Merge "Flatten Ironic services configuration"
This commit is contained in:
commit
454eff05fe
@ -2,9 +2,9 @@ resource_registry:
|
||||
OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml
|
||||
OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml
|
||||
OS::TripleO::Services::NovaIronic: ../docker/services/nova-ironic.yaml
|
||||
OS::TripleO::Services::IronicApi: ../docker/services/ironic-api.yaml
|
||||
OS::TripleO::Services::IronicConductor: ../docker/services/ironic-conductor.yaml
|
||||
OS::TripleO::Services::IronicPxe: ../docker/services/ironic-pxe.yaml
|
||||
OS::TripleO::Services::IronicApi: ../deployment/ironic/ironic-api-container-puppet.yaml
|
||||
OS::TripleO::Services::IronicConductor: ../deployment/ironic/ironic-conductor-container-puppet.yaml
|
||||
OS::TripleO::Services::IronicPxe: ../deployment/ironic/ironic-pxe-container-puppet.yaml
|
||||
|
||||
parameter_defaults:
|
||||
ControllerServices:
|
||||
|
@ -2,9 +2,9 @@ resource_registry:
|
||||
OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml
|
||||
OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml
|
||||
OS::TripleO::Services::NovaIronic: ../../docker/services/nova-ironic.yaml
|
||||
OS::TripleO::Services::IronicApi: ../../docker/services/ironic-api.yaml
|
||||
OS::TripleO::Services::IronicConductor: ../../docker/services/ironic-conductor.yaml
|
||||
OS::TripleO::Services::IronicPxe: ../../docker/services/ironic-pxe.yaml
|
||||
OS::TripleO::Services::IronicApi: ../../deployment/ironic/ironic-api-container-puppet.yaml
|
||||
OS::TripleO::Services::IronicConductor: ../../deployment/ironic/ironic-conductor-container-puppet.yaml
|
||||
OS::TripleO::Services::IronicPxe: ../../deployment/ironic/ironic-pxe-container-puppet.yaml
|
||||
# These enable Pacemaker
|
||||
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml
|
||||
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml
|
||||
|
@ -40,22 +40,61 @@ parameters:
|
||||
default: false
|
||||
description: Remove package if the service is being disabled during upgrade
|
||||
type: boolean
|
||||
IronicPassword:
|
||||
description: The password for the Ironic service and db account, used by the Ironic services
|
||||
type: string
|
||||
hidden: true
|
||||
MonitoringSubscriptionIronicApi:
|
||||
default: 'overcloud-ironic-api'
|
||||
type: string
|
||||
KeystoneRegion:
|
||||
type: string
|
||||
default: 'regionOne'
|
||||
description: Keystone region for endpoint
|
||||
IronicApiPolicies:
|
||||
description: |
|
||||
A hash of policies to configure for Ironic API.
|
||||
e.g. { ironic-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
|
||||
default: {}
|
||||
type: json
|
||||
IronicCorsAllowedOrigin:
|
||||
type: string
|
||||
default: ''
|
||||
description: Indicate whether this resource may be shared with the domain received in the request
|
||||
"origin" header.
|
||||
EnableInternalTLS:
|
||||
type: boolean
|
||||
default: false
|
||||
|
||||
conditions:
|
||||
cors_allowed_origin_unset: {equals : [{get_param: IronicCorsAllowedOrigin}, '']}
|
||||
|
||||
resources:
|
||||
|
||||
ApacheServiceBase:
|
||||
type: ../../puppet/services/apache.yaml
|
||||
properties:
|
||||
ServiceData: {get_param: ServiceData}
|
||||
ServiceNetMap: {get_param: ServiceNetMap}
|
||||
DefaultPasswords: {get_param: DefaultPasswords}
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
RoleName: {get_param: RoleName}
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
EnableInternalTLS: {get_param: EnableInternalTLS}
|
||||
|
||||
ContainersCommon:
|
||||
type: ./containers-common.yaml
|
||||
type: ../../docker/services/containers-common.yaml
|
||||
|
||||
MySQLClient:
|
||||
type: ../../puppet/services/database/mysql-client.yaml
|
||||
|
||||
IronicApiBase:
|
||||
type: ../../puppet/services/ironic-api.yaml
|
||||
IronicBase:
|
||||
type: ./ironic-base-puppet.yaml
|
||||
properties:
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
ServiceData: {get_param: ServiceData}
|
||||
ServiceNetMap: {get_param: ServiceNetMap}
|
||||
DefaultPasswords: {get_param: DefaultPasswords}
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
RoleName: {get_param: RoleName}
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
|
||||
@ -63,12 +102,82 @@ outputs:
|
||||
role_data:
|
||||
description: Role data for the Ironic API role.
|
||||
value:
|
||||
service_name: {get_attr: [IronicApiBase, role_data, service_name]}
|
||||
service_name: ironic_api
|
||||
config_settings:
|
||||
map_merge:
|
||||
- get_attr: [IronicApiBase, role_data, config_settings]
|
||||
- get_attr: [IronicBase, role_data, config_settings]
|
||||
- get_attr: [ApacheServiceBase, role_data, config_settings]
|
||||
-
|
||||
if:
|
||||
- cors_allowed_origin_unset
|
||||
- {}
|
||||
- ironic::cors::allowed_origin: {get_param: IronicCorsAllowedOrigin}
|
||||
- ironic::api::authtoken::password: {get_param: IronicPassword}
|
||||
ironic::api::authtoken::project_name: 'service'
|
||||
ironic::api::authtoken::user_domain_name: 'Default'
|
||||
ironic::api::authtoken::project_domain_name: 'Default'
|
||||
ironic::api::authtoken::username: 'ironic'
|
||||
ironic::api::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
ironic::api::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the
|
||||
# local node IP for the given network; replacement examples
|
||||
# (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
ironic::api::host_ip:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, IronicApiNetwork]}
|
||||
ironic::api::port: {get_param: [EndpointMap, IronicInternal, port]}
|
||||
# This is used to build links in responses
|
||||
ironic::api::public_endpoint: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]}
|
||||
ironic::api::service_name: 'httpd'
|
||||
ironic::policy::policies: {get_param: IronicApiPolicies}
|
||||
ironic::wsgi::apache::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, IronicApiNetwork]}
|
||||
ironic::wsgi::apache::port: {get_param: [EndpointMap, IronicInternal, port]}
|
||||
ironic::wsgi::apache::servername:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('fqdn_$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, IronicApiNetwork]}
|
||||
ironic::wsgi::apache::ssl: {get_param: EnableInternalTLS}
|
||||
ironic::cors::max_age: 3600
|
||||
ironic::cors::allow_methods: 'GET,POST,PUT,DELETE,OPTIONS,PATCH'
|
||||
ironic::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token'
|
||||
ironic::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma'
|
||||
|
||||
tripleo::ironic_api::firewall_rules:
|
||||
'133 ironic api':
|
||||
dport:
|
||||
- 6385
|
||||
- 13385
|
||||
- apache::default_vhost: false
|
||||
service_config_settings: {get_attr: [IronicApiBase, role_data, service_config_settings]}
|
||||
service_config_settings:
|
||||
keystone:
|
||||
ironic::keystone::auth::admin_url: {get_param: [EndpointMap, IronicAdmin, uri_no_suffix]}
|
||||
ironic::keystone::auth::internal_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]}
|
||||
ironic::keystone::auth::public_url: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]}
|
||||
ironic::keystone::auth::auth_name: 'ironic'
|
||||
ironic::keystone::auth::password: {get_param: IronicPassword }
|
||||
ironic::keystone::auth::tenant: 'service'
|
||||
ironic::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
mysql:
|
||||
ironic::db::mysql::password: {get_param: IronicPassword}
|
||||
ironic::db::mysql::user: ironic
|
||||
ironic::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
|
||||
ironic::db::mysql::dbname: ironic
|
||||
ironic::db::mysql::allowed_hosts:
|
||||
- '%'
|
||||
- "%{hiera('mysql_bind_host')}"
|
||||
# BEGIN DOCKER SETTINGS
|
||||
puppet_config:
|
||||
config_volume: ironic_api
|
||||
@ -76,7 +185,7 @@ outputs:
|
||||
step_config:
|
||||
list_join:
|
||||
- "\n"
|
||||
- - {get_attr: [IronicApiBase, role_data, step_config]}
|
||||
- - include ::tripleo::profile::base::ironic::api
|
||||
- {get_attr: [MySQLClient, role_data, step_config]}
|
||||
config_image: {get_param: DockerIronicApiConfigImage}
|
||||
kolla_config:
|
@ -1,9 +1,20 @@
|
||||
heat_template_version: rocky
|
||||
|
||||
description: >
|
||||
OpenStack Ironic conductor configured with Puppet
|
||||
OpenStack containerized Ironic Conductor service
|
||||
|
||||
parameters:
|
||||
DockerIronicConductorImage:
|
||||
description: image
|
||||
type: string
|
||||
DockerIronicConfigImage:
|
||||
description: The container image to use for the ironic config_volume
|
||||
type: string
|
||||
EndpointMap:
|
||||
default: {}
|
||||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
type: json
|
||||
ServiceData:
|
||||
default: {}
|
||||
description: Dictionary packing service data
|
||||
@ -29,11 +40,11 @@ parameters:
|
||||
default: {}
|
||||
description: Parameters specific to the role
|
||||
type: json
|
||||
EndpointMap:
|
||||
default: {}
|
||||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
type: json
|
||||
IronicConfigureSwiftTempUrlKey:
|
||||
default: true
|
||||
description: Whether to configure Swift temporary URLs for use with
|
||||
the "direct" and "ansible" deploy interfaces.
