diff --git a/ci/environments/scenario001-multinode-containers.yaml b/ci/environments/scenario001-multinode-containers.yaml index e09ecc1664..273a60070c 100644 --- a/ci/environments/scenario001-multinode-containers.yaml +++ b/ci/environments/scenario001-multinode-containers.yaml @@ -14,7 +14,7 @@ resource_registry: OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml - OS::TripleO::Services::Redis: ../../docker/services/pacemaker/database/redis.yaml + OS::TripleO::Services::Redis: ../../deployment/database/redis-pacemaker-puppet.yaml OS::TripleO::Services::MySQL: ../../deployment/database/mysql-pacemaker-puppet.yaml OS::TripleO::Services::CinderBackup: ../../deployment/cinder/cinder-backup-pacemaker-puppet.yaml OS::TripleO::Services::CinderVolume: ../../deployment/cinder/cinder-volume-pacemaker-puppet.yaml diff --git a/ci/environments/scenario001-standalone.yaml b/ci/environments/scenario001-standalone.yaml index 8ee4909ff3..2223562b11 100644 --- a/ci/environments/scenario001-standalone.yaml +++ b/ci/environments/scenario001-standalone.yaml @@ -22,7 +22,7 @@ resource_registry: OS::TripleO::Services::MetricsQdr: ../../deployment/metrics/qdr-container-puppet.yaml OS::TripleO::Services::OsloMessagingRpc: ../../deployment/rabbitmq/rabbitmq-messaging-rpc-container-puppet.yaml OS::TripleO::Services::OsloMessagingNotify: ../../deployment/rabbitmq/rabbitmq-messaging-notify-shared-puppet.yaml - OS::TripleO::Services::Redis: ../../docker/services/database/redis.yaml + OS::TripleO::Services::Redis: ../../deployment/database/redis-container-puppet.yaml OS::TripleO::Services::CinderBackup: ../../deployment/cinder/cinder-backup-container-puppet.yaml OS::TripleO::Services::CinderVolume: ../../deployment/cinder/cinder-volume-container-puppet.yaml #Needs to run scenario001 diff --git a/ci/environments/scenario002-multinode-containers.yaml b/ci/environments/scenario002-multinode-containers.yaml index 16feae38ca..66ed5a1023 100644 --- a/ci/environments/scenario002-multinode-containers.yaml +++ b/ci/environments/scenario002-multinode-containers.yaml @@ -7,7 +7,7 @@ resource_registry: OS::TripleO::Services::PankoApi: ../../deployment/deprecated/panko/panko-api-container-puppet.yaml OS::TripleO::Services::OsloMessagingRpc: ../../deployment/rabbitmq/rabbitmq-messaging-rpc-pacemaker-puppet.yaml OS::TripleO::Services::OsloMessagingNotify: ../../deployment/rabbitmq/rabbitmq-messaging-notify-shared-puppet.yaml - OS::TripleO::Services::Redis: ../../docker/services/pacemaker/database/redis.yaml + OS::TripleO::Services::Redis: ../../deployment/database/redis-pacemaker-puppet.yaml OS::TripleO::Services::HAproxy: ../../deployment/haproxy/haproxy-pacemaker-puppet.yaml OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml diff --git a/ci/environments/scenario002-standalone.yaml b/ci/environments/scenario002-standalone.yaml index c2ceecdd06..663f8fefbc 100644 --- a/ci/environments/scenario002-standalone.yaml +++ b/ci/environments/scenario002-standalone.yaml @@ -19,7 +19,7 @@ resource_registry: OS::TripleO::Services::PankoApi: ../../deployment/deprecated/panko/panko-api-container-puppet.yaml OS::TripleO::Services::OsloMessagingRpc: ../../deployment/rabbitmq/rabbitmq-messaging-rpc-container-puppet.yaml OS::TripleO::Services::OsloMessagingNotify: ../../deployment/rabbitmq/rabbitmq-messaging-notify-shared-puppet.yaml - OS::TripleO::Services::Redis: ../../docker/services/database/redis.yaml + OS::TripleO::Services::Redis: ../../deployment/database/redis-container-puppet.yaml OS::TripleO::Services::CinderBackup: ../../deployment/cinder/cinder-backup-container-puppet.yaml OS::TripleO::Services::CinderVolume: ../../deployment/cinder/cinder-volume-container-puppet.yaml OS::TripleO::Services::BarbicanBackendSimpleCrypto: ../../deployment/barbican/barbican-backend-simple-crypto-puppet.yaml diff --git a/ci/environments/scenario004-multinode-containers.yaml b/ci/environments/scenario004-multinode-containers.yaml index 88cbd0eb58..00f04a9589 100644 --- a/ci/environments/scenario004-multinode-containers.yaml +++ b/ci/environments/scenario004-multinode-containers.yaml @@ -27,7 +27,7 @@ resource_registry: OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml - OS::TripleO::Services::Redis: ../../docker/services/pacemaker/database/redis.yaml + OS::TripleO::Services::Redis: ../../deployment/database/redis-pacemaker-puppet.yaml OS::TripleO::Services::MySQL: ../../deployment/database/mysql-pacemaker-puppet.yaml OS::TripleO::Services::Keepalived: OS::Heat::None # Some infra instances don't pass the ping test but are otherwise working. diff --git a/puppet/services/database/redis-base.yaml b/deployment/database/redis-base-puppet.yaml similarity index 100% rename from puppet/services/database/redis-base.yaml rename to deployment/database/redis-base-puppet.yaml diff --git a/docker/services/database/redis.yaml b/deployment/database/redis-container-puppet.yaml similarity index 76% rename from docker/services/database/redis.yaml rename to deployment/database/redis-container-puppet.yaml index 8009f416a1..d53cbc7a78 100644 --- a/docker/services/database/redis.yaml +++ b/deployment/database/redis-container-puppet.yaml @@ -47,10 +47,10 @@ conditions: resources: ContainersCommon: - type: ../containers-common.yaml + type: ../../docker/services/containers-common.yaml RedisBase: - type: ../../../puppet/services/database/redis.yaml + type: ./redis-base-puppet.yaml properties: EndpointMap: {get_param: EndpointMap} ServiceData: {get_param: ServiceData} @@ -61,13 +61,49 @@ outputs: role_data: description: Role data for the Redis API role. value: - service_name: {get_attr: [RedisBase, role_data, service_name]} + service_name: redis config_settings: map_merge: - {get_attr: [RedisBase, role_data, config_settings]} - redis::daemonize: false tripleo::stunnel::manage_service: false tripleo::stunnel::foreground: 'yes' + - tripleo::redis::firewall_rules: + '108 redis': + dport: + - 6379 + - 26379 + tripleo::profile::base::database::redis::tls_proxy_bind_ip: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, RedisNetwork]} + tripleo::profile::base::database::redis::tls_proxy_fqdn: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, RedisNetwork]} + tripleo::profile::base::database::redis::tls_proxy_port: 6379 + - if: + - internal_tls_enabled + - tripleo::redis::service_certificate: '/etc/pki/tls/certs/redis.crt' + redis_certificate_specs: + service_certificate: '/etc/pki/tls/certs/redis.crt' + service_key: '/etc/pki/tls/private/redis.key' + hostname: + str_replace: + template: "%{hiera('cloud_name_NETWORK')}" + params: + NETWORK: {get_param: [ServiceNetMap, RedisNetwork]} + principal: + str_replace: + template: "redis/%{hiera('cloud_name_NETWORK')}" + params: + NETWORK: {get_param: [ServiceNetMap, RedisNetwork]} + postsave_cmd: "/usr/bin/certmonger-redis-refresh.sh" + - {} service_config_settings: {get_attr: [RedisBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: @@ -77,7 +113,10 @@ outputs: # https://github.com/arioch/puppet-redis/commit/1c004143223e660cbd433422ff8194508aab9763 puppet_tags: 'exec' step_config: - get_attr: [RedisBase, role_data, step_config] + list_join: + - "\n" + - - include ::tripleo::profile::base::database::redis + - {get_attr: [RedisBase, role_data, step_config]} config_image: {get_param: DockerRedisConfigImage} kolla_config: /var/lib/kolla/config_files/redis.json: @@ -155,6 +194,13 @@ outputs: - {} metadata_settings: get_attr: [RedisBase, role_data, metadata_settings] + if: + - internal_tls_enabled + - + - service: redis + network: {get_param: [ServiceNetMap, RabbitmqNetwork]} + type: vip + - null host_prep_tasks: - name: create persistent directories file: diff --git a/docker/services/pacemaker/database/redis.yaml b/deployment/database/redis-pacemaker-puppet.yaml similarity index 96% rename from docker/services/pacemaker/database/redis.yaml rename to deployment/database/redis-pacemaker-puppet.yaml index 8aa85e283f..0928a33131 100644 --- a/docker/services/pacemaker/database/redis.yaml +++ b/deployment/database/redis-pacemaker-puppet.yaml @@ -73,10 +73,10 @@ conditions: resources: ContainersCommon: - type: ../../containers-common.yaml + type: ../../docker/services/containers-common.yaml RedisBase: - type: ../../../../puppet/services/database/redis.yaml + type: ./redis-container-puppet.yaml properties: EndpointMap: {get_param: EndpointMap} ServiceData: {get_param: ServiceData} @@ -89,7 +89,7 @@ outputs: role_data: description: Role data for the Redis API role. value: - service_name: {get_attr: [RedisBase, role_data, service_name]} + service_name: redis config_settings: map_merge: - {get_attr: [RedisBase, role_data, config_settings]} @@ -126,6 +126,19 @@ outputs: params: $NETWORK: {get_param: [ServiceNetMap, RedisNetwork]} tripleo::profile::pacemaker::database::redis_bundle::tls_proxy_port: 6379 + tripleo::profile::pacemaker::database::redis::tls_proxy_bind_ip: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, RedisNetwork]} + tripleo::profile::pacemaker::database::redis::tls_proxy_fqdn: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, RedisNetwork]} + tripleo::profile::pacemaker::database::redis::tls_proxy_port: 6379 - if: - internal_tls_enabled - redis::extra_config_file: "/etc/redis-tls.conf" @@ -145,7 +158,8 @@ outputs: # /etc/redis.conf # https://github.com/arioch/puppet-redis/commit/1c004143223e660cbd433422ff8194508aab9763 puppet_tags: 'exec' - step_config: 'include ::tripleo::profile::pacemaker::database::redis_bundle' + step_config: | + include ::tripleo::profile::pacemaker::database::redis_bundle config_image: &redis_config_image {get_param: DockerRedisConfigImage} kolla_config: /var/lib/kolla/config_files/redis.json: diff --git a/environments/baremetal-services.yaml b/environments/baremetal-services.yaml index 6ca087527e..24fea9bc53 100644 --- a/environments/baremetal-services.yaml +++ b/environments/baremetal-services.yaml @@ -50,7 +50,7 @@ resource_registry: OS::TripleO::Services::PankoApi: ../deployment/deprecated/panko/panko-api-container-puppet.yaml OS::TripleO::Services::Qdr: OS::Heat::None OS::TripleO::Services::RabbitMQ: ../deployment/rabbitmq/rabbitmq-container-puppet.yaml - OS::TripleO::Services::Redis: ../puppet/services/database/redis.yaml + OS::TripleO::Services::Redis: ../deployment/database/redis-container-puppet.yaml OS::TripleO::Services::Sshd: ../deployment/sshd/sshd-baremetal-puppet.yaml OS::TripleO::Services::SwiftDispersion: ../deployment/swift/swift-dispersion-baremetal-puppet.yaml OS::TripleO::Services::SwiftProxy: ../deployment/swift/swift-proxy-container-puppet.yaml diff --git a/environments/docker-ha.yaml b/environments/docker-ha.yaml index f8c56cbec4..08402b0d22 100644 --- a/environments/docker-ha.yaml +++ b/environments/docker-ha.yaml @@ -20,4 +20,4 @@ resource_registry: OS::TripleO::Services::MySQL: ../deployment/database/mysql-pacemaker-puppet.yaml OS::TripleO::Services::OsloMessagingRpc: ../deployment/rabbitmq/rabbitmq-messaging-rpc-pacemaker-puppet.yaml OS::TripleO::Services::OsloMessagingNotify: ../deployment/rabbitmq/rabbitmq-messaging-notify-shared-puppet.yaml - OS::TripleO::Services::Redis: ../docker/services/pacemaker/database/redis.yaml + OS::TripleO::Services::Redis: ../deployment/database/redis-pacemaker-puppet.yaml diff --git a/environments/nonha-arch.yaml b/environments/nonha-arch.yaml index 2893bb9fc4..6f981dfbf6 100644 --- a/environments/nonha-arch.yaml +++ b/environments/nonha-arch.yaml @@ -4,7 +4,7 @@ resource_registry: OS::TripleO::Services::CinderVolume: ../deployment/cinder/cinder-volume-container-puppet.yaml OS::TripleO::Services::RabbitMQ: ../deployment/rabbitmq/rabbitmq-container-puppet.yaml OS::TripleO::Services::HAproxy: ../deployment/haproxy/haproxy-container-puppet.yaml - OS::TripleO::Services::Redis: ../docker/services/database/redis.yaml + OS::TripleO::Services::Redis: ../deployment/database/redis-container-puppet.yaml OS::TripleO::Services::MySQL: ../deployment/database/mysql-container-puppet.yaml OS::TripleO::Services::Keepalived: ../docker/services/keepalived.yaml OS::TripleO::Services::Pacemaker: OS::Heat::None diff --git a/environments/services-baremetal/undercloud-gnocchi.yaml