step1: flatten nova service configuration
This change combines the previous puppet and docker files into a single file that performs the docker service installation and configuration. With this patch the baremetal version of nova has been removed. Change-Id: If8f4daa9127aa528a2088a978494f2d6d83106e2
This commit is contained in:
parent
70296a027d
commit
2bae8cc78a
|
@ -1,7 +1,7 @@
|
||||||
resource_registry:
|
resource_registry:
|
||||||
OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml
|
OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml
|
||||||
OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml
|
OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml
|
||||||
OS::TripleO::Services::NovaIronic: ../docker/services/nova-ironic.yaml
|
OS::TripleO::Services::NovaIronic: ../deployment/nova/nova-ironic-container-puppet.yaml
|
||||||
OS::TripleO::Services::IronicApi: ../deployment/ironic/ironic-api-container-puppet.yaml
|
OS::TripleO::Services::IronicApi: ../deployment/ironic/ironic-api-container-puppet.yaml
|
||||||
OS::TripleO::Services::IronicConductor: ../deployment/ironic/ironic-conductor-container-puppet.yaml
|
OS::TripleO::Services::IronicConductor: ../deployment/ironic/ironic-conductor-container-puppet.yaml
|
||||||
OS::TripleO::Services::IronicPxe: ../deployment/ironic/ironic-pxe-container-puppet.yaml
|
OS::TripleO::Services::IronicPxe: ../deployment/ironic/ironic-pxe-container-puppet.yaml
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
resource_registry:
|
resource_registry:
|
||||||
OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml
|
OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml
|
||||||
OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml
|
OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml
|
||||||
OS::TripleO::Services::NovaIronic: ../../docker/services/nova-ironic.yaml
|
OS::TripleO::Services::NovaIronic: ../../deployment/nova/nova-ironic-container-puppet.yaml
|
||||||
OS::TripleO::Services::IronicApi: ../../deployment/ironic/ironic-api-container-puppet.yaml
|
OS::TripleO::Services::IronicApi: ../../deployment/ironic/ironic-api-container-puppet.yaml
|
||||||
OS::TripleO::Services::IronicConductor: ../../deployment/ironic/ironic-conductor-container-puppet.yaml
|
OS::TripleO::Services::IronicConductor: ../../deployment/ironic/ironic-conductor-container-puppet.yaml
|
||||||
OS::TripleO::Services::IronicPxe: ../../deployment/ironic/ironic-pxe-container-puppet.yaml
|
OS::TripleO::Services::IronicPxe: ../../deployment/ironic/ironic-pxe-container-puppet.yaml
|
||||||
|
|
|
@ -45,43 +45,51 @@ parameters:
|
||||||
default: false
|
default: false
|
||||||
description: Remove package if the service is being disabled during upgrade
|
description: Remove package if the service is being disabled during upgrade
|
||||||
type: boolean
|
type: boolean
|
||||||
|
MonitoringSubscriptionNovaConsoleauth:
|
||||||
|
default: 'overcloud-nova-consoleauth'
|
||||||
|
type: string
|
||||||
|
RpcPort:
|
||||||
|
default: 5672
|
||||||
|
description: The network port for messaging backend
|
||||||
|
type: number
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
|
|
||||||
ContainersCommon:
|
ContainersCommon:
|
||||||
type: ./containers-common.yaml
|
type: ../../docker/services/containers-common.yaml
|
||||||
|
|
||||||
MySQLClient:
|
MySQLClient:
|
||||||
type: ../../deployment/database/mysql-client.yaml
|
type: ../../deployment/database/mysql-client.yaml
|
||||||
|
|
||||||
NovaConsoleauthPuppetBase:
|
|
||||||
type: ../../puppet/services/nova-consoleauth.yaml
|
|
||||||
properties:
|
|
||||||
EndpointMap: {get_param: EndpointMap}
|
|
||||||
ServiceData: {get_param: ServiceData}
|
|
||||||
ServiceNetMap: {get_param: ServiceNetMap}
|
|
||||||
DefaultPasswords: {get_param: DefaultPasswords}
|
|
||||||
RoleName: {get_param: RoleName}
|
|
||||||
RoleParameters: {get_param: RoleParameters}
|
|
||||||
|
|
||||||
NovaLogging:
|
NovaLogging:
|
||||||
type: OS::TripleO::Services::Logging::NovaCommon
|
type: OS::TripleO::Services::Logging::NovaCommon
|
||||||
properties:
|
properties:
|
||||||
DockerNovaImage: {get_param: DockerNovaConsoleauthImage}
|
DockerNovaImage: {get_param: DockerNovaConsoleauthImage}
|
||||||
NovaServiceName: 'consoleauth'
|
NovaServiceName: 'consoleauth'
|
||||||
|
|
||||||
|
NovaBase:
|
||||||
|
type: ../../puppet/services/nova-base.yaml
|
||||||
|
properties:
|
||||||
|
ServiceData: {get_param: ServiceData}
|
||||||
|
ServiceNetMap: {get_param: ServiceNetMap}
|
||||||
|
DefaultPasswords: {get_param: DefaultPasswords}
|
||||||
|
EndpointMap: {get_param: EndpointMap}
|
||||||
|
RoleName: {get_param: RoleName}
|
||||||
|
RoleParameters: {get_param: RoleParameters}
|
||||||
|
|
||||||
outputs:
|
outputs:
|
||||||
role_data:
|
role_data:
|
||||||
description: Role data for the Nova Consoleauth service.
|
description: Role data for the Nova Consoleauth service.
|
||||||
value:
|
value:
|
||||||
service_name: {get_attr: [NovaConsoleauthPuppetBase, role_data, service_name]}
|
service_name: nova_consoleauth
|
||||||
|
monitoring_subscription: {get_param: MonitoringSubscriptionNovaConsoleauth}
|
||||||
config_settings:
|
config_settings:
|
||||||
map_merge:
|
map_merge:
|
||||||
- {get_attr: [NovaConsoleauthPuppetBase, role_data, config_settings]}
|
- {get_attr: [NovaBase, role_data, config_settings]}
|
||||||
- {get_attr: [NovaLogging, config_settings]}
|
- {get_attr: [NovaLogging, config_settings]}
|
||||||
service_config_settings:
|
service_config_settings:
|
||||||
map_merge:
|
map_merge:
|
||||||
- get_attr: [NovaConsoleauthPuppetBase, role_data, service_config_settings]
|
- get_attr: [NovaBase, role_data, service_config_settings]
|
||||||
- fluentd:
|
- fluentd:
|
||||||
tripleo_fluentd_groups_nova_consoleauth:
|
tripleo_fluentd_groups_nova_consoleauth:
|
||||||
- nova
|
- nova
|
||||||
|
@ -94,7 +102,7 @@ outputs:
|
||||||
step_config:
|
step_config:
|
||||||
list_join:
|
list_join:
|
||||||
- "\n"
|
- "\n"
|
||||||
- - {get_attr: [NovaConsoleauthPuppetBase, role_data, step_config]}
|
- - include tripleo::profile::base::nova::consoleauth
|
||||||
- {get_attr: [MySQLClient, role_data, step_config]}
|
- {get_attr: [MySQLClient, role_data, step_config]}
|
||||||
config_image: {get_param: DockerNovaConfigImage}
|
config_image: {get_param: DockerNovaConfigImage}
|
||||||
kolla_config:
|
kolla_config:
|
||||||
|
@ -113,6 +121,8 @@ outputs:
|
||||||
- path: /var/log/nova
|
- path: /var/log/nova
|
||||||
owner: nova:nova
|
owner: nova:nova
|
||||||
recurse: true
|
recurse: true
|
||||||
|
step_config: |
|
||||||
|
include tripleo::profile::base::nova::consoleauth
|
||||||
docker_config:
|
docker_config:
|
||||||
step_4:
|
step_4:
|
||||||
nova_consoleauth:
|
nova_consoleauth:
|
||||||
|
@ -128,7 +138,7 @@ outputs:
|
||||||
- yaql:
|
- yaql:
|
||||||
expression: str($.data.port)
|
expression: str($.data.port)
|
||||||
data:
|
data:
|
||||||
port: {get_attr: [NovaConsoleauthPuppetBase, role_data, config_settings, 'nova::rabbit_port']}
|
port: {get_param: RpcPort}
|
||||||
volumes:
|
volumes:
|
||||||
list_concat:
|
list_concat:
|
||||||
- {get_attr: [ContainersCommon, volumes]}
|
- {get_attr: [ContainersCommon, volumes]}
|
||||||
|
@ -147,6 +157,9 @@ outputs:
|
||||||
persistent: yes
|
persistent: yes
|
||||||
state: yes
|
state: yes
|
||||||
upgrade_tasks:
|
upgrade_tasks:
|
||||||
|
- name: Stop nova_consoleauth service
|
||||||
|
when: step|int == 1
|
||||||
|
service: name=openstack-nova-consoleauth state=stopped
|
||||||
- when: step|int == 3
|
- when: step|int == 3
|
||||||
block:
|
block:
|
||||||
- name: Set fact for removal of openstack-nova-console package
|
- name: Set fact for removal of openstack-nova-console package
|
|
@ -40,17 +40,21 @@ parameters:
|
||||||
default: false
|
default: false
|
||||||
description: Remove package if the service is being disabled during upgrade
|
description: Remove package if the service is being disabled during upgrade
|
||||||
type: boolean
|
type: boolean
|
||||||
|
IronicPassword:
|
||||||
|
description: The password for the Ironic service and db account, used by the Ironic services
|
||||||
|
type: string
|
||||||
|
hidden: true
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
|
|
||||||
ContainersCommon:
|
ContainersCommon:
|
||||||
type: ./containers-common.yaml
|
type: ../../docker/services/containers-common.yaml
|
||||||
|
|
||||||
MySQLClient:
|
MySQLClient:
|
||||||
type: ../../deployment/database/mysql-client.yaml
|
type: ../../deployment/database/mysql-client.yaml
|
||||||
|
|
||||||
NovaComputeCommon:
|
NovaComputeCommon:
|
||||||
type: ./nova-compute-common.yaml
|
type: ../../docker/services/nova-compute-common.yaml
|
||||||
properties:
|
properties:
|
||||||
EndpointMap: {get_param: EndpointMap}
|
EndpointMap: {get_param: EndpointMap}
|
||||||
ServiceData: {get_param: ServiceData}
|
ServiceData: {get_param: ServiceData}
|
||||||
|
@ -59,8 +63,8 @@ resources:
|
||||||
RoleName: {get_param: RoleName}
|
RoleName: {get_param: RoleName}
|
||||||
RoleParameters: {get_param: RoleParameters}
|
RoleParameters: {get_param: RoleParameters}
|
||||||
|
|
||||||
NovaIronicBase:
|
NovaBase:
|
||||||
type: ../../puppet/services/nova-ironic.yaml
|
type: ../../puppet/services/nova-base.yaml
|
||||||
properties:
|
properties:
|
||||||
ServiceData: {get_param: ServiceData}
|
ServiceData: {get_param: ServiceData}
|
||||||
ServiceNetMap: {get_param: ServiceNetMap}
|
ServiceNetMap: {get_param: ServiceNetMap}
|
||||||
|
@ -73,15 +77,26 @@ outputs:
|
||||||
role_data:
|
role_data:
|
||||||
description: Role data for the Nova Compute service.
