TackerBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: tacker
puppet_tags: tacker_config
step_config: *step_config
config_image: {get_param: DockerTackerConfigImage}
kolla_config:
/var/lib/kolla/config_files/tacker_api.json:
command: /usr/bin/tacker-server --config-file=/etc/tacker/tacker.conf --log-file=/var/log/tacker/api.log
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/tacker
owner: tacker:tacker
recurse: true
docker_config:
# db sync runs before permissions set by kolla_config
step_2:
tacker_init_logs:
image: &tacker_image {get_param: DockerTackerImage}
privileged: false
user: root
volumes:
- /var/log/containers/tacker:/var/log/tacker
command: ['/bin/bash', '-c', 'chown -R tacker:tacker /var/log/tacker']
step_3:
tacker_db_sync:
image: *tacker_image
net: host
privileged: false
detach: false
user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
# FIXME(mandre) mounting /etc rw to workaround LP1696283
# This should go away anyway and mount the exact files it
# needs or use kolla set_configs.py
- /var/lib/config-data/tacker/etc/:/etc/
- /var/log/containers/tacker:/var/log/tacker
command: "/usr/bin/bootstrap_host_exec tacker su tacker -s /bin/bash -c 'tacker-db-manage --config-file /etc/tacker/tacker.conf upgrade head'"
step_4:
tacker_api:
image: *tacker_image
net: host
privileged: false
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/tacker_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/tacker/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/tacker:/var/log/tacker
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent logs directory
file:
path: /var/log/containers/tacker
state: directory
upgrade_tasks:
- name: Stop and disable tacker-server service
tags: step2
service: name=openstack-tacker-server state=stopped enabled=no
openstack-tripleo-heat-templates/docker/services/fluentd-client.yaml 0000644 0001750 0001750 00000010002 13245343355 025323 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized fluentd services
parameters:
DockerFluentdClientImage:
description: image
type: string
DockerFluentdConfigImage:
description: The container image to use fluentd config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
resources:
ContainersCommon:
type: ./containers-common.yaml
FluentdClientBase:
type: ../../puppet/services/logging/fluentd-client.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the fluentd role.
value:
service_name: {get_attr: [FluentdClientBase, role_data, service_name]}
config_settings:
map_merge:
- {get_attr: [FluentdClientBase, role_data, config_settings]}
- tripleo::profile::base::logging::fluentd::fluentd_path_transform:
- /var/log/
- /var/log/containers/
step_config: &step_config
get_attr: [FluentdClientBase, role_data, step_config]
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: fluentd
puppet_tags: config
step_config: *step_config
config_image: {get_param: DockerFluentdConfigImage}
kolla_config:
/var/lib/kolla/config_files/fluentd.json:
command: /usr/bin/fluentd -c /etc/fluentd/fluent.conf -o /var/log/fluentd/fluentd.log
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/lib/fluentd
owner: fluentd:fluentd
recurse: true
- path: /var/log/fluentd
owner: fluentd:fluentd
recurse: true
docker_config:
step_3:
fluentd_client:
image: {get_param: DockerFluentdClientImage}
net: host
privileged: true
user: root
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/cache/containers/fluentd:/var/cache/fluentd:rw
- /var/lib/kolla/config_files/fluentd.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/fluentd/:/var/lib/kolla/config_files/src:ro
- /var/log/containers:/var/log/containers:ro
- /var/log/containers/fluentd:/var/log/fluentd:rw
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent logs directory for fluentd
file:
path: /var/log/containers/fluentd
state: directory
- name: create persistent cache directory
file:
path: /var/cache/containers/fluentd
state: directory
upgrade_tasks:
- name: Stop and disable fluentd service
tags: step2
service: name=fluentd.service state=stopped enabled=no
openstack-tripleo-heat-templates/docker/services/swift-ringbuilder.yaml 0000644 0001750 0001750 00000010503 13245343355 026054 0 ustar stack stack heat_template_version: pike
description: >
OpenStack Swift Ringbuilder
parameters:
DockerSwiftConfigImage:
description: The container image to use for the swift config_volume
type: string
DockerSwiftRingbuilderConfigImage:
description: Fake parameter to bypass config_volume yaml validation
type: string
default: ''
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
SwiftMinPartHours:
type: number
default: 1
description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
SwiftPartPower:
default: 10
description: Partition Power to use when building Swift rings
type: number
SwiftRingBuild:
default: true
description: Whether to manage Swift rings or not
type: boolean
SwiftReplicas:
type: number
default: 3
description: How many replicas to use in the swift rings.
SwiftRawDisks:
default: {}
description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})'
type: json
SwiftUseLocalDir:
default: true
description: 'Use a local directory for Swift storage services when building rings'
type: boolean
SwiftRingGetTempurl:
default: ''
description: A temporary Swift URL to download rings from.
type: string
SwiftRingPutTempurl:
default: ''
description: A temporary Swift URL to upload rings to.
type: string
resources:
SwiftRingbuilderBase:
type: ../../puppet/services/swift-ringbuilder.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for Swift Ringbuilder configuration in containers.
value:
service_name: {get_attr: [SwiftRingbuilderBase, role_data, service_name]}
config_settings:
map_merge:
- {get_attr: [SwiftRingbuilderBase, role_data, config_settings]}
- tripleo::profile::base::swift::ringbuilder:skip_consistency_check: true
logging_source: {get_attr: [SwiftRingbuilderBase, role_data, logging_source]}
logging_groups: {get_attr: [SwiftRingbuilderBase, role_data, logging_groups]}
step_config: &step_config
get_attr: [SwiftRingbuilderBase, role_data, step_config]
service_config_settings: {get_attr: [SwiftRingbuilderBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: 'swift_ringbuilder'
puppet_tags: exec,fetch_swift_ring_tarball,extract_swift_ring_tarball,ring_object_device,swift::ringbuilder::create,tripleo::profile::base::swift::add_devices,swift::ringbuilder::rebalance,create_swift_ring_tarball,upload_swift_ring_tarball
step_config: *step_config
config_image: &swift_ringbuilder_image {get_param: DockerSwiftConfigImage}
kolla_config: {}
docker_config:
step_3:
swift_copy_rings:
image: *swift_ringbuilder_image
user: root
detach: false
command:
# Use bash to run the cp command so that wildcards can be used
- '/bin/bash'
- '-c'
- 'cp -v -a -t /etc/swift /swift_ringbuilder/etc/swift/*.gz /swift_ringbuilder/etc/swift/*.builder /swift_ringbuilder/etc/swift/backups'
volumes:
- /var/lib/config-data/puppet-generated/swift/etc/swift:/etc/swift:rw
- /var/lib/config-data/swift_ringbuilder:/swift_ringbuilder:ro
openstack-tripleo-heat-templates/docker/services/glance-api.yaml 0000644 0001750 0001750 00000022132 13245343355 024415 0 ustar stack stack heat_template_version: pike
description: >
OpenStack Glance service configured with Puppet
parameters:
DockerGlanceApiImage:
description: image
type: string
DockerGlanceApiConfigImage:
description: The container image to use for the glance_api config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EnableInternalTLS:
type: boolean
default: false
GlanceBackend:
default: swift
description: The short name of the Glance backend to use. Should be one
of swift, rbd, cinder, or file
type: string
constraints:
- allowed_values: ['swift', 'file', 'rbd', 'cinder']
GlanceNfsEnabled:
default: false
description: >
When using GlanceBackend 'file', mount NFS share for image storage.
type: boolean
UpgradeRemoveUnusedPackages:
default: false
description: Remove package if the service is being disabled during upgrade
type: boolean
GlanceNfsShare:
default: ''
description: >
NFS share to mount for image storage (when GlanceNfsEnabled is true)
type: string
GlanceNfsOptions:
default: '_netdev,bg,intr,context=system_u:object_r:glance_var_lib_t:s0'
description: >
NFS mount options for image storage (when GlanceNfsEnabled is true)
type: string
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
nfs_backend_enabled: {equals: [{get_param: GlanceNfsEnabled}, true]}
cinder_backend_enabled: {equals: [{get_param: GlanceBackend}, cinder]}
resources:
ContainersCommon:
type: ./containers-common.yaml
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
GlanceApiPuppetBase:
type: ../../puppet/services/glance-api.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Glance API role.
value:
service_name: {get_attr: [GlanceApiPuppetBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [GlanceApiPuppetBase, role_data, config_settings]
- glance::api::sync_db: false
- tripleo::glance::nfs_mount::edit_fstab: false
logging_source: {get_attr: [GlanceApiPuppetBase, role_data, logging_source]}
logging_groups: {get_attr: [GlanceApiPuppetBase, role_data, logging_groups]}
step_config: &step_config
list_join:
- "\n"
- - {get_attr: [GlanceApiPuppetBase, role_data, step_config]}
- {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [GlanceApiPuppetBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS #
puppet_config:
config_volume: glance_api
puppet_tags: glance_api_config,glance_api_paste_ini,glance_swift_config,glance_cache_config
step_config: *step_config
config_image: {get_param: DockerGlanceApiConfigImage}
kolla_config:
/var/lib/kolla/config_files/glance_api.json:
command: /usr/bin/glance-api --config-file /usr/share/glance/glance-api-dist.conf --config-file /etc/glance/glance-api.conf
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
- source: "/var/lib/kolla/config_files/src-ceph/"
dest: "/etc/ceph/"
merge: true
preserve_properties: true
permissions:
- path: /var/lib/glance
owner: glance:glance
recurse: true
/var/lib/kolla/config_files/glance_api_tls_proxy.json:
command: /usr/sbin/httpd -DFOREGROUND
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
docker_config:
# Kolla_bootstrap/db_sync runs before permissions set by kolla_config
step_2:
glance_init_logs:
image: &glance_api_image {get_param: DockerGlanceApiImage}
privileged: false
user: root
volumes:
- /var/log/containers/glance:/var/log/glance
- /var/log/containers/httpd/glance-api:/var/log/httpd
command: ['/bin/bash', '-c', 'chown -R glance:glance /var/log/glance']
step_3:
glance_api_db_sync:
image: *glance_api_image
net: host
privileged: false
detach: false
user: root
volumes: &glance_volumes
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/glance_api.json:/var/lib/kolla/config_files/config.json
- /var/lib/config-data/puppet-generated/glance_api/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/glance:/var/log/glance
- /var/log/containers/httpd/glance-api:/var/log/httpd
- /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
-
if:
- nfs_backend_enabled
- /var/lib/glance:/var/lib/glance
- ''
-
if:
- cinder_backend_enabled
- - /dev:/dev
- /etc/iscsi:/etc/iscsi
- []
environment:
- KOLLA_BOOTSTRAP=True
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
command: "/usr/bin/bootstrap_host_exec glance_api su glance -s /bin/bash -c '/usr/local/bin/kolla_start'"
step_4:
map_merge:
- glance_api:
start_order: 2
image: *glance_api_image
net: host
privileged: {if: [cinder_backend_enabled, true, false]}
restart: always
volumes: *glance_volumes
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
- if:
- internal_tls_enabled
- glance_api_tls_proxy:
start_order: 2
image: *glance_api_image
net: host
user: root
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/glance_api_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/glance_api/:/var/lib/kolla/config_files/src:ro
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
- {}
host_prep_tasks:
- name: Mount NFS on host
vars:
nfs_backend_enable: {get_param: GlanceNfsEnabled}
mount: name=/var/lib/glance/images src="{{item.NFS_SHARE}}" fstype=nfs4 opts="{{item.NFS_OPTIONS}}" state=mounted
with_items:
- NFS_SHARE: {get_param: GlanceNfsShare}
NFS_OPTIONS: {get_param: GlanceNfsOptions}
when:
- nfs_backend_enable
- name: create persistent logs directory
file:
path: "{{ item }}"
state: directory
with_items:
- /var/log/containers/glance
- /var/log/containers/httpd/glance-api
- name: ensure ceph configurations exist
file:
path: /etc/ceph
state: directory
upgrade_tasks:
- name: Stop and disable glance_api service
tags: step2
service: name=openstack-glance-api state=stopped enabled=no
- name: Remove openstack-glance package if operator requests it
yum: name=openstack-glance state=removed
tags: step2
ignore_errors: True
when: {get_param: UpgradeRemoveUnusedPackages}
metadata_settings:
get_attr: [GlanceApiPuppetBase, role_data, metadata_settings]
openstack-tripleo-heat-templates/docker/services/swift-storage.yaml 0000644 0001750 0001750 00000047622 13245343355 025226 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Swift Storage services.
parameters:
DockerSwiftProxyImage:
description: image
type: string
DockerSwiftAccountImage:
description: image
type: string
DockerSwiftContainerImage:
description: image
type: string
DockerSwiftObjectImage:
description: image
type: string
DockerSwiftConfigImage:
description: The container image to use for the swift config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
SwiftRawDisks:
default: {}
description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})'
type: json
UpgradeRemoveUnusedPackages:
default: false
description: Remove package if the service is being disabled during upgrade
type: boolean
resources:
ContainersCommon:
type: ./containers-common.yaml
SwiftStorageBase:
type: ../../puppet/services/swift-storage.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the swift storage services.
value:
service_name: {get_attr: [SwiftStorageBase, role_data, service_name]}
config_settings:
map_merge:
- {get_attr: [SwiftStorageBase, role_data, config_settings]}
# FIXME (cschwede): re-enable this once checks works inside containers
- swift::storage::all::mount_check: false
logging_source: {get_attr: [SwiftStorageBase, role_data, logging_source]}
logging_groups: {get_attr: [SwiftStorageBase, role_data, logging_groups]}
step_config: &step_config
list_join:
- "\n"
- - {get_attr: [SwiftStorageBase, role_data, step_config]}
- "class xinetd() {}"
service_config_settings: {get_attr: [SwiftStorageBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: swift
puppet_tags: swift_config,swift_container_config,swift_container_sync_realms_config,swift_account_config,swift_object_config,swift_object_expirer_config,rsync::server
step_config: *step_config
config_image: {get_param: DockerSwiftConfigImage}
kolla_config:
/var/lib/kolla/config_files/swift_account_auditor.json:
command: /usr/bin/swift-account-auditor /etc/swift/account-server.conf
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
/var/lib/kolla/config_files/swift_account_reaper.json:
command: /usr/bin/swift-account-reaper /etc/swift/account-server.conf
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
/var/lib/kolla/config_files/swift_account_replicator.json:
command: /usr/bin/swift-account-replicator /etc/swift/account-server.conf
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
/var/lib/kolla/config_files/swift_account_server.json:
command: /usr/bin/swift-account-server /etc/swift/account-server.conf
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
/var/lib/kolla/config_files/swift_container_auditor.json:
command: /usr/bin/swift-container-auditor /etc/swift/container-server.conf
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
/var/lib/kolla/config_files/swift_container_replicator.json:
command: /usr/bin/swift-container-replicator /etc/swift/container-server.conf
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
/var/lib/kolla/config_files/swift_container_updater.json:
command: /usr/bin/swift-container-updater /etc/swift/container-server.conf
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
/var/lib/kolla/config_files/swift_container_server.json:
command: /usr/bin/swift-container-server /etc/swift/container-server.conf
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
/var/lib/kolla/config_files/swift_object_auditor.json:
command: /usr/bin/swift-object-auditor /etc/swift/object-server.conf
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
/var/lib/kolla/config_files/swift_object_expirer.json:
command: /usr/bin/swift-object-expirer /etc/swift/object-expirer.conf
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
/var/lib/kolla/config_files/swift_object_replicator.json:
command: /usr/bin/swift-object-replicator /etc/swift/object-server.conf
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
/var/lib/kolla/config_files/swift_object_updater.json:
command: /usr/bin/swift-object-updater /etc/swift/object-server.conf
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
/var/lib/kolla/config_files/swift_object_server.json:
command: /usr/bin/swift-object-server /etc/swift/object-server.conf
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/swift
owner: swift:swift
recurse: true
/var/lib/kolla/config_files/swift_rsync.json:
command: /usr/bin/rsync --daemon --no-detach --config=/etc/rsyncd.conf
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
docker_config:
step_3:
# The puppet config sets this up but we don't have a way to mount the named
# volume during the configuration stage. We just need to create this
# directory and make sure it's owned by swift.
swift_setup_srv:
image: &swift_account_image {get_param: DockerSwiftAccountImage}
user: root
command: ['chown', '-R', 'swift:', '/srv/node']
volumes:
- /srv/node:/srv/node
step_4:
swift_account_auditor:
image: *swift_account_image
net: host
user: swift
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/swift_account_auditor.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro
- /run:/run
- /srv/node:/srv/node
- /dev:/dev
- /var/log/containers/swift:/var/log/swift
environment: &kolla_env
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
swift_account_reaper:
image: *swift_account_image
net: host
user: swift
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/swift_account_reaper.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro
- /run:/run
- /srv/node:/srv/node
- /dev:/dev
- /var/log/containers/swift:/var/log/swift
environment: *kolla_env
swift_account_replicator:
image: *swift_account_image
net: host
user: swift
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/swift_account_replicator.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro
- /run:/run
- /srv/node:/srv/node
- /dev:/dev
- /var/log/containers/swift:/var/log/swift
environment: *kolla_env
swift_account_server:
image: *swift_account_image
net: host
user: swift
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/swift_account_server.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro
- /run:/run
- /srv/node:/srv/node
- /dev:/dev
- /var/log/containers/swift:/var/log/swift
environment: *kolla_env
swift_container_auditor:
image: &swift_container_image {get_param: DockerSwiftContainerImage}
net: host
user: swift
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/swift_container_auditor.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro
- /run:/run
- /srv/node:/srv/node
- /dev:/dev
- /var/log/containers/swift:/var/log/swift
environment: *kolla_env
swift_container_replicator:
image: *swift_container_image
net: host
user: swift
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/swift_container_replicator.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro
- /run:/run
- /srv/node:/srv/node
- /dev:/dev
- /var/log/containers/swift:/var/log/swift
environment: *kolla_env
swift_container_updater:
image: *swift_container_image
net: host
user: swift
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/swift_container_updater.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro
- /run:/run
- /srv/node:/srv/node
- /dev:/dev
- /var/log/containers/swift:/var/log/swift
environment: *kolla_env
swift_container_server:
image: *swift_container_image
net: host
user: swift
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/swift_container_server.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro
- /run:/run
- /srv/node:/srv/node
- /dev:/dev
- /var/log/containers/swift:/var/log/swift
environment: *kolla_env
swift_object_auditor:
image: &swift_object_image {get_param: DockerSwiftObjectImage}
net: host
user: swift
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/swift_object_auditor.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro
- /run:/run
- /srv/node:/srv/node
- /dev:/dev
- /var/log/containers/swift:/var/log/swift
environment: *kolla_env
swift_object_expirer:
image: &swift_proxy_image {get_param: DockerSwiftProxyImage}
net: host
user: swift
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/swift_object_expirer.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro
- /run:/run
- /srv/node:/srv/node
- /dev:/dev
- /var/log/containers/swift:/var/log/swift
environment: *kolla_env
swift_object_replicator:
image: *swift_object_image
net: host
user: swift
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/swift_object_replicator.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro
- /run:/run
- /srv/node:/srv/node
- /dev:/dev
- /var/log/containers/swift:/var/log/swift
environment: *kolla_env
swift_object_updater:
image: *swift_object_image
net: host
user: swift
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/swift_object_updater.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro
- /run:/run
- /srv/node:/srv/node
- /dev:/dev
- /var/log/containers/swift:/var/log/swift
environment: *kolla_env
swift_object_server:
image: *swift_object_image
net: host
user: swift
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/swift_object_server.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro
- /run:/run
- /srv/node:/srv/node
- /dev:/dev
- /var/log/containers/swift:/var/log/swift
environment: *kolla_env
swift_rsync:
image: *swift_object_image
net: host
user: root
restart: always
privileged: true
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/swift_rsync.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro
- /run:/run
- /srv/node:/srv/node
- /dev:/dev
- /var/log/containers/swift:/var/log/swift
environment: *kolla_env
host_prep_tasks:
- name: create persistent directories
file:
path: "{{ item }}"
state: directory
with_items:
- /var/log/containers/swift
- /srv/node
- name: Format SwiftRawDisks
filesystem:
fstype: xfs
dev: /dev/{{ item }}
opts: -f -i size=1024
with_items:
- repeat:
template: 'DEVICE'
for_each:
DEVICE: {get_param: SwiftRawDisks}
- name: Mount devices defined in SwiftRawDisks
mount:
name: /srv/node/{{ item }}
src: /dev/{{ item }}
fstype: xfs
opts: noatime
state: mounted
with_items:
- repeat:
template: 'DEVICE'
for_each:
DEVICE: {get_param: SwiftRawDisks}
upgrade_tasks:
- name: Stop and disable swift storage services
tags: step2
service: name={{ item }} state=stopped enabled=no
with_items:
- openstack-swift-account-auditor
- openstack-swift-account-reaper
- openstack-swift-account-replicator
- openstack-swift-account
- openstack-swift-container-auditor
- openstack-swift-container-replicator
- openstack-swift-container-updater
- openstack-swift-container
- openstack-swift-object-auditor
- openstack-swift-object-replicator
- openstack-swift-object-updater
- openstack-swift-object
- name: Remove openstack-swift-container,object,account packages if operator requests it
yum: name={{ item }} state=removed
tags: step2
ignore_errors: True
when: {get_param: UpgradeRemoveUnusedPackages}
with_items:
- openstack-swift-container
- openstack-swift-object
- openstack-swift-account
- name: Remove rsync service from xinetd
tags: step2
file: state=absent path=/etc/xinetd.d/rsync
- name: Restart xinetd service after rsync removal
tags: step2
service: name=xinetd state=restarted
openstack-tripleo-heat-templates/docker/services/gnocchi-api.yaml 0000644 0001750 0001750 00000014446 13245343355 024607 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized gnocchi service
parameters:
DockerGnocchiApiImage:
description: image
type: string
DockerGnocchiConfigImage:
description: The container image to use for the gnocchi config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EnableInternalTLS:
type: boolean
default: false
NumberOfStorageSacks:
default: 128
description: Number of storage sacks to create.
type: number
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
ContainersCommon:
type: ./containers-common.yaml
GnocchiApiPuppetBase:
type: ../../puppet/services/gnocchi-api.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the gnocchi API role.
value:
service_name: {get_attr: [GnocchiApiPuppetBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [GnocchiApiPuppetBase, role_data, config_settings]
- apache::default_vhost: false
logging_source: {get_attr: [GnocchiApiPuppetBase, role_data, logging_source]}
logging_groups: {get_attr: [GnocchiApiPuppetBase, role_data, logging_groups]}
step_config: &step_config
get_attr: [GnocchiApiPuppetBase, role_data, step_config]
service_config_settings: {get_attr: [GnocchiApiPuppetBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: gnocchi
puppet_tags: gnocchi_api_paste_ini,gnocchi_config
step_config: *step_config
config_image: {get_param: DockerGnocchiConfigImage}
kolla_config:
/var/lib/kolla/config_files/gnocchi_api.json:
command: /usr/sbin/httpd -DFOREGROUND
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
- source: "/var/lib/kolla/config_files/src-ceph/"
dest: "/etc/ceph/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/gnocchi
owner: gnocchi:gnocchi
recurse: true
docker_config:
# db sync runs before permissions set by kolla_config
step_2:
gnocchi_init_log:
image: &gnocchi_api_image {get_param: DockerGnocchiApiImage}
user: root
volumes:
- /var/log/containers/gnocchi:/var/log/gnocchi
- /var/log/containers/httpd/gnocchi-api:/var/log/httpd
command: ['/bin/bash', '-c', 'chown -R gnocchi:gnocchi /var/log/gnocchi']
step_4:
gnocchi_db_sync:
image: *gnocchi_api_image
net: host
detach: false
privileged: false
user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/gnocchi/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro
- /var/log/containers/gnocchi:/var/log/gnocchi
- /var/log/containers/httpd/gnocchi-api:/var/log/httpd
- /etc/ceph:/etc/ceph:ro
command:
str_replace:
template: /usr/bin/bootstrap_host_exec gnocchi_api su gnocchi -s /bin/bash -c '/usr/bin/gnocchi-upgrade --sacks-number=SACK_NUM'
params:
SACK_NUM: {get_param: NumberOfStorageSacks}
step_5:
gnocchi_api:
image: *gnocchi_api_image
net: host
privileged: false
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/gnocchi_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/gnocchi/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/gnocchi:/var/log/gnocchi
- /var/log/containers/httpd/gnocchi-api:/var/log/httpd
- /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
-
if:
- internal_tls_enabled
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
- ''
-
if:
- internal_tls_enabled
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
- ''
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent logs directory
file:
path: "{{ item }}"
state: directory
with_items:
- /var/log/containers/gnocchi
- /var/log/containers/httpd/gnocchi-api
- name: ensure ceph configurations exist
file:
path: /etc/ceph
state: directory
upgrade_tasks:
- name: Stop and disable httpd service
tags: step2
service: name=httpd state=stopped enabled=no
metadata_settings:
get_attr: [GnocchiApiPuppetBase, role_data, metadata_settings]
openstack-tripleo-heat-templates/docker/services/nova-compute.yaml 0000644 0001750 0001750 00000013332 13245343355 025034 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Nova Compute service
parameters:
DockerNovaComputeImage:
description: image
type: string
DockerNovaLibvirtConfigImage:
description: The container image to use for the nova_libvirt config_volume
type: string
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
DockerNovaMigrationSshdPort:
default: 2022
description: Port that dockerized nova migration target sshd service
binds to.
type: number
UpgradeLevelNovaCompute:
type: string
description: Nova Compute upgrade level
default: ''
UpgradeRemoveUnusedPackages:
default: false
description: Remove package if the service is being disabled during upgrade
type: boolean
resources:
ContainersCommon:
type: ./containers-common.yaml
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
NovaComputeBase:
type: ../../puppet/services/nova-compute.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Nova Compute service.
value:
service_name: {get_attr: [NovaComputeBase, role_data, service_name]}
cellv2_discovery: true
config_settings:
get_attr: [NovaComputeBase, role_data, config_settings]
logging_source: {get_attr: [NovaComputeBase, role_data, logging_source]}
logging_groups: {get_attr: [NovaComputeBase, role_data, logging_groups]}
step_config: &step_config
list_join:
- "\n"
- - {get_attr: [NovaComputeBase, role_data, step_config]}
- {get_attr: [MySQLClient, role_data, step_config]}
puppet_config:
config_volume: nova_libvirt
puppet_tags: nova_config,nova_paste_api_ini
step_config: *step_config
config_image: {get_param: DockerNovaLibvirtConfigImage}
kolla_config:
/var/lib/kolla/config_files/nova_compute.json:
command: /usr/bin/nova-compute --config-file /etc/nova/nova.conf --config-file /etc/nova/rootwrap.conf
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
- source: "/var/lib/kolla/config_files/src-ceph/"
dest: "/etc/ceph/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/nova
owner: nova:nova
recurse: true
- path: /var/lib/nova
owner: nova:nova
recurse: true
docker_config:
step_4:
nova_compute:
image: &nova_compute_image {get_param: DockerNovaComputeImage}
ipc: host
net: host
privileged: true
user: nova
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/nova_compute.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/nova_libvirt/:/var/lib/kolla/config_files/src:ro
- /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
- /dev:/dev
- /lib/modules:/lib/modules:ro
- /etc/iscsi:/etc/iscsi
- /run:/run
- /var/lib/nova:/var/lib/nova:shared
- /var/lib/libvirt:/var/lib/libvirt
- /var/log/containers/nova:/var/log/nova
- /sys/class/net:/sys/class/net
- /sys/bus/pci:/sys/bus/pci
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent directories
file:
path: "{{ item }}"
state: directory
with_items:
- /var/log/containers/nova
- /var/lib/nova
- /var/lib/libvirt
- name: ensure ceph configurations exist
file:
path: /etc/ceph
state: directory
upgrade_tasks:
- name: Set compute upgrade level to auto
tags: step1
ini_file:
str_replace:
template: "dest=/etc/nova/nova.conf section=upgrade_levels option=compute value=LEVEL"
params:
LEVEL: {get_param: UpgradeLevelNovaCompute}
- name: Stop and disable nova-compute service
tags: step2
service: name=openstack-nova-compute state=stopped enabled=no
- name: Remove openstack-nova-compute package if operator requests it
yum: name=openstack-nova-compute state=removed
tags: step2
ignore_errors: True
when: {get_param: UpgradeRemoveUnusedPackages}
openstack-tripleo-heat-templates/docker/services/gnocchi-metricd.yaml 0000644 0001750 0001750 00000010357 13245343355 025462 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Gnocchi Metricd service
parameters:
DockerGnocchiMetricdImage:
description: image
type: string
DockerGnocchiConfigImage:
description: The container image to use for the gnocchi config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
resources:
ContainersCommon:
type: ./containers-common.yaml
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
GnocchiMetricdBase:
type: ../../puppet/services/gnocchi-metricd.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Gnocchi API role.
value:
service_name: {get_attr: [GnocchiMetricdBase, role_data, service_name]}
config_settings: {get_attr: [GnocchiMetricdBase, role_data, config_settings]}
logging_source: {get_attr: [GnocchiMetricdBase, role_data, logging_source]}
logging_groups: {get_attr: [GnocchiMetricdBase, role_data, logging_groups]}
step_config: &step_config
list_join:
- "\n"
- - {get_attr: [GnocchiMetricdBase, role_data, step_config]}
- {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [GnocchiMetricdBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: gnocchi
puppet_tags: gnocchi_config
step_config: *step_config
config_image: {get_param: DockerGnocchiConfigImage}
kolla_config:
/var/lib/kolla/config_files/gnocchi_metricd.json:
command: /usr/bin/gnocchi-metricd
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
- source: "/var/lib/kolla/config_files/src-ceph/"
dest: "/etc/ceph/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/gnocchi
owner: gnocchi:gnocchi
recurse: true
docker_config:
step_5:
gnocchi_metricd:
image: {get_param: DockerGnocchiMetricdImage}
net: host
privileged: false
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/gnocchi_metricd.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/gnocchi/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/gnocchi:/var/log/gnocchi
- /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent logs directory
file:
path: /var/log/containers/gnocchi
state: directory
- name: ensure ceph configurations exist
file:
path: /etc/ceph
state: directory
upgrade_tasks:
- name: Stop and disable openstack-gnocchi-metricd service
tags: step2
service: name=openstack-gnocchi-metricd.service state=stopped enabled=no
openstack-tripleo-heat-templates/docker/services/zaqar.yaml 0000644 0001750 0001750 00000016302 13245343355 023535 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Zaqar services
parameters:
DockerZaqarImage:
description: image
type: string
DockerZaqarConfigImage:
description: The container image to use for the zaqar config_volume
type: string
ZaqarManagementStore:
type: string
description: The management store for Zaqar
default: mongodb
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EnableInternalTLS:
type: boolean
default: false
conditions:
zaqar_management_store_sqlalchemy: {equals : [{get_param: ZaqarManagementStore}, 'sqlalchemy']}
internal_tls_enabled: {get_param: EnableInternalTLS}
resources:
ContainersCommon:
type: ./containers-common.yaml
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
ZaqarBase:
type: ../../puppet/services/zaqar-api.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
EnableInternalTLS: {get_param: EnableInternalTLS}
outputs:
role_data:
description: Role data for the Zaqar API role.
value:
service_name: {get_attr: [ZaqarBase, role_data, service_name]}
config_settings: {get_attr: [ZaqarBase, role_data, config_settings]}
logging_source: {get_attr: [ZaqarBase, role_data, logging_source]}
logging_groups: {get_attr: [ZaqarBase, role_data, logging_groups]}
step_config: &step_config
list_join:
- "\n"
- - {get_attr: [ZaqarBase, role_data, step_config]}
- {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [ZaqarBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: zaqar
puppet_tags: zaqar_config
step_config: *step_config
config_image: {get_param: DockerZaqarConfigImage}
kolla_config:
/var/lib/kolla/config_files/zaqar.json:
command: /usr/sbin/httpd -DFOREGROUND
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
/var/lib/kolla/config_files/zaqar_websocket.json:
command: /usr/bin/zaqar-server --config-file /etc/zaqar/zaqar.conf --config-file /etc/zaqar/1.conf
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/zaqar
owner: zaqar:zaqar
recurse: true
docker_config:
map_merge:
-
if:
- zaqar_management_store_sqlalchemy
-
step_2:
zaqar_init_log:
image: &zaqar_image {get_param: DockerZaqarImage}
user: root
volumes:
- /var/log/containers/zaqar:/var/log/zaqar
- /var/log/containers/httpd/zaqar:/var/log/httpd
command: ['/bin/bash', '-c', 'chown -R zaqar:zaqar /var/log/zaqar']
step_3:
zaqar_db_sync:
image: *zaqar_image
net: host
privileged: false
detach: false
user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/zaqar/etc/zaqar/:/etc/zaqar/:ro
- /var/log/containers/zaqar:/var/log/zaqar
- /var/log/containers/httpd/zaqar:/var/log/httpd
command: "/usr/bin/bootstrap_host_exec zaqar_api su zaqar -s /bin/bash -c 'zaqar-sql-db-manage upgrade head'"
- {}
- step_4:
zaqar:
image: *zaqar_image
net: host
privileged: false
restart: always
# NOTE(mandre) kolla image changes the user to 'zaqar', we need it
# to be root to run httpd
user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/zaqar.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/zaqar/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/zaqar:/var/log/zaqar
- /var/log/containers/httpd/zaqar:/var/log/httpd
-
if:
- internal_tls_enabled
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
- ''
-
if:
- internal_tls_enabled
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
- ''
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
zaqar_websocket:
image: *zaqar_image
net: host
privileged: false
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/zaqar_websocket.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/zaqar/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/zaqar:/var/log/zaqar
- /var/log/containers/httpd/zaqar:/var/log/httpd
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent logs directory
file:
path: "{{ item }}"
state: directory
with_items:
- /var/log/containers/zaqar
- /var/log/containers/httpd/zaqar
upgrade_tasks:
- name: Stop and disable zaqar service
tags: step2
service: name=httpd state=stopped enabled=no
metadata_settings:
get_attr: [ZaqarBase, role_data, metadata_settings]
openstack-tripleo-heat-templates/docker/services/gnocchi-statsd.yaml 0000644 0001750 0001750 00000010336 13245343355 025332 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Gnocchi Statsd service
parameters:
DockerGnocchiStatsdImage:
description: image
type: string
DockerGnocchiConfigImage:
description: The container image to use for the gnocchi config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
resources:
ContainersCommon:
type: ./containers-common.yaml
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
GnocchiStatsdBase:
type: ../../puppet/services/gnocchi-statsd.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Gnocchi API role.