|
||||
type: boolean
|
||||
IronicAutomatedClean:
|
||||
default: true
|
||||
description: Enables or disables automated cleaning which may result in
|
||||
@ -215,19 +226,10 @@ parameters:
|
||||
default: []
|
||||
description: List of additional architectures to enable.
|
||||
type: comma_delimited_list
|
||||
|
||||
resources:
|
||||
IronicBase:
|
||||
type: ./ironic-base.yaml
|
||||
properties:
|
||||
ServiceData: {get_param: ServiceData}
|
||||
ServiceNetMap: {get_param: ServiceNetMap}
|
||||
DefaultPasswords: {get_param: DefaultPasswords}
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
RoleName: {get_param: RoleName}
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
Debug: {get_param: Debug}
|
||||
IronicDebug: {get_param: IronicDebug}
|
||||
UpgradeRemoveUnusedPackages:
|
||||
default: false
|
||||
description: Remove package if the service is being disabled during upgrade
|
||||
type: boolean
|
||||
|
||||
conditions:
|
||||
default_deploy_interface_unset: {equals : [{get_param: IronicDefaultDeployInterface}, '']}
|
||||
@ -239,10 +241,31 @@ conditions:
|
||||
- equals: [{get_param: IronicDebug}, 'TRUE']
|
||||
- equals: [{get_param: Debug}, true]
|
||||
enable_architecture_ppc64le: {contains: ['ppc64le', {get_param: AdditionalArchitectures}]}
|
||||
configure_swift_temp_url: {equals: [{get_param: IronicConfigureSwiftTempUrlKey}, true]}
|
||||
|
||||
resources:
|
||||
|
||||
ContainersCommon:
|
||||
type: ../../docker/services/containers-common.yaml
|
||||
|
||||
MySQLClient:
|
||||
type: ../../puppet/services/database/mysql-client.yaml
|
||||
|
||||
IronicBase:
|
||||
type: ./ironic-base-puppet.yaml
|
||||
properties:
|
||||
ServiceData: {get_param: ServiceData}
|
||||
ServiceNetMap: {get_param: ServiceNetMap}
|
||||
DefaultPasswords: {get_param: DefaultPasswords}
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
RoleName: {get_param: RoleName}
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
Debug: {get_param: Debug}
|
||||
IronicDebug: {get_param: IronicDebug}
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
description: Role data for the Ironic conductor role.
|
||||
description: Role data for the Ironic Conductor role.
|
||||
value:
|
||||
service_name: ironic_conductor
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionIronicConductor}
|
||||
@ -394,9 +417,213 @@ outputs:
|
||||
ironic::drivers::inspector::user_domain_name: 'Default'
|
||||
ironic::drivers::inspector::project_domain_name: 'Default'
|
||||
tripleo::profile::base::ironic::conductor::enable_staging: {get_param: IronicEnableStagingDrivers}
|
||||
step_config: |
|
||||
include ::tripleo::profile::base::ironic::conductor
|
||||
# to avoid hard linking errors we store these on the same
|
||||
# volume/device as the ironic master_path
|
||||
# https://github.com/docker/docker/issues/7457
|
||||
- ironic::drivers::pxe::tftp_root: /var/lib/ironic/tftpboot
|
||||
- ironic::drivers::pxe::tftp_master_path: /var/lib/ironic/tftpboot/master_images
|
||||
- ironic::pxe::tftp_root: /var/lib/ironic/tftpboot
|
||||
- ironic::pxe::http_root: /var/lib/ironic/httpboot
|
||||
- ironic::conductor::http_root: /var/lib/ironic/httpboot
|
||||
service_config_settings: {}
|
||||
# BEGIN DOCKER SETTINGS
|
||||
puppet_config:
|
||||
config_volume: ironic
|
||||
puppet_tags: ironic_config
|
||||
step_config:
|
||||
list_join:
|
||||
- "\n"
|
||||
- - include ::tripleo::profile::base::ironic::conductor
|
||||
- {get_attr: [MySQLClient, role_data, step_config]}
|
||||
config_image: {get_param: DockerIronicConfigImage}
|
||||
volumes:
|
||||
- /var/lib/ironic:/var/lib/ironic:z
|
||||
kolla_config:
|
||||
/var/lib/kolla/config_files/ironic_conductor.json:
|
||||
command: /usr/bin/ironic-conductor
|
||||
config_files:
|
||||
- source: "/var/lib/kolla/config_files/src/*"
|
||||
dest: "/"
|
||||
merge: true
|
||||
preserve_properties: true
|
||||
permissions:
|
||||
- path: /var/lib/ironic
|
||||
owner: ironic:ironic
|
||||
recurse: true
|
||||
- path: /var/log/ironic
|
||||
owner: ironic:ironic
|
||||
recurse: true
|
||||
docker_config_scripts:
|
||||
create_swift_temp_url_key.sh:
|
||||
mode: "0700"
|
||||
content: |
|
||||
#!/bin/bash
|
||||
export OS_PROJECT_DOMAIN_NAME=$(crudini --get /etc/ironic/ironic.conf swift project_domain_name)
|
||||
export OS_USER_DOMAIN_NAME=$(crudini --get /etc/ironic/ironic.conf swift user_domain_name)
|
||||
export OS_PROJECT_NAME=$(crudini --get /etc/ironic/ironic.conf swift project_name)
|
||||
export OS_USERNAME=$(crudini --get /etc/ironic/ironic.conf swift username)
|
||||
export OS_PASSWORD=$(crudini --get /etc/ironic/ironic.conf swift password)
|
||||
export OS_AUTH_URL=$(crudini --get /etc/ironic/ironic.conf swift auth_url)
|
||||
export OS_AUTH_TYPE=password
|
||||
export OS_IDENTITY_API_VERSION=3
|
||||
|
||||
echo "Check if a temporary URL key already exists"
|
||||
RETVAL=-1
|
||||
RETRIES=5
|
||||
while [ ${RETVAL} -ne 0 ] && [ ${RETRIES} -gt 0 ]; do
|
||||
RETRIES=$[$RETRIES-1]
|
||||
CMD_OUT=$(openstack object store account show -f value)
|
||||
RETVAL=$?
|
||||
if [ ${RETVAL} -ne 0 ]; then
|
||||
echo Retrying...
|
||||
sleep 5
|
||||
continue
|
||||
fi
|
||||
if [[ ! ${CMD_OUT} =~ "Temp-Url-Key" ]] ; then
|
||||
echo "Creating a new temporary URL for project $OS_PROJECT_NAME"
|
||||
SWIFT_TEMP_URL_KEY=$(uuidgen | sha1sum | awk '{print $1}')
|
||||
openstack object store account set --property "Temp-URL-Key=$SWIFT_TEMP_URL_KEY"
|
||||
RETVAL=$?
|
||||
fi
|
||||
done
|
||||
|
||||
docker_config:
|
||||
step_4:
|
||||
map_merge:
|
||||
- if:
|
||||
- configure_swift_temp_url
|
||||
- create_swift_temp_url_key:
|
||||
start_order: 70
|
||||
image: &ironic_conductor_image {get_param: DockerIronicConductorImage}
|
||||
net: host
|
||||
detach: false
|
||||
volumes:
|
||||
list_concat:
|
||||
- {get_attr: [ContainersCommon, volumes]}
|
||||
-
|
||||
- /var/lib/config-data/puppet-generated/ironic/etc/ironic:/etc/ironic:ro
|
||||
- /var/lib/docker-config-scripts/create_swift_temp_url_key.sh:/create_swift_temp_url_key.sh:ro
|
||||
user: root
|
||||
command: "/usr/bin/bootstrap_host_exec ironic_conductor /create_swift_temp_url_key.sh"
|
||||
- {}
|
||||
- ironic_conductor:
|
||||
start_order: 80
|
||||
image: *ironic_conductor_image
|
||||
net: host
|
||||
privileged: true
|
||||
restart: always
|
||||
healthcheck:
|
||||
test:
|
||||
list_join:
|
||||
- ' '
|
||||
- - '/openstack/healthcheck'
|
||||
- yaql:
|
||||
expression: str($.data.port)
|
||||
data:
|
||||
port: {get_attr: [IronicBase, role_data, config_settings, 'ironic::rabbit_port']}
|
||||
volumes:
|
||||
list_concat:
|
||||
- {get_attr: [ContainersCommon, volumes]}
|
||||
-
|
||||
- /var/lib/kolla/config_files/ironic_conductor.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- /var/lib/config-data/puppet-generated/ironic/:/var/lib/kolla/config_files/src:ro
|
||||
- /lib/modules:/lib/modules:ro
|
||||
- /sys:/sys
|
||||
- /dev:/dev
|
||||
- /run:/run #shared?
|
||||
- /var/lib/ironic:/var/lib/ironic:z
|
||||
- /var/log/containers/ironic:/var/log/ironic:z
|
||||
environment:
|
||||
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
||||
host_prep_tasks:
|
||||
- name: load iscsi_tcp module
|
||||
import_role:
|
||||
name: tripleo-module-load
|
||||
vars:
|
||||
modules:
|
||||
- name: iscsi_tcp
|
||||
- name: create persistent directories
|
||||
file:
|
||||
path: "{{ item.path }}"
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/ironic, 'setype': svirt_sandbox_file_t }
|
||||
- { 'path': /var/lib/ironic, 'setype': svirt_sandbox_file_t }
|
||||
- name: ironic logs readme
|
||||
copy:
|
||||
dest: /var/log/ironic/readme.txt
|
||||
content: |
|
||||
Log files from ironic containers can be found under
|
||||
/var/log/containers/ironic and /var/log/containers/httpd/ironic-*.