|
description: Role data for the Nova Compute service.
|
||||||
value:
|
value:
|
||||||
service_name: {get_attr: [NovaIronicBase, role_data, service_name]}
|
service_name: nova_ironic
|
||||||
config_settings: {get_attr: [NovaIronicBase, role_data, config_settings]}
|
config_settings:
|
||||||
|
map_merge:
|
||||||
|
- get_attr: [NovaBase, role_data, config_settings]
|
||||||
|
- nova::compute::force_config_drive: true
|
||||||
|
nova::compute::reserved_host_memory: '0'
|
||||||
|
nova::compute::vnc_enabled: false
|
||||||
|
nova::ironic::common::password: {get_param: IronicPassword}
|
||||||
|
nova::ironic::common::project_name: 'service'
|
||||||
|
nova::ironic::common::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||||
|
nova::ironic::common::username: 'ironic'
|
||||||
|
nova::ironic::common::api_endpoint: {get_param: [EndpointMap, IronicInternal, uri]}
|
||||||
|
nova::network::neutron::dhcp_domain: ''
|
||||||
puppet_config:
|
puppet_config:
|
||||||
config_volume: nova
|
config_volume: nova
|
||||||
puppet_tags: nova_config,nova_paste_api_ini
|
puppet_tags: nova_config,nova_paste_api_ini
|
||||||
step_config:
|
step_config:
|
||||||
list_join:
|
list_join:
|
||||||
- "\n"
|
- "\n"
|
||||||
- - {get_attr: [NovaIronicBase, role_data, step_config]}
|
- - include tripleo::profile::base::nova::compute::ironic
|
||||||
- {get_attr: [MySQLClient, role_data, step_config]}
|
- {get_attr: [MySQLClient, role_data, step_config]}
|
||||||
config_image: {get_param: DockerNovaConfigImage}
|
config_image: {get_param: DockerNovaConfigImage}
|
||||||
kolla_config:
|
kolla_config:
|
||||||
|
@ -131,7 +146,7 @@ outputs:
|
||||||
- yaql:
|
- yaql:
|
||||||
expression: str($.data.port)
|
expression: str($.data.port)
|
||||||
data:
|
data:
|
||||||
port: {get_attr: [NovaIronicBase, role_data, config_settings, 'nova::rabbit_port']}
|
port: {get_attr: [NovaBase, role_data, config_settings, 'nova::rabbit_port']}
|
||||||
volumes:
|
volumes:
|
||||||
list_concat:
|
list_concat:
|
||||||
- {get_attr: [ContainersCommon, volumes]}
|
- {get_attr: [ContainersCommon, volumes]}
|
||||||
|
@ -184,6 +199,9 @@ outputs:
|
||||||
persistent: yes
|
persistent: yes
|
||||||
state: yes
|
state: yes
|
||||||
upgrade_tasks:
|
upgrade_tasks:
|
||||||
|
- name: Stop openstack-nova-compute service
|
||||||
|
when: step|int == 1
|
||||||
|
service: name=openstack-nova-compute state=stopped enabled=no
|
||||||
- when: step|int == 3
|
- when: step|int == 3
|
||||||
block:
|
block:
|
||||||
- name: Set fact for removal of openstack-nova-compute package
|
- name: Set fact for removal of openstack-nova-compute package
|
|
@ -48,40 +48,73 @@ parameters:
|
||||||
default: false
|
default: false
|
||||||
description: When true we create the NAT rule for the metadata service
|
description: When true we create the NAT rule for the metadata service
|
||||||
type: boolean
|
type: boolean
|
||||||
|
NovaWorkers:
|
||||||
|
default: 0
|
||||||
|
description: Number of workers for Nova services.
|
||||||
|
type: number
|
||||||
|
NovaPassword:
|
||||||
|
description: The password for the nova service and db account
|
||||||
|
type: string
|
||||||
|
hidden: true
|
||||||
|
KeystoneRegion:
|
||||||
|
type: string
|
||||||
|
default: 'regionOne'
|
||||||
|
description: Keystone region for endpoint
|
||||||
|
NeutronMetadataProxySharedSecret:
|
||||||
|
description: Shared secret to prevent spoofing
|
||||||
|
type: string
|
||||||
|
hidden: true
|
||||||
|
MonitoringSubscriptionNovaMetadata:
|
||||||
|
default: 'overcloud-nova-metadata'
|
||||||
|
type: string
|
||||||
|
|
||||||
conditions:
|
conditions:
|
||||||
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
||||||
need_metadata_nat_rule: {equals: [{get_param: MetadataNATRule}, true]}
|
need_metadata_nat_rule: {equals: [{get_param: MetadataNATRule}, true]}
|
||||||
|
nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]}
|
||||||
|
is_neutron_shared_metadata_notempty: {not: {equals: [{get_param: NeutronMetadataProxySharedSecret}, '']}}
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
|
|
||||||
ContainersCommon:
|
ContainersCommon:
|
||||||
type: ./containers-common.yaml
|
type: ../../docker/services/containers-common.yaml
|
||||||
|
|
||||||
MySQLClient:
|
MySQLClient:
|
||||||
type: ../../deployment/database/mysql-client.yaml
|
type: ../../deployment/database/mysql-client.yaml
|
||||||
|
|
||||||
NovaMetadataBase:
|
NovaMetadataLogging:
|
||||||
type: ../../puppet/services/nova-metadata.yaml
|
type: OS::TripleO::Services::Logging::NovaMetadata
|
||||||
|
|
||||||
|
ApacheServiceBase:
|
||||||
|
type: ../../puppet/services/apache.yaml
|
||||||
properties:
|
properties:
|
||||||
EndpointMap: {get_param: EndpointMap}
|
|
||||||
ServiceData: {get_param: ServiceData}
|
ServiceData: {get_param: ServiceData}
|
||||||
ServiceNetMap: {get_param: ServiceNetMap}
|
ServiceNetMap: {get_param: ServiceNetMap}
|
||||||
DefaultPasswords: {get_param: DefaultPasswords}
|
DefaultPasswords: {get_param: DefaultPasswords}
|
||||||
|
EndpointMap: {get_param: EndpointMap}
|
||||||
RoleName: {get_param: RoleName}
|
RoleName: {get_param: RoleName}
|
||||||
RoleParameters: {get_param: RoleParameters}
|
RoleParameters: {get_param: RoleParameters}
|
||||||
|
EnableInternalTLS: {get_param: EnableInternalTLS}
|
||||||
|
|
||||||
NovaMetadataLogging:
|
NovaBase:
|
||||||
type: OS::TripleO::Services::Logging::NovaMetadata
|
type: ../../puppet/services/nova-base.yaml
|
||||||
|
properties:
|
||||||
|
ServiceData: {get_param: ServiceData}
|
||||||
|
ServiceNetMap: {get_param: ServiceNetMap}
|
||||||
|
DefaultPasswords: {get_param: DefaultPasswords}
|
||||||
|
EndpointMap: {get_param: EndpointMap}
|
||||||
|
RoleName: {get_param: RoleName}
|
||||||
|
RoleParameters: {get_param: RoleParameters}
|
||||||
|
|
||||||
outputs:
|
outputs:
|
||||||
role_data:
|
role_data:
|
||||||
description: Role data for the Nova Metadata service.
