Browse Source

step1: flatten nova service configuration

This change combines the previous puppet and docker files
into a single file that performs the docker service installation
and configuration. With this patch the baremetal version of
nova has been removed.

Change-Id: If8f4daa9127aa528a2088a978494f2d6d83106e2
changes/22/632522/15
Jill Rouleau 2 years ago
parent
commit
2bae8cc78a
15 changed files with 314 additions and 523 deletions
  1. +1
    -1
      ci/environments/scenario006-multinode-containers.yaml
  2. +1
    -1
      ci/environments/scenario012-multinode-containers.yaml
  3. +28
    -15
      deployment/nova/nova-consoleauth-container-puppet.yaml
  4. +26
    -8
      deployment/nova/nova-ironic-container-puppet.yaml
  5. +106
    -18
      deployment/nova/nova-metadata-container-puppet.yaml
  6. +35
    -12
      deployment/nova/nova-migration-target-container-puppet.yaml
  7. +107
    -21
      deployment/nova/nova-vnc-proxy-container-puppet.yaml
  8. +4
    -4
      environments/baremetal-services.yaml
  9. +1
    -1
      environments/computealt.yaml
  10. +1
    -1
      environments/services/ironic.yaml
  11. +4
    -4
      overcloud-resource-registry-puppet.j2.yaml
  12. +0
    -72
      puppet/services/nova-consoleauth.yaml
  13. +0
    -71
      puppet/services/nova-ironic.yaml
  14. +0
    -84
      puppet/services/nova-migration-target.yaml
  15. +0
    -210
      puppet/services/nova-vnc-proxy.yaml

+ 1
- 1
ci/environments/scenario006-multinode-containers.yaml View File

@ -1,7 +1,7 @@
resource_registry:
OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml
OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml
OS::TripleO::Services::NovaIronic: ../docker/services/nova-ironic.yaml
OS::TripleO::Services::NovaIronic: ../deployment/nova/nova-ironic-container-puppet.yaml
OS::TripleO::Services::IronicApi: ../deployment/ironic/ironic-api-container-puppet.yaml
OS::TripleO::Services::IronicConductor: ../deployment/ironic/ironic-conductor-container-puppet.yaml
OS::TripleO::Services::IronicPxe: ../deployment/ironic/ironic-pxe-container-puppet.yaml


+ 1
- 1
ci/environments/scenario012-multinode-containers.yaml View File

@ -1,7 +1,7 @@
resource_registry:
OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml
OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml
OS::TripleO::Services::NovaIronic: ../../docker/services/nova-ironic.yaml
OS::TripleO::Services::NovaIronic: ../../deployment/nova/nova-ironic-container-puppet.yaml
OS::TripleO::Services::IronicApi: ../../deployment/ironic/ironic-api-container-puppet.yaml
OS::TripleO::Services::IronicConductor: ../../deployment/ironic/ironic-conductor-container-puppet.yaml
OS::TripleO::Services::IronicPxe: ../../deployment/ironic/ironic-pxe-container-puppet.yaml


docker/services/nova-consoleauth.yaml → deployment/nova/nova-consoleauth-container-puppet.yaml View File


docker/services/nova-ironic.yaml → deployment/nova/nova-ironic-container-puppet.yaml View File


docker/services/nova-metadata.yaml → deployment/nova/nova-metadata-container-puppet.yaml View File


docker/services/nova-migration-target.yaml → deployment/nova/nova-migration-target-container-puppet.yaml View File


docker/services/nova-vnc-proxy.yaml → deployment/nova/nova-vnc-proxy-container-puppet.yaml View File


+ 4
- 4
environments/baremetal-services.yaml View File

@ -40,13 +40,13 @@ resource_registry:
OS::TripleO::Services::NovaApi: ../puppet/services/nova-api.yaml
OS::TripleO::Services::NovaCompute: ../puppet/services/nova-compute.yaml
OS::TripleO::Services::NovaConductor: ../puppet/services/nova-conductor.yaml
OS::TripleO::Services::NovaConsoleauth: ../puppet/services/nova-consoleauth.yaml
OS::TripleO::Services::NovaConsoleauth: ../deployment/nova/nova-consoleauth.yaml
OS::TripleO::Services::NovaLibvirt: ../puppet/services/nova-libvirt.yaml
OS::TripleO::Services::NovaMetadata: ../puppet/services/nova-metadata.yaml
OS::TripleO::Services::NovaMigrationTarget: ../puppet/services/nova-migration-target.yaml
OS::TripleO::Services::NovaMetadata: ../deployment/nova/nova-metadata-container-puppet.yaml
OS::TripleO::Services::NovaMigrationTarget: ../deployment/nova/nova-migration-target-container-puppet.yaml
OS::TripleO::Services::NovaPlacement: ../puppet/services/nova-placement.yaml
OS::TripleO::Services::NovaScheduler: ../puppet/services/nova-scheduler.yaml
OS::TripleO::Services::NovaVncProxy: ../puppet/services/nova-vnc-proxy.yaml
OS::TripleO::Services::NovaVncProxy: ../deployment/nova/nova-vnc-proxy-container-puppet.yaml
OS::TripleO::Services::PankoApi: ../deployment/panko/panko-api-container-puppet.yaml
OS::TripleO::Services::Qdr: OS::Heat::None
OS::TripleO::Services::RabbitMQ: ../puppet/services/rabbitmq.yaml