|
||||
ignore_errors: true
|
||||
- name: stat /httpboot
|
||||
stat: path=/httpboot
|
||||
register: stat_httpboot
|
||||
- name: stat /tftpboot
|
||||
stat: path=/tftpboot
|
||||
register: stat_tftpboot
|
||||
- name: stat /var/lib/ironic/httpboot
|
||||
stat: path=/var/lib/ironic/httpboot
|
||||
register: stat_ironic_httpboot
|
||||
- name: stat /var/lib/ironic/tftpboot
|
||||
stat: path=/var/lib/ironic/tftpboot
|
||||
register: stat_ironic_tftpboot
|
||||
# cannot use 'copy' module as with 'remote_src' it doesn't support recursion
|
||||
- name: migrate /httpboot to containerized (if applicable)
|
||||
command: /bin/cp -R /httpboot /var/lib/ironic/httpboot
|
||||
when: stat_httpboot.stat.exists and not stat_ironic_httpboot.stat.exists
|
||||
- name: migrate /tftpboot to containerized (if applicable)
|
||||
command: /bin/cp -R /tftpboot /var/lib/ironic/tftpboot
|
||||
when: stat_tftpboot.stat.exists and not stat_ironic_tftpboot.stat.exists
|
||||
# Even if there was nothing to copy from original locations,
|
||||
# we need to create the dirs before starting the containers
|
||||
- name: ensure ironic pxe directories exist
|
||||
file:
|
||||
path: /var/lib/ironic/{{ item }}
|
||||
state: directory
|
||||
with_items:
|
||||
- httpboot
|
||||
- tftpboot
|
||||
upgrade_tasks:
|
||||
- name: Stop ironic_conductor service
|
||||
when: step|int == 1
|
||||
service: name=openstack-ironic-conductor state=stopped
|
||||
- when: step|int == 3
|
||||
block:
|
||||
- name: Set fact for removal of openstack-ironic-conductor package
|
||||
set_fact:
|
||||
remove_ironic_conductor_package: {get_param: UpgradeRemoveUnusedPackages}
|
||||
- name: Remove openstack-ironic-conductor package if operator requests it
|
||||
package: name=openstack-ironic-conductor state=removed
|
||||
ignore_errors: True
|
||||
when: remove_ironic_conductor_package|bool
|
||||
post_upgrade_tasks:
|
||||
- when: step|int == 1
|
||||
import_role:
|
||||
name: tripleo-docker-rm
|
||||
vars:
|
||||
containers_to_rm:
|
||||
- ironic_conductor
|
||||
fast_forward_upgrade_tasks:
|
||||
- when:
|
||||
- step|int == 0
|
||||
- release == 'ocata'
|
||||
block:
|
||||
- name: Check if ironic_conductor is deployed
|
||||
command: systemctl is-enabled --quiet openstack-ironic-conductor
|
||||
ignore_errors: True
|
||||
register: ironic_conductor_enabled_result
|
||||
- name: Set fact ironic_conductor_enabled
|
||||
set_fact:
|
||||
ironic_conductor_enabled: "{{ ironic_conductor_enabled_result.rc == 0 }}"
|
||||
- name: Stop openstack-ironic-conductor
|
||||
service: name=openstack-ironic-conductor state=stopped enabled=no
|
||||
when:
|
||||
- step|int == 1
|
||||
- release == 'ocata'
|
||||
- ironic_conductor_enabled|bool
|
||||
- name: Ironic packages update
|
||||
package:
|
||||
name: 'openstack-ironic*'
|
||||
state: latest
|
||||
when:
|
||||
- step|int == 6
|
||||
- is_bootstrap_node|bool
|
@ -1,12 +1,19 @@
|
||||
heat_template_version: rocky
|
||||
|
||||
description: >
|
||||
OpenStack Ironic Inspector configured with Puppet (EXPERIMENTAL)
|
||||
OpenStack containerized Ironic Inspector service (EXPERIMENTAL)
|
||||
|
||||
parameters:
|
||||
ServiceData:
|
||||
DockerIronicInspectorImage:
|
||||
description: image
|
||||
type: string
|
||||
DockerIronicInspectorConfigImage:
|
||||
description: The container image to use for the ironic_inspector config_volume
|
||||
type: string
|
||||
EndpointMap:
|
||||
default: {}
|
||||
description: Dictionary packing service data
|
||||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
type: json
|
||||
ServiceNetMap:
|
||||
default: {}
|
||||
@ -14,6 +21,10 @@ parameters:
|
||||
via parameter_defaults in the resource registry. This
|
||||
mapping overrides those in ServiceNetMapDefaults.
|
||||
type: json
|
||||
ServiceData:
|
||||
default: {}
|
||||
description: Dictionary packing service data
|
||||
type: json
|
||||
DefaultPasswords:
|
||||
default: {}
|
||||
type: json
|
||||
@ -25,11 +36,14 @@ parameters:
|
||||
default: {}
|
||||
description: Parameters specific to the role
|
||||
type: json
|
||||
EndpointMap:
|
||||
default: {}
|
||||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
IPAImageURLs:
|
||||
default: []
|
||||
description: IPA image URLs, the format should be ["http://path/to/kernel", "http://path/to/ramdisk"]
|
||||
type: json
|
||||
UpgradeRemoveUnusedPackages:
|
||||
default: false
|
||||
description: Remove package if the service is being disabled during upgrade
|
||||
type: boolean
|
||||
MonitoringSubscriptionIronicInspector:
|
||||
default: 'overcloud-ironic-inspector'
|
||||
type: string
|
||||
@ -150,13 +164,21 @@ conditions:
|
||||
enable_node_discovery: {equals : [{get_param: IronicInspectorEnableNodeDiscovery}, true]}
|
||||
ironic_inspection_subnets_not_set: {equals : [{get_param: IronicInspectorSubnets}, {}]}
|
||||
enable_architecture_ppc64le: {contains: ['ppc64le', {get_param: AdditionalArchitectures}]}
|
||||
ipa_images: {not: {equals: [{get_param: IPAImageURLs}, []]}}
|
||||
|
||||
resources:
|
||||
|
||||
ContainersCommon:
|
||||
type: ../../docker/services/containers-common.yaml
|
||||
|
||||
MySQLClient:
|
||||
type: ../../puppet/services/database/mysql-client.yaml
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
description: Role data for the Ironic Inspector role.