|
description: Role data for the Nova Metadata service.
|
||||||
value:
|
value:
|
||||||
service_name: {get_attr: [NovaMetadataBase, role_data, service_name]}
|
service_name: nova_metadata
|
||||||
config_settings:
|
config_settings:
|
||||||
map_merge:
|
map_merge:
|
||||||
- get_attr: [NovaMetadataBase, role_data, config_settings]
|
- get_attr: [NovaBase, role_data, config_settings]
|
||||||
|
- get_attr: [ApacheServiceBase, role_data, config_settings]
|
||||||
- get_attr: [NovaMetadataLogging, config_settings]
|
- get_attr: [NovaMetadataLogging, config_settings]
|
||||||
- apache::default_vhost: false
|
- apache::default_vhost: false
|
||||||
- tripleo::nova_metadata::firewall_rules:
|
- tripleo::nova_metadata::firewall_rules:
|
||||||
|
@ -98,14 +131,71 @@ outputs:
|
||||||
extras:
|
extras:
|
||||||
toports: 8775
|
toports: 8775
|
||||||
- {}
|
- {}
|
||||||
|
- tripleo::nova_placement::firewall_rules:
|
||||||
|
'139 nova_metadata':
|
||||||
|
dport:
|
||||||
|
- 8775
|
||||||
|
- 13775
|
||||||
|
nova::keystone::authtoken::project_name: 'service'
|
||||||
|
nova::keystone::authtoken::password: {get_param: NovaPassword}
|
||||||
|
nova::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||||
|
nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
|
||||||
|
nova::metadata::enable_proxy_headers_parsing: true
|
||||||
|
nova_metadata_wsgi_enabled: true
|
||||||
|
nova::wsgi::apache_metadata::api_port: '8775'
|
||||||
|
nova::wsgi::apache_metadata::ssl: {get_param: EnableInternalTLS}
|
||||||
|
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
|
||||||
|
# for the given network; replacement examples (eg. for internal_api):
|
||||||
|
# internal_api -> IP
|
||||||
|
# internal_api_uri -> [IP]
|
||||||
|
# internal_api_subnet - > IP/CIDR
|
||||||
|
nova::wsgi::apache_metadata::bind_host:
|
||||||
|
str_replace:
|
||||||
|
template:
|
||||||
|
"%{hiera('$NETWORK')}"
|
||||||
|
params:
|
||||||
|
$NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]}
|
||||||
|
nova::wsgi::apache_metadata::servername:
|
||||||
|
str_replace:
|
||||||
|
template:
|
||||||
|
"%{hiera('fqdn_$NETWORK')}"
|
||||||
|
params:
|
||||||
|
$NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]}
|
||||||
|
-
|
||||||
|
if:
|
||||||
|
- nova_workers_zero
|
||||||
|
- {}
|
||||||
|
- nova::wsgi::apache_metadata::workers: {get_param: NovaWorkers}
|
||||||
|
-
|
||||||
|
if:
|
||||||
|
- is_neutron_shared_metadata_notempty
|
||||||
|
- nova::metadata::neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
|
||||||
|
- {}
|
||||||
service_config_settings:
|
service_config_settings:
|
||||||
map_merge:
|
fluentd:
|
||||||
- get_attr: [NovaMetadataBase, role_data, service_config_settings]
|
tripleo_fluentd_groups_nova_metadata:
|
||||||
- fluentd:
|
- nova
|
||||||
tripleo_fluentd_groups_nova_metadata:
|
tripleo_fluentd_sources_nova_metadata:
|
||||||
- nova
|
- {get_param: NovaMetadataLoggingSource}
|
||||||
tripleo_fluentd_sources_nova_metadata:
|
keystone:
|
||||||
- {get_param: NovaMetadataLoggingSource}
|
nova::keystone::auth::tenant: 'service'
|
||||||
|
nova::keystone::auth::public_url: {get_param: [EndpointMap, NovaPublic, uri]}
|
||||||
|
nova::keystone::auth::internal_url: {get_param: [EndpointMap, NovaInternal, uri]}
|
||||||
|
nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]}
|
||||||
|
nova::keystone::auth::password: {get_param: NovaPassword}
|
||||||
|
nova::keystone::auth::region: {get_param: KeystoneRegion}
|
||||||
|
mysql:
|
||||||
|
map_merge:
|
||||||
|
- {get_attr: [NovaBase, role_data, service_config_settings, mysql]}
|
||||||
|
- nova::db::mysql_api::password: {get_param: NovaPassword}
|
||||||
|
nova::db::mysql_api::user: nova_api
|
||||||
|
nova::db::mysql_api::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
|
||||||
|
nova::db::mysql_api::dbname: nova_api
|
||||||
|
nova::db::mysql_api::allowed_hosts:
|
||||||
|
- '%'
|
||||||
|
- "%{hiera('mysql_bind_host')}"
|
||||||
|
step_config: |
|
||||||
|
include tripleo::profile::base::nova::metadata
|
||||||
# BEGIN DOCKER SETTINGS
|
# BEGIN DOCKER SETTINGS
|
||||||
puppet_config:
|
puppet_config:
|
||||||
config_volume: nova_metadata
|
config_volume: nova_metadata
|
||||||
|
@ -113,7 +203,7 @@ outputs:
|
||||||
step_config:
|
step_config:
|
||||||
list_join:
|
list_join:
|
||||||
- "\n"
|
- "\n"
|
||||||
- - {get_attr: [NovaMetadataBase, role_data, step_config]}
|
- - include tripleo::profile::base::nova::metadata
|
||||||
- {get_attr: [MySQLClient, role_data, step_config]}
|
- {get_attr: [MySQLClient, role_data, step_config]}
|
||||||
config_image: {get_param: DockerNovaMetadataConfigImage}
|
config_image: {get_param: DockerNovaMetadataConfigImage}
|
||||||
kolla_config:
|
kolla_config:
|
||||||
|
@ -163,8 +253,6 @@ outputs:
|
||||||
- ''
|
- ''
|
||||||
environment:
|
environment:
|
||||||
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
||||||
metadata_settings:
|
|
||||||
get_attr: [NovaMetadataBase, role_data, metadata_settings]
|
|
||||||
host_prep_tasks: {get_attr: [NovaMetadataLogging, host_prep_tasks]}
|
host_prep_tasks: {get_attr: [NovaMetadataLogging, host_prep_tasks]}
|
||||||
post_upgrade_tasks:
|
post_upgrade_tasks:
|
||||||
- when: step|int == 1
|
- when: step|int == 1
|
|
@ -68,7 +68,7 @@ conditions:
|
||||||
resources:
|
resources:
|
||||||
|
|
||||||
ContainersCommon:
|
ContainersCommon:
|
||||||
type: ./containers-common.yaml
|
type: ../../docker/services/containers-common.yaml
|
||||||
|
|
||||||
SshdBase:
|
SshdBase:
|
||||||
type: ../../deployment/sshd/sshd-baremetal-puppet.yaml
|
type: ../../deployment/sshd/sshd-baremetal-puppet.yaml
|
||||||
|
@ -79,15 +79,6 @@ resources:
|
||||||
RoleName: {get_param: RoleName}
|
RoleName: {get_param: RoleName}
|
||||||
RoleParameters: {get_param: RoleParameters}
|
RoleParameters: {get_param: RoleParameters}
|
||||||
|
|
||||||
NovaMigrationTargetBase:
|
|
||||||
type: ../../puppet/services/nova-migration-target.yaml
|
|
||||||
properties:
|
|
||||||
EndpointMap: {get_param: EndpointMap}
|
|
||||||
ServiceNetMap: {get_param: ServiceNetMap}
|
|
||||||
DefaultPasswords: {get_param: DefaultPasswords}
|
|
||||||
RoleName: {get_param: RoleName}
|
|
||||||
RoleParameters: {get_param: RoleParameters}
|
|
||||||
|
|
||||||
outputs:
|
outputs:
|
||||||
role_data:
|
role_data:
|
||||||
description: Role data for the Nova Migration Target service.
|
description: Role data for the Nova Migration Target service.