value:
service_name: {get_attr: [GnocchiStatsdBase, role_data, service_name]}
config_settings: {get_attr: [GnocchiStatsdBase, role_data, config_settings]}
logging_source: {get_attr: [GnocchiStatsdBase, role_data, logging_source]}
logging_groups: {get_attr: [GnocchiStatsdBase, role_data, logging_groups]}
step_config: &step_config
list_join:
- "\n"
- - {get_attr: [GnocchiStatsdBase, role_data, step_config]}
- {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [GnocchiStatsdBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: gnocchi
puppet_tags: gnocchi_config
step_config: *step_config
config_image: {get_param: DockerGnocchiConfigImage}
kolla_config:
/var/lib/kolla/config_files/gnocchi_statsd.json:
command: /usr/bin/gnocchi-statsd
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
- source: "/var/lib/kolla/config_files/src-ceph/"
dest: "/etc/ceph/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/gnocchi
owner: gnocchi:gnocchi
recurse: true
docker_config:
step_5:
gnocchi_statsd:
image: {get_param: DockerGnocchiStatsdImage}
net: host
privileged: false
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/gnocchi_statsd.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/gnocchi/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/gnocchi:/var/log/gnocchi
- /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent logs directory
file:
path: /var/log/containers/gnocchi
state: directory
- name: ensure ceph configurations exist
file:
path: /etc/ceph
state: directory
upgrade_tasks:
- name: Stop and disable openstack-gnocchi-statsd service
tags: step2
service: name=openstack-gnocchi-statsd.service state=stopped enabled=no
openstack-tripleo-heat-templates/docker/services/haproxy.yaml 0000644 0001750 0001750 00000017556 13245343355 024125 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized HAproxy service
parameters:
DockerHAProxyImage:
description: image
type: string
DockerHAProxyConfigImage:
description: The container image to use for the haproxy config_volume
type: string
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
HAProxyStatsPassword:
description: Password for HAProxy stats endpoint
hidden: true
type: string
HAProxyStatsUser:
description: User for HAProxy stats endpoint
default: admin
type: string
HAProxySyslogAddress:
default: /dev/log
description: Syslog address where HAproxy will send its log
type: string
DeployedSSLCertificatePath:
default: '/etc/pki/tls/private/overcloud_endpoint.pem'
description: >
The filepath of the certificate as it will be stored in the controller.
type: string
RedisPassword:
description: The password for the redis service account.
type: string
hidden: true
MonitoringSubscriptionHaproxy:
default: 'overcloud-haproxy'
type: string
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EnableInternalTLS:
type: boolean
default: false
InternalTLSCAFile:
default: '/etc/ipa/ca.crt'
type: string
description: Specifies the default CA cert to use if TLS is used for
services in the internal network.
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
ContainersCommon:
type: ./containers-common.yaml
HAProxyBase:
type: ../../puppet/services/haproxy.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the HAproxy role.
value:
service_name: {get_attr: [HAProxyBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [HAProxyBase, role_data, config_settings]
- tripleo::haproxy::haproxy_service_manage: false
# NOTE(jaosorior): We disable the CRL since we have no way to restart haproxy
# when this is updated
tripleo::haproxy::crl_file: null
logging_source: {get_attr: [HAProxyBase, role_data, logging_source]}
logging_groups: {get_attr: [HAProxyBase, role_data, logging_groups]}
step_config: &step_config
get_attr: [HAProxyBase, role_data, step_config]
service_config_settings: {get_attr: [HAProxyBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: haproxy
puppet_tags: haproxy_config
step_config:
"class {'::tripleo::profile::base::haproxy': manage_firewall => false}"
config_image: {get_param: DockerHAProxyConfigImage}
volumes:
list_concat:
- - list_join:
- ':'
- - {get_param: DeployedSSLCertificatePath}
- {get_param: DeployedSSLCertificatePath}
- 'ro'
- if:
- internal_tls_enabled
- - /etc/pki/tls/certs/haproxy:/etc/pki/tls/certs/haproxy:ro
- /etc/pki/tls/private/haproxy:/etc/pki/tls/private/haproxy:ro
- list_join:
- ':'
- - {get_param: InternalTLSCAFile}
- {get_param: InternalTLSCAFile}
- 'ro'
- null
kolla_config:
/var/lib/kolla/config_files/haproxy.json:
command: /usr/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
- source: "/var/lib/kolla/config_files/src-tls/*"
dest: "/"
merge: true
preserve_properties: true
optional: true
permissions:
- path: /etc/pki/tls/certs/haproxy
owner: haproxy:haproxy
recurse: true
optional: true
docker_config:
step_1:
haproxy_firewall:
detach: false
image: {get_param: DockerHAProxyImage}
net: host
user: root
privileged: true
command:
- '/bin/bash'
- '-c'
- str_replace:
template:
list_join:
- '; '
- - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 1}' > /etc/puppet/hieradata/docker.json"
- "FACTER_uuid=docker puppet apply --tags TAGS -v -e 'CONFIG'"
params:
TAGS: 'tripleo::firewall::rule'
CONFIG: *step_config
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/haproxy.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/haproxy/:/var/lib/kolla/config_files/src:ro
# puppet saves iptables rules in /etc/sysconfig
- /etc/sysconfig:/etc/sysconfig:rw
# saving rules require accessing /usr/libexec/iptables/iptables.init, just bind-mount
# the necessary bit and prevent systemd to try to reload the service in the container
- /usr/libexec/iptables:/usr/libexec/iptables:ro
- /usr/libexec/initscripts/legacy-actions:/usr/libexec/initscripts/legacy-actions:ro
- /etc/puppet:/tmp/puppet-etc:ro
- /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
haproxy:
image: {get_param: DockerHAProxyImage}
net: host
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/haproxy.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/haproxy/:/var/lib/kolla/config_files/src:ro
- list_join:
- ':'
- - {get_param: DeployedSSLCertificatePath}
- {get_param: DeployedSSLCertificatePath}
- 'ro'
-
if:
- internal_tls_enabled
- /etc/pki/tls/certs/haproxy:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/haproxy:ro
- ''
-
if:
- internal_tls_enabled
- /etc/pki/tls/private/haproxy:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/haproxy:ro
- ''
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
metadata_settings:
get_attr: [HAProxyBase, role_data, metadata_settings]
openstack-tripleo-heat-templates/docker/services/heat-api-cfn.yaml 0000644 0001750 0001750 00000012644 13245343355 024660 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Heat API CFN service
parameters:
DockerHeatApiCfnImage:
description: image
type: string
# puppet needs the heat-wsgi-api-cfn binary from centos-binary-heat-api-cfn
DockerHeatApiCfnConfigImage:
description: The container image to use for the heat_api_cfn config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EnableInternalTLS:
type: boolean
default: false
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
ContainersCommon:
type: ./containers-common.yaml
HeatBase:
type: ../../puppet/services/heat-api-cfn.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Heat API CFN role.
value:
service_name: {get_attr: [HeatBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [HeatBase, role_data, config_settings]
- apache::default_vhost: false
logging_source: {get_attr: [HeatBase, role_data, logging_source]}
logging_groups: {get_attr: [HeatBase, role_data, logging_groups]}
step_config: &step_config
get_attr: [HeatBase, role_data, step_config]
service_config_settings: {get_attr: [HeatBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: heat_api_cfn
puppet_tags: heat_config,file,concat,file_line
step_config: *step_config
config_image: {get_param: DockerHeatApiCfnConfigImage}
kolla_config:
/var/lib/kolla/config_files/heat_api_cfn.json:
command: /usr/sbin/httpd -DFOREGROUND
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/heat
owner: heat:heat
recurse: true
docker_config:
step_4:
heat_api_cfn:
image: {get_param: DockerHeatApiCfnImage}
net: host
privileged: false
restart: always
# NOTE(mandre) kolla image changes the user to 'heat', we need it
# to be root to run httpd
user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/heat_api_cfn.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/heat_api_cfn/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/heat:/var/log/heat
- /var/log/containers/httpd/heat-api-cfn:/var/log/httpd
-
if:
- internal_tls_enabled
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
- ''
-
if:
- internal_tls_enabled
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
- ''
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent logs directory
file:
path: "{{ item }}"
state: directory
with_items:
- /var/log/containers/heat
- /var/log/containers/httpd/heat-api-cfn
upgrade_tasks:
- name: Check if heat_api_cfn is deployed
command: systemctl is-enabled openstack-heat-api-cfn
tags: common
ignore_errors: True
register: heat_api_cfn_enabled
- name: check for heat_api_cfn running under apache (post upgrade)
tags: step2
shell: "httpd -t -D DUMP_VHOSTS | grep -q heat_api_cfn_wsgi"
register: heat_api_cfn_apache
ignore_errors: true
changed_when: false
check_mode: no
- name: Stop heat_api_cfn service (running under httpd)
tags: step2
service: name=httpd state=stopped
when: heat_api_cfn_apache.rc == 0
- name: Stop and disable heat_api_cfn service (pre-upgrade not under httpd)
tags: step2
service: name=openstack-heat-api-cfn state=stopped enabled=no
when: heat_api_cfn_enabled.rc == 0
metadata_settings:
get_attr: [HeatBase, role_data, metadata_settings]
openstack-tripleo-heat-templates/docker/services/heat-api.yaml 0000644 0001750 0001750 00000015116 13245343355 024111 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Heat API service
parameters:
DockerHeatApiImage:
description: image
type: string
# puppet needs the heat-wsgi-api binary from centos-binary-heat-api
DockerHeatApiConfigImage:
description: The container image to use for the heat_api config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EnableInternalTLS:
type: boolean
default: false
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
ContainersCommon:
type: ./containers-common.yaml
HeatBase:
type: ../../puppet/services/heat-api.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Heat API role.
value:
service_name: {get_attr: [HeatBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [HeatBase, role_data, config_settings]
- apache::default_vhost: false
step_config: &step_config
get_attr: [HeatBase, role_data, step_config]
logging_source: {get_attr: [HeatBase, role_data, logging_source]}
logging_groups: {get_attr: [HeatBase, role_data, logging_groups]}
service_config_settings: {get_attr: [HeatBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: heat_api
puppet_tags: heat_config,file,concat,file_line
step_config: *step_config
config_image: {get_param: DockerHeatApiConfigImage}
kolla_config:
/var/lib/kolla/config_files/heat_api.json:
command: /usr/sbin/httpd -DFOREGROUND
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/heat
owner: heat:heat
recurse: true
/var/lib/kolla/config_files/heat_api_cron.json:
command: /usr/sbin/crond -n
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/heat
owner: heat:heat
recurse: true
docker_config:
step_4:
heat_api:
image: {get_param: DockerHeatApiImage}
net: host
privileged: false
restart: always
# NOTE(mandre) kolla image changes the user to 'heat', we need it
# to be root to run httpd
user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/heat_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/heat_api/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/heat:/var/log/heat
- /var/log/containers/httpd/heat-api:/var/log/httpd
-
if:
- internal_tls_enabled
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
- ''
-
if:
- internal_tls_enabled
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
- ''
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
heat_api_cron:
image: {get_param: DockerHeatApiImage}
net: host
user: root
privileged: false
restart: always
healthcheck:
test: /bin/true
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/heat_api_cron.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/heat_api/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/heat:/var/log/heat
- /var/log/containers/httpd/heat-api:/var/log/httpd
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent logs directory
file:
path: "{{ item }}"
state: directory
with_items:
- /var/log/containers/heat
- /var/log/containers/httpd/heat-api
upgrade_tasks:
- name: Check is heat_api is deployed
command: systemctl is-enabled openstack-heat-api
tags: common
ignore_errors: True
register: heat_api_enabled
- name: remove old heat cron jobs
tags: step2
file:
path: /var/spool/cron/heat
state: absent
- name: check for heat_api running under apache (post upgrade)
tags: step2
shell: "httpd -t -D DUMP_VHOSTS | grep -q heat_api_wsgi"
register: heat_api_apache
ignore_errors: true
changed_when: false
check_mode: no
- name: Stop heat_api service (running under httpd)
tags: step2
service: name=httpd state=stopped
when: heat_api_apache.rc == 0
- name: Stop and disable heat_api service (pre-upgrade not under httpd)
tags: step2
service: name=openstack-heat-api state=stopped enabled=no
when: heat_api_enabled.rc == 0
metadata_settings:
get_attr: [HeatBase, role_data, metadata_settings]
openstack-tripleo-heat-templates/docker/services/heat-engine.yaml 0000644 0001750 0001750 00000011556 13245343355 024611 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Heat Engine service
parameters:
DockerHeatEngineImage:
description: image
type: string
DockerHeatConfigImage:
description: The container image to use for the heat config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
resources:
ContainersCommon:
type: ./containers-common.yaml
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
HeatBase:
type: ../../puppet/services/heat-engine.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Heat Engine role.
value:
service_name: {get_attr: [HeatBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [HeatBase, role_data, config_settings]
- apache::default_vhost: false
logging_source: {get_attr: [HeatBase, role_data, logging_source]}
logging_groups: {get_attr: [HeatBase, role_data, logging_groups]}
step_config: &step_config
list_join:
- "\n"
- - {get_attr: [HeatBase, role_data, step_config]}
- {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [HeatBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: heat
puppet_tags: heat_config,file,concat,file_line
step_config: *step_config
config_image: {get_param: DockerHeatConfigImage}
kolla_config:
/var/lib/kolla/config_files/heat_engine.json:
command: /usr/bin/heat-engine --config-file /usr/share/heat/heat-dist.conf --config-file /etc/heat/heat.conf
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/heat
owner: heat:heat
recurse: true
docker_config:
# db sync runs before permissions set by kolla_config
step_2:
heat_init_log:
image: &heat_engine_image {get_param: DockerHeatEngineImage}
user: root
volumes:
- /var/log/containers/heat:/var/log/heat
command: ['/bin/bash', '-c', 'chown -R heat:heat /var/log/heat']
step_3:
heat_engine_db_sync:
image: *heat_engine_image
net: host
privileged: false
detach: false
user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/heat/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/heat/etc/heat/:/etc/heat/:ro
- /var/log/containers/heat:/var/log/heat
command: "/usr/bin/bootstrap_host_exec heat_engine su heat -s /bin/bash -c 'heat-manage db_sync'"
step_4:
heat_engine:
image: *heat_engine_image
net: host
privileged: false
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/heat_engine.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/heat/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/heat:/var/log/heat
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent logs directory
file:
path: /var/log/containers/heat
state: directory
upgrade_tasks:
- name: Stop and disable heat_engine service
tags: step2
service: name=openstack-heat-engine state=stopped enabled=no
openstack-tripleo-heat-templates/docker/services/horizon.yaml 0000644 0001750 0001750 00000016112 13245343355 024106 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Horizon service
parameters:
DockerHorizonImage:
description: image
type: string
DockerHorizonConfigImage:
description: The container image to use for the horizon config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EnableInternalTLS:
type: boolean
default: false
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
ContainersCommon:
type: ./containers-common.yaml
HorizonBase:
type: ../../puppet/services/horizon.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Horizon API role.