|
||||
value:
|
||||
service_name: ironic_inspector
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionIronicInspector}
|
||||
config_settings:
|
||||
map_merge:
|
||||
- ironic::inspector::listen_address:
|
||||
@ -257,8 +279,9 @@ outputs:
|
||||
- ironic::inspector::node_not_found_hook: 'enroll'
|
||||
ironic::inspector::discovery_default_driver: {get_param: IronicInspectorDiscoveryDefaultDriver}
|
||||
- {}
|
||||
step_config: |
|
||||
include ::tripleo::profile::base::ironic_inspector
|
||||
# Match what we do for Ironic containers
|
||||
- ironic::inspector::tftp_root: /var/lib/ironic/tftpboot
|
||||
- ironic::inspector::http_root: /var/lib/ironic/httpboot
|
||||
service_config_settings:
|
||||
keystone:
|
||||
ironic::keystone::auth_inspector::tenant: 'service'
|
||||
@ -275,25 +298,180 @@ outputs:
|
||||
ironic::inspector::db::mysql::allowed_hosts:
|
||||
- '%'
|
||||
- "%{hiera('mysql_bind_host')}"
|
||||
# BEGIN DOCKER SETTINGS
|
||||
puppet_config:
|
||||
config_volume: ironic_inspector
|
||||
puppet_tags: ironic_inspector_config
|
||||
step_config:
|
||||
list_join:
|
||||
- "\n"
|
||||
- - include ::tripleo::profile::base::ironic_inspector
|
||||
- {get_attr: [MySQLClient, role_data, step_config]}
|
||||
config_image: {get_param: DockerIronicInspectorConfigImage}
|
||||
volumes:
|
||||
- /var/lib/ironic:/var/lib/ironic:z
|
||||
- /var/lib/ironic-inspector/dhcp-hostsdir:/var/lib/ironic-inspector/dhcp-hostsdir:z
|
||||
kolla_config:
|
||||
/var/lib/kolla/config_files/ironic_inspector.json:
|
||||
command: /usr/bin/ironic-inspector --config-file /etc/ironic-inspector/inspector-dist.conf --config-file /etc/ironic-inspector/inspector.conf
|
||||
config_files:
|
||||
- source: "/var/lib/kolla/config_files/src/*"
|
||||
dest: "/"
|
||||
merge: true
|
||||
preserve_properties: true
|
||||
permissions:
|
||||
- path: /var/log/ironic-inspector
|
||||
owner: ironic-inspector:ironic-inspector
|
||||
recurse: true
|
||||
- path: /var/lib/ironic
|
||||
owner: ironic:ironic
|
||||
recurse: true
|
||||
- path: /var/lib/ironic-inspector/dhcp-hostsdir
|
||||
owner: ironic-inspector:ironic-inspector
|
||||
recurse: true
|
||||
/var/lib/kolla/config_files/ironic_inspector_dnsmasq.json:
|
||||
config_files:
|
||||
- source: "/var/lib/kolla/config_files/src/*"
|
||||
dest: "/"
|
||||
merge: true
|
||||
preserve_properties: true
|
||||
permissions:
|
||||
- path: /var/lib/ironic-inspector/dhcp-hostsdir
|
||||
owner: ironic-inspector:ironic-inspector
|
||||
recurse: true
|
||||
command: /sbin/dnsmasq --conf-file=/etc/ironic-inspector/dnsmasq.conf -k --log-facility=/var/log/ironic-inspector/dnsmasq.log
|
||||
docker_config:
|
||||
step_3:
|
||||
ironic_inspector_init_log:
|
||||
start_order: 0
|
||||
image: &ironic_inspector_image
|
||||
get_param: DockerIronicInspectorImage
|
||||
user: root
|
||||
volumes:
|
||||
- /var/log/containers/ironic-inspector:/var/log/ironic-inspector:z
|
||||
command: ['/bin/bash', '-c', 'chown -R ironic-inspector:ironic-inspector /var/log/ironic-inspector']
|
||||
|
||||
ironic_inspector_init_dnsmasq_dhcp_hostsdir:
|
||||
start_order: 1
|
||||
image: *ironic_inspector_image
|
||||
user: root
|
||||
volumes:
|
||||
- /var/lib/ironic-inspector/dhcp-hostsdir:/var/lib/ironic-inspector/dhcp-hostsdir:shared,z
|
||||
command: ['/bin/bash', '-c', 'chown -R ironic-inspector:ironic-inspector /var/lib/ironic-inspector/dhcp-hostsdir']
|
||||
ironic_inspector_db_sync:
|
||||
start_order: 2
|
||||
image: *ironic_inspector_image
|
||||
net: host
|
||||
user: root
|
||||
privileged: false
|
||||
detach: false
|
||||
volumes:
|
||||
list_concat:
|
||||
- {get_attr: [ContainersCommon, volumes]}
|
||||
-
|
||||
- /var/lib/kolla/config_files/ironic_inspector.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- /var/lib/config-data/ironic_inspector/etc/ironic-inspector:/etc/ironic-inspector:ro
|
||||
- /var/log/containers/ironic-inspector:/var/log/ironic-inspector:z
|
||||
environment:
|
||||
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
||||
command: "/usr/bin/bootstrap_host_exec ironic_inspector su ironic-inspector -s /bin/bash -c 'ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade'"
|
||||
ironic_inspector_get_ipa:
|
||||
start_order: 2
|
||||
image: *ironic_inspector_image
|
||||
net: host
|
||||
user: root
|
||||
privileged: false
|
||||
detach: false
|
||||
volumes:
|
||||
list_concat:
|
||||
- {get_attr: [ContainersCommon, volumes]}
|
||||
-
|
||||
- /var/lib/kolla/config_files/ironic_inspector.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- /var/lib/ironic:/var/lib/ironic:shared,z
|
||||
environment:
|
||||
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
||||
command:
|
||||
if:
|
||||
- ipa_images
|
||||
- list_join:
|
||||
- " "
|
||||
- - "curl -g -o /var/lib/ironic/httpboot/agent.kernel"
|
||||
- {get_param: [IPAImageURLs, 0]}
|
||||
- "-o /var/lib/ironic/httpboot/agent.ramdisk"
|
||||
- {get_param: [IPAImageURLs, 1]}
|
||||
- 'true'
|
||||
step_4:
|
||||
ironic_inspector:
|
||||
start_order: 92
|
||||
image: *ironic_inspector_image
|
||||
privileged: true
|
||||
net: host
|
||||
restart: always
|
||||
healthcheck:
|
||||
test: /openstack/healthcheck
|
||||
volumes:
|
||||
list_concat:
|
||||
- {get_attr: [ContainersCommon, volumes]}
|
||||
-
|
||||
- /var/lib/kolla/config_files/ironic_inspector.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- /var/lib/config-data/puppet-generated/ironic_inspector/:/var/lib/kolla/config_files/src:ro
|
||||
- /var/lib/ironic:/var/lib/ironic:shared,z
|
||||
- /var/log/containers/ironic-inspector:/var/log/ironic-inspector:z
|
||||
- /var/lib/ironic-inspector/dhcp-hostsdir:/var/lib/ironic-inspector/dhcp-hostsdir:shared,z
|
||||
environment:
|
||||
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
||||
ironic_inspector_dnsmasq:
|
||||
start_order: 93
|
||||
image: *ironic_inspector_image
|
||||
privileged: true
|
||||
net: host
|
||||
restart: always
|
||||
user: root
|
||||
healthcheck:
|
||||
test: /openstack/healthcheck
|
||||
volumes:
|
||||
list_concat:
|
||||
- {get_attr: [ContainersCommon, volumes]}
|
||||
-
|
||||
- /var/lib/kolla/config_files/ironic_inspector_dnsmasq.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- /var/lib/config-data/puppet-generated/ironic_inspector/:/var/lib/kolla/config_files/src:ro
|
||||
- /var/log/containers/ironic-inspector:/var/log/ironic-inspector:z
|
||||
- /var/lib/ironic-inspector/dhcp-hostsdir:/var/lib/ironic-inspector/dhcp-hostsdir:shared,z
|
||||
environment:
|
||||
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
||||
host_prep_tasks:
|
||||
- name: create persistent ironic-inspector logs directory
|
||||
file:
|
||||
path: /var/log/containers/ironic-inspector
|
||||
state: directory
|
||||
setype: svirt_sandbox_file_t
|
||||
- name: ironic-inspector logs readme
|
||||
copy:
|
||||
dest: /var/log/ironic-inspector/readme.txt
|
||||
content: |
|
||||
Log files from ironic-inspector container can be found under
|
||||
/var/log/containers/ironic-inspector.
|
||||
ignore_errors: true
|
||||
- name: create persistent ironic-inspector dnsmasq dhcp hostsdir
|
||||
file:
|
||||
path: /var/lib/ironic-inspector/dhcp-hostsdir
|
||||
state: directory
|
||||
setype: svirt_sandbox_file_t
|
||||
upgrade_tasks:
|
||||
- name: Stop and disable ironic_inspector service
|
||||
when: step|int == 2
|
||||
service: name=openstack-ironic-inspector state=stopped enabled=no
|
||||
- name: Stop and disable ironic_inspector dnsmasq service
|
||||
when: step|int == 2
|
||||
service: name=openstack-ironic-inspector-dnsmasq state=stopped enabled=no
|
||||
- name: purge iptables port 67 jump rule
|
||||
when: step|int == 2
|
||||
iptables:
|
||||
chain: INPUT
|
||||
interface: {get_param: IronicInspectorInterface}
|
||||
protocol: udp
|
||||
destination_port: 67
|
||||
jump: ironic-inspector
|
||||
state: absent
|
||||
- name: purge iptables ironic-inspector chain
|
||||
when: step|int == 2
|
||||
iptables:
|
||||
chain: ironic-inspector
|
||||
flush: true
|
||||
state: absent
|
||||
- when: step|int == 3
|
||||
block:
|
||||
- name: Set fact for removal of openstack-ironic-inspector package
|
||||
set_fact:
|
||||
remove_ironic_inspector_package: {get_param: UpgradeRemoveUnusedPackages}
|
||||
- name: Remove openstack-ironic-inspector package if operator requests it
|
||||
package: name=openstack-ironic-inspector state=removed
|
||||
ignore_errors: True
|
||||
when: remove_ironic_inspector_package|bool
|
||||
post_upgrade_tasks:
|
||||
- when: step|int == 1
|
||||
import_role:
|
||||
name: tripleo-docker-rm
|
||||
vars:
|
||||
containers_to_rm:
|
||||
- ironic_inspector
|
||||
- ironic_inspector_dnsmasq
|
@ -36,19 +36,28 @@ parameters:
|
||||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
type: json
|
||||
IronicPassword:
|
||||
description: The password for the Ironic service and db account, used by the Ironic services
|
||||
type: string
|
||||
hidden: true
|
||||
KeystoneRegion:
|
||||
type: string
|
||||
default: 'regionOne'
|
||||
description: Keystone region for endpoint
|
||||
|
||||
resources:
|
||||
|
||||
ContainersCommon:
|
||||
type: ./containers-common.yaml
|
||||
type: ../../docker/services/containers-common.yaml
|
||||
|
||||
IronicNeutronAgentBase:
|
||||
type: ../../puppet/services/ironic-neutron-agent.yaml
|
||||
# TODO() Point to the right neutron-base once neutron is flat
|
||||
NeutronBase:
|
||||
type: ../../puppet/services/neutron-base.yaml
|
||||
properties:
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
ServiceData: {get_param: ServiceData}
|
||||
ServiceNetMap: {get_param: ServiceNetMap}
|
||||
DefaultPasswords: {get_param: DefaultPasswords}
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
RoleName: {get_param: RoleName}
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
|
||||
@ -61,16 +70,23 @@ outputs:
|
||||
role_data:
|
||||
description: Role data for ironic-neutron-agent service
|
||||
value:
|
||||
service_name: {get_attr: [IronicNeutronAgentBase, role_data, service_name]}
|
||||
service_name: ironic_neutron_agent
|
||||
config_settings:
|
||||
map_merge:
|
||||
- get_attr: [IronicNeutronAgentBase, role_data, config_settings]
|
||||
- get_attr: [NeutronBase, role_data, config_settings]
|
||||
- neutron::agents::ml2::networking_baremetal::user: 'ironic'
|
||||
- neutron::agents::ml2::networking_baremetal::password: {get_param: IronicPassword}
|
||||
- neutron::agents::ml2::networking_baremetal::auth_url: { get_param: [ EndpointMap, KeystoneInternal, uri_no_suffix ] }
|
||||
- neutron::agents::ml2::networking_baremetal::project_name: 'service'
|
||||
- neutron::agents::ml2::networking_baremetal::user_domain_name: 'Default'
|
||||
- neutron::agents::ml2::networking_baremetal::project_domain_name: 'Default'
|
||||
- neutron::agents::ml2::networking_baremetal::region_name: {get_param: KeystoneRegion}
|
||||
- get_attr: [NeutronLogging, config_settings]
|
||||
puppet_config:
|
||||
config_volume: neutron
|
||||
puppet_tags: neutron_config,ironic_neutron_agent_config
|
||||
step_config:
|
||||
get_attr: [IronicNeutronAgentBase, role_data, step_config]
|
||||
include tripleo::profile::base::neutron::agents::networking_baremetal
|
||||
config_image: {get_param: DockerNeutronConfigImage}
|
||||
kolla_config:
|
||||
/var/lib/kolla/config_files/ironic_neutron_agent.json:
|
@ -44,7 +44,7 @@ parameters:
|
||||
resources:
|
||||
|
||||
ContainersCommon:
|
||||
type: ./containers-common.yaml
|
||||
type: ../../docker/services/containers-common.yaml
|
||||
|
||||
outputs:
|
||||
role_data:
|
@ -1,287 +0,0 @@
|
||||
heat_template_version: rocky
|
||||
|
||||
description: >
|
||||
OpenStack containerized Ironic Conductor service
|
||||
|
||||
parameters:
|
||||
DockerIronicConductorImage:
|
||||
description: image
|
||||
type: string
|
||||
DockerIronicConfigImage:
|
||||
description: The container image to use for the ironic config_volume
|
||||
type: string
|
||||
EndpointMap:
|
||||
default: {}
|
||||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
type: json
|
||||
ServiceData:
|
||||
default: {}
|
||||
description: Dictionary packing service data
|
||||
type: json
|
||||
ServiceNetMap:
|
||||
default: {}
|
||||
description: Mapping of service_name -> network name. Typically set
|
||||
via parameter_defaults in the resource registry. This
|
||||
mapping overrides those in ServiceNetMapDefaults.