+ 1
- 1
environments/computealt.yaml View File

@ -10,7 +10,7 @@ resource_registry:
OS::TripleO::Services::IscsidAlt: ../deployment/iscsid/iscsid-container-puppet.yaml
OS::TripleO::Services::NovaComputeAlt: ../puppet/services/nova-compute.yaml
OS::TripleO::Services::NovaLibvirtAlt: ../puppet/services/nova-libvirt.yaml
OS::TripleO::Services::NovaMigrationTargetAlt: ../puppet/services/nova-migration-target.yaml
OS::TripleO::Services::NovaMigrationTargetAlt: ../deployment/nova/nova-migration-target-container-puppet.yaml
OS::TripleO::Services::SensuClientAlt: OS::Heat::None
# If enabling monitoring you'll need provide the following in a specific resource_registry
# OS::TripleO::Services::SensuClientAlt: ../puppet/services/monitoring/sensu-client.yaml


+ 1
- 1
environments/services/ironic.yaml View File

@ -5,5 +5,5 @@ resource_registry:
OS::TripleO::Services::IronicApi: ../../deployment/ironic/ironic-api-container-puppet.yaml
OS::TripleO::Services::IronicConductor: ../../deployment/ironic/ironic-conductor-container-puppet.yaml
OS::TripleO::Services::IronicPxe: ../../deployment/ironic/ironic-pxe-container-puppet.yaml
OS::TripleO::Services::NovaIronic: ../../docker/services/nova-ironic.yaml
OS::TripleO::Services::NovaIronic: ../../deployment/nova/nova-ironic-container-puppet.yaml
OS::TripleO::Services::IronicNeutronAgent: ../../deployment/ironic/ironic-neutron-agent-container-puppet.yaml

+ 4
- 4
overcloud-resource-registry-puppet.j2.yaml View File

@ -194,14 +194,14 @@ resource_registry:
OS::TripleO::Services::NovaApi: docker/services/nova-api.yaml
OS::TripleO::Services::NovaCompute: docker/services/nova-compute.yaml
OS::TripleO::Services::NovaConductor: docker/services/nova-conductor.yaml
OS::TripleO::Services::NovaConsoleauth: docker/services/nova-consoleauth.yaml
OS::TripleO::Services::NovaConsoleauth: deployment/nova/nova-consoleauth-container-puppet.yaml
OS::TripleO::Services::NovaLibvirt: docker/services/nova-libvirt.yaml
OS::TripleO::Services::NovaLibvirtGuests: puppet/services/nova-libvirt-guests.yaml
OS::TripleO::Services::NovaMetadata: docker/services/nova-metadata.yaml
OS::TripleO::Services::NovaMigrationTarget: docker/services/nova-migration-target.yaml
OS::TripleO::Services::NovaMetadata: deployment/nova/nova-metadata-container-puppet.yaml
OS::TripleO::Services::NovaMigrationTarget: deployment/nova/nova-migration-target-container-puppet.yaml
OS::TripleO::Services::NovaPlacement: docker/services/nova-placement.yaml
OS::TripleO::Services::NovaScheduler: docker/services/nova-scheduler.yaml
OS::TripleO::Services::NovaVncProxy: docker/services/nova-vnc-proxy.yaml
OS::TripleO::Services::NovaVncProxy: deployment/nova/nova-vnc-proxy-container-puppet.yaml
OS::TripleO::Services::Novajoin: OS::Heat::None
OS::TripleO::Services::ContainersLogrotateCrond: docker/services/logrotate-crond.yaml
OS::TripleO::Services::OpenShift::Master: OS::Heat::None