|
||||||
|
@ -96,7 +87,39 @@ outputs:
|
||||||
config_settings:
|
config_settings:
|
||||||
map_merge:
|
map_merge:
|
||||||
- get_attr: [SshdBase, role_data, config_settings]
|
- get_attr: [SshdBase, role_data, config_settings]
|
||||||
- get_attr: [NovaMigrationTargetBase, role_data, config_settings]
|
- tripleo::profile::base::nova::migration::target::ssh_authorized_keys:
|
||||||
|
- {get_param: [ MigrationSshKey, public_key ]}
|
||||||
|
tripleo::profile::base::nova::migration::target::ssh_localaddrs:
|
||||||
|
- "%{hiera('cold_migration_ssh_inbound_addr')}"
|
||||||
|
- "%{hiera('live_migration_ssh_inbound_addr')}"
|
||||||
|
live_migration_ssh_inbound_addr:
|
||||||
|
str_replace:
|
||||||
|
template:
|
||||||
|
"%{hiera('$NETWORK')}"
|
||||||
|
params:
|
||||||
|
$NETWORK:
|
||||||
|
get_param:
|
||||||
|
- ServiceNetMap
|
||||||
|
- str_replace:
|
||||||
|
template: "ROLENAMEHostnameResolveNetwork"
|
||||||
|
params:
|
||||||
|
ROLENAME: {get_param: RoleName}
|
||||||
|
cold_migration_ssh_inbound_addr:
|
||||||
|
str_replace:
|
||||||
|
template:
|
||||||
|
"%{hiera('$NETWORK')}"
|
||||||
|
params:
|
||||||
|
$NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
|
||||||
|
tripleo::profile::base::sshd::port:
|
||||||
|
- 22
|
||||||
|
- {get_param: MigrationSshPort}
|
||||||
|
tripleo::nova_migration_target::firewall_rules:
|
||||||
|
'113 nova_migration_target':
|
||||||
|
dport:
|
||||||
|
- {get_param: MigrationSshPort}
|
||||||
|
step_config: |
|
||||||
|
include tripleo::profile::base::nova::migration::target
|
||||||
|
|
||||||
# NB this prevents the baremetal ssh from listening on port 2022
|
# NB this prevents the baremetal ssh from listening on port 2022
|
||||||
# It doesn't affect the sshd port in the container as we override it below on the sshd cli
|
# It doesn't affect the sshd port in the container as we override it below on the sshd cli
|
||||||
- tripleo::profile::base::sshd::port: 22
|
- tripleo::profile::base::sshd::port: 22
|
||||||
|
@ -112,7 +135,7 @@ outputs:
|
||||||
list_join:
|
list_join:
|
||||||
- "\n"
|
- "\n"
|
||||||
- - get_attr: [SshdBase, role_data, step_config]
|
- - get_attr: [SshdBase, role_data, step_config]
|
||||||
- get_attr: [NovaMigrationTargetBase, role_data, step_config]
|
- include tripleo::profile::base::nova::migration::target
|
||||||
config_image: {get_param: DockerNovaLibvirtConfigImage}
|
config_image: {get_param: DockerNovaLibvirtConfigImage}
|
||||||
kolla_config:
|
kolla_config:
|
||||||
/var/lib/kolla/config_files/nova-migration-target.json:
|
/var/lib/kolla/config_files/nova-migration-target.json:
|
|
@ -86,47 +86,121 @@ conditions:
|
||||||
- {get_param: LibvirtVncCACert}
|
- {get_param: LibvirtVncCACert}
|
||||||
- ''
|
- ''
|
||||||
|
|
||||||
|
allow_noauth:
|
||||||
|
# Allow noauth VNC connections during P->Q upgrade. Remove in Rocky.
|
||||||
|
equals: [{get_param: StackUpdateType}, 'UPGRADE']
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
|
|
||||||
ContainersCommon:
|
ContainersCommon:
|
||||||
type: ./containers-common.yaml
|
type: ../../docker/services/containers-common.yaml
|
||||||
|
|
||||||
MySQLClient:
|
MySQLClient:
|
||||||
type: ../../deployment/database/mysql-client.yaml
|
type: ../../deployment/database/mysql-client.yaml
|
||||||
|
|
||||||
NovaVncProxyPuppetBase:
|
|
||||||
type: ../../puppet/services/nova-vnc-proxy.yaml
|
|
||||||
properties:
|
|
||||||
EndpointMap: {get_param: EndpointMap}
|
|
||||||
ServiceData: {get_param: ServiceData}
|
|
||||||
ServiceNetMap: {get_param: ServiceNetMap}
|
|
||||||
DefaultPasswords: {get_param: DefaultPasswords}
|
|
||||||
RoleName: {get_param: RoleName}
|
|
||||||
RoleParameters: {get_param: RoleParameters}
|
|
||||||
|
|
||||||
NovaLogging:
|
NovaLogging:
|
||||||
type: OS::TripleO::Services::Logging::NovaCommon
|
type: OS::TripleO::Services::Logging::NovaCommon
|
||||||
properties:
|
properties:
|
||||||
DockerNovaImage: {get_param: DockerNovaVncProxyImage}
|
DockerNovaImage: {get_param: DockerNovaVncProxyImage}
|
||||||
NovaServiceName: 'vncproxy'
|
NovaServiceName: 'vncproxy'
|
||||||
|
|
||||||
|
NovaBase:
|
||||||
|
type: ../../puppet/services/nova-base.yaml
|
||||||
|
properties:
|
||||||
|
ServiceData: {get_param: ServiceData}
|
||||||
|
ServiceNetMap: {get_param: ServiceNetMap}
|
||||||
|
DefaultPasswords: {get_param: DefaultPasswords}
|
||||||
|
EndpointMap: {get_param: EndpointMap}
|
||||||
|
RoleName: {get_param: RoleName}
|
||||||
|
RoleParameters: {get_param: RoleParameters}
|
||||||
|
|
||||||
outputs:
|
outputs:
|
||||||
role_data:
|
role_data:
|
||||||
description: Role data for the Nova Vncproxy service.
|
description: Role data for the Nova Vncproxy service.
|
||||||
value:
|
value:
|
||||||
service_name: {get_attr: [NovaVncProxyPuppetBase, role_data, service_name]}
|
service_name: nova_vnc_proxy
|
||||||
config_settings:
|
config_settings:
|
||||||
map_merge:
|
map_merge:
|
||||||
- {get_attr: [NovaVncProxyPuppetBase, role_data, config_settings]}
|
|
||||||
- {get_attr: [NovaLogging, config_settings]}
|
- {get_attr: [NovaLogging, config_settings]}
|
||||||
|
- nova::vncproxy::enabled: true
|
||||||
|
nova::vncproxy::common::vncproxy_protocol: {get_param: [EndpointMap, NovaVNCProxyPublic, protocol]}
|
||||||
|
nova::vncproxy::common::vncproxy_host: {get_param: [EndpointMap, NovaVNCProxyPublic, host_nobrackets]}
|
||||||
|
nova::vncproxy::common::vncproxy_port: {get_param: [EndpointMap, NovaVNCProxyPublic, port]}
|
||||||
|
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
|
||||||
|
# for the given network; replacement examples (eg. for internal_api):
|
||||||
|
# internal_api -> IP
|
||||||
|
# internal_api_uri -> [IP]
|
||||||
|
# internal_api_subnet - > IP/CIDR
|
||||||
|
nova::vncproxy::host:
|
||||||
|
str_replace:
|
||||||
|
template:
|
||||||
|
"%{hiera('$NETWORK')}"
|
||||||
|
params:
|
||||||
|
$NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
|
||||||
|
tripleo::nova_vnc_proxy::firewall_rules:
|
||||||
|
'137 nova_vnc_proxy':
|
||||||
|
dport:
|
||||||
|
- 6080
|
||||||
|
- 13080
|
||||||
|
-
|
||||||
|
if:
|
||||||
|
- use_tls_for_vnc
|
||||||
|
-
|
||||||
|
nova::vncproxy::allow_vencrypt: true
|
||||||
|
nova::vncproxy::allow_noauth: {if: [allow_noauth, true, false]}
|
||||||
|
nova::vncproxy::vencrypt_key: /etc/pki/libvirt-vnc/client-key.pem
|
||||||
|
nova::vncproxy::vencrypt_cert: /etc/pki/libvirt-vnc/client-cert.pem
|
||||||
|
nova::vncproxy::vencrypt_ca: /etc/pki/libvirt-vnc/ca-cert.pem
|
||||||
|
nova::ssl_only: true
|
||||||
|
nova::cert: /etc/pki/tls/certs/novnc_proxy.crt
|
||||||
|
nova::key: /etc/pki/tls/private/novnc_proxy.key
|
||||||
|
generate_service_certificates: true
|
||||||
|
tripleo::certmonger::ca::libvirt_vnc::origin_ca_pem:
|
||||||
|
if:
|
||||||
|
- libvirt_vnc_specific_ca_unset
|
||||||
|
- get_param: InternalTLSVncCAFile
|
||||||
|
- get_param: LibvirtVncCACert
|
||||||
|