|
||||
type: json
|
||||
DefaultPasswords:
|
||||
default: {}
|
||||
type: json
|
||||
RoleName:
|
||||
default: ''
|
||||
description: Role name on which the service is applied
|
||||
type: string
|
||||
RoleParameters:
|
||||
default: {}
|
||||
description: Parameters specific to the role
|
||||
type: json
|
||||
IronicConfigureSwiftTempUrlKey:
|
||||
default: true
|
||||
description: Whether to configure Swift temporary URLs for use with
|
||||
the "direct" and "ansible" deploy interfaces.
|
||||
type: boolean
|
||||
UpgradeRemoveUnusedPackages:
|
||||
default: false
|
||||
description: Remove package if the service is being disabled during upgrade
|
||||
type: boolean
|
||||
|
||||
conditions:
|
||||
configure_swift_temp_url: {equals: [{get_param: IronicConfigureSwiftTempUrlKey}, true]}
|
||||
|
||||
resources:
|
||||
|
||||
ContainersCommon:
|
||||
type: ./containers-common.yaml
|
||||
|
||||
MySQLClient:
|
||||
type: ../../puppet/services/database/mysql-client.yaml
|
||||
|
||||
IronicConductorBase:
|
||||
type: ../../puppet/services/ironic-conductor.yaml
|
||||
properties:
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
ServiceData: {get_param: ServiceData}
|
||||
ServiceNetMap: {get_param: ServiceNetMap}
|
||||
DefaultPasswords: {get_param: DefaultPasswords}
|
||||
RoleName: {get_param: RoleName}
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
description: Role data for the Ironic Conductor role.
|
||||
value:
|
||||
service_name: {get_attr: [IronicConductorBase, role_data, service_name]}
|
||||
config_settings:
|
||||
map_merge:
|
||||
- get_attr: [IronicConductorBase, role_data, config_settings]
|
||||
# to avoid hard linking errors we store these on the same
|
||||
# volume/device as the ironic master_path
|
||||
# https://github.com/docker/docker/issues/7457
|
||||
- ironic::drivers::pxe::tftp_root: /var/lib/ironic/tftpboot
|
||||
- ironic::drivers::pxe::tftp_master_path: /var/lib/ironic/tftpboot/master_images
|
||||
- ironic::pxe::tftp_root: /var/lib/ironic/tftpboot
|
||||
- ironic::pxe::http_root: /var/lib/ironic/httpboot
|
||||
- ironic::conductor::http_root: /var/lib/ironic/httpboot
|
||||
service_config_settings: {get_attr: [IronicConductorBase, role_data, service_config_settings]}
|
||||
# BEGIN DOCKER SETTINGS
|
||||
puppet_config:
|
||||
config_volume: ironic
|
||||
puppet_tags: ironic_config
|
||||
step_config:
|
||||
list_join:
|
||||
- "\n"
|
||||
- - {get_attr: [IronicConductorBase, role_data, step_config]}
|
||||
- {get_attr: [MySQLClient, role_data, step_config]}
|
||||
config_image: {get_param: DockerIronicConfigImage}
|
||||
volumes:
|
||||
- /var/lib/ironic:/var/lib/ironic:z
|
||||
kolla_config:
|
||||
/var/lib/kolla/config_files/ironic_conductor.json:
|
||||
command: /usr/bin/ironic-conductor
|
||||
config_files:
|
||||
- source: "/var/lib/kolla/config_files/src/*"
|
||||
dest: "/"
|
||||
merge: true
|
||||
preserve_properties: true
|
||||
permissions:
|
||||
- path: /var/lib/ironic
|
||||
owner: ironic:ironic
|
||||
recurse: true
|
||||
- path: /var/log/ironic
|
||||
owner: ironic:ironic
|
||||
recurse: true
|
||||
docker_config_scripts:
|
||||
create_swift_temp_url_key.sh:
|
||||
mode: "0700"
|
||||
content: |
|
||||
#!/bin/bash
|
||||
export OS_PROJECT_DOMAIN_NAME=$(crudini --get /etc/ironic/ironic.conf swift project_domain_name)
|
||||
export OS_USER_DOMAIN_NAME=$(crudini --get /etc/ironic/ironic.conf swift user_domain_name)
|
||||
export OS_PROJECT_NAME=$(crudini --get /etc/ironic/ironic.conf swift project_name)
|
||||
export OS_USERNAME=$(crudini --get /etc/ironic/ironic.conf swift username)
|
||||
export OS_PASSWORD=$(crudini --get /etc/ironic/ironic.conf swift password)
|
||||
export OS_AUTH_URL=$(crudini --get /etc/ironic/ironic.conf swift auth_url)
|
||||
export OS_AUTH_TYPE=password
|
||||
export OS_IDENTITY_API_VERSION=3
|
||||
|
||||
echo "Check if a temporary URL key already exists"
|
||||
RETVAL=-1
|
||||
RETRIES=5
|
||||
while [ ${RETVAL} -ne 0 ] && [ ${RETRIES} -gt 0 ]; do
|
||||
RETRIES=$[$RETRIES-1]
|
||||
CMD_OUT=$(openstack object store account show -f value)
|
||||
RETVAL=$?
|
||||
if [ ${RETVAL} -ne 0 ]; then
|
||||
echo Retrying...
|
||||
sleep 5
|
||||
continue
|
||||
fi
|
||||
if [[ ! ${CMD_OUT} =~ "Temp-Url-Key" ]] ; then
|
||||
echo "Creating a new temporary URL for project $OS_PROJECT_NAME"
|
||||
SWIFT_TEMP_URL_KEY=$(uuidgen | sha1sum | awk '{print $1}')
|
||||
openstack object store account set --property "Temp-URL-Key=$SWIFT_TEMP_URL_KEY"
|
||||
RETVAL=$?
|
||||
fi
|
||||
done
|
||||
|
||||
docker_config:
|
||||
step_4:
|
||||
map_merge:
|
||||
- if:
|
||||
- configure_swift_temp_url
|
||||
- create_swift_temp_url_key:
|
||||
start_order: 70
|
||||
image: &ironic_conductor_image {get_param: DockerIronicConductorImage}
|
||||
net: host
|
||||
detach: false
|
||||
volumes:
|
||||
list_concat:
|
||||
- {get_attr: [ContainersCommon, volumes]}
|
||||
-
|
||||
- /var/lib/config-data/puppet-generated/ironic/etc/ironic:/etc/ironic:ro
|
||||
- /var/lib/docker-config-scripts/create_swift_temp_url_key.sh:/create_swift_temp_url_key.sh:ro
|
||||
user: root
|
||||
command: "/usr/bin/bootstrap_host_exec ironic_conductor /create_swift_temp_url_key.sh"
|
||||
- {}
|
||||
- ironic_conductor:
|
||||
start_order: 80
|
||||
image: *ironic_conductor_image
|
||||
net: host
|
||||
privileged: true
|
||||
restart: always
|
||||
healthcheck:
|
||||
test:
|
||||
list_join:
|
||||
- ' '
|
||||
- - '/openstack/healthcheck'
|
||||
- yaql:
|
||||
expression: str($.data.port)
|
||||
data:
|
||||
port: {get_attr: [IronicConductorBase, role_data, config_settings, 'ironic::rabbit_port']}
|
||||
volumes:
|
||||
list_concat:
|
||||
- {get_attr: [ContainersCommon, volumes]}
|
||||
-
|
||||
- /var/lib/kolla/config_files/ironic_conductor.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- /var/lib/config-data/puppet-generated/ironic/:/var/lib/kolla/config_files/src:ro
|
||||
- /lib/modules:/lib/modules:ro
|
||||
- /sys:/sys
|
||||
- /dev:/dev
|
||||
- /run:/run #shared?