value:
service_name: {get_attr: [HorizonBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [HorizonBase, role_data, config_settings]
- horizon::vhost_extra_params:
add_listen: true
priority: 10
access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"'
options: ['FollowSymLinks','MultiViews']
- horizon::secure_cookies: false
logging_source: {get_attr: [HorizonBase, role_data, logging_source]}
logging_groups: {get_attr: [HorizonBase, role_data, logging_groups]}
step_config: {get_attr: [HorizonBase, role_data, step_config]}
service_config_settings: {get_attr: [HorizonBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: horizon
puppet_tags: horizon_config
step_config: {get_attr: [HorizonBase, role_data, step_config]}
config_image: {get_param: DockerHorizonConfigImage}
kolla_config:
/var/lib/kolla/config_files/horizon.json:
command: /usr/sbin/httpd -DFOREGROUND
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/horizon/
owner: apache:apache
recurse: true
# NOTE The upstream Kolla Dockerfile sets /etc/openstack-dashboard/ ownership to
# horizon:horizon - the policy.json files need read permissions for the apache user
# FIXME We should consider whether this should be fixed in the Kolla Dockerfile instead
- path: /etc/openstack-dashboard/
owner: apache:apache
recurse: true
# FIXME Apache tries to write a .lock file there
- path: /usr/share/openstack-dashboard/openstack_dashboard/local/
owner: apache:apache
recurse: false
# FIXME Our theme settings are there
- path: /usr/share/openstack-dashboard/openstack_dashboard/local/local_settings.d/
owner: apache:apache
recurse: false
docker_config:
step_2:
horizon_fix_perms:
image: &horizon_image {get_param: DockerHorizonImage}
user: root
# NOTE Set ownership for /var/log/horizon/horizon.log file here,
# otherwise it's created by root when generating django cache.
# FIXME Apache needs to read files in /etc/openstack-dashboard
# Need to set permissions to match the BM case,
# http://paste.openstack.org/show/609819/
command: ['/bin/bash', '-c', 'touch /var/log/horizon/horizon.log && chown -R apache:apache /var/log/horizon && chmod -R a+rx /etc/openstack-dashboard']
volumes:
- /var/log/containers/horizon:/var/log/horizon
- /var/log/containers/httpd/horizon:/var/log/httpd
- /var/lib/config-data/puppet-generated/horizon/etc/openstack-dashboard:/etc/openstack-dashboard
step_3:
horizon:
image: *horizon_image
net: host
privileged: false
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/horizon.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/horizon/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/horizon:/var/log/horizon
- /var/log/containers/httpd/horizon:/var/log/httpd
-
if:
- internal_tls_enabled
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
- ''
-
if:
- internal_tls_enabled
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
- ''
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
# Installed plugins:
- ENABLE_IRONIC=yes
- ENABLE_MANILA=yes
- ENABLE_SAHARA=yes
# Not installed:
- ENABLE_CLOUDKITTY=no
- ENABLE_FREEZER=no
- ENABLE_FWAAS=no
- ENABLE_KARBOR=no
- ENABLE_DESIGNATE=no
- ENABLE_MAGNUM=no
- ENABLE_MISTRAL=no
- ENABLE_MURANO=no
- ENABLE_NEUTRON_LBAAS=no
- ENABLE_SEARCHLIGHT=no
- ENABLE_SENLIN=no
- ENABLE_SOLUM=no
- ENABLE_TACKER=no
- ENABLE_TROVE=no
- ENABLE_WATCHER=no
- ENABLE_ZAQAR=no
- ENABLE_ZUN=no
host_prep_tasks:
- name: create persistent logs directory
file:
path: "{{ item }}"
state: directory
with_items:
- /var/log/containers/horizon
- /var/log/containers/httpd/horizon
upgrade_tasks:
- name: Stop and disable horizon service (running under httpd)
tags: step2
service: name=httpd state=stopped enabled=no
metadata_settings:
get_attr: [HorizonBase, role_data, metadata_settings]
openstack-tripleo-heat-templates/docker/services/ironic-api.yaml 0000644 0001750 0001750 00000012250 13245343355 024447 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Ironic API service
parameters:
DockerIronicApiImage:
description: image
type: string
DockerIronicApiConfigImage:
description: The container image to use for the ironic_api config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
resources:
ContainersCommon:
type: ./containers-common.yaml
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
IronicApiBase:
type: ../../puppet/services/ironic-api.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Ironic API role.
value:
service_name: {get_attr: [IronicApiBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [IronicApiBase, role_data, config_settings]
- apache::default_vhost: false
logging_source: {get_attr: [IronicApiBase, role_data, logging_source]}
logging_groups: {get_attr: [IronicApiBase, role_data, logging_groups]}
step_config: &step_config
list_join:
- "\n"
- - {get_attr: [IronicApiBase, role_data, step_config]}
- {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [IronicApiBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: ironic_api
puppet_tags: ironic_config
step_config: *step_config
config_image: {get_param: DockerIronicApiConfigImage}
kolla_config:
/var/lib/kolla/config_files/ironic_api.json:
command: /usr/sbin/httpd -DFOREGROUND
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/ironic
owner: ironic:ironic
recurse: true
docker_config:
# db sync runs before permissions set by kolla_config
step_2:
ironic_init_logs:
image: &ironic_api_image {get_param: DockerIronicApiImage}
privileged: false
user: root
volumes:
- /var/log/containers/ironic:/var/log/ironic
- /var/log/containers/httpd/ironic-api:/var/log/httpd
command: ['/bin/bash', '-c', 'chown -R ironic:ironic /var/log/ironic']
step_3:
ironic_db_sync:
start_order: 1
image: *ironic_api_image
net: host
privileged: false
detach: false
user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/ironic_api/etc/ironic:/etc/ironic:ro
- /var/log/containers/ironic:/var/log/ironic
- /var/log/containers/httpd/ironic-api:/var/log/httpd
command: "/usr/bin/bootstrap_host_exec ironic_api su ironic -s /bin/bash -c 'ironic-dbsync --config-file /etc/ironic/ironic.conf'"
step_4:
ironic_api:
start_order: 10
image: *ironic_api_image
net: host
user: root
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ironic_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/ironic_api/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/ironic:/var/log/ironic
- /var/log/containers/httpd/ironic-api:/var/log/httpd
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent logs directory
file:
path: "{{ item }}"
state: directory
with_items:
- /var/log/containers/ironic
- /var/log/containers/httpd/ironic-api
upgrade_tasks:
- name: Stop and disable ironic_api service
tags: step2
service: name=openstack-ironic-api state=stopped enabled=no
openstack-tripleo-heat-templates/docker/services/nova-consoleauth.yaml 0000644 0001750 0001750 00000010443 13245343355 025704 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Nova Consoleauth service
parameters:
DockerNovaConsoleauthImage:
description: image
type: string
DockerNovaConfigImage:
description: The container image to use for the nova config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
UpgradeRemoveUnusedPackages:
default: false
description: Remove package if the service is being disabled during upgrade
type: boolean
resources:
ContainersCommon:
type: ./containers-common.yaml
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
NovaConsoleauthPuppetBase:
type: ../../puppet/services/nova-consoleauth.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Nova Consoleauth service.
value:
service_name: {get_attr: [NovaConsoleauthPuppetBase, role_data, service_name]}
config_settings: {get_attr: [NovaConsoleauthPuppetBase, role_data, config_settings]}
logging_source: {get_attr: [NovaConsoleauthPuppetBase, role_data, logging_source]}
logging_groups: {get_attr: [NovaConsoleauthPuppetBase, role_data, logging_groups]}
step_config: &step_config
list_join:
- "\n"
- - {get_attr: [NovaConsoleauthPuppetBase, role_data, step_config]}
- {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [NovaConsoleauthPuppetBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: nova
puppet_tags: nova_config
step_config: *step_config
config_image: {get_param: DockerNovaConfigImage}
kolla_config:
/var/lib/kolla/config_files/nova_consoleauth.json:
command: /usr/bin/nova-consoleauth
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/nova
owner: nova:nova
recurse: true
docker_config:
step_4:
nova_consoleauth:
image: {get_param: DockerNovaConsoleauthImage}
net: host
privileged: false
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/nova_consoleauth.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/nova:/var/log/nova
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent logs directory
file:
path: /var/log/containers/nova
state: directory
upgrade_tasks:
- name: Stop and disable nova_consoleauth service
tags: step2
service: name=openstack-nova-consoleauth state=stopped enabled=no
- name: Remove openstack-nova-console package if operator requests it
yum: name=openstack-nova-console state=removed
tags: step2
ignore_errors: True
when: {get_param: UpgradeRemoveUnusedPackages}
openstack-tripleo-heat-templates/docker/services/ironic-conductor.yaml 0000644 0001750 0001750 00000014154 13245343355 025703 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Ironic Conductor service
parameters:
DockerIronicConductorImage:
description: image
type: string
DockerIronicConfigImage:
description: The container image to use for the ironic config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
resources:
ContainersCommon:
type: ./containers-common.yaml
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
IronicConductorBase:
type: ../../puppet/services/ironic-conductor.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Ironic Conductor role.
value:
service_name: {get_attr: [IronicConductorBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [IronicConductorBase, role_data, config_settings]
# to avoid hard linking errors we store these on the same
# volume/device as the ironic master_path
# https://github.com/docker/docker/issues/7457
- ironic::drivers::pxe::tftp_root: /var/lib/ironic/tftpboot
- ironic::drivers::pxe::tftp_master_path: /var/lib/ironic/tftpboot/master_images
- ironic::pxe::tftp_root: /var/lib/ironic/tftpboot
- ironic::pxe::http_root: /var/lib/ironic/httpboot
- ironic::conductor::http_root: /var/lib/ironic/httpboot
logging_source: {get_attr: [IronicConductorBase, role_data, logging_source]}
logging_groups: {get_attr: [IronicConductorBase, role_data, logging_groups]}
step_config: &step_config
list_join:
- "\n"
- - {get_attr: [IronicConductorBase, role_data, step_config]}
- {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [IronicConductorBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: ironic
puppet_tags: ironic_config
step_config: *step_config
config_image: {get_param: DockerIronicConfigImage}
kolla_config:
/var/lib/kolla/config_files/ironic_conductor.json:
command: /usr/bin/ironic-conductor
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/lib/ironic
owner: ironic:ironic
recurse: true
- path: /var/log/ironic
owner: ironic:ironic
recurse: true
docker_config:
step_4:
ironic_conductor:
start_order: 80
image: {get_param: DockerIronicConductorImage}
net: host
privileged: true
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ironic_conductor.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/ironic/:/var/lib/kolla/config_files/src:ro
- /lib/modules:/lib/modules:ro
- /sys:/sys
- /dev:/dev
- /run:/run #shared?
- /var/lib/ironic:/var/lib/ironic
- /var/log/containers/ironic:/var/log/ironic
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent directories
file:
path: "{{ item }}"
state: directory
with_items:
- /var/log/containers/ironic
- /var/lib/ironic
- name: stat /httpboot
stat: path=/httpboot
register: stat_httpboot
- name: stat /tftpboot
stat: path=/tftpboot
register: stat_tftpboot
- name: stat /var/lib/ironic/httpboot
stat: path=/var/lib/ironic/httpboot
register: stat_ironic_httpboot
- name: stat /var/lib/ironic/tftpboot
stat: path=/var/lib/ironic/tftpboot
register: stat_ironic_tftpboot
# cannot use 'copy' module as with 'remote_src' it doesn't support recursion
- name: migrate /httpboot to containerized (if applicable)
command: /bin/cp -R /httpboot /var/lib/ironic/httpboot
when: stat_httpboot.stat.exists and not stat_ironic_httpboot.stat.exists
- name: migrate /tftpboot to containerized (if applicable)
command: /bin/cp -R /tftpboot /var/lib/ironic/tftpboot
when: stat_tftpboot.stat.exists and not stat_ironic_tftpboot.stat.exists
# Even if there was nothing to copy from original locations,
# we need to create the dirs before starting the containers
- name: ensure ironic pxe directories exist
file:
path: /var/lib/ironic/{{ item }}
state: directory
with_items:
- httpboot
- tftpboot
upgrade_tasks:
- name: Stop and disable ironic_conductor service
tags: step2
service: name=openstack-ironic-conductor state=stopped enabled=no
openstack-tripleo-heat-templates/docker/services/ironic-pxe.yaml 0000644 0001750 0001750 00000010325 13245343355 024473 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Ironic PXE service
parameters:
DockerIronicPxeImage:
description: image
type: string
DockerIronicConfigImage:
description: The container image to use for the ironic config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
resources:
ContainersCommon:
type: ./containers-common.yaml
outputs:
role_data:
description: Role data for the Ironic PXE role.
value:
service_name: ironic_pxe
config_settings: {}
step_config: &step_config ''
service_config_settings: {}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: ironic
puppet_tags: ironic_config
step_config: *step_config
config_image: {get_param: DockerIronicConfigImage}
kolla_config:
/var/lib/kolla/config_files/ironic_pxe_http.json:
command: /usr/sbin/httpd -DFOREGROUND
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
/var/lib/kolla/config_files/ironic_pxe_tftp.json:
command: /usr/sbin/in.tftpd --foreground --user root --address 0.0.0.0:69 --map-file /var/lib/ironic/tftpboot/map-file /var/lib/ironic/tftpboot
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/ironic
owner: ironic:ironic
recurse: true
docker_config:
step_4:
ironic_pxe_tftp:
start_order: 90
image: &ironic_pxe_image {get_param: DockerIronicPxeImage}
net: host
privileged: false
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ironic_pxe_tftp.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/ironic/:/var/lib/kolla/config_files/src:ro
- /var/lib/ironic:/var/lib/ironic/
- /dev/log:/dev/log
- /var/log/containers/ironic:/var/log/ironic
- /var/log/containers/httpd/ironic-pxe:/var/log/httpd
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
ironic_pxe_http:
start_order: 91
image: *ironic_pxe_image
net: host
privileged: false
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ironic_pxe_http.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/ironic/:/var/lib/kolla/config_files/src:ro
- /var/lib/ironic:/var/lib/ironic/
- /var/log/containers/ironic:/var/log/ironic
- /var/log/containers/httpd/ironic-pxe:/var/log/httpd
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent directories
file:
path: "{{ item }}"
state: directory
with_items:
- /var/lib/ironic
- /var/log/containers/ironic
- /var/log/containers/httpd/ironic-pxe
openstack-tripleo-heat-templates/docker/services/iscsid.yaml 0000644 0001750 0001750 00000010522 13245343355 023673 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Iscsid service
parameters:
DockerIscsidImage:
description: image
type: string
DockerIscsidConfigImage:
description: The container image to use for the iscsid config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
DefaultPasswords:
default: {}
type: json
resources:
ContainersCommon:
type: ./containers-common.yaml
IscsidBase:
type: ../../puppet/services/iscsid.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Iscsid role.
value:
service_name: {get_attr: [IscsidBase, role_data, service_name]}
config_settings: {get_attr: [IscsidBase, role_data, config_settings]}
logging_source: {get_attr: [IscsidBase, role_data, logging_source]}
logging_groups: {get_attr: [IscsidBase, role_data, logging_groups]}
step_config: &step_config
{get_attr: [IscsidBase, role_data, step_config]}
service_config_settings: {get_attr: [IscsidBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: iscsid
puppet_tags: iscsid_config
step_config: *step_config
config_image: {get_param: DockerIscsidConfigImage}
volumes:
- /etc/iscsi:/etc/iscsi
kolla_config:
/var/lib/kolla/config_files/iscsid.json:
command: /usr/sbin/iscsid -f
config_files:
- source: "/var/lib/kolla/config_files/src-iscsid/*"
dest: "/"
merge: true
preserve_properties: true
docker_config:
step_3:
iscsid:
start_order: 2
image: {get_param: DockerIscsidImage}
net: host
privileged: true
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/iscsid.json:/var/lib/kolla/config_files/config.json:ro
- /dev/:/dev/
- /run/:/run/
- /sys:/sys
- /lib/modules:/lib/modules:ro
- /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: stat /lib/systemd/system/iscsid.socket
stat: path=/lib/systemd/system/iscsid.socket
register: stat_iscsid_socket
- name: Stop and disable iscsid.socket service
service: name=iscsid.socket state=stopped enabled=no
when: stat_iscsid_socket.stat.exists
upgrade_tasks:
- name: stat /lib/systemd/system/iscsid.service
tags: step2
stat: path=/lib/systemd/system/iscsid.service
register: stat_iscsid_service
- name: Stop and disable iscsid service
tags: step2
service: name=iscsid state=stopped enabled=no
when: (stat_iscsid_service.stat|default('')).exists|default(false)
- name: stat /lib/systemd/system/iscsid.socket
tags: step2
stat: path=/lib/systemd/system/iscsid.socket
register: stat_iscsid_socket
- name: Stop and disable iscsid.socket service
tags: step2
service: name=iscsid.socket state=stopped enabled=no
when: (stat_iscsid_socket.stat|default('')).exists|default(false)
openstack-tripleo-heat-templates/docker/services/keystone.yaml 0000644 0001750 0001750 00000020324 13245343355 024257 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Keystone service
parameters:
DockerKeystoneImage:
description: image
type: string
DockerKeystoneConfigImage:
description: The container image to use for the keystone config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
AdminPassword:
description: The password for the keystone admin account, used for monitoring, querying neutron etc.