tripleo::certmonger::libvirt_vnc_dirs::certificate_dir: '/etc/pki/libvirt-vnc'
|
||||||
|
libvirt_vnc_certificates_specs:
|
||||||
|
libvirt-vnc-client-cert:
|
||||||
|
cacertfile:
|
||||||
|
if:
|
||||||
|
- libvirt_vnc_specific_ca_unset
|
||||||
|
- get_param: InternalTLSVncCAFile
|
||||||
|
- null
|
||||||
|
service_certificate: '/etc/pki/libvirt-vnc/client-cert.pem'
|
||||||
|
service_key: '/etc/pki/libvirt-vnc/client-key.pem'
|
||||||
|
notify_service: '%{::nova::params::vncproxy_service_name}'
|
||||||
|
hostname:
|
||||||
|
str_replace:
|
||||||
|
template: "%{hiera('fqdn_NETWORK')}"
|
||||||
|
params:
|
||||||
|
NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
|
||||||
|
principal:
|
||||||
|
str_replace:
|
||||||
|
template: "libvirt-vnc/%{hiera('fqdn_NETWORK')}"
|
||||||
|
params:
|
||||||
|
NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
|
||||||
|
novnc_proxy_certificates_specs:
|
||||||
|
service_certificate: '/etc/pki/tls/certs/novnc_proxy.crt'
|
||||||
|
service_key: '/etc/pki/tls/private/novnc_proxy.key'
|
||||||
|
hostname:
|
||||||
|
str_replace:
|
||||||
|
template: "%{hiera('fqdn_NETWORK')}"
|
||||||
|
params:
|
||||||
|
NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
|
||||||
|
principal:
|
||||||
|
str_replace:
|
||||||
|
template: "novnc-proxy/%{hiera('fqdn_NETWORK')}"
|
||||||
|
params:
|
||||||
|
NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
|
||||||
|
- {}
|
||||||
service_config_settings:
|
service_config_settings:
|
||||||
map_merge:
|
fluentd:
|
||||||
- get_attr: [NovaVncProxyPuppetBase, role_data, service_config_settings]
|
tripleo_fluentd_groups_nova_vnc_proxy:
|
||||||
- fluentd:
|
- nova
|
||||||
tripleo_fluentd_groups_nova_vnc_proxy:
|
tripleo_fluentd_sources_nova_vnc_proxy:
|
||||||
- nova
|
- {get_param: NovaVncproxyLoggingSource}
|
||||||
tripleo_fluentd_sources_nova_vnc_proxy:
|
|
||||||
- {get_param: NovaVncproxyLoggingSource}
|
|
||||||
# BEGIN DOCKER SETTINGS
|
# BEGIN DOCKER SETTINGS
|
||||||
puppet_config:
|
puppet_config:
|
||||||
config_volume: nova
|
config_volume: nova
|
||||||
|
@ -134,7 +208,7 @@ outputs:
|
||||||
step_config:
|
step_config:
|
||||||
list_join:
|
list_join:
|
||||||
- "\n"
|
- "\n"
|
||||||
- - {get_attr: [NovaVncProxyPuppetBase, role_data, step_config]}
|
- - include tripleo::profile::base::nova::vncproxy
|
||||||
- {get_attr: [MySQLClient, role_data, step_config]}
|
- {get_attr: [MySQLClient, role_data, step_config]}
|
||||||
config_image: {get_param: DockerNovaConfigImage}
|
config_image: {get_param: DockerNovaConfigImage}
|
||||||
kolla_config:
|
kolla_config:
|
||||||
|
@ -196,9 +270,21 @@ outputs:
|
||||||
environment:
|
environment:
|
||||||
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
||||||
metadata_settings:
|
metadata_settings:
|
||||||
get_attr: [NovaVncProxyPuppetBase, role_data, metadata_settings]
|
if:
|
||||||
|
- use_tls_for_vnc
|
||||||
|
-
|
||||||
|
- service: libvirt-vnc
|
||||||
|
network: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
|
||||||
|
type: node
|
||||||
|
- service: novnc-proxy
|
||||||
|
network: {get_param: [ServiceNetMap, NovaApiNetwork]}
|
||||||
|
type: node
|
||||||
|
- null
|
||||||
host_prep_tasks: {get_attr: [NovaLogging, host_prep_tasks]}
|
host_prep_tasks: {get_attr: [NovaLogging, host_prep_tasks]}
|
||||||
upgrade_tasks:
|
upgrade_tasks:
|
||||||
|
- name: Stop nova_vnc_proxy service
|
||||||
|
when: step|int == 1
|
||||||
|
service: name=openstack-nova-consoleauth state=stopped
|
||||||
- when: step|int == 3
|
- when: step|int == 3
|
||||||
block:
|
block:
|
||||||
- name: Set fact for removal of openstack-nova-novncproxy package
|
- name: Set fact for removal of openstack-nova-novncproxy package
|
|
@ -40,13 +40,13 @@ resource_registry:
|
||||||
OS::TripleO::Services::NovaApi: ../puppet/services/nova-api.yaml
|
OS::TripleO::Services::NovaApi: ../puppet/services/nova-api.yaml
|
||||||
OS::TripleO::Services::NovaCompute: ../puppet/services/nova-compute.yaml
|
OS::TripleO::Services::NovaCompute: ../puppet/services/nova-compute.yaml
|
||||||
OS::TripleO::Services::NovaConductor: ../puppet/services/nova-conductor.yaml
|
OS::TripleO::Services::NovaConductor: ../puppet/services/nova-conductor.yaml
|
||||||
OS::TripleO::Services::NovaConsoleauth: ../puppet/services/nova-consoleauth.yaml
|
OS::TripleO::Services::NovaConsoleauth: ../deployment/nova/nova-consoleauth.yaml
|
||||||
OS::TripleO::Services::NovaLibvirt: ../puppet/services/nova-libvirt.yaml
|
OS::TripleO::Services::NovaLibvirt: ../puppet/services/nova-libvirt.yaml
|
||||||
OS::TripleO::Services::NovaMetadata: ../puppet/services/nova-metadata.yaml
|
OS::TripleO::Services::NovaMetadata: ../deployment/nova/nova-metadata-container-puppet.yaml
|
||||||
OS::TripleO::Services::NovaMigrationTarget: ../puppet/services/nova-migration-target.yaml
|
OS::TripleO::Services::NovaMigrationTarget: ../deployment/nova/nova-migration-target-container-puppet.yaml
|
||||||
OS::TripleO::Services::NovaPlacement: ../puppet/services/nova-placement.yaml
|
OS::TripleO::Services::NovaPlacement: ../puppet/services/nova-placement.yaml
|
||||||
OS::TripleO::Services::NovaScheduler: ../puppet/services/nova-scheduler.yaml
|
OS::TripleO::Services::NovaScheduler: ../puppet/services/nova-scheduler.yaml
|
||||||
OS::TripleO::Services::NovaVncProxy: ../puppet/services/nova-vnc-proxy.yaml
|
OS::TripleO::Services::NovaVncProxy: ../deployment/nova/nova-vnc-proxy-container-puppet.yaml
|
||||||
OS::TripleO::Services::PankoApi: ../deployment/panko/panko-api-container-puppet.yaml
|
OS::TripleO::Services::PankoApi: ../deployment/panko/panko-api-container-puppet.yaml
|
||||||
OS::TripleO::Services::Qdr: OS::Heat::None
|
OS::TripleO::Services::Qdr: OS::Heat::None
|
||||||
OS::TripleO::Services::RabbitMQ: ../puppet/services/rabbitmq.yaml
|
OS::TripleO::Services::RabbitMQ: ../puppet/services/rabbitmq.yaml
|
||||||
|
|
|
@ -10,7 +10,7 @@ resource_registry:
|
||||||
OS::TripleO::Services::IscsidAlt: ../deployment/iscsid/iscsid-container-puppet.yaml
|
OS::TripleO::Services::IscsidAlt: ../deployment/iscsid/iscsid-container-puppet.yaml
|
||||||
OS::TripleO::Services::NovaComputeAlt: ../puppet/services/nova-compute.yaml
|
OS::TripleO::Services::NovaComputeAlt: ../puppet/services/nova-compute.yaml
|
||||||
OS::TripleO::Services::NovaLibvirtAlt: ../puppet/services/nova-libvirt.yaml
|
OS::TripleO::Services::NovaLibvirtAlt: ../puppet/services/nova-libvirt.yaml
|
||||||
OS::TripleO::Services::NovaMigrationTargetAlt: ../puppet/services/nova-migration-target.yaml
|
OS::TripleO::Services::NovaMigrationTargetAlt: ../deployment/nova/nova-migration-target-container-puppet.yaml
|
||||||
OS::TripleO::Services::SensuClientAlt: OS::Heat::None
|
OS::TripleO::Services::SensuClientAlt: OS::Heat::None
|
||||||
# If enabling monitoring you'll need provide the following in a specific resource_registry
|