|
||||
- /var/lib/ironic:/var/lib/ironic:z
|
||||
- /var/log/containers/ironic:/var/log/ironic:z
|
||||
environment:
|
||||
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
||||
host_prep_tasks:
|
||||
- name: load iscsi_tcp module
|
||||
import_role:
|
||||
name: tripleo-module-load
|
||||
vars:
|
||||
modules:
|
||||
- name: iscsi_tcp
|
||||
- name: create persistent directories
|
||||
file:
|
||||
path: "{{ item.path }}"
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/ironic, 'setype': svirt_sandbox_file_t }
|
||||
- { 'path': /var/lib/ironic, 'setype': svirt_sandbox_file_t }
|
||||
- name: ironic logs readme
|
||||
copy:
|
||||
dest: /var/log/ironic/readme.txt
|
||||
content: |
|
||||
Log files from ironic containers can be found under
|
||||
/var/log/containers/ironic and /var/log/containers/httpd/ironic-*.
|
||||
ignore_errors: true
|
||||
- name: stat /httpboot
|
||||
stat: path=/httpboot
|
||||
register: stat_httpboot
|
||||
- name: stat /tftpboot
|
||||
stat: path=/tftpboot
|
||||
register: stat_tftpboot
|
||||
- name: stat /var/lib/ironic/httpboot
|
||||
stat: path=/var/lib/ironic/httpboot
|
||||
register: stat_ironic_httpboot
|
||||
- name: stat /var/lib/ironic/tftpboot
|
||||
stat: path=/var/lib/ironic/tftpboot
|
||||
register: stat_ironic_tftpboot
|
||||
# cannot use 'copy' module as with 'remote_src' it doesn't support recursion
|
||||
- name: migrate /httpboot to containerized (if applicable)
|
||||
command: /bin/cp -R /httpboot /var/lib/ironic/httpboot
|
||||
when: stat_httpboot.stat.exists and not stat_ironic_httpboot.stat.exists
|
||||
- name: migrate /tftpboot to containerized (if applicable)
|
||||
command: /bin/cp -R /tftpboot /var/lib/ironic/tftpboot
|
||||
when: stat_tftpboot.stat.exists and not stat_ironic_tftpboot.stat.exists
|
||||
# Even if there was nothing to copy from original locations,
|
||||
# we need to create the dirs before starting the containers
|
||||
- name: ensure ironic pxe directories exist
|
||||
file:
|
||||
path: /var/lib/ironic/{{ item }}
|
||||
state: directory
|
||||
with_items:
|
||||
- httpboot
|
||||
- tftpboot
|
||||
upgrade_tasks:
|
||||
- when: step|int == 3
|
||||
block:
|
||||
- name: Set fact for removal of openstack-ironic-conductor package
|
||||
set_fact:
|
||||
remove_ironic_conductor_package: {get_param: UpgradeRemoveUnusedPackages}
|
||||
- name: Remove openstack-ironic-conductor package if operator requests it
|
||||
package: name=openstack-ironic-conductor state=removed
|
||||
ignore_errors: True
|
||||
when: remove_ironic_conductor_package|bool
|
||||
post_upgrade_tasks:
|
||||
- when: step|int == 1
|
||||
import_role:
|
||||
name: tripleo-docker-rm
|
||||
vars:
|
||||
containers_to_rm:
|
||||
- ironic_conductor
|
||||
fast_forward_upgrade_tasks:
|
||||
- when:
|
||||
- step|int == 0
|
||||
- release == 'ocata'
|
||||
block:
|
||||
- name: Check if ironic_conductor is deployed
|
||||
command: systemctl is-enabled --quiet openstack-ironic-conductor
|
||||
ignore_errors: True
|
||||
register: ironic_conductor_enabled_result
|
||||
- name: Set fact ironic_conductor_enabled
|
||||
set_fact:
|
||||
ironic_conductor_enabled: "{{ ironic_conductor_enabled_result.rc == 0 }}"
|
||||
- name: Stop openstack-ironic-conductor
|
||||
service: name=openstack-ironic-conductor state=stopped enabled=no
|
||||
when:
|
||||
- step|int == 1
|
||||
- release == 'ocata'
|
||||
- ironic_conductor_enabled|bool
|
||||
- name: Ironic packages update
|
||||
package:
|
||||
name: 'openstack-ironic*'
|
||||
state: latest
|
||||
when:
|
||||
- step|int == 6
|
||||
- is_bootstrap_node|bool
|
@ -1,257 +0,0 @@
|
||||
heat_template_version: rocky
|
||||
|
||||
description: >
|
||||
OpenStack containerized Ironic Inspector service (EXPERIMENTAL)
|
||||
|
||||
parameters:
|
||||
DockerIronicInspectorImage:
|
||||
description: image
|
||||
type: string
|
||||
DockerIronicInspectorConfigImage:
|
||||
description: The container image to use for the ironic_inspector config_volume
|
||||
type: string
|
||||
EndpointMap:
|
||||
default: {}
|
||||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
type: json
|
||||
ServiceNetMap:
|
||||
default: {}
|
||||
description: Mapping of service_name -> network name. Typically set
|
||||
via parameter_defaults in the resource registry. This
|
||||
mapping overrides those in ServiceNetMapDefaults.
|
||||
type: json
|
||||
ServiceData:
|
||||
default: {}
|
||||
description: Dictionary packing service data
|
||||
type: json
|
||||
DefaultPasswords:
|
||||
default: {}
|
||||
type: json
|
||||
RoleName:
|
||||
default: ''
|
||||
description: Role name on which the service is applied
|
||||
type: string
|
||||
RoleParameters:
|
||||
default: {}
|
||||
description: Parameters specific to the role
|
||||
type: json
|
||||
IPAImageURLs:
|
||||
default: []
|
||||
description: IPA image URLs, the format should be ["http://path/to/kernel", "http://path/to/ramdisk"]
|
||||
type: json
|
||||
UpgradeRemoveUnusedPackages:
|
||||
default: false
|
||||
description: Remove package if the service is being disabled during upgrade
|
||||
type: boolean
|
||||
|
||||
resources:
|
||||
|
||||
ContainersCommon:
|
||||
type: ./containers-common.yaml
|
||||
|
||||
IronicInspectorBase:
|
||||
type: ../../puppet/services/ironic-inspector.yaml
|
||||
properties:
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
ServiceNetMap: {get_param: ServiceNetMap}
|
||||
ServiceData: {get_param: ServiceData}
|
||||
DefaultPasswords: {get_param: DefaultPasswords}
|
||||
RoleName: {get_param: RoleName}
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
|
||||
MySQLClient:
|
||||
type: ../../puppet/services/database/mysql-client.yaml
|
||||
|
||||
conditions:
|
||||
ipa_images: {not: {equals: [{get_param: IPAImageURLs}, []]}}
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
description: Role data for the Ironic Inspector role.