type: string
hidden: true
KeystoneTokenProvider:
description: The keystone token format
type: string
default: 'fernet'
constraints:
- allowed_values: ['uuid', 'fernet']
EnableInternalTLS:
type: boolean
default: false
resources:
ContainersCommon:
type: ./containers-common.yaml
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
KeystoneBase:
type: ../../puppet/services/keystone.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
outputs:
role_data:
description: Role data for the Keystone API role.
value:
service_name: {get_attr: [KeystoneBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [KeystoneBase, role_data, config_settings]
- apache::default_vhost: false
logging_source: {get_attr: [KeystoneBase, role_data, logging_source]}
logging_groups: {get_attr: [KeystoneBase, role_data, logging_groups]}
step_config: &step_config
list_join:
- "\n"
- - "['Keystone_user', 'Keystone_endpoint', 'Keystone_domain', 'Keystone_tenant', 'Keystone_user_role', 'Keystone_role', 'Keystone_service'].each |String $val| { noop_resource($val) }"
- {get_attr: [KeystoneBase, role_data, step_config]}
- {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [KeystoneBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: keystone
puppet_tags: keystone_config
step_config: *step_config
config_image: &keystone_config_image {get_param: DockerKeystoneConfigImage}
kolla_config:
/var/lib/kolla/config_files/keystone.json:
command: /usr/sbin/httpd -DFOREGROUND
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
/var/lib/kolla/config_files/keystone_cron.json:
# FIXME(dprince): this is unused ATM because Kolla hardcodes the
# args for the keystone container to -DFOREGROUND
command: /usr/sbin/crond -n
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/keystone
owner: keystone:keystone
recurse: true
docker_config:
# Kolla_bootstrap/db sync runs before permissions set by kolla_config
step_2:
keystone_init_log:
image: &keystone_image {get_param: DockerKeystoneImage}
user: root
command: ['/bin/bash', '-c', 'chown -R keystone:keystone /var/log/keystone']
volumes:
- /var/log/containers/keystone:/var/log/keystone
- /var/log/containers/httpd/keystone:/var/log/httpd
step_3:
keystone_db_sync:
image: *keystone_image
net: host
user: root
privileged: false
detach: false
volumes: &keystone_volumes
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/keystone.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/keystone/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/keystone:/var/log/keystone
- /var/log/containers/httpd/keystone:/var/log/httpd
-
if:
- internal_tls_enabled
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
- ''
-
if:
- internal_tls_enabled
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
- ''
environment:
- KOLLA_BOOTSTRAP=True
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
command: ['/usr/bin/bootstrap_host_exec', 'keystone', '/usr/local/bin/kolla_start']
keystone:
start_order: 2
image: *keystone_image
net: host
privileged: false
restart: always
volumes: *keystone_volumes
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
keystone_bootstrap:
start_order: 3
action: exec
user: root
command:
[ 'keystone', '/usr/bin/bootstrap_host_exec', 'keystone' ,'keystone-manage', 'bootstrap', '--bootstrap-password', {get_param: AdminPassword} ]
keystone_cron:
start_order: 4
image: *keystone_image
user: root
net: host
privileged: false
restart: always
command: ['/bin/bash', '-c', '/usr/local/bin/kolla_set_configs && /usr/sbin/crond -n']
healthcheck:
test: /bin/true
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/keystone_cron.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/keystone/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/keystone:/var/log/keystone
- /var/log/containers/httpd/keystone:/var/log/httpd
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
docker_puppet_tasks:
# Keystone endpoint creation occurs only on single node
step_3:
config_volume: 'keystone_init_tasks'
puppet_tags: 'keystone_config,keystone_domain_config,keystone_endpoint,keystone_identity_provider,keystone_paste_ini,keystone_role,keystone_service,keystone_tenant,keystone_user,keystone_user_role,keystone_domain'
step_config: 'include ::tripleo::profile::base::keystone'
config_image: *keystone_config_image
host_prep_tasks:
- name: create persistent logs directory
file:
path: "{{ item }}"
state: directory
with_items:
- /var/log/containers/keystone
- /var/log/containers/httpd/keystone
upgrade_tasks:
- name: Stop and disable keystone service (running under httpd)
tags: step2
service: name=httpd state=stopped enabled=no
- name: remove old keystone cron jobs
tags: step2
file:
path: /var/spool/cron/keystone
state: absent
metadata_settings:
get_attr: [KeystoneBase, role_data, metadata_settings]
openstack-tripleo-heat-templates/docker/services/nova-ironic.yaml 0000644 0001750 0001750 00000010151 13245343355 024637 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Nova Ironic Compute service
parameters:
DockerNovaComputeIronicImage:
description: image
type: string
DockerNovaConfigImage:
description: The container image to use for the nova config_volume
type: string
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
resources:
ContainersCommon:
type: ./containers-common.yaml
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
NovaIronicBase:
type: ../../puppet/services/nova-ironic.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Nova Compute service.
value:
service_name: {get_attr: [NovaIronicBase, role_data, service_name]}
config_settings: {get_attr: [NovaIronicBase, role_data, config_settings]}
logging_source: {get_attr: [NovaIronicBase, role_data, logging_source]}
logging_groups: {get_attr: [NovaIronicBase, role_data, logging_groups]}
step_config: &step_config
list_join:
- "\n"
- - {get_attr: [NovaIronicBase, role_data, step_config]}
- {get_attr: [MySQLClient, role_data, step_config]}
puppet_config:
config_volume: nova
puppet_tags: nova_config,nova_paste_api_ini
step_config: *step_config
config_image: {get_param: DockerNovaConfigImage}
kolla_config:
/var/lib/kolla/config_files/nova_ironic.json:
command: /usr/bin/nova-compute --config-file /etc/nova/nova.conf --config-file /etc/nova/rootwrap.conf
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/nova
owner: nova:nova
recurse: true
- path: /var/lib/nova
owner: nova:nova
recurse: true
docker_config:
step_5:
nova_compute:
image: {get_param: DockerNovaComputeIronicImage}
net: host
privileged: true
user: root
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/nova_ironic.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro
- /etc/iscsi:/etc/iscsi
- /run:/run
- /dev:/dev
- /var/lib/nova/:/var/lib/nova:shared
- /var/log/containers/nova:/var/log/nova
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent directories
file:
path: "{{ item }}"
state: directory
with_items:
- /var/log/containers/nova
- /var/lib/nova
upgrade_tasks:
- name: Stop and disable nova-compute service
tags: step2
service: name=openstack-nova-compute state=stopped enabled=no
openstack-tripleo-heat-templates/docker/services/logrotate-crond.yaml 0000644 0001750 0001750 00000005022 13245343355 025517 0 ustar stack stack heat_template_version: pike
description: >
Containerized logrotate with crond for containerized service logs rotation
parameters:
DockerCrondImage:
description: image
type: string
DockerCrondConfigImage:
description: The container image to use for the crond config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
resources:
ContainersCommon:
type: ./containers-common.yaml
outputs:
role_data:
description: Role data for the crond role.
value:
service_name: logrotate_crond
config_settings: {}
step_config: &step_config |
include ::tripleo::profile::base::logging::logrotate
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: crond
step_config: *step_config
config_image: {get_param: DockerCrondConfigImage}
kolla_config:
/var/lib/kolla/config_files/logrotate-crond.json:
command: /usr/sbin/crond -s -n
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
docker_config:
step_4:
logrotate_crond:
image: {get_param: DockerCrondImage}
net: none
pid: host
privileged: true
user: root
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/logrotate-crond.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/crond/:/var/lib/kolla/config_files/src:ro
- /var/log/containers:/var/log/containers
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
openstack-tripleo-heat-templates/docker/services/manila-api.yaml 0000644 0001750 0001750 00000011663 13245343355 024434 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Manila API service
parameters:
DockerManilaApiImage:
description: image
type: string
DockerManilaConfigImage:
description: The container image to use for the manila config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
resources:
ContainersCommon:
type: ./containers-common.yaml
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
ManilaApiPuppetBase:
type: ../../puppet/services/manila-api.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
outputs:
role_data:
description: Role data for the Manila API role.
value:
service_name: {get_attr: [ManilaApiPuppetBase, role_data, service_name]}
config_settings: {get_attr: [ManilaApiPuppetBase, role_data, config_settings]}
logging_source: {get_attr: [ManilaApiPuppetBase, role_data, logging_source]}
logging_groups: {get_attr: [ManilaApiPuppetBase, role_data, logging_groups]}
step_config: &step_config
list_join:
- "\n"
- - {get_attr: [ManilaApiPuppetBase, role_data, step_config]}
- {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [ManilaApiPuppetBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS #
puppet_config:
config_volume: manila
puppet_tags: manila_config,manila_api_paste_ini
step_config: *step_config
config_image: {get_param: DockerManilaConfigImage}
kolla_config:
/var/lib/kolla/config_files/manila_api.json:
command: /usr/bin/manila-api --config-file /usr/share/manila/manila-dist.conf --config-file /etc/manila/manila.conf
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/manila
owner: manila:manila
recurse: true
docker_config:
step_2:
manila_init_logs:
image: &manila_api_image {get_param: DockerManilaApiImage}
user: root
volumes:
- /var/log/containers/manila:/var/log/manila
- /var/log/containers/httpd/manila-api:/var/log/httpd
command: ['/bin/bash', '-c', 'chown -R manila:manila /var/log/manila']
step_3:
manila_api_db_sync:
user: root
image: *manila_api_image
net: host
detach: false
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/manila/etc/manila/:/etc/manila/:ro
- /var/log/containers/manila:/var/log/manila
- /var/log/containers/httpd/manila-api:/var/log/httpd
command: "/usr/bin/bootstrap_host_exec manila_api su manila -s /bin/bash -c '/usr/bin/manila-manage db sync'"
step_4:
manila_api:
image: *manila_api_image
net: host
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/manila_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/manila/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/manila:/var/log/manila
- /var/log/containers/httpd/manila-api:/var/log/httpd
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: Create persistent manila logs directory
file:
path: "{{ item }}"
state: directory
with_items:
- /var/log/containers/manila
- /var/log/containers/httpd/manila-api
upgrade_tasks:
- name: Stop and disable manila_api service
tags: step2
service: name=openstack-manila-api state=stopped enabled=no
openstack-tripleo-heat-templates/docker/services/octavia-housekeeping.yaml 0000644 0001750 0001750 00000011356 13245343355 026535 0 ustar stack stack heat_template_version: pike
description: >
OpenStack Octavia service configured with Puppet
parameters:
DockerOctaviaHousekeepingImage:
description: image
type: string
DockerOctaviaConfigImage:
description: The container image to use for the octavia config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
resources:
ContainersCommon:
type: ./containers-common.yaml
OctaviaHousekeepingPuppetBase:
type: ../../puppet/services/octavia-housekeeping.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Octavia housekeeping role.
value:
service_name: {get_attr: [OctaviaHousekeepingPuppetBase, role_data, service_name]}
config_settings: {get_attr: [OctaviaHousekeepingPuppetBase, role_data, config_settings]}
logging_source: {get_attr: [OctaviaHousekeepingPuppetBase, role_data, logging_source]}
logging_groups: {get_attr: [OctaviaHousekeepingPuppetBase, role_data, logging_groups]}
step_config: &step_config
get_attr: [OctaviaHousekeepingPuppetBase, role_data, step_config]
service_config_settings: {get_attr: [OctaviaHousekeepingPuppetBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS #
puppet_config:
config_volume: octavia
puppet_tags: octavia_config
step_config: *step_config
config_image: {get_param: DockerOctaviaConfigImage}
kolla_config:
/var/lib/kolla/config_files/octavia_housekeeping.json:
command: /usr/bin/octavia-housekeeping --config-file /usr/share/octavia/octavia-dist.conf --config-file /etc/octavia/octavia.conf --log-file /var/log/octavia/housekeeping.log --config-dir /etc/octavia/conf.d/common --config-dir /etc/octavia/conf.d/octavia-housekeeping
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
docker_config:
step_2:
octavia_housekeeping_init_dirs:
start_order: 0
image: &octavia_housekeeping_image {get_param: DockerOctaviaHousekeepingImage}
user: root
volumes:
# NOTE(mandre) we need extra dir for the service in /etc/octavia/conf.d
# It is normally created as part of the RPM install, but it is
# missing here because we use the same config_volume for all
# octavia services, hence the same container image to generate
# configuration.
- /var/lib/config-data/puppet-generated/octavia/etc/octavia:/etc/octavia/
command: ['/bin/bash', '-c', 'mkdir -p /etc/octavia/conf.d/octavia-housekeeping; chown -R octavia:octavia /etc/octavia/conf.d/octavia-housekeeping']
step_4:
octavia_housekeeping:
start_order: 2
image: *octavia_housekeeping_image
net: host
privileged: false
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/octavia_housekeeping.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/octavia/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/octavia:/var/log/octavia
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent logs directory
file:
path: /var/log/containers/octavia
state: directory
upgrade_tasks:
- name: Stop and disable octavia_housekeeping service
tags: step2
service: name=openstack-octavia-housekeeping state=stopped enabled=no
openstack-tripleo-heat-templates/docker/services/manila-scheduler.yaml 0000644 0001750 0001750 00000007665 13245343355 025650 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Manila Scheduler service
parameters:
DockerManilaSchedulerImage:
description: image
type: string
DockerManilaConfigImage:
description: The container image to use for the manila config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
resources:
ContainersCommon:
type: ./containers-common.yaml
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
ManilaSchedulerPuppetBase:
type: ../../puppet/services/manila-scheduler.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
outputs:
role_data:
description: Role data for the Manila Scheduler role.
value:
service_name: {get_attr: [ManilaSchedulerPuppetBase, role_data, service_name]}
config_settings: {get_attr: [ManilaSchedulerPuppetBase, role_data, config_settings]}
logging_source: {get_attr: [ManilaSchedulerPuppetBase, role_data, logging_source]}
logging_groups: {get_attr: [ManilaSchedulerPuppetBase, role_data, logging_groups]}
step_config: &step_config
list_join:
- "\n"
- - {get_attr: [ManilaSchedulerPuppetBase, role_data, step_config]}
- {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [ManilaSchedulerPuppetBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS #
puppet_config:
config_volume: manila
puppet_tags: manila_config,manila_scheduler_paste_ini
step_config: *step_config
config_image: {get_param: DockerManilaConfigImage}
kolla_config:
/var/lib/kolla/config_files/manila_scheduler.json:
command: /usr/bin/manila-scheduler --config-file /usr/share/manila/manila-dist.conf --config-file /etc/manila/manila.conf
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/manila
owner: manila:manila
recurse: true
docker_config:
step_4:
manila_scheduler:
image: {get_param: DockerManilaSchedulerImage}
net: host
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/manila_scheduler.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/manila/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/manila:/var/log/manila
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: Create persistent manila logs directory
file:
path: /var/log/containers/manila
state: directory
upgrade_tasks:
- name: Stop and disable manila_scheduler service
tags: step2
service: name=openstack-manila-scheduler state=stopped enabled=no
openstack-tripleo-heat-templates/docker/services/manila-share.yaml 0000644 0001750 0001750 00000010233 13245343355 024755 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Manila Share service
parameters:
DockerManilaShareImage:
description: image
type: string
DockerManilaConfigImage:
description: image
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
resources:
ContainersCommon:
type: ./containers-common.yaml
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
ManilaBase:
type: ../../puppet/services/manila-share.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Manila Share role.
value:
service_name: {get_attr: [ManilaBase, role_data, service_name]}
config_settings: {get_attr: [ManilaBase, role_data, config_settings]}
logging_source: {get_attr: [ManilaBase, role_data, logging_source]}
logging_groups: {get_attr: [ManilaBase, role_data, logging_groups]}
step_config: &step_config
list_join:
- "\n"
- - {get_attr: [ManilaBase, role_data, step_config]}
- {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [ManilaBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: manila
puppet_tags: manila_config
step_config: *step_config
config_image: {get_param: DockerManilaConfigImage}
kolla_config:
/var/lib/kolla/config_files/manila_share.json:
command: /usr/bin/manila-share --config-file /usr/share/manila/manila-dist.conf --config-file /etc/manila/manila.conf
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
- source: "/var/lib/kolla/config_files/src-ceph/"
dest: "/etc/ceph/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/manila
owner: manila:manila
recurse: true
docker_config:
step_4:
manila_share:
image: &manila_share_image {get_param: DockerManilaShareImage}
net: host
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/manila_share.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/manila/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/manila:/var/log/manila
- /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent directories
file:
path: /var/log/containers/manila
state: directory
- name: ensure ceph configurations exist
file:
path: /etc/ceph
state: directory
upgrade_tasks:
- name: Stop and disable manila_share service
tags: step2
service: name=openstack-manila-share state=stopped enabled=no
openstack-tripleo-heat-templates/docker/services/memcached.yaml 0000644 0001750 0001750 00000010320 13245343355 024317 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Memcached services
parameters:
DockerMemcachedImage:
description: image
type: string
DockerMemcachedConfigImage:
description: The container image to use for the memcached config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
resources:
ContainersCommon:
type: ./containers-common.yaml
MemcachedBase:
type: ../../puppet/services/memcached.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Memcached API role.