# If enabling monitoring you'll need provide the following in a specific resource_registry
|
||||||
# OS::TripleO::Services::SensuClientAlt: ../puppet/services/monitoring/sensu-client.yaml
|
# OS::TripleO::Services::SensuClientAlt: ../puppet/services/monitoring/sensu-client.yaml
|
||||||
|
|
|
@ -5,5 +5,5 @@ resource_registry:
|
||||||
OS::TripleO::Services::IronicApi: ../../deployment/ironic/ironic-api-container-puppet.yaml
|
OS::TripleO::Services::IronicApi: ../../deployment/ironic/ironic-api-container-puppet.yaml
|
||||||
OS::TripleO::Services::IronicConductor: ../../deployment/ironic/ironic-conductor-container-puppet.yaml
|
OS::TripleO::Services::IronicConductor: ../../deployment/ironic/ironic-conductor-container-puppet.yaml
|
||||||
OS::TripleO::Services::IronicPxe: ../../deployment/ironic/ironic-pxe-container-puppet.yaml
|
OS::TripleO::Services::IronicPxe: ../../deployment/ironic/ironic-pxe-container-puppet.yaml
|
||||||
OS::TripleO::Services::NovaIronic: ../../docker/services/nova-ironic.yaml
|
OS::TripleO::Services::NovaIronic: ../../deployment/nova/nova-ironic-container-puppet.yaml
|
||||||
OS::TripleO::Services::IronicNeutronAgent: ../../deployment/ironic/ironic-neutron-agent-container-puppet.yaml
|
OS::TripleO::Services::IronicNeutronAgent: ../../deployment/ironic/ironic-neutron-agent-container-puppet.yaml
|
||||||
|
|
|
@ -194,14 +194,14 @@ resource_registry:
|
||||||
OS::TripleO::Services::NovaApi: docker/services/nova-api.yaml
|
OS::TripleO::Services::NovaApi: docker/services/nova-api.yaml
|
||||||
OS::TripleO::Services::NovaCompute: docker/services/nova-compute.yaml
|
OS::TripleO::Services::NovaCompute: docker/services/nova-compute.yaml
|
||||||
OS::TripleO::Services::NovaConductor: docker/services/nova-conductor.yaml
|
OS::TripleO::Services::NovaConductor: docker/services/nova-conductor.yaml
|
||||||
OS::TripleO::Services::NovaConsoleauth: docker/services/nova-consoleauth.yaml
|
OS::TripleO::Services::NovaConsoleauth: deployment/nova/nova-consoleauth-container-puppet.yaml
|
||||||
OS::TripleO::Services::NovaLibvirt: docker/services/nova-libvirt.yaml
|
OS::TripleO::Services::NovaLibvirt: docker/services/nova-libvirt.yaml
|
||||||
OS::TripleO::Services::NovaLibvirtGuests: puppet/services/nova-libvirt-guests.yaml
|
OS::TripleO::Services::NovaLibvirtGuests: puppet/services/nova-libvirt-guests.yaml
|
||||||
OS::TripleO::Services::NovaMetadata: docker/services/nova-metadata.yaml
|
OS::TripleO::Services::NovaMetadata: deployment/nova/nova-metadata-container-puppet.yaml
|
||||||
OS::TripleO::Services::NovaMigrationTarget: docker/services/nova-migration-target.yaml
|
OS::TripleO::Services::NovaMigrationTarget: deployment/nova/nova-migration-target-container-puppet.yaml
|
||||||
OS::TripleO::Services::NovaPlacement: docker/services/nova-placement.yaml
|
OS::TripleO::Services::NovaPlacement: docker/services/nova-placement.yaml
|
||||||
OS::TripleO::Services::NovaScheduler: docker/services/nova-scheduler.yaml
|
OS::TripleO::Services::NovaScheduler: docker/services/nova-scheduler.yaml
|
||||||
OS::TripleO::Services::NovaVncProxy: docker/services/nova-vnc-proxy.yaml
|
OS::TripleO::Services::NovaVncProxy: deployment/nova/nova-vnc-proxy-container-puppet.yaml
|
||||||
OS::TripleO::Services::Novajoin: OS::Heat::None
|
OS::TripleO::Services::Novajoin: OS::Heat::None
|
||||||
OS::TripleO::Services::ContainersLogrotateCrond: docker/services/logrotate-crond.yaml
|
OS::TripleO::Services::ContainersLogrotateCrond: docker/services/logrotate-crond.yaml
|
||||||
OS::TripleO::Services::OpenShift::Master: OS::Heat::None
|
OS::TripleO::Services::OpenShift::Master: OS::Heat::None
|
||||||
|
|
|
@ -1,72 +0,0 @@
|
||||||
heat_template_version: rocky
|
|
||||||
|
|
||||||
description: >
|
|
||||||
OpenStack Nova Consoleauth service configured with Puppet
|
|
||||||
|
|
||||||
parameters:
|
|
||||||
ServiceData:
|
|
||||||
default: {}
|
|
||||||
description: Dictionary packing service data
|
|
||||||
type: json
|
|
||||||
ServiceNetMap:
|
|
||||||
default: {}
|
|
||||||
description: Mapping of service_name -> network name. Typically set
|
|
||||||
via parameter_defaults in the resource registry. This
|
|
||||||
mapping overrides those in ServiceNetMapDefaults.
|
|
||||||
type: json
|
|
||||||
DefaultPasswords:
|
|
||||||
default: {}
|
|
||||||
type: json
|
|
||||||
RoleName:
|
|
||||||
default: ''
|
|
||||||
description: Role name on which the service is applied
|
|
||||||
type: string
|
|
||||||
RoleParameters:
|
|
||||||
default: {}
|
|
||||||
description: Parameters specific to the role
|
|
||||||
type: json
|
|
||||||
EndpointMap:
|
|
||||||
default: {}
|
|
||||||
description: Mapping of service endpoint -> protocol. Typically set
|
|
||||||
via parameter_defaults in the resource registry.
|
|
||||||
type: json
|
|
||||||
MonitoringSubscriptionNovaConsoleauth:
|
|
||||||
default: 'overcloud-nova-consoleauth'
|
|
||||||
type: string
|
|
||||||
NovaConsoleauthLoggingSource:
|
|
||||||
type: json
|
|
||||||
default:
|
|
||||||
tag: openstack.nova.consoleauth
|
|
||||||
path: /var/log/nova/nova-consoleauth.log
|
|
||||||
|
|
||||||
resources:
|
|
||||||
NovaBase:
|
|
||||||
type: ./nova-base.yaml
|
|
||||||
properties:
|
|
||||||
ServiceData: {get_param: ServiceData}
|
|
||||||
ServiceNetMap: {get_param: ServiceNetMap}
|
|
||||||
DefaultPasswords: {get_param: DefaultPasswords}
|
|
||||||
EndpointMap: {get_param: EndpointMap}
|
|
||||||
RoleName: {get_param: RoleName}
|
|
||||||
RoleParameters: {get_param: RoleParameters}
|
|
||||||
|
|
||||||
outputs:
|
|
||||||
role_data:
|
|
||||||
description: Role data for the Nova Consoleauth service.
|
|
||||||
value:
|
|
||||||
service_name: nova_consoleauth
|
|
||||||
monitoring_subscription: {get_param: MonitoringSubscriptionNovaConsoleauth}
|
|
||||||
config_settings:
|
|
||||||
get_attr: [NovaBase, role_data, config_settings]
|
|
||||||
service_config_settings:
|
|
||||||
fluentd:
|
|
||||||
tripleo_fluentd_groups_nova_consoleauth:
|
|
||||||
- nova
|
|
||||||
tripleo_fluentd_sources_nova_consoleauth:
|
|
||||||
- {get_param: NovaConsoleauthLoggingSource}
|
|
||||||
step_config: |
|
|
||||||
include tripleo::profile::base::nova::consoleauth
|
|
||||||
upgrade_tasks:
|
|
||||||
- name: Stop nova_consoleauth service
|
|
||||||
when: step|int == 1
|
|
||||||
service: name=openstack-nova-consoleauth state=stopped
|
|
|
@ -1,71 +0,0 @@
|
||||||
heat_template_version: rocky
|
|
||||||
|
|
||||||
description: >
|
|
||||||
OpenStack Nova Compute service configured with Puppet and using Ironic
|
|
||||||
|
|
||||||
parameters:
|
|
||||||
ServiceData:
|
|
||||||
default: {}
|
|
||||||
description: Dictionary packing service data
|
|
||||||
type: json
|
|
||||||
ServiceNetMap:
|
|
||||||
default: {}
|
|
||||||
description: Mapping of service_name -> network name. Typically set
|
|
||||||
via parameter_defaults in the resource registry. This
|
|
||||||
mapping overrides those in ServiceNetMapDefaults.