|
||||
value:
|
||||
service_name: ironic_inspector
|
||||
config_settings:
|
||||
map_merge:
|
||||
- get_attr: [IronicInspectorBase, role_data, config_settings]
|
||||
# Match what we do for Ironic containers
|
||||
- ironic::inspector::tftp_root: /var/lib/ironic/tftpboot
|
||||
- ironic::inspector::http_root: /var/lib/ironic/httpboot
|
||||
service_config_settings: {get_attr: [IronicInspectorBase, role_data, service_config_settings]}
|
||||
# BEGIN DOCKER SETTINGS
|
||||
puppet_config:
|
||||
config_volume: ironic_inspector
|
||||
puppet_tags: ironic_inspector_config
|
||||
step_config:
|
||||
list_join:
|
||||
- "\n"
|
||||
- - {get_attr: [IronicInspectorBase, role_data, step_config]}
|
||||
- {get_attr: [MySQLClient, role_data, step_config]}
|
||||
config_image: {get_param: DockerIronicInspectorConfigImage}
|
||||
volumes:
|
||||
- /var/lib/ironic:/var/lib/ironic:z
|
||||
- /var/lib/ironic-inspector/dhcp-hostsdir:/var/lib/ironic-inspector/dhcp-hostsdir:z
|
||||
kolla_config:
|
||||
/var/lib/kolla/config_files/ironic_inspector.json:
|
||||
command: /usr/bin/ironic-inspector --config-file /etc/ironic-inspector/inspector-dist.conf --config-file /etc/ironic-inspector/inspector.conf
|
||||
config_files:
|
||||
- source: "/var/lib/kolla/config_files/src/*"
|
||||
dest: "/"
|
||||
merge: true
|
||||
preserve_properties: true
|
||||
permissions:
|
||||
- path: /var/log/ironic-inspector
|
||||
owner: ironic-inspector:ironic-inspector
|
||||
recurse: true
|
||||
- path: /var/lib/ironic
|
||||
owner: ironic:ironic
|
||||
recurse: true
|
||||
- path: /var/lib/ironic-inspector/dhcp-hostsdir
|
||||
owner: ironic-inspector:ironic-inspector
|
||||
recurse: true
|
||||
/var/lib/kolla/config_files/ironic_inspector_dnsmasq.json:
|
||||
config_files:
|
||||
- source: "/var/lib/kolla/config_files/src/*"
|
||||
dest: "/"
|
||||
merge: true
|
||||
preserve_properties: true
|
||||
permissions:
|
||||
- path: /var/lib/ironic-inspector/dhcp-hostsdir
|
||||
owner: ironic-inspector:ironic-inspector
|
||||
recurse: true
|
||||
command: /sbin/dnsmasq --conf-file=/etc/ironic-inspector/dnsmasq.conf -k --log-facility=/var/log/ironic-inspector/dnsmasq.log
|
||||
docker_config:
|
||||
step_3:
|
||||
ironic_inspector_init_log:
|
||||
start_order: 0
|
||||
image: &ironic_inspector_image
|
||||
get_param: DockerIronicInspectorImage
|
||||
user: root
|
||||
volumes:
|
||||
- /var/log/containers/ironic-inspector:/var/log/ironic-inspector:z
|
||||
command: ['/bin/bash', '-c', 'chown -R ironic-inspector:ironic-inspector /var/log/ironic-inspector']
|
||||
|
||||
ironic_inspector_init_dnsmasq_dhcp_hostsdir:
|
||||
start_order: 1
|
||||
image: *ironic_inspector_image
|
||||
user: root
|
||||
volumes:
|
||||
- /var/lib/ironic-inspector/dhcp-hostsdir:/var/lib/ironic-inspector/dhcp-hostsdir:shared,z
|
||||
command: ['/bin/bash', '-c', 'chown -R ironic-inspector:ironic-inspector /var/lib/ironic-inspector/dhcp-hostsdir']
|
||||
ironic_inspector_db_sync:
|
||||
start_order: 2
|
||||
image: *ironic_inspector_image
|
||||
net: host
|
||||
user: root
|
||||
privileged: false
|
||||
detach: false
|
||||
volumes:
|
||||
list_concat:
|
||||
- {get_attr: [ContainersCommon, volumes]}
|
||||
-
|
||||
- /var/lib/kolla/config_files/ironic_inspector.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- /var/lib/config-data/ironic_inspector/etc/ironic-inspector:/etc/ironic-inspector:ro
|
||||
- /var/log/containers/ironic-inspector:/var/log/ironic-inspector:z
|
||||
environment:
|
||||
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
||||
command: "/usr/bin/bootstrap_host_exec ironic_inspector su ironic-inspector -s /bin/bash -c 'ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade'"
|
||||
ironic_inspector_get_ipa:
|
||||
start_order: 2
|
||||
image: *ironic_inspector_image
|
||||
net: host
|
||||
user: root
|
||||
privileged: false
|
||||
detach: false
|
||||
volumes:
|
||||
list_concat:
|
||||
- {get_attr: [ContainersCommon, volumes]}
|
||||
-
|
||||
- /var/lib/kolla/config_files/ironic_inspector.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- /var/lib/ironic:/var/lib/ironic:shared,z
|
||||
environment:
|
||||
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
||||
command:
|
||||
if:
|
||||
- ipa_images
|
||||
- list_join:
|
||||
- " "
|
||||
- - "curl -g -o /var/lib/ironic/httpboot/agent.kernel"
|
||||
- {get_param: [IPAImageURLs, 0]}
|
||||
- "-o /var/lib/ironic/httpboot/agent.ramdisk"
|
||||
- {get_param: [IPAImageURLs, 1]}
|
||||
- 'true'
|
||||
step_4:
|
||||
ironic_inspector:
|
||||
start_order: 92
|
||||
image: *ironic_inspector_image
|
||||
privileged: true
|
||||
net: host
|
||||
restart: always
|
||||
healthcheck:
|
||||
test: /openstack/healthcheck
|
||||
volumes:
|
||||
list_concat:
|
||||
- {get_attr: [ContainersCommon, volumes]}
|
||||
-
|
||||
- /var/lib/kolla/config_files/ironic_inspector.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- /var/lib/config-data/puppet-generated/ironic_inspector/:/var/lib/kolla/config_files/src:ro
|
||||
- /var/lib/ironic:/var/lib/ironic:shared,z
|
||||
- /var/log/containers/ironic-inspector:/var/log/ironic-inspector:z
|
||||
- /var/lib/ironic-inspector/dhcp-hostsdir:/var/lib/ironic-inspector/dhcp-hostsdir:shared,z
|
||||
environment:
|
||||
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
||||
ironic_inspector_dnsmasq:
|
||||
start_order: 93
|
||||
image: *ironic_inspector_image
|
||||
privileged: true
|
||||
net: host
|
||||
restart: always
|
||||
user: root
|
||||
healthcheck:
|
||||
test: /openstack/healthcheck
|
||||
volumes:
|
||||
list_concat:
|
||||
- {get_attr: [ContainersCommon, volumes]}
|
||||
-
|
||||
- /var/lib/kolla/config_files/ironic_inspector_dnsmasq.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- /var/lib/config-data/puppet-generated/ironic_inspector/:/var/lib/kolla/config_files/src:ro
|
||||
- /var/log/containers/ironic-inspector:/var/log/ironic-inspector:z
|
||||
- /var/lib/ironic-inspector/dhcp-hostsdir:/var/lib/ironic-inspector/dhcp-hostsdir:shared,z
|
||||
environment:
|
||||
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
||||
host_prep_tasks:
|
||||
- name: create persistent ironic-inspector logs directory
|
||||
file:
|
||||
path: /var/log/containers/ironic-inspector
|
||||
state: directory
|
||||
setype: svirt_sandbox_file_t
|
||||
- name: ironic-inspector logs readme
|
||||
copy:
|
||||
dest: /var/log/ironic-inspector/readme.txt
|
||||
content: |
|
||||
Log files from ironic-inspector container can be found under
|
||||
/var/log/containers/ironic-inspector.
|
||||
ignore_errors: true
|
||||
- name: create persistent ironic-inspector dnsmasq dhcp hostsdir
|
||||
file:
|
||||
path: /var/lib/ironic-inspector/dhcp-hostsdir
|
||||
state: directory
|
||||
setype: svirt_sandbox_file_t
|
||||
upgrade_tasks:
|
||||
- when: step|int == 3
|
||||
block:
|
||||
- name: Set fact for removal of openstack-ironic-inspector package
|
||||
set_fact:
|
||||
remove_ironic_inspector_package: {get_param: UpgradeRemoveUnusedPackages}
|
||||
- name: Remove openstack-ironic-inspector package if operator requests it
|
||||
package: name=openstack-ironic-inspector state=removed
|
||||
ignore_errors: True
|
||||
when: remove_ironic_inspector_package|bool
|
||||
post_upgrade_tasks:
|
||||
- when: step|int == 1
|
||||
import_role:
|
||||
name: tripleo-docker-rm
|
||||
vars:
|
||||
containers_to_rm:
|
||||
- ironic_inspector
|
||||
- ironic_inspector_dnsmasq
|
@ -1,2 +0,0 @@
|
||||
resource_registry:
|
||||
OS::TripleO::Services::IronicInspector: ../../puppet/services/ironic-inspector.yaml
|
@ -1,7 +0,0 @@
|
||||
resource_registry:
|
||||
OS::TripleO::Services::IronicApi: ../../puppet/services/ironic-api.yaml
|
||||
OS::TripleO::Services::IronicConductor: ../../puppet/services/ironic-conductor.yaml
|
||||
OS::TripleO::Services::NovaIronic: ../../puppet/services/nova-ironic.yaml
|
||||
OS::TripleO::Services::IronicNeutronAgent: ../../puppet/services/ironic-neutron-agent.yaml
|
||||
parameter_defaults:
|
||||
NovaSchedulerDiscoverHostsInCellsInterval: 15
|
@ -1,5 +1,5 @@
|
||||
resource_registry:
|
||||
OS::TripleO::Services::IronicInspector: ../../docker/services/ironic-inspector.yaml
|
||||
OS::TripleO::Services::IronicInspector: ../../deployment/ironic/ironic-inspector-container-puppet.yaml
|
||||
|
||||
parameter_defaults:
|
||||
IronicDefaultInspectInterface: inspector
|
||||
|
@ -1,6 +1,6 @@
|
||||
resource_registry:
|
||||
OS::TripleO::Services::IronicApi: ../../docker/services/ironic-api.yaml
|
||||
OS::TripleO::Services::IronicConductor: ../../docker/services/ironic-conductor.yaml
|
||||
OS::TripleO::Services::IronicPxe: ../../docker/services/ironic-pxe.yaml
|
||||
OS::TripleO::Services::IronicApi: ../../deployment/ironic/ironic-api-container-puppet.yaml
|
||||
OS::TripleO::Services::IronicConductor: ../../deployment/ironic/ironic-conductor-container-puppet.yaml
|
||||
OS::TripleO::Services::IronicPxe: ../../deployment/ironic/ironic-pxe-container-puppet.yaml
|
||||
OS::TripleO::Services::NovaIronic: ../../docker/services/nova-ironic.yaml
|
||||
OS::TripleO::Services::IronicNeutronAgent: ../../docker/services/ironic-neutron-agent.yaml
|
||||
OS::TripleO::Services::IronicNeutronAgent: ../../deployment/ironic/ironic-neutron-agent-container-puppet.yaml
|
||||
|
@ -1,172 +0,0 @@
|
||||
heat_template_version: rocky
|
||||
|
||||
description: >
|
||||
OpenStack Ironic API configured with Puppet
|
||||
|
||||
parameters:
|
||||
ServiceData:
|
||||
default: {}
|
||||
description: Dictionary packing service data
|
||||
type: json
|
||||
ServiceNetMap:
|
||||
default: {}
|
||||
description: Mapping of service_name -> network name. Typically set
|
||||
via parameter_defaults in the resource registry. This
|
||||
mapping overrides those in ServiceNetMapDefaults.