value:
service_name: {get_attr: [MemcachedBase, role_data, service_name]}
config_settings: {get_attr: [MemcachedBase, role_data, config_settings]}
logging_source: {get_attr: [MemcachedBase, role_data, logging_source]}
logging_groups: {get_attr: [MemcachedBase, role_data, logging_groups]}
step_config: &step_config
get_attr: [MemcachedBase, role_data, step_config]
service_config_settings: {get_attr: [MemcachedBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: 'memcached'
puppet_tags: 'file'
step_config: *step_config
config_image: {get_param: DockerMemcachedConfigImage}
kolla_config: {}
docker_config:
step_1:
memcached_init_logs:
start_order: 0
detach: false
image: &memcached_image {get_param: DockerMemcachedImage}
privileged: false
user: root
volumes:
- /var/lib/config-data/memcached/etc/sysconfig/memcached:/etc/sysconfig/memcached:ro
- /var/log/containers/memcached:/var/log/
command: ['/bin/bash', '-c', 'source /etc/sysconfig/memcached; touch /var/log/memcached.log && chown ${USER} /var/log/memcached.log']
memcached:
start_order: 1
image: *memcached_image
net: host
privileged: false
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/memcached/etc/sysconfig/memcached:/etc/sysconfig/memcached:ro
- /var/log/containers/memcached:/var/log/
# NOTE: We're adding the log redirection here, even though should
# already be part of the options. This is because the redirection
# via the options is not working and ends up being passed as a
# parameter to the memcached command (which it silently ignores).
# Thus the need for the explicit redirection here. The redirection
# will be removed from the $OPTIONS, which is done via the puppet
# module, but we'll only be able to do this once the following pull
# request merges: https://github.com/saz/puppet-memcached/pull/88
command: ['/bin/bash', '-c', 'source /etc/sysconfig/memcached; /usr/bin/memcached -p ${PORT} -u ${USER} -m ${CACHESIZE} -c ${MAXCONN} $OPTIONS >> /var/log/memcached.log 2>&1']
upgrade_tasks:
- name: Stop and disable memcached service
tags: step2
service: name=memcached state=stopped enabled=no
openstack-tripleo-heat-templates/docker/services/mistral-api.yaml 0000644 0001750 0001750 00000016007 13245343355 024643 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Mistral API service
parameters:
DockerMistralApiImage:
description: image
type: string
DockerMistralConfigImage:
description: The container image to use for the mistral config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
MistralWorkers:
default: 1
description: The number of workers for the mistral-api.
type: number
MistralApiPolicies:
description: |
A hash of policies to configure for Mistral API.
e.g. { mistral-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
default: {}
type: json
resources:
ContainersCommon:
type: ./containers-common.yaml
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
MistralBase:
type: ../../puppet/services/mistral-base.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
MistralApiBase:
type: ../../puppet/services/mistral-api.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Mistral API role.
value:
service_name: {get_attr: [MistralApiBase, role_data, service_name]}
# FIXME(mandre) restore once mistral-api image has the necessary packages
# to run on top of apache
# config_settings:
# map_merge:
# - get_attr: [MistralApiBase, role_data, config_settings]
config_settings:
map_merge:
- get_attr: [MistralBase, role_data, config_settings]
- mistral::api::api_workers: {get_param: MistralWorkers}
mistral::api::bind_host: {get_param: [ServiceNetMap, MistralApiNetwork]}
mistral::policy::policies: {get_param: MistralApiPolicies}
tripleo.mistral_api.firewall_rules:
'133 mistral':
dport:
- 8989
- 13989
mistral_wsgi_enabled: false
logging_source: {get_attr: [MistralApiBase, role_data, logging_source]}
logging_groups: {get_attr: [MistralApiBase, role_data, logging_groups]}
step_config: &step_config
list_join:
- "\n"
- - {get_attr: [MistralApiBase, role_data, step_config]}
- {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [MistralApiBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: mistral
puppet_tags: mistral_config
step_config: *step_config
config_image: {get_param: DockerMistralConfigImage}
kolla_config:
/var/lib/kolla/config_files/mistral_api.json:
command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/api.log --server=api
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/mistral
owner: mistral:mistral
recurse: true
docker_config:
# db sync runs before permissions set by kolla_config
step_2:
mistral_init_logs:
image: &mistral_api_image {get_param: DockerMistralApiImage}
privileged: false
user: root
volumes:
- /var/log/containers/mistral:/var/log/mistral
command: ['/bin/bash', '-c', 'chown -R mistral:mistral /var/log/mistral']
step_3:
mistral_db_sync:
start_order: 0
image: *mistral_api_image
net: host
privileged: false
detach: false
user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro
- /var/log/containers/mistral:/var/log/mistral
command: "/usr/bin/bootstrap_host_exec mistral_api su mistral -s /bin/bash -c 'mistral-db-manage --config-file /etc/mistral/mistral.conf upgrade head'"
mistral_db_populate:
start_order: 1
image: *mistral_api_image
net: host
privileged: false
detach: false
user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro
- /var/log/containers/mistral:/var/log/mistral
# NOTE: dprince this requires that we install openstack-tripleo-common into
# the Mistral API image so that we get tripleo* actions
command: "/usr/bin/bootstrap_host_exec mistral_api su mistral -s /bin/bash -c 'mistral-db-manage --config-file /etc/mistral/mistral.conf populate'"
step_4:
mistral_api:
start_order: 15
image: *mistral_api_image
net: host
privileged: false
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/mistral_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/mistral/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/mistral:/var/log/mistral
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent logs directory
file:
path: /var/log/containers/mistral
state: directory
upgrade_tasks:
- name: Stop and disable mistral_api service
tags: step2
service: name=openstack-mistral-api state=stopped enabled=no
openstack-tripleo-heat-templates/docker/services/mistral-engine.yaml 0000644 0001750 0001750 00000007737 13245343355 025351 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Mistral Engine service
parameters:
DockerMistralEngineImage:
description: image
type: string
DockerMistralConfigImage:
description: The container image to use for the mistral config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
resources:
ContainersCommon:
type: ./containers-common.yaml
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
MistralBase:
type: ../../puppet/services/mistral-engine.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Mistral Engine role.
value:
service_name: {get_attr: [MistralBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [MistralBase, role_data, config_settings]
logging_source: {get_attr: [MistralBase, role_data, logging_source]}
logging_groups: {get_attr: [MistralBase, role_data, logging_groups]}
step_config: &step_config
list_join:
- "\n"
- - {get_attr: [MistralBase, role_data, step_config]}
- {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [MistralBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: mistral
puppet_tags: mistral_config
step_config: *step_config
config_image: {get_param: DockerMistralConfigImage}
kolla_config:
/var/lib/kolla/config_files/mistral_engine.json:
command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/engine.log --server=engine
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/mistral
owner: mistral:mistral
recurse: true
docker_config:
step_4:
mistral_engine:
image: {get_param: DockerMistralEngineImage}
net: host
privileged: false
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /run:/run
- /var/lib/kolla/config_files/mistral_engine.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/mistral/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/mistral:/var/log/mistral
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent logs directory
file:
path: /var/log/containers/mistral
state: directory
upgrade_tasks:
- name: Stop and disable mistral_engine service
tags: step2
service: name=openstack-mistral-engine state=stopped enabled=no
openstack-tripleo-heat-templates/docker/services/nova-libvirt.yaml 0000644 0001750 0001750 00000026164 13245343355 025042 0 ustar stack stack heat_template_version: pike
description: >
OpenStack Libvirt Service
parameters:
DockerNovaLibvirtImage:
description: image
type: string
# we configure libvirt via the nova-compute container due to coupling
# in the puppet modules
DockerNovaLibvirtConfigImage:
description: The container image to use for the nova_libvirt config_volume
type: string
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
EnableInternalTLS:
type: boolean
default: false
UseTLSTransportForLiveMigration:
type: boolean
default: true
description: If set to true and if EnableInternalTLS is enabled, it will
set the libvirt URI's transport to tls and configure the
relevant keys for libvirt. NOTE. this is currently being
ignored and TLS for libvirtd is always disabled for now.
DockerNovaMigrationSshdPort:
default: 2022
description: Port that dockerized nova migration target sshd service
binds to.
type: number
NovaEnableRbdBackend:
default: false
description: Whether to enable or not the Rbd backend for Nova
type: boolean
CinderEnableRbdBackend:
default: false
description: Whether to enable or not the Rbd backend for Cinder
type: boolean
CephClientKey:
description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
type: string
hidden: true
CephClusterFSID:
type: string
description: The Ceph cluster FSID. Must be a UUID.
conditions:
use_tls_for_live_migration:
and:
- equals:
- {get_param: EnableInternalTLS}
- true
- equals:
- {get_param: UseTLSTransportForLiveMigration}
- true
need_libvirt_secret:
or:
- equals:
- {get_param: NovaEnableRbdBackend}
- true
- equals:
- {get_param: CinderEnableRbdBackend}
- true
resources:
ContainersCommon:
type: ./containers-common.yaml
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
NovaLibvirtBase:
type: ../../puppet/services/nova-libvirt.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Libvirt service.
value:
service_name: {get_attr: [NovaLibvirtBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [NovaLibvirtBase, role_data, config_settings]
- tripleo::profile::base::certmonger_user::libvirt_postsave_cmd: "true" # TODO: restart the libvirt container here
logging_source: {get_attr: [NovaLibvirtBase, role_data, logging_source]}
logging_groups: {get_attr: [NovaLibvirtBase, role_data, logging_groups]}
step_config: &step_config
list_join:
- "\n"
- - {get_attr: [NovaLibvirtBase, role_data, step_config]}
- {get_attr: [MySQLClient, role_data, step_config]}
puppet_config:
config_volume: nova_libvirt
puppet_tags: libvirtd_config,nova_config,file,libvirt_tls_password
step_config: *step_config
config_image: {get_param: DockerNovaLibvirtConfigImage}
kolla_config:
/var/lib/kolla/config_files/nova_libvirt.json:
command:
if:
- use_tls_for_live_migration
- /usr/sbin/libvirtd --listen --config /etc/libvirt/libvirtd.conf
- /usr/sbin/libvirtd --config /etc/libvirt/libvirtd.conf
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
- source: "/var/lib/kolla/config_files/src-ceph/"
dest: "/etc/ceph/"
merge: true
preserve_properties: true
/var/lib/kolla/config_files/nova_virtlogd.json:
command: /usr/sbin/virtlogd --config /etc/libvirt/virtlogd.conf
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/nova
owner: nova:nova
recurse: true
docker_config:
step_3:
nova_virtlogd:
start_order: 0
image: {get_param: DockerNovaLibvirtImage}
net: host
pid: host
privileged: true
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/nova_virtlogd.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/nova_libvirt/:/var/lib/kolla/config_files/src:ro
- /lib/modules:/lib/modules:ro
- /dev:/dev
- /run:/run
- /sys/fs/cgroup:/sys/fs/cgroup
- /var/lib/nova:/var/lib/nova:shared
- /var/run/libvirt:/var/run/libvirt
- /var/lib/libvirt:/var/lib/libvirt
- /etc/libvirt/qemu:/etc/libvirt/qemu:ro
- /var/log/libvirt/qemu:/var/log/libvirt/qemu
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
nova_libvirt:
start_order: 1
image: {get_param: DockerNovaLibvirtImage}
net: host
pid: host
privileged: true
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/nova_libvirt.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/nova_libvirt/:/var/lib/kolla/config_files/src:ro
- /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
- /lib/modules:/lib/modules:ro
- /dev:/dev
- /run:/run
- /sys/fs/cgroup:/sys/fs/cgroup
- /var/lib/nova:/var/lib/nova:shared
- /etc/libvirt:/etc/libvirt
- /var/run/libvirt:/var/run/libvirt
- /var/lib/libvirt:/var/lib/libvirt
- /var/log/libvirt/qemu:/var/log/libvirt/qemu:ro
- /var/log/containers/nova:/var/log/nova
- /var/lib/vhost_sockets:/var/lib/vhost_sockets
- /sys/fs/selinux:/sys/fs/selinux
-
if:
- use_tls_for_live_migration
-
- /etc/ipa/ca.crt:/etc/pki/CA/cacert.pem:ro
- /etc/pki/libvirt/servercert.pem:/etc/pki/libvirt/servercert.pem:ro
- /etc/pki/libvirt/private/serverkey.pem:/etc/pki/libvirt/private/serverkey.pem:ro
- /etc/pki/libvirt/clientcert.pem:/etc/pki/libvirt/clientcert.pem:ro
- /etc/pki/libvirt/private/clientkey.pem:/etc/pki/libvirt/private/clientkey.pem:ro
- null
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
step_4:
if:
- need_libvirt_secret
- nova_libvirt_init_secret:
detach: false
image: {get_param: DockerNovaLibvirtImage}
privileged: false
user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/puppet-generated/nova_libvirt/etc/nova:/etc/nova:ro
- /etc/libvirt:/etc/libvirt
- /var/run/libvirt:/var/run/libvirt
- /var/lib/libvirt:/var/lib/libvirt
command:
- /bin/bash
- -c
- str_replace:
template: /usr/bin/virsh secret-define --file /etc/nova/secret.xml && /usr/bin/virsh secret-set-value --secret 'SECRET_UUID' --base64 'SECRET_KEY'
params:
SECRET_UUID: {get_param: CephClusterFSID}
SECRET_KEY: {get_param: CephClientKey}
- {}
host_prep_tasks:
- name: create libvirt persistent data directories
file:
path: "{{ item }}"
state: directory
with_items:
- /etc/libvirt
- /etc/libvirt/secrets
- /etc/libvirt/qemu
- /var/lib/libvirt
- /var/log/containers/nova
# qemu user on host will be cretaed by libvirt package install, ensure
# the qemu user created with same uid/gid as like libvirt package.
# These specific values are required since ovs is running on host.
# Once ovs with DPDK is containerized, we could modify this uid/gid
# to match with kolla config values.
- name: ensure qemu group is present on the host
group:
name: qemu
gid: 107
state: present
- name: ensure qemu user is present on the host
user:
name: qemu
uid: 107
group: qemu
state: present
shell: /sbin/nologin
comment: qemu user
- name: create directory for vhost-user sockets with qemu ownership
file:
path: /var/lib/vhost_sockets
state: directory
owner: qemu
group: qemu
- name: ensure ceph configurations exist
file:
path: /etc/ceph
state: directory
- name: check if libvirt is installed
command: /usr/bin/rpm -q libvirt-daemon
failed_when: false
register: libvirt_installed
- name: make sure libvirt services are disabled
service:
name: "{{ item }}"
state: stopped
enabled: no
with_items:
- libvirtd.service
- virtlogd.socket
when: libvirt_installed.rc == 0
metadata_settings:
get_attr: [NovaLibvirtBase, role_data, metadata_settings]
upgrade_tasks:
- name: Stop and disable libvirtd service
tags: step2
service: name=libvirtd state=stopped enabled=no
openstack-tripleo-heat-templates/docker/services/mistral-executor.yaml 0000644 0001750 0001750 00000011526 13245343355 025731 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Mistral Executor service
parameters:
DockerMistralExecutorImage:
description: image
type: string
DockerMistralConfigImage:
description: The container image to use for the mistral config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
resources:
ContainersCommon:
type: ./containers-common.yaml
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
MistralBase:
type: ../../puppet/services/mistral-executor.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Mistral Executor role.
value:
service_name: {get_attr: [MistralBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [MistralBase, role_data, config_settings]
logging_source: {get_attr: [MistralBase, role_data, logging_source]}
logging_groups: {get_attr: [MistralBase, role_data, logging_groups]}
step_config: &step_config
list_join:
- "\n"
- - {get_attr: [MistralBase, role_data, step_config]}
- {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [MistralBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: mistral
puppet_tags: mistral_config
step_config: *step_config
config_image: {get_param: DockerMistralConfigImage}
kolla_config:
/var/lib/kolla/config_files/mistral_executor.json:
command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/executor.log --server=executor
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/mistral
owner: mistral:mistral
recurse: true
docker_config:
step_4:
mistral_executor:
image: {get_param: DockerMistralExecutorImage}
net: host
privileged: false
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/mistral_executor.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/mistral/:/var/lib/kolla/config_files/src:ro
- /run:/run
# FIXME: this is required in order for Nova cells
# initialization workflows on the Undercloud. Need to
# exclude this on the overcloud for security reasons.
- /var/lib/config-data/nova/etc/nova:/etc/nova:ro
- /var/log/containers/mistral:/var/log/mistral
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent logs directory
file:
path: /var/log/containers/mistral
state: directory
upgrade_tasks:
- name: Check if mistral executor is deployed
command: systemctl is-enabled openstack-mistral-executor
tags: common
ignore_errors: True
register: mistral_executor_enabled
- name: "PreUpgrade step0,validation: Check if openstack-mistral-executor is running"
shell: >
/usr/bin/systemctl show 'openstack-mistral-executor' --property ActiveState |
grep '\bactive\b'
when: mistral_executor_enabled.rc == 0
tags: step0,validation
- name: Stop and disable mistral_executor service
tags: step2
when: mistral_executor_enabled.rc == 0
service: name=openstack-mistral-executor state=stopped enabled=no
openstack-tripleo-heat-templates/docker/services/multipathd.yaml 0000644 0001750 0001750 00000005446 13245343355 024601 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Multipathd service
parameters:
DockerMultipathdImage:
description: image
type: string
DockerMultipathdConfigImage:
description: The container image to use for the multipathd config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
DefaultPasswords:
default: {}
type: json
resources:
ContainersCommon:
type: ./containers-common.yaml
outputs:
role_data:
description: Role data for the Multipathd API role.