|
|
||||||
type: json
|
|
||||||
DefaultPasswords:
|
|
||||||
default: {}
|
|
||||||
type: json
|
|
||||||
RoleName:
|
|
||||||
default: ''
|
|
||||||
description: Role name on which the service is applied
|
|
||||||
type: string
|
|
||||||
RoleParameters:
|
|
||||||
default: {}
|
|
||||||
description: Parameters specific to the role
|
|
||||||
type: json
|
|
||||||
EndpointMap:
|
|
||||||
default: {}
|
|
||||||
description: Mapping of service endpoint -> protocol. Typically set
|
|
||||||
via parameter_defaults in the resource registry.
|
|
||||||
type: json
|
|
||||||
IronicPassword:
|
|
||||||
description: The password for the Ironic service and db account, used by the Ironic services
|
|
||||||
type: string
|
|
||||||
hidden: true
|
|
||||||
|
|
||||||
resources:
|
|
||||||
NovaBase:
|
|
||||||
type: ./nova-base.yaml
|
|
||||||
properties:
|
|
||||||
ServiceData: {get_param: ServiceData}
|
|
||||||
ServiceNetMap: {get_param: ServiceNetMap}
|
|
||||||
DefaultPasswords: {get_param: DefaultPasswords}
|
|
||||||
EndpointMap: {get_param: EndpointMap}
|
|
||||||
RoleName: {get_param: RoleName}
|
|
||||||
RoleParameters: {get_param: RoleParameters}
|
|
||||||
|
|
||||||
outputs:
|
|
||||||
role_data:
|
|
||||||
description: Role data for the Nova Compute service with Ironic.
|
|
||||||
value:
|
|
||||||
service_name: nova_ironic
|
|
||||||
config_settings:
|
|
||||||
map_merge:
|
|
||||||
- get_attr: [NovaBase, role_data, config_settings]
|
|
||||||
- nova::compute::force_config_drive: true
|
|
||||||
nova::compute::reserved_host_memory: '0'
|
|
||||||
nova::compute::vnc_enabled: false
|
|
||||||
nova::ironic::common::password: {get_param: IronicPassword}
|
|
||||||
nova::ironic::common::project_name: 'service'
|
|
||||||
nova::ironic::common::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
|
||||||
nova::ironic::common::username: 'ironic'
|
|
||||||
nova::ironic::common::api_endpoint: {get_param: [EndpointMap, IronicInternal, uri]}
|
|
||||||
nova::network::neutron::dhcp_domain: ''
|
|
||||||
step_config: |
|
|
||||||
include tripleo::profile::base::nova::compute::ironic
|
|
||||||
upgrade_tasks:
|
|
||||||
- name: Stop openstack-nova-compute service
|
|
||||||
when: step|int == 1
|
|
||||||
service: name=openstack-nova-compute state=stopped enabled=no
|
|
|
@ -1,84 +0,0 @@
|
||||||
heat_template_version: rocky
|
|
||||||
|
|
||||||
description: >
|
|
||||||
OpenStack Nova migration target configured with Puppet
|
|
||||||
|
|
||||||
parameters:
|
|
||||||
ServiceData:
|
|
||||||
default: {}
|
|
||||||
description: Dictionary packing service data
|
|
||||||
type: json
|
|
||||||
ServiceNetMap:
|
|
||||||
default: {}
|
|
||||||
description: Mapping of service_name -> network name. Typically set
|
|
||||||
via parameter_defaults in the resource registry. This
|
|
||||||
mapping overrides those in ServiceNetMapDefaults.
|
|
||||||
type: json
|
|
||||||
DefaultPasswords:
|
|
||||||
default: {}
|
|
||||||
type: json
|
|
||||||
RoleName:
|
|
||||||
default: ''
|
|
||||||
description: Role name on which the service is applied
|
|
||||||
type: string
|
|
||||||
RoleParameters:
|
|
||||||
default: {}
|
|
||||||
description: Parameters specific to the role
|
|
||||||
type: json
|
|
||||||
EndpointMap:
|
|
||||||
default: {}
|
|
||||||
description: Mapping of service endpoint -> protocol. Typically set
|
|
||||||
via parameter_defaults in the resource registry.
|
|
||||||
type: json
|
|
||||||
MigrationSshKey:
|
|
||||||
type: json
|
|
||||||
description: >
|
|
||||||
SSH key for migration.
|
|
||||||
Expects a dictionary with keys 'public_key' and 'private_key'.
|
|
||||||
Values should be identical to SSH public/private key files.
|
|
||||||
default:
|
|
||||||
public_key: ''
|
|
||||||
private_key: ''
|
|
||||||
MigrationSshPort:
|
|
||||||
default: 2022
|
|
||||||
description: Target port for migration over ssh
|
|
||||||
type: number
|
|
||||||
|
|
||||||
outputs:
|
|
||||||
role_data:
|
|
||||||
description: Role data for the Nova migration target service.
|
|
||||||
value:
|
|
||||||
service_name: nova_migration_target
|
|
||||||
config_settings:
|
|
||||||
tripleo::profile::base::nova::migration::target::ssh_authorized_keys:
|
|
||||||
- {get_param: [ MigrationSshKey, public_key ]}
|
|
||||||
tripleo::profile::base::nova::migration::target::ssh_localaddrs:
|
|
||||||
- "%{hiera('cold_migration_ssh_inbound_addr')}"
|
|
||||||
- "%{hiera('live_migration_ssh_inbound_addr')}"
|
|
||||||
live_migration_ssh_inbound_addr:
|
|
||||||
str_replace:
|
|
||||||
template:
|
|
||||||
"%{hiera('$NETWORK')}"
|
|
||||||
params:
|
|
||||||
$NETWORK:
|
|
||||||
get_param:
|
|
||||||
- ServiceNetMap
|
|
||||||
- str_replace:
|
|
||||||
template: "ROLENAMEHostnameResolveNetwork"
|
|
||||||
params:
|
|
||||||
ROLENAME: {get_param: RoleName}
|
|
||||||
cold_migration_ssh_inbound_addr:
|
|
||||||
str_replace:
|
|
||||||
template:
|
|
||||||
"%{hiera('$NETWORK')}"
|
|
||||||
params:
|
|
||||||
$NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
|
|
||||||
tripleo::profile::base::sshd::port:
|
|
||||||
- 22
|
|
||||||
- {get_param: MigrationSshPort}
|
|
||||||
tripleo::nova_migration_target::firewall_rules:
|
|
||||||
'113 nova_migration_target':
|
|
||||||
dport:
|
|
||||||
- {get_param: MigrationSshPort}
|
|
||||||
step_config: |
|
|
||||||
include tripleo::profile::base::nova::migration::target
|
|
|
@ -1,210 +0,0 @@
|
||||||
heat_template_version: rocky
|
|
||||||
|
|
||||||
description: >
|
|
||||||
OpenStack Nova Vncproxy service configured with Puppet
|
|
||||||
|
|
||||||
parameters:
|
|
||||||
ServiceData:
|
|
||||||
default: {}
|
|
||||||
description: Dictionary packing service data
|
|
||||||
type: json
|
|
||||||
ServiceNetMap:
|
|
||||||
default: {}
|
|
||||||
description: Mapping of service_name -> network name. Typically set
|
|
||||||
via parameter_defaults in the resource registry. This
|
|
||||||
mapping overrides those in ServiceNetMapDefaults.
|
|
||||||
type: json
|
|
||||||
DefaultPasswords:
|
|
||||||
default: {}
|
|
||||||
type: json
|
|
||||||
RoleName:
|
|
||||||
default: ''
|
|
||||||
description: Role name on which the service is applied
|
|
||||||
type: string
|
|
||||||
RoleParameters:
|
|
||||||
default: {}
|
|
||||||
description: Parameters specific to the role
|
|
||||||
type: json
|
|
||||||
EndpointMap:
|
|
||||||
default: {}
|
|
||||||
description: Mapping of service endpoint -> protocol. Typically set
|
|
||||||
via parameter_defaults in the resource registry.
|
|
||||||
type: json
|
|
||||||
StackUpdateType:
|
|
||||||
type: string
|
|
||||||
description: >
|
|
||||||
Type of update, to differentiate between UPGRADE and UPDATE cases
|
|
||||||
when StackAction is UPDATE (both are the same stack action).
|
|
||||||
constraints:
|
|
||||||
- allowed_values: ['', 'UPGRADE', 'FASTFORWARDUPGRADE']
|
|
||||||
default: ''
|
|
||||||
MonitoringSubscriptionNovaVNCProxy:
|
|
||||||
default: 'overcloud-nova-vncproxy'
|
|
||||||
type: string
|
|
||||||
NovaVncproxyLoggingSource:
|
|
||||||
type: json
|
|
||||||
default:
|
|
||||||
tag: openstack.nova.vncproxy
|
|
||||||
path: /var/log/nova/nova-vncproxy.log
|
|
||||||
EnableInternalTLS:
|
|
||||||
type: boolean
|
|
||||||
default: false
|
|
||||||
UseTLSTransportForVnc:
|
|
||||||
type: boolean
|
|
||||||
default: true
|
|
||||||
description: If set to true and if EnableInternalTLS is enabled, it will
|
|
||||||
enable TLS transaport for libvirt VNC and configure the
|
|
||||||
relevant keys for libvirt.