|
||||
type: json
|
||||
DefaultPasswords:
|
||||
default: {}
|
||||
type: json
|
||||
RoleName:
|
||||
default: ''
|
||||
description: Role name on which the service is applied
|
||||
type: string
|
||||
RoleParameters:
|
||||
default: {}
|
||||
description: Parameters specific to the role
|
||||
type: json
|
||||
EndpointMap:
|
||||
default: {}
|
||||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
type: json
|
||||
IronicPassword:
|
||||
description: The password for the Ironic service and db account, used by the Ironic services
|
||||
type: string
|
||||
hidden: true
|
||||
MonitoringSubscriptionIronicApi:
|
||||
default: 'overcloud-ironic-api'
|
||||
type: string
|
||||
KeystoneRegion:
|
||||
type: string
|
||||
default: 'regionOne'
|
||||
description: Keystone region for endpoint
|
||||
IronicApiPolicies:
|
||||
description: |
|
||||
A hash of policies to configure for Ironic API.
|
||||
e.g. { ironic-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
|
||||
default: {}
|
||||
type: json
|
||||
IronicCorsAllowedOrigin:
|
||||
type: string
|
||||
default: ''
|
||||
description: Indicate whether this resource may be shared with the domain received in the request
|
||||
"origin" header.
|
||||
EnableInternalTLS:
|
||||
type: boolean
|
||||
default: false
|
||||
|
||||
conditions:
|
||||
cors_allowed_origin_unset: {equals : [{get_param: IronicCorsAllowedOrigin}, '']}
|
||||
|
||||
resources:
|
||||
ApacheServiceBase:
|
||||
type: ./apache.yaml
|
||||
properties:
|
||||
ServiceData: {get_param: ServiceData}
|
||||
ServiceNetMap: {get_param: ServiceNetMap}
|
||||
DefaultPasswords: {get_param: DefaultPasswords}
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
RoleName: {get_param: RoleName}
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
EnableInternalTLS: {get_param: EnableInternalTLS}
|
||||
|
||||
IronicBase:
|
||||
type: ./ironic-base.yaml
|
||||
properties:
|
||||
ServiceData: {get_param: ServiceData}
|
||||
ServiceNetMap: {get_param: ServiceNetMap}
|
||||
DefaultPasswords: {get_param: DefaultPasswords}
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
RoleName: {get_param: RoleName}
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
description: Role data for the Ironic API role.
|
||||
value:
|
||||
service_name: ironic_api
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionIronicApi}
|
||||
config_settings:
|
||||
map_merge:
|
||||
- get_attr: [IronicBase, role_data, config_settings]
|
||||
- get_attr: [ApacheServiceBase, role_data, config_settings]
|
||||
-
|
||||
if:
|
||||
- cors_allowed_origin_unset
|
||||
- {}
|
||||
- ironic::cors::allowed_origin: {get_param: IronicCorsAllowedOrigin}
|
||||
- ironic::api::authtoken::password: {get_param: IronicPassword}
|
||||
ironic::api::authtoken::project_name: 'service'
|
||||
ironic::api::authtoken::user_domain_name: 'Default'
|
||||
ironic::api::authtoken::project_domain_name: 'Default'
|
||||
ironic::api::authtoken::username: 'ironic'
|
||||
ironic::api::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
ironic::api::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the
|
||||
# local node IP for the given network; replacement examples
|
||||
# (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
ironic::api::host_ip:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, IronicApiNetwork]}
|
||||
ironic::api::port: {get_param: [EndpointMap, IronicInternal, port]}
|
||||
# This is used to build links in responses
|
||||
ironic::api::public_endpoint: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]}
|
||||
ironic::api::service_name: 'httpd'
|
||||
ironic::policy::policies: {get_param: IronicApiPolicies}
|
||||
ironic::wsgi::apache::bind_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, IronicApiNetwork]}
|
||||
ironic::wsgi::apache::port: {get_param: [EndpointMap, IronicInternal, port]}
|
||||
ironic::wsgi::apache::servername:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('fqdn_$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, IronicApiNetwork]}
|
||||
ironic::wsgi::apache::ssl: {get_param: EnableInternalTLS}
|
||||
ironic::cors::max_age: 3600
|
||||
ironic::cors::allow_methods: 'GET,POST,PUT,DELETE,OPTIONS,PATCH'
|
||||
ironic::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token'
|
||||
ironic::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma'
|
||||
|
||||
tripleo::ironic_api::firewall_rules:
|
||||
'133 ironic api':
|
||||
dport:
|
||||
- 6385
|
||||
- 13385
|
||||
step_config: |
|
||||
include ::tripleo::profile::base::ironic::api
|
||||
service_config_settings:
|
||||
keystone:
|
||||
ironic::keystone::auth::admin_url: {get_param: [EndpointMap, IronicAdmin, uri_no_suffix]}
|
||||
ironic::keystone::auth::internal_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]}
|
||||
ironic::keystone::auth::public_url: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]}
|
||||
ironic::keystone::auth::auth_name: 'ironic'
|
||||
ironic::keystone::auth::password: {get_param: IronicPassword }
|
||||
ironic::keystone::auth::tenant: 'service'
|
||||
ironic::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
mysql:
|
||||
ironic::db::mysql::password: {get_param: IronicPassword}
|
||||
ironic::db::mysql::user: ironic
|
||||
ironic::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
|
||||
ironic::db::mysql::dbname: ironic
|
||||
ironic::db::mysql::allowed_hosts:
|
||||
- '%'
|
||||
- "%{hiera('mysql_bind_host')}"
|
||||
upgrade_tasks:
|
||||
- name: Stop ironic_api service (before httpd support)
|
||||
when: step|int == 1
|
||||
service: name=openstack-ironic-api state=stopped enabled=no
|
||||
- name: Stop ironic_api service (running under httpd)
|
||||
when: step|int == 1
|
||||
service: name=httpd state=stopped
|
@ -1,71 +0,0 @@
|
||||
heat_template_version: rocky
|
||||
|
||||
description: >
|
||||
OpenStack ironic-neutron-agent configured with Puppet
|
||||
|
||||
parameters:
|
||||
ServiceData:
|
||||
default: {}
|
||||
description: Dictionary packing service data
|
||||
type: json
|
||||
ServiceNetMap:
|
||||
default: {}
|
||||
description: Mapping of service_name -> network name. Typically set
|
||||
via parameter_defaults in the resource registry. This
|
||||
mapping overrides those in ServiceNetMapDefaults.
|
||||
type: json
|
||||
DefaultPasswords:
|
||||
default: {}
|
||||
type: json
|
||||
RoleName:
|
||||
default: ''
|
||||
description: Role name on which the service is applied
|
||||
type: string
|
||||
RoleParameters:
|
||||
default: {}
|
||||
description: Parameters specific to the role
|
||||
type: json
|
||||
EndpointMap:
|
||||
default: {}
|
||||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
type: json
|
||||
IronicPassword:
|
||||
description: The password for the Ironic service and db account, used by the Ironic services
|
||||
type: string
|
||||
hidden: true
|
||||
KeystoneRegion:
|
||||
type: string
|
||||
default: 'regionOne'
|
||||
description: Keystone region for endpoint
|
||||
|
||||
resources:
|
||||
|
||||
NeutronBase:
|
||||
type: ./neutron-base.yaml
|
||||
properties:
|
||||
ServiceData: {get_param: ServiceData}
|
||||
ServiceNetMap: {get_param: ServiceNetMap}
|
||||
DefaultPasswords: {get_param: DefaultPasswords}
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
RoleName: {get_param: RoleName}
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
description: Role data for the ironic-neutron-agent service.
|
||||
value:
|
||||
service_name: ironic_neutron_agent
|
||||
config_settings:
|
||||
map_merge:
|
||||
- get_attr: [NeutronBase, role_data, config_settings]
|
||||
- neutron::agents::ml2::networking_baremetal::user: 'ironic'
|
||||
- neutron::agents::ml2::networking_baremetal::password: {get_param: IronicPassword}
|
||||
- neutron::agents::ml2::networking_baremetal::auth_url: { get_param: [ EndpointMap, KeystoneInternal, uri_no_suffix ] }
|
||||
- neutron::agents::ml2::networking_baremetal::project_name: 'service'
|
||||
- neutron::agents::ml2::networking_baremetal::user_domain_name: 'Default'
|
||||
- neutron::agents::ml2::networking_baremetal::project_domain_name: 'Default'
|
||||
- neutron::agents::ml2::networking_baremetal::region_name: {get_param: KeystoneRegion}
|
||||
step_config: |
|
||||
include tripleo::profile::base::neutron::agents::networking_baremetal
|
||||
upgrade_tasks: []
|
@ -0,0 +1,3 @@
|
||||
---
|
||||
upgrade:
|
||||
- Installing Ironic on baremetal is no longer supported
|
Loading…
Reference in New Issue
Block a user