value:
service_name: multipathd
config_settings: {}
step_config: ''
service_config_settings: {}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: multipathd
#puppet_tags: file
step_config: ''
config_image: {get_param: DockerMultipathdConfigImage}
kolla_config:
/var/lib/kolla/config_files/multipathd.json:
command: /usr/sbin/multipathd -d
config_files:
- source: "/var/lib/kolla/config_files/src-iscsid/*"
dest: "/"
merge: true
preserve_properties: true
docker_config:
step_3:
multipathd:
start_order: 1
image: {get_param: DockerMultipathdImage}
net: host
privileged: true
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/multipathd.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro
- /dev/:/dev/
- /run/:/run/
- /sys:/sys
- /lib/modules:/lib/modules:ro
- /var/lib/cinder:/var/lib/cinder
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
upgrade_tasks:
- name: Stop and disable multipathd service
tags: step2
service: name=multipathd state=stopped enabled=no
openstack-tripleo-heat-templates/docker/services/neutron-api.yaml 0000644 0001750 0001750 00000020052 13245343355 024655 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Neutron API service
parameters:
DockerNeutronApiImage:
description: image
type: string
DockerNeutronConfigImage:
description: The container image to use for the neutron config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EnableInternalTLS:
type: boolean
default: false
UpgradeRemoveUnusedPackages:
default: false
description: Remove package if the service is being disabled during upgrade
type: boolean
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
ContainersCommon:
type: ./containers-common.yaml
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
NeutronBase:
type: ../../puppet/services/neutron-api.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Neutron API role.
value:
service_name: {get_attr: [NeutronBase, role_data, service_name]}
logging_source: {get_attr: [NeutronBase, role_data, logging_source]}
logging_groups: {get_attr: [NeutronBase, role_data, logging_groups]}
config_settings:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
step_config: &step_config
list_join:
- "\n"
- - {get_attr: [NeutronBase, role_data, step_config]}
- {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [NeutronBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: neutron
puppet_tags: neutron_config,neutron_api_config
step_config: *step_config
config_image: {get_param: DockerNeutronConfigImage}
kolla_config:
/var/lib/kolla/config_files/neutron_api.json:
command: /usr/bin/neutron-server --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini --config-dir /etc/neutron/conf.d/common --config-dir /etc/neutron/conf.d/neutron-server
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/neutron
owner: neutron:neutron
recurse: true
/var/lib/kolla/config_files/neutron_server_tls_proxy.json:
command: /usr/sbin/httpd -DFOREGROUND
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
docker_config:
# db sync runs before permissions set by kolla_config
step_2:
neutron_init_logs:
image: &neutron_api_image {get_param: DockerNeutronApiImage}
privileged: false
user: root
volumes:
- /var/log/containers/neutron:/var/log/neutron
- /var/log/containers/httpd/neutron-api:/var/log/httpd
command: ['/bin/bash', '-c', 'chown -R neutron:neutron /var/log/neutron']
step_3:
neutron_db_sync:
image: *neutron_api_image
net: host
privileged: false
detach: false
user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/neutron/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/neutron/etc/neutron:/etc/neutron:ro
- /var/lib/config-data/neutron/usr/share/neutron:/usr/share/neutron:ro
- /var/log/containers/neutron:/var/log/neutron
- /var/log/containers/httpd/neutron-api:/var/log/httpd
command: ['/usr/bin/bootstrap_host_exec', 'neutron_api', 'neutron-db-manage', 'upgrade', 'heads']
# FIXME: we should make config file permissions right
# and run as neutron user
#command: "/usr/bin/bootstrap_host_exec neutron_api su neutron -s /bin/bash -c 'neutron-db-manage upgrade heads'"
step_4:
map_merge:
- neutron_api:
image: *neutron_api_image
net: host
privileged: false
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/neutron_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/neutron:/var/log/neutron
- /var/log/containers/httpd/neutron-api:/var/log/httpd
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
- if:
- internal_tls_enabled
- neutron_server_tls_proxy:
image: *neutron_api_image
net: host
user: root
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/neutron_server_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
- {}
host_prep_tasks:
- name: create persistent logs directory
file:
path: "{{ item }}"
state: directory
with_items:
- /var/log/containers/neutron
- /var/log/containers/httpd/neutron-api
upgrade_tasks:
- name: Check if neutron_server is deployed
command: systemctl is-enabled neutron-server
tags: common
ignore_errors: True
register: neutron_server_enabled
- name: "PreUpgrade step0,validation: Check service neutron-server is running"
shell: /usr/bin/systemctl show 'neutron-server' --property ActiveState | grep '\bactive\b'
when: neutron_server_enabled.rc == 0
tags: step0,validation
- name: Stop and disable neutron_api service
tags: step2
when: neutron_server_enabled.rc == 0
service: name=neutron-server state=stopped enabled=no
- name: Remove openstack-neutron package if operator requests it
yum: name=openstack-neutron state=removed
tags: step2
ignore_errors: True
when: {get_param: UpgradeRemoveUnusedPackages}
metadata_settings:
get_attr: [NeutronBase, role_data, metadata_settings]
openstack-tripleo-heat-templates/docker/services/neutron-dhcp.yaml 0000644 0001750 0001750 00000011527 13245343355 025031 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Neutron DHCP service
parameters:
DockerNeutronDHCPImage:
description: image
type: string
DockerNeutronConfigImage:
description: The container image to use for the neutron config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
resources:
ContainersCommon:
type: ./containers-common.yaml
NeutronBase:
type: ../../puppet/services/neutron-dhcp.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Neutron DHCP role.
value:
service_name: {get_attr: [NeutronBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
logging_source: {get_attr: [NeutronBase, role_data, logging_source]}
logging_groups: {get_attr: [NeutronBase, role_data, logging_groups]}
step_config: &step_config
get_attr: [NeutronBase, role_data, step_config]
service_config_settings: {get_attr: [NeutronBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: neutron
puppet_tags: neutron_config,neutron_dhcp_agent_config
step_config: *step_config
config_image: {get_param: DockerNeutronConfigImage}
kolla_config:
/var/lib/kolla/config_files/neutron_dhcp.json:
command: /usr/bin/neutron-dhcp-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/dhcp_agent.ini --log-file /var/log/neutron/dhcp-agent.log --config-dir /etc/neutron/conf.d/common --config-dir /etc/neutron/conf.d/neutron-dhcp-agent
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/neutron
owner: neutron:neutron
recurse: true
- path: /var/lib/neutron
owner: neutron:neutron
recurse: true
docker_config:
step_4:
neutron_dhcp:
image: {get_param: DockerNeutronDHCPImage}
net: host
pid: host
privileged: true
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/neutron_dhcp.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro
- /lib/modules:/lib/modules:ro
- /run/:/run
- /var/lib/neutron:/var/lib/neutron
- /var/log/containers/neutron:/var/log/neutron
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create /var/lib/neutron
file:
path: /var/lib/neutron
state: directory
- name: create persistent logs directory
file:
path: /var/log/containers/neutron
state: directory
upgrade_tasks:
- name: Check if neutron_dhcp_agent is deployed
command: systemctl is-enabled neutron-dhcp-agent
tags: common
ignore_errors: True
register: neutron_dhcp_agent_enabled
- name: "PreUpgrade step0,validation: Check service neutron-dhcp-agent is running"
shell: /usr/bin/systemctl show 'neutron-dhcp-agent' --property ActiveState | grep '\bactive\b'
when: neutron_dhcp_agent_enabled.rc == 0
tags: step0,validation
- name: Stop and disable neutron_dhcp service
tags: step2
when: neutron_dhcp_agent_enabled.rc == 0
service: name=neutron-dhcp-agent state=stopped enabled=no
openstack-tripleo-heat-templates/docker/services/neutron-l3.yaml 0000644 0001750 0001750 00000010241 13245343355 024421 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Neutron L3 agent
parameters:
DockerNeutronL3AgentImage:
description: image
type: string
DockerNeutronConfigImage:
description: The container image to use for the neutron config_volume
type: string
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
resources:
ContainersCommon:
type: ./containers-common.yaml
NeutronL3Base:
type: ../../puppet/services/neutron-l3.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for Neutron L3 agent
value:
service_name: {get_attr: [NeutronL3Base, role_data, service_name]}
config_settings: {get_attr: [NeutronL3Base, role_data, config_settings]}
logging_source: {get_attr: [NeutronL3Base, role_data, logging_source]}
logging_groups: {get_attr: [NeutronL3Base, role_data, logging_groups]}
step_config: &step_config
get_attr: [NeutronL3Base, role_data, step_config]
puppet_config:
puppet_tags: neutron_config,neutron_l3_agent_config
config_volume: neutron
step_config: *step_config
config_image: {get_param: DockerNeutronConfigImage}
kolla_config:
/var/lib/kolla/config_files/neutron_l3_agent.json:
command: /usr/bin/neutron-l3-agent --config-file /usr/share/neutron/neutron-dist.conf --config-dir /usr/share/neutron/l3_agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/l3_agent.ini --config-dir /etc/neutron/conf.d/common --config-dir /etc/neutron/conf.d/neutron-l3-agent
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/neutron
owner: neutron:neutron
recurse: true
- path: /var/lib/neutron
owner: neutron:neutron
recurse: true
docker_config:
step_4:
neutron_l3_agent:
image: {get_param: DockerNeutronL3AgentImage}
net: host
pid: host
privileged: true
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/neutron_l3_agent.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro
- /lib/modules:/lib/modules:ro
- /run:/run
- /var/lib/neutron:/var/lib/neutron
- /var/log/containers/neutron:/var/log/neutron
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create /var/lib/neutron
file:
path: /var/lib/neutron
state: directory
- name: create persistent logs directory
file:
path: /var/log/containers/neutron
state: directory
upgrade_tasks:
- name: Stop and disable neutron_l3 service
tags: step2
service: name=neutron-l3-agent state=stopped enabled=no
openstack-tripleo-heat-templates/docker/services/nova-migration-target.yaml 0000644 0001750 0001750 00000012652 13245343355 026641 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Nova Migration Target service
parameters:
DockerNovaComputeImage:
description: image
type: string
DockerNovaLibvirtConfigImage:
description: The container image to use for the nova_libvirt config_volume
type: string
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
DockerNovaMigrationSshdPort:
default: 2022
description: Port that dockerized nova migration target sshd service
binds to.
type: number
MigrationSshKey:
type: json
description: >
SSH key for migration.
Expects a dictionary with keys 'public_key' and 'private_key'.
Values should be identical to SSH public/private key files.
default:
public_key: ''
private_key: ''
MigrationSshPort:
default: 2022
description: Target port for migration over ssh
type: number
conditions:
# During Ocata->Pike upgrade initially configure the ssh service on port 22
# to proxy migration commands to the containerized sshd on port 2022.
# When the upgrade converges we can switch migrations over to port 2022.
enable_migration_proxy:
equals:
- {get_param: MigrationSshPort}
- 22
resources:
ContainersCommon:
type: ./containers-common.yaml
SshdBase:
type: ../../puppet/services/sshd.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
NovaMigrationTargetBase:
type: ../../puppet/services/nova-migration-target.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Nova Migration Target service.
value:
service_name: nova_migration_target
config_settings:
map_merge:
- get_attr: [SshdBase, role_data, config_settings]
- get_attr: [NovaMigrationTargetBase, role_data, config_settings]
# NB this prevents the baremetal ssh from listening on port 2022
# It doesn't affect the sshd port in the container as we override it below on the sshd cli
- tripleo::profile::base::sshd::port: 22
- if:
- enable_migration_proxy
- tripleo::profile::base::nova::migration::proxy::ssh_private_key: {get_param: [ MigrationSshKey, private_key ]}
tripleo::profile::base::nova::migration::proxy::target_port: {get_param: DockerNovaMigrationSshdPort}
tripleo::profile::base::nova::migration::proxy::target_host: "%{hiera('live_migration_ssh_inbound_addr')}"
- {}
logging_source: {get_attr: [NovaMigrationTargetBase, role_data, logging_source]}
logging_groups: {get_attr: [NovaMigrationTargetBase, role_data, logging_groups]}
step_config: &step_config
list_join:
- "\n"
- - get_attr: [SshdBase, role_data, step_config]
- get_attr: [NovaMigrationTargetBase, role_data, step_config]
puppet_config:
config_volume: nova_libvirt
step_config: *step_config
config_image: {get_param: DockerNovaLibvirtConfigImage}
kolla_config:
/var/lib/kolla/config_files/nova-migration-target.json:
command:
str_replace:
template: "/usr/sbin/sshd -D -p SSHDPORT"
params:
SSHDPORT: {get_param: DockerNovaMigrationSshdPort}
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
- source: /host-ssh/ssh_host_*_key
dest: /etc/ssh/
owner: "root"
perm: "0600"
docker_config:
step_4:
nova_migration_target:
image: {get_param: DockerNovaComputeImage}
net: host
privileged: true
user: root
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/nova-migration-target.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/nova_libvirt/:/var/lib/kolla/config_files/src:ro
- /etc/ssh/:/host-ssh/:ro
- /run:/run
- /var/lib/nova:/var/lib/nova:shared
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
openstack-tripleo-heat-templates/docker/services/nova-placement.yaml 0000644 0001750 0001750 00000012272 13245343355 025332 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Nova Placement API service
parameters:
DockerNovaPlacementImage:
description: image
type: string
DockerNovaPlacementConfigImage:
description: The container image to use for the nova_placement config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EnableInternalTLS:
type: boolean
default: false
UpgradeRemoveUnusedPackages:
default: false
description: Remove package if the service is being disabled during upgrade
type: boolean
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
ContainersCommon:
type: ./containers-common.yaml
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
NovaPlacementBase:
type: ../../puppet/services/nova-placement.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Nova Placement API role.
value:
service_name: {get_attr: [NovaPlacementBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [NovaPlacementBase, role_data, config_settings]
- apache::default_vhost: false
logging_source: {get_attr: [NovaPlacementBase, role_data, logging_source]}
logging_groups: {get_attr: [NovaPlacementBase, role_data, logging_groups]}
step_config: &step_config
list_join:
- "\n"
- - {get_attr: [NovaPlacementBase, role_data, step_config]}
- {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [NovaPlacementBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: nova_placement
puppet_tags: nova_config
step_config: *step_config
config_image: {get_param: DockerNovaPlacementConfigImage}
kolla_config:
/var/lib/kolla/config_files/nova_placement.json:
command: /usr/sbin/httpd -DFOREGROUND
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/nova
owner: nova:nova
recurse: true
docker_config:
# start this early so it is up before computes start reporting
step_3:
nova_placement:
start_order: 1
image: {get_param: DockerNovaPlacementImage}
net: host
user: root
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/nova_placement.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/nova_placement/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/nova:/var/log/nova
- /var/log/containers/httpd/nova-placement:/var/log/httpd
-
if:
- internal_tls_enabled
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
- ''
-
if:
- internal_tls_enabled
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
- ''
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
metadata_settings:
get_attr: [NovaPlacementBase, role_data, metadata_settings]
host_prep_tasks:
- name: create persistent logs directory
file:
path: "{{ item }}"
state: directory
with_items:
- /var/log/containers/nova
- /var/log/containers/httpd/nova-placement
upgrade_tasks:
- name: Stop and disable nova_placement service (running under httpd)
tags: step2
service: name=httpd state=stopped enabled=no
- name: Remove httpd package if operator requests it
yum: name=httpd state=removed
tags: step2
ignore_errors: True
when: {get_param: UpgradeRemoveUnusedPackages}
openstack-tripleo-heat-templates/docker/services/nova-scheduler.yaml 0000644 0001750 0001750 00000010367 13245343355 025343 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Nova Scheduler service
parameters:
DockerNovaSchedulerImage:
description: image
type: string
DockerNovaConfigImage:
description: The container image to use for the nova config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
UpgradeRemoveUnusedPackages:
default: false
description: Remove package if the service is being disabled during upgrade
type: boolean
resources:
ContainersCommon:
type: ./containers-common.yaml
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
NovaSchedulerBase:
type: ../../puppet/services/nova-scheduler.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Nova Scheduler service.