+ 0
- 72
puppet/services/nova-consoleauth.yaml View File

@ -1,72 +0,0 @@
heat_template_version: rocky
description: >
OpenStack Nova Consoleauth service configured with Puppet
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
MonitoringSubscriptionNovaConsoleauth:
default: 'overcloud-nova-consoleauth'
type: string
NovaConsoleauthLoggingSource:
type: json
default:
tag: openstack.nova.consoleauth
path: /var/log/nova/nova-consoleauth.log
resources:
NovaBase:
type: ./nova-base.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Nova Consoleauth service.
value:
service_name: nova_consoleauth
monitoring_subscription: {get_param: MonitoringSubscriptionNovaConsoleauth}
config_settings:
get_attr: [NovaBase, role_data, config_settings]
service_config_settings:
fluentd:
tripleo_fluentd_groups_nova_consoleauth:
- nova
tripleo_fluentd_sources_nova_consoleauth:
- {get_param: NovaConsoleauthLoggingSource}
step_config: |
include tripleo::profile::base::nova::consoleauth
upgrade_tasks:
- name: Stop nova_consoleauth service
when: step|int == 1
service: name=openstack-nova-consoleauth state=stopped

+ 0
- 71
puppet/services/nova-ironic.yaml View File

@ -1,71 +0,0 @@
heat_template_version: rocky
description: >
OpenStack Nova Compute service configured with Puppet and using Ironic
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
IronicPassword:
description: The password for the Ironic service and db account, used by the Ironic services
type: string
hidden: true
resources:
NovaBase:
type: ./nova-base.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Nova Compute service with Ironic.
value:
service_name: nova_ironic
config_settings:
map_merge:
- get_attr: [NovaBase, role_data, config_settings]
- nova::compute::force_config_drive: true
nova::compute::reserved_host_memory: '0'
nova::compute::vnc_enabled: false
nova::ironic::common::password: {get_param: IronicPassword}
nova::ironic::common::project_name: 'service'
nova::ironic::common::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
nova::ironic::common::username: 'ironic'
nova::ironic::common::api_endpoint: {get_param: [EndpointMap, IronicInternal, uri]}
nova::network::neutron::dhcp_domain: ''
step_config: |
include tripleo::profile::base::nova::compute::ironic
upgrade_tasks:
- name: Stop openstack-nova-compute service
when: step|int == 1
service: name=openstack-nova-compute state=stopped enabled=no

+ 0
- 84
puppet/services/nova-migration-target.yaml View File

@ -1,84 +0,0 @@
heat_template_version: rocky
description: >
OpenStack Nova migration target configured with Puppet
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
MigrationSshKey:
type: json
description: >
SSH key for migration.
Expects a dictionary with keys 'public_key' and 'private_key'.
Values should be identical to SSH public/private key files.
default:
public_key: ''
private_key: ''
MigrationSshPort:
default: 2022
description: Target port for migration over ssh
type: number
outputs:
role_data:
description: Role data for the Nova migration target service.
value:
service_name: nova_migration_target
config_settings:
tripleo::profile::base::nova::migration::target::ssh_authorized_keys:
- {get_param: [ MigrationSshKey, public_key ]}
tripleo::profile::base::nova::migration::target::ssh_localaddrs:
- "%{hiera('cold_migration_ssh_inbound_addr')}"
- "%{hiera('live_migration_ssh_inbound_addr')}"
live_migration_ssh_inbound_addr:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK:
get_param:
- ServiceNetMap
- str_replace:
template: "ROLENAMEHostnameResolveNetwork"
params:
ROLENAME: {get_param: RoleName}
cold_migration_ssh_inbound_addr:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
tripleo::profile::base::sshd::port:
- 22
- {get_param: MigrationSshPort}
tripleo::nova_migration_target::firewall_rules:
'113 nova_migration_target':
dport:
- {get_param: MigrationSshPort}
step_config: |
include tripleo::profile::base::nova::migration::target