|
|
||||||
InternalTLSVncCAFile:
|
|
||||||
default: '/etc/pki/CA/certs/vnc.crt'
|
|
||||||
type: string
|
|
||||||
description: Specifies the CA cert to use for VNC TLS.
|
|
||||||
LibvirtVncCACert:
|
|
||||||
type: string
|
|
||||||
default: ''
|
|
||||||
description: This specifies the CA certificate to use for VNC TLS.
|
|
||||||
This file will be symlinked to the default CA path,
|
|
||||||
which is /etc/pki/libvirt-vnc/ca-cert.pem.
|
|
||||||
This parameter should be used if the default (which comes from
|
|
||||||
the InternalTLSVncCAFile parameter) is not desired. The current
|
|
||||||
default reflects TripleO's default CA, which is FreeIPA.
|
|
||||||
It will only be used if internal TLS is enabled.
|
|
||||||
|
|
||||||
conditions:
|
|
||||||
|
|
||||||
use_tls_for_vnc:
|
|
||||||
and:
|
|
||||||
- equals:
|
|
||||||
- {get_param: EnableInternalTLS}
|
|
||||||
- true
|
|
||||||
- equals:
|
|
||||||
- {get_param: UseTLSTransportForVnc}
|
|
||||||
- true
|
|
||||||
|
|
||||||
libvirt_vnc_specific_ca_unset:
|
|
||||||
equals:
|
|
||||||
- {get_param: LibvirtVncCACert}
|
|
||||||
- ''
|
|
||||||
|
|
||||||
allow_noauth:
|
|
||||||
# Allow noauth VNC connections during P->Q upgrade. Remove in Rocky.
|
|
||||||
equals: [{get_param: StackUpdateType}, 'UPGRADE']
|
|
||||||
|
|
||||||
|
|
||||||
resources:
|
|
||||||
NovaBase:
|
|
||||||
type: ./nova-base.yaml
|
|
||||||
properties:
|
|
||||||
ServiceData: {get_param: ServiceData}
|
|
||||||
ServiceNetMap: {get_param: ServiceNetMap}
|
|
||||||
DefaultPasswords: {get_param: DefaultPasswords}
|
|
||||||
EndpointMap: {get_param: EndpointMap}
|
|
||||||
RoleName: {get_param: RoleName}
|
|
||||||
RoleParameters: {get_param: RoleParameters}
|
|
||||||
|
|
||||||
outputs:
|
|
||||||
role_data:
|
|
||||||
description: Role data for the Nova Vncproxy service.
|
|
||||||
value:
|
|
||||||
service_name: nova_vnc_proxy
|
|
||||||
monitoring_subscription: {get_param: MonitoringSubscriptionNovaVNCProxy}
|
|
||||||
config_settings:
|
|
||||||
map_merge:
|
|
||||||
- get_attr: [NovaBase, role_data, config_settings]
|
|
||||||
- nova::vncproxy::enabled: true
|
|
||||||
nova::vncproxy::common::vncproxy_protocol: {get_param: [EndpointMap, NovaVNCProxyPublic, protocol]}
|
|
||||||
nova::vncproxy::common::vncproxy_host: {get_param: [EndpointMap, NovaVNCProxyPublic, host_nobrackets]}
|
|
||||||
nova::vncproxy::common::vncproxy_port: {get_param: [EndpointMap, NovaVNCProxyPublic, port]}
|
|
||||||
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
|
|
||||||
# for the given network; replacement examples (eg. for internal_api):
|
|
||||||
# internal_api -> IP
|
|
||||||
# internal_api_uri -> [IP]
|
|
||||||
# internal_api_subnet - > IP/CIDR
|
|
||||||
nova::vncproxy::host:
|
|
||||||
str_replace:
|
|
||||||
template:
|
|
||||||
"%{hiera('$NETWORK')}"
|
|
||||||
params:
|
|
||||||
$NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
|
|
||||||
tripleo::nova_vnc_proxy::firewall_rules:
|
|
||||||
'137 nova_vnc_proxy':
|
|
||||||
dport:
|
|
||||||
- 6080
|
|
||||||
- 13080
|
|
||||||
-
|
|
||||||
if:
|
|
||||||
- use_tls_for_vnc
|
|
||||||
-
|
|
||||||
nova::vncproxy::allow_vencrypt: true
|
|
||||||
nova::vncproxy::allow_noauth: {if: [allow_noauth, true, false]}
|
|
||||||
nova::vncproxy::vencrypt_key: /etc/pki/libvirt-vnc/client-key.pem
|
|
||||||
nova::vncproxy::vencrypt_cert: /etc/pki/libvirt-vnc/client-cert.pem
|
|
||||||
nova::vncproxy::vencrypt_ca: /etc/pki/libvirt-vnc/ca-cert.pem
|
|
||||||
nova::ssl_only: true
|
|
||||||
nova::cert: /etc/pki/tls/certs/novnc_proxy.crt
|
|
||||||
nova::key: /etc/pki/tls/private/novnc_proxy.key
|
|
||||||
generate_service_certificates: true
|
|
||||||
tripleo::certmonger::ca::libvirt_vnc::origin_ca_pem:
|
|
||||||
if:
|
|
||||||
- libvirt_vnc_specific_ca_unset
|
|
||||||
- get_param: InternalTLSVncCAFile
|
|
||||||
- get_param: LibvirtVncCACert
|
|
||||||
tripleo::certmonger::libvirt_vnc_dirs::certificate_dir: '/etc/pki/libvirt-vnc'
|
|
||||||
libvirt_vnc_certificates_specs:
|
|
||||||
libvirt-vnc-client-cert:
|
|
||||||
cacertfile:
|
|
||||||
if:
|
|
||||||
- libvirt_vnc_specific_ca_unset
|
|
||||||
- get_param: InternalTLSVncCAFile
|
|
||||||
- null
|
|
||||||
service_certificate: '/etc/pki/libvirt-vnc/client-cert.pem'
|
|
||||||
service_key: '/etc/pki/libvirt-vnc/client-key.pem'
|
|
||||||
notify_service: '%{::nova::params::vncproxy_service_name}'
|
|
||||||
hostname:
|
|
||||||
str_replace:
|
|
||||||
template: "%{hiera('fqdn_NETWORK')}"
|
|
||||||
params:
|
|
||||||
NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
|
|
||||||
principal:
|
|
||||||
str_replace:
|
|
||||||
template: "libvirt-vnc/%{hiera('fqdn_NETWORK')}"
|
|
||||||
params:
|
|
||||||
NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
|
|
||||||
novnc_proxy_certificates_specs:
|
|
||||||
service_certificate: '/etc/pki/tls/certs/novnc_proxy.crt'
|
|
||||||
service_key: '/etc/pki/tls/private/novnc_proxy.key'
|
|
||||||
hostname:
|
|
||||||
str_replace:
|
|
||||||
template: "%{hiera('fqdn_NETWORK')}"
|
|
||||||
params:
|
|
||||||
NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
|
|
||||||
principal:
|
|
||||||
str_replace:
|
|
||||||
template: "novnc-proxy/%{hiera('fqdn_NETWORK')}"
|
|
||||||
params:
|
|
||||||
NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
|
|
||||||
postsave_cmd: "/usr/bin/certmonger-novnc-proxy-refresh.sh"
|
|
||||||
- {}
|
|
||||||
service_config_settings:
|
|
||||||
fluentd:
|
|
||||||
tripleo_fluentd_groups_nova_vnc_proxy:
|
|
||||||
- nova
|
|
||||||
tripleo_fluentd_sources_nova_vnc_proxy:
|
|
||||||
- {get_param: NovaVncproxyLoggingSource}
|
|
||||||
step_config: |
|
|
||||||
include tripleo::profile::base::nova::vncproxy
|
|
||||||
upgrade_tasks:
|
|
||||||
- name: Stop nova_vnc_proxy service
|
|
||||||
when: step|int == 1
|
|
||||||
service: name=openstack-nova-consoleauth state=stopped
|
|
||||||
metadata_settings:
|
|
||||||
if:
|
|
||||||
- use_tls_for_vnc
|
|
||||||
-
|
|
||||||
- service: libvirt-vnc
|
|
||||||
network: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
|
|
||||||
type: node
|
|
||||||
- service: novnc-proxy
|
|
||||||
network: {get_param: [ServiceNetMap, NovaApiNetwork]}
|
|
||||||
type: node
|
|
||||||
- null
|
|
Loading…
Reference in New Issue