value:
service_name: {get_attr: [NovaSchedulerBase, role_data, service_name]}
config_settings: {get_attr: [NovaSchedulerBase, role_data, config_settings]}
logging_source: {get_attr: [NovaSchedulerBase, role_data, logging_source]}
logging_groups: {get_attr: [NovaSchedulerBase, role_data, logging_groups]}
step_config: &step_config
list_join:
- "\n"
- - {get_attr: [NovaSchedulerBase, role_data, step_config]}
- {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [NovaSchedulerBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: nova
puppet_tags: nova_config
step_config: *step_config
config_image: {get_param: DockerNovaConfigImage}
kolla_config:
/var/lib/kolla/config_files/nova_scheduler.json:
command: /usr/bin/nova-scheduler
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/nova
owner: nova:nova
recurse: true
docker_config:
step_4:
nova_scheduler:
image: {get_param: DockerNovaSchedulerImage}
net: host
privileged: false
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/nova_scheduler.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro
- /run:/run
- /var/log/containers/nova:/var/log/nova
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent logs directory
file:
path: /var/log/containers/nova
state: directory
upgrade_tasks:
- name: Stop and disable nova_scheduler service
tags: step2
service: name=openstack-nova-scheduler state=stopped enabled=no
- name: Remove openstack-nova-scheduler package if operator requests it
yum: name=openstack-nova-scheduler state=removed
tags: step2
ignore_errors: True
when: {get_param: UpgradeRemoveUnusedPackages}
openstack-tripleo-heat-templates/docker/services/nova-vnc-proxy.yaml 0000644 0001750 0001750 00000010424 13245343355 025324 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Nova Vncproxy service
parameters:
DockerNovaVncProxyImage:
description: image
type: string
DockerNovaConfigImage:
description: The container image to use for the nova config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
UpgradeRemoveUnusedPackages:
default: false
description: Remove package if the service is being disabled during upgrade
type: boolean
resources:
ContainersCommon:
type: ./containers-common.yaml
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
NovaVncProxyPuppetBase:
type: ../../puppet/services/nova-vnc-proxy.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Nova Vncproxy service.
value:
service_name: {get_attr: [NovaVncProxyPuppetBase, role_data, service_name]}
config_settings: {get_attr: [NovaVncProxyPuppetBase, role_data, config_settings]}
logging_source: {get_attr: [NovaVncProxyPuppetBase, role_data, logging_source]}
logging_groups: {get_attr: [NovaVncProxyPuppetBase, role_data, logging_groups]}
step_config: &step_config
list_join:
- "\n"
- - {get_attr: [NovaVncProxyPuppetBase, role_data, step_config]}
- {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [NovaVncProxyPuppetBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: nova
puppet_tags: nova_config
step_config: *step_config
config_image: {get_param: DockerNovaConfigImage}
kolla_config:
/var/lib/kolla/config_files/nova_vnc_proxy.json:
command: /usr/bin/nova-novncproxy --web /usr/share/novnc/
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/nova
owner: nova:nova
recurse: true
docker_config:
step_4:
nova_vnc_proxy:
image: {get_param: DockerNovaVncProxyImage}
net: host
privileged: false
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/nova_vnc_proxy.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/nova:/var/log/nova
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent logs directory
file:
path: /var/log/containers/nova
state: directory
upgrade_tasks:
- name: Stop and disable nova_vnc_proxy service
tags: step2
service: name=openstack-nova-novncproxy state=stopped enabled=no
- name: Remove openstack-nova-novncproxy package if operator requests it
yum: name=openstack-nova-novncproxy state=removed
tags: step2
ignore_errors: True
when: {get_param: UpgradeRemoveUnusedPackages}
openstack-tripleo-heat-templates/docker/services/octavia-api.yaml 0000644 0001750 0001750 00000016326 13245343355 024622 0 ustar stack stack heat_template_version: pike
description: >
OpenStack Octavia service configured with Puppet
parameters:
DockerOctaviaApiImage:
description: image
type: string
DockerOctaviaConfigImage:
description: The container image to use for the octavia config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EnableInternalTLS:
type: boolean
default: false
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
ContainersCommon:
type: ./containers-common.yaml
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
OctaviaApiPuppetBase:
type: ../../puppet/services/octavia-api.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Octavia API role.
value:
service_name: {get_attr: [OctaviaApiPuppetBase, role_data, service_name]}
config_settings: {get_attr: [OctaviaApiPuppetBase, role_data, config_settings]}
logging_source: {get_attr: [OctaviaApiPuppetBase, role_data, logging_source]}
logging_groups: {get_attr: [OctaviaApiPuppetBase, role_data, logging_groups]}
step_config: &step_config
list_join:
- "\n"
- - {get_attr: [OctaviaApiPuppetBase, role_data, step_config]}
- {get_attr: [MySQLClient, role_data, step_config]}
service_config_settings: {get_attr: [OctaviaApiPuppetBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS #
puppet_config:
config_volume: octavia
puppet_tags: octavia_config
step_config: *step_config
config_image: {get_param: DockerOctaviaConfigImage}
kolla_config:
/var/lib/kolla/config_files/octavia_api.json:
command: /usr/bin/octavia-api --config-file /usr/share/octavia/octavia-dist.conf --config-file /etc/octavia/octavia.conf --log-file /var/log/octavia/api.log --config-dir /etc/octavia/conf.d/common --config-dir /etc/octavia/conf.d/octavia-api
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
/var/lib/kolla/config_files/octavia_api_tls_proxy.json:
command: /usr/sbin/httpd -DFOREGROUND
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
docker_config:
# Kolla_bootstrap/db_sync runs before permissions set by kolla_config
step_2:
octavia_api_init_dirs:
start_order: 0
image: &octavia_api_image {get_param: DockerOctaviaApiImage}
user: root
volumes:
# NOTE(mandre) we need extra dir for the service in /etc/octavia/conf.d
# It is normally created as part of the RPM install, but it is
# missing here because we use the same config_volume for all
# octavia services, hence the same container image to generate
# configuration.
- /var/lib/config-data/puppet-generated/octavia/etc/octavia:/etc/octavia/
- /var/log/containers/octavia:/var/log/octavia
- /var/log/containers/httpd/octavia-api:/var/log/httpd
command: ['/bin/bash', '-c', 'mkdir -p /etc/octavia/conf.d/octavia-api; chown -R octavia:octavia /etc/octavia/conf.d/octavia-api; chown -R octavia:octavia /var/log/octavia']
step_3:
octavia_db_sync:
start_order: 0
image: *octavia_api_image
net: host
privileged: false
detach: false
user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/octavia/etc/octavia/:/etc/octavia/:ro
- /var/log/containers/octavia:/var/log/octavia
- /var/log/containers/httpd/octavia-api:/var/log/httpd
command: "/usr/bin/bootstrap_host_exec octavia_api su octavia -s /bin/bash -c '/usr/bin/octavia-db-manage upgrade head'"
step_4:
map_merge:
- octavia_api:
start_order: 2
image: *octavia_api_image
net: host
privileged: false
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/octavia_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/octavia/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/octavia:/var/log/octavia
- /var/log/containers/httpd/octavia-api:/var/log/httpd
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
- if:
- internal_tls_enabled
- octavia_api_tls_proxy:
start_order: 2
image: *octavia_api_image
net: host
user: root
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/octavia_api_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/octavia/:/var/lib/kolla/config_files/src:ro
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
- {}
host_prep_tasks:
- name: create persistent logs directory
file:
path: "{{ item }}"
state: directory
with_items:
- /var/log/containers/octavia
- /var/log/containers/httpd/octavia-api
upgrade_tasks:
- name: Stop and disable octavia_api service
tags: step2
service: name=openstack-octavia-api state=stopped enabled=no
openstack-tripleo-heat-templates/docker/services/octavia-worker.yaml 0000644 0001750 0001750 00000011145 13245343355 025354 0 ustar stack stack heat_template_version: pike
description: >
OpenStack Octavia worker service configured with Puppet
parameters:
DockerOctaviaWorkerImage:
description: image
type: string
DockerOctaviaConfigImage:
description: The container image to use for the octavia config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
resources:
ContainersCommon:
type: ./containers-common.yaml
OctaviaWorkerPuppetBase:
type: ../../puppet/services/octavia-worker.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Octavia worker role.
value:
service_name: {get_attr: [OctaviaWorkerPuppetBase, role_data, service_name]}
config_settings: {get_attr: [OctaviaWorkerPuppetBase, role_data, config_settings]}
logging_source: {get_attr: [OctaviaWorkerPuppetBase, role_data, logging_source]}
logging_groups: {get_attr: [OctaviaWorkerPuppetBase, role_data, logging_groups]}
step_config: &step_config
get_attr: [OctaviaWorkerPuppetBase, role_data, step_config]
service_config_settings: {get_attr: [OctaviaWorkerPuppetBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS #
puppet_config:
config_volume: octavia
puppet_tags: octavia_config
step_config: *step_config
config_image: {get_param: DockerOctaviaConfigImage}
kolla_config:
/var/lib/kolla/config_files/octavia_worker.json:
command: /usr/bin/octavia-worker --config-file /usr/share/octavia/octavia-dist.conf --config-file /etc/octavia/octavia.conf --log-file /var/log/octavia/worker.log --config-dir /etc/octavia/conf.d/common --config-dir /etc/octavia/conf.d/octavia-worker
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
docker_config:
step_2:
octavia_worker_init_dirs:
start_order: 0
image: &octavia_worker_image {get_param: DockerOctaviaWorkerImage}
user: root
volumes:
# NOTE(mandre) we need extra dir for the service in /etc/octavia/conf.d
# It is normally created as part of the RPM install, but it is
# missing here because we use the same config_volume for all
# octavia services, hence the same container image to generate
# configuration.
- /var/lib/config-data/puppet-generated/octavia/etc/octavia:/etc/octavia/
command: ['/bin/bash', '-c', 'mkdir -p /etc/octavia/conf.d/octavia-worker; chown -R octavia:octavia /etc/octavia/conf.d/octavia-worker']
step_4:
octavia_worker:
start_order: 2
image: *octavia_worker_image
net: host
privileged: false
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/octavia_worker.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/octavia/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/octavia:/var/log/octavia
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent logs directory
file:
path: /var/log/containers/octavia
state: directory
upgrade_tasks:
- name: Stop and disable octavia_worker service
tags: step2
service: name=openstack-octavia-worker state=stopped enabled=no
openstack-tripleo-heat-templates/docker/services/octavia-health-manager.yaml 0000644 0001750 0001750 00000012300 13245343355 026712 0 ustar stack stack heat_template_version: pike
description: >
OpenStack Octavia health-manager service configured with Puppet
parameters:
DockerOctaviaHealthManagerImage:
description: image
type: string
DockerOctaviaConfigImage:
description: The container image to use for the octavia config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
UpgradeRemoveUnusedPackages:
default: false
description: Remove package if the service is being disabled during upgrade
type: boolean
resources:
ContainersCommon:
type: ./containers-common.yaml
OctaviaHealthManagerPuppetBase:
type: ../../puppet/services/octavia-health-manager.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Octavia health-manager role.
value:
service_name: {get_attr: [OctaviaHealthManagerPuppetBase, role_data, service_name]}
config_settings: {get_attr: [OctaviaHealthManagerPuppetBase, role_data, config_settings]}
logging_source: {get_attr: [OctaviaHealthManagerPuppetBase, role_data, logging_source]}
logging_groups: {get_attr: [OctaviaHealthManagerPuppetBase, role_data, logging_groups]}
step_config: &step_config
get_attr: [OctaviaHealthManagerPuppetBase, role_data, step_config]
service_config_settings: {get_attr: [OctaviaHealthManagerPuppetBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS #
puppet_config:
config_volume: octavia
puppet_tags: octavia_config
step_config: *step_config
config_image: {get_param: DockerOctaviaConfigImage}
kolla_config:
/var/lib/kolla/config_files/octavia_health_manager.json:
command: /usr/bin/octavia-health-manager --config-file /usr/share/octavia/octavia-dist.conf --config-file /etc/octavia/octavia.conf --log-file /var/log/octavia/health-manager.log --config-dir /etc/octavia/conf.d/common --config-dir /etc/octavia/conf.d/octavia-health-manager
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
docker_config:
step_2:
octavia_health_manager_init_dirs:
start_order: 0
image: &octavia_health_manager_image {get_param: DockerOctaviaHealthManagerImage}
user: root
volumes:
# NOTE(mandre) we need extra dir for the service in /etc/octavia/conf.d
# It is normally created as part of the RPM install, but it is
# missing here because we use the same config_volume for all
# octavia services, hence the same container image to generate
# configuration.
- /var/lib/config-data/puppet-generated/octavia/etc/octavia:/etc/octavia/
command: ['/bin/bash', '-c', 'mkdir -p /etc/octavia/conf.d/octavia-health-manager; chown -R octavia:octavia /etc/octavia/conf.d/octavia-health-manager']
step_4:
octavia_health_manager:
start_order: 2
image: *octavia_health_manager_image
net: host
privileged: false
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/octavia_health_manager.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/octavia/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/octavia:/var/log/octavia
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent logs directory
file:
path: /var/log/containers/octavia
state: directory
upgrade_tasks:
- name: Stop and disable octavia_health_manager service
tags: step2
service: name=openstack-octavia-health-manager state=stopped enabled=no
- name: Remove openstack-octavia-health-manager package if operator requests it
yum: name=openstack-octavia-health-manager state=removed
tags: step2
ignore_errors: True
when: {get_param: UpgradeRemoveUnusedPackages}
openstack-tripleo-heat-templates/docker/services/ovn-controller.yaml 0000644 0001750 0001750 00000007526 13245343355 025412 0 ustar stack stack heat_template_version: pike
description: >
OpenStack containerized Ovn Controller agent.
parameters:
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
DockerOvnControllerImage:
description: image
type: string
DockerOvnControllerConfigImage:
description: The container image to use for the ovn_controller config_volume
type: string
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
resources:
ContainersCommon:
type: ./containers-common.yaml
OvnControllerBase:
type: ../../puppet/services/ovn-controller.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Ovn Controller agent.
value:
service_name: {get_attr: [OvnControllerBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [OvnControllerBase, role_data, config_settings]
logging_source: {get_attr: [OvnControllerBase, role_data, logging_source]}
logging_groups: {get_attr: [OvnControllerBase, role_data, logging_groups]}
step_config: &step_config
get_attr: [OvnControllerBase, role_data, step_config]
service_config_settings: {get_attr: [OvnControllerBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
puppet_tags: vs_config
config_volume: ovn_controller
step_config: *step_config
config_image: {get_param: DockerOvnControllerConfigImage}
# We need to mount /run for puppet_config step. This is because
# puppet-vswitch runs the commands "ovs-vsctl set open_vswitch . external_ids:..."
# to configure the required parameters in ovs db which will be read
# by ovn-controller. And ovs-vsctl talks to the ovsdb-server (hosting conf.db)
# on the unix domain socket - /run/openvswitch/db.sock
volumes:
- /lib/modules:/lib/modules:ro
- /run/openvswitch:/run/openvswitch
kolla_config:
/var/lib/kolla/config_files/ovn_controller.json:
command: /usr/bin/ovn-controller --pidfile --log-file unix:/run/openvswitch/db.sock
permissions:
- path: /var/log/openvswitch
owner: root:root
recurse: true
docker_config:
step_4:
ovn_controller:
image: {get_param: DockerOvnControllerImage}
net: host
privileged: true
user: root
restart: always
volumes:
- /var/lib/kolla/config_files/ovn_controller.json:/var/lib/kolla/config_files/config.json:ro
- /lib/modules:/lib/modules:ro
- /run/openvswitch:/run/openvswitch
- /var/log/containers/openvswitch:/var/log/openvswitch
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
upgrade_tasks:
- name: Stop and disable ovn-controller service
tags: step2
service: name=ovn-controller state=stopped enabled=no
openstack-tripleo-heat-templates/docker/docker-puppet.pyc 0000644 0001750 0001750 00000030060 13245343355 023204 0 ustar stack stack ó
n Zc @ sJ d d l Z d d l Z d d l Z d d l Z d d l Z d d l Z d d l Z d d l Z d d l Z d d l Z d a
d „ Z d „ Z d „ Z
d „ Z d „ Z d „ Z e e j j d e j ƒ ƒ ƒ Z e ƒ Z e j d ƒ e j j d
d ƒ Z e j d e ƒ e e ƒ Z e j e ƒ Z Wd QXi Z xñe pGg D]ãZ e d k r`qHn e e e! ƒ r·e j d
ƒ e j d ƒ e j d ƒ e j d ƒ e j d g ƒ g Z n e d pÄd Z" e d pÔd Z# e d päd Z$ e d pôd Z% e&