+ 0
- 210
puppet/services/nova-vnc-proxy.yaml View File

@ -1,210 +0,0 @@
heat_template_version: rocky
description: >
OpenStack Nova Vncproxy service configured with Puppet
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
StackUpdateType:
type: string
description: >
Type of update, to differentiate between UPGRADE and UPDATE cases
when StackAction is UPDATE (both are the same stack action).
constraints:
- allowed_values: ['', 'UPGRADE', 'FASTFORWARDUPGRADE']
default: ''
MonitoringSubscriptionNovaVNCProxy:
default: 'overcloud-nova-vncproxy'
type: string
NovaVncproxyLoggingSource:
type: json
default:
tag: openstack.nova.vncproxy
path: /var/log/nova/nova-vncproxy.log
EnableInternalTLS:
type: boolean
default: false
UseTLSTransportForVnc:
type: boolean
default: true
description: If set to true and if EnableInternalTLS is enabled, it will
enable TLS transaport for libvirt VNC and configure the
relevant keys for libvirt.
InternalTLSVncCAFile:
default: '/etc/pki/CA/certs/vnc.crt'
type: string
description: Specifies the CA cert to use for VNC TLS.
LibvirtVncCACert:
type: string
default: ''
description: This specifies the CA certificate to use for VNC TLS.
This file will be symlinked to the default CA path,
which is /etc/pki/libvirt-vnc/ca-cert.pem.
This parameter should be used if the default (which comes from
the InternalTLSVncCAFile parameter) is not desired. The current
default reflects TripleO's default CA, which is FreeIPA.
It will only be used if internal TLS is enabled.
conditions:
use_tls_for_vnc:
and:
- equals:
- {get_param: EnableInternalTLS}
- true
- equals:
- {get_param: UseTLSTransportForVnc}
- true
libvirt_vnc_specific_ca_unset:
equals:
- {get_param: LibvirtVncCACert}
- ''
allow_noauth:
# Allow noauth VNC connections during P->Q upgrade. Remove in Rocky.
equals: [{get_param: StackUpdateType}, 'UPGRADE']
resources:
NovaBase:
type: ./nova-base.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Nova Vncproxy service.
value:
service_name: nova_vnc_proxy
monitoring_subscription: {get_param: MonitoringSubscriptionNovaVNCProxy}
config_settings:
map_merge:
- get_attr: [NovaBase, role_data, config_settings]
- nova::vncproxy::enabled: true
nova::vncproxy::common::vncproxy_protocol: {get_param: [EndpointMap, NovaVNCProxyPublic, protocol]}
nova::vncproxy::common::vncproxy_host: {get_param: [EndpointMap, NovaVNCProxyPublic, host_nobrackets]}
nova::vncproxy::common::vncproxy_port: {get_param: [EndpointMap, NovaVNCProxyPublic, port]}
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
nova::vncproxy::host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
tripleo::nova_vnc_proxy::firewall_rules:
'137 nova_vnc_proxy':
dport:
- 6080
- 13080
-
if:
- use_tls_for_vnc
-
nova::vncproxy::allow_vencrypt: true
nova::vncproxy::allow_noauth: {if: [allow_noauth, true, false]}
nova::vncproxy::vencrypt_key: /etc/pki/libvirt-vnc/client-key.pem
nova::vncproxy::vencrypt_cert: /etc/pki/libvirt-vnc/client-cert.pem
nova::vncproxy::vencrypt_ca: /etc/pki/libvirt-vnc/ca-cert.pem
nova::ssl_only: true
nova::cert: /etc/pki/tls/certs/novnc_proxy.crt
nova::key: /etc/pki/tls/private/novnc_proxy.key
generate_service_certificates: true
tripleo::certmonger::ca::libvirt_vnc::origin_ca_pem:
if:
- libvirt_vnc_specific_ca_unset
- get_param: InternalTLSVncCAFile
- get_param: LibvirtVncCACert
tripleo::certmonger::libvirt_vnc_dirs::certificate_dir: '/etc/pki/libvirt-vnc'
libvirt_vnc_certificates_specs:
libvirt-vnc-client-cert:
cacertfile:
if:
- libvirt_vnc_specific_ca_unset
- get_param: InternalTLSVncCAFile
- null
service_certificate: '/etc/pki/libvirt-vnc/client-cert.pem'
service_key: '/etc/pki/libvirt-vnc/client-key.pem'
notify_service: '%{::nova::params::vncproxy_service_name}'
hostname:
str_replace:
template: "%{hiera('fqdn_NETWORK')}"
params:
NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
principal:
str_replace:
template: "libvirt-vnc/%{hiera('fqdn_NETWORK')}"
params:
NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
novnc_proxy_certificates_specs:
service_certificate: '/etc/pki/tls/certs/novnc_proxy.crt'
service_key: '/etc/pki/tls/private/novnc_proxy.key'
hostname:
str_replace:
template: "%{hiera('fqdn_NETWORK')}"
params:
NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
principal:
str_replace:
template: "novnc-proxy/%{hiera('fqdn_NETWORK')}"
params:
NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
postsave_cmd: "/usr/bin/certmonger-novnc-proxy-refresh.sh"
- {}
service_config_settings:
fluentd:
tripleo_fluentd_groups_nova_vnc_proxy:
- nova
tripleo_fluentd_sources_nova_vnc_proxy:
- {get_param: NovaVncproxyLoggingSource}
step_config: |
include tripleo::profile::base::nova::vncproxy
upgrade_tasks:
- name: Stop nova_vnc_proxy service
when: step|int == 1
service: name=openstack-nova-consoleauth state=stopped
metadata_settings:
if:
- use_tls_for_vnc
-
- service: libvirt-vnc
network: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
type: node
- service: novnc-proxy
network: {get_param: [ServiceNetMap, NovaApiNetwork]}
type: node
- null

Loading…
Cancel
Save