b/environments/services-baremetal/undercloud-gnocchi.yaml index cb410a419a..98dc19b59d 100644 --- a/environments/services-baremetal/undercloud-gnocchi.yaml +++ b/environments/services-baremetal/undercloud-gnocchi.yaml @@ -2,4 +2,4 @@ resource_registry: OS::TripleO::Services::UndercloudGnocchiApi: ../../puppet/services/gnocchi-api.yaml OS::TripleO::Services::UndercloudGnocchiMetricd: ../../puppet/services/gnocchi-metricd.yaml OS::TripleO::Services::UndercloudGnocchiStatsd: ../../puppet/services/gnocchi-statsd.yaml - OS::TripleO::Services::UndercloudRedis: ../../puppet/services/database/redis.yaml + OS::TripleO::Services::UndercloudRedis: ../../deployment/database/redis-container-puppet.yaml diff --git a/environments/services/undercloud-gnocchi.yaml b/environments/services/undercloud-gnocchi.yaml index a508841755..216116cbe7 100644 --- a/environments/services/undercloud-gnocchi.yaml +++ b/environments/services/undercloud-gnocchi.yaml @@ -4,4 +4,4 @@ resource_registry: OS::TripleO::Services::GnocchiApi: ../../docker/services/gnocchi-api.yaml OS::TripleO::Services::GnocchiMetricd: ../../docker/services/gnocchi-metricd.yaml OS::TripleO::Services::GnocchiStatsd: ../../docker/services/gnocchi-statsd.yaml - OS::TripleO::Services::Redis: ../../docker/services/database/redis.yaml + OS::TripleO::Services::Redis: ../../deployment/database/redis-container-puppet.yaml diff --git a/environments/services/zaqar.yaml b/environments/services/zaqar.yaml index 054ba91f84..a093798510 100644 --- a/environments/services/zaqar.yaml +++ b/environments/services/zaqar.yaml @@ -1,3 +1,3 @@ resource_registry: OS::TripleO::Services::Zaqar: ../../deployment/zaqar/zaqar-container-puppet.yaml - OS::TripleO::Services::Redis : ../../docker/services/database/redis.yaml + OS::TripleO::Services::Redis : ../../deployment/database/redis-container-puppet.yaml diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index 06bb8ff818..f5d54334dc 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -191,7 +191,7 @@ resource_registry: OS::TripleO::Services::Securetty: OS::Heat::None OS::TripleO::Services::SELinux: OS::Heat::None OS::TripleO::Services::Sshd: deployment/sshd/sshd-baremetal-puppet.yaml - OS::TripleO::Services::Redis: docker/services/database/redis.yaml + OS::TripleO::Services::Redis: deployment/database/redis-container-puppet.yaml OS::TripleO::Services::NovaApi: deployment/nova/nova-api-container-puppet.yaml OS::TripleO::Services::NovaCompute: deployment/nova/nova-compute-container-puppet.yaml OS::TripleO::Services::NovaConductor: deployment/nova/nova-conductor-container-puppet.yaml diff --git a/puppet/services/database/redis.yaml b/puppet/services/database/redis.yaml deleted file mode 100644 index 9290d0c409..0000000000 --- a/puppet/services/database/redis.yaml +++ /dev/null @@ -1,107 +0,0 @@ -heat_template_version: rocky - -description: > - OpenStack Redis service configured with Puppet - -parameters: - ServiceData: - default: {} - description: Dictionary packing service data - type: json - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - RoleName: - default: '' - description: Role name on which the service is applied - type: string - RoleParameters: - default: {} - description: Parameters specific to the role - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - EnableInternalTLS: - type: boolean - default: false - -conditions: - use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]} - -resources: - - RedisBase: - type: ./redis-base.yaml - properties: - ServiceData: {get_param: ServiceData} - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - RoleName: {get_param: RoleName} - RoleParameters: {get_param: RoleParameters} - EnableInternalTLS: {get_param: EnableInternalTLS} - -outputs: - role_data: - description: Role data for the redis role. - value: - service_name: redis - config_settings: - map_merge: - - get_attr: [RedisBase, role_data, config_settings] - - tripleo::redis::firewall_rules: - '108 redis': - dport: - - 6379 - - 26379 - tripleo::profile::base::database::redis::tls_proxy_bind_ip: - str_replace: - template: - "%{hiera('$NETWORK')}" - params: - $NETWORK: {get_param: [ServiceNetMap, RedisNetwork]} - tripleo::profile::base::database::redis::tls_proxy_fqdn: - str_replace: - template: - "%{hiera('fqdn_$NETWORK')}" - params: - $NETWORK: {get_param: [ServiceNetMap, RedisNetwork]} - tripleo::profile::base::database::redis::tls_proxy_port: 6379 - - if: - - use_tls_proxy - - tripleo::redis::service_certificate: '/etc/pki/tls/certs/redis.crt' - redis_certificate_specs: - service_certificate: '/etc/pki/tls/certs/redis.crt' - service_key: '/etc/pki/tls/private/redis.key' - hostname: - str_replace: - template: "%{hiera('cloud_name_NETWORK')}" - params: - NETWORK: {get_param: [ServiceNetMap, RedisNetwork]} - principal: - str_replace: - template: "redis/%{hiera('cloud_name_NETWORK')}" - params: - NETWORK: {get_param: [ServiceNetMap, RedisNetwork]} - postsave_cmd: "/usr/bin/certmonger-redis-refresh.sh" - - {} - step_config: | - include ::tripleo::profile::base::database::redis - metadata_settings: - if: - - use_tls_proxy - - - - service: redis - network: {get_param: [ServiceNetMap, RabbitmqNetwork]} - type: vip - - null - upgrade_tasks: [] diff --git a/puppet/services/pacemaker/database/redis.yaml b/puppet/services/pacemaker/database/redis.yaml deleted file mode 100644 index 9ac92543e1..0000000000 --- a/puppet/services/pacemaker/database/redis.yaml +++ /dev/null @@ -1,94 +0,0 @@ -heat_template_version: rocky - -description: > - OpenStack Redis service configured with Puppet - -parameters: - ServiceData: - default: {} - description: Dictionary packing service data - type: json - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - RoleName: - default: '' - description: Role name on which the service is applied - type: string - RoleParameters: - default: {} - description: Parameters specific to the role - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - EnableInternalTLS: - type: boolean - default: false - RedisIPv6: - default: false - description: Enable IPv6 in Redis - type: boolean - -conditions: - use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]} - redis_ipv6: {get_param: RedisIPv6} - -resources: - RedisBase: - type: ../../database/redis.yaml - properties: - ServiceData: {get_param: ServiceData} - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - RoleName: {get_param: RoleName} - RoleParameters: {get_param: RoleParameters} - -outputs: - role_data: - description: Role data for the Redis pacemaker role. - value: - service_name: redis - config_settings: - map_merge: - - get_attr: [RedisBase, role_data, config_settings] - - redis::service_manage: false - redis::notify_service: false - redis::managed_by_cluster_manager: true - tripleo::profile::pacemaker::database::redis::tls_proxy_bind_ip: - str_replace: - template: - "%{hiera('$NETWORK')}" - params: - $NETWORK: {get_param: [ServiceNetMap, RedisNetwork]} - tripleo::profile::pacemaker::database::redis::tls_proxy_fqdn: - str_replace: - template: - "%{hiera('fqdn_$NETWORK')}" - params: - $NETWORK: {get_param: [ServiceNetMap, RedisNetwork]} - tripleo::profile::pacemaker::database::redis::tls_proxy_port: 6379 - - if: - - use_tls_proxy - - redis::extra_config_file: "/etc/redis-tls.conf" - tripleo::profile::pacemaker::database::redis::extra_config_file: "/etc/redis-tls.conf" - tripleo::profile::pacemaker::database::redis::tls_tunnel_base_port: 6660 - tripleo::profile::pacemaker::database::redis::tls_tunnel_local_name: - if: - - redis_ipv6 - - '::1' - - '127.0.0.1' - - {} - step_config: | - include ::tripleo::profile::pacemaker::database::redis - metadata_settings: - get_attr: [RedisBase, role_data, metadata_settings] diff --git a/releasenotes/notes/drop-baremetal-redis-2e2f221b9ee6f9cc.yaml b/releasenotes/notes/drop-baremetal-redis-2e2f221b9ee6f9cc.yaml new file mode 100644 index 0000000000..1a914ae058 --- /dev/null +++ b/releasenotes/notes/drop-baremetal-redis-2e2f221b9ee6f9cc.yaml @@ -0,0 +1,4 @@ +--- +upgrade: + - | + Installing Redis services on baremetal is no longer supported.