Merge "Server blacklist support"
This commit is contained in:
commit
5e871e70fe
@ -197,6 +197,12 @@ parameters:
|
||||
description: >
|
||||
Set to true to append per network Vips to /etc/hosts on each node.
|
||||
|
||||
DeploymentServerBlacklist:
|
||||
default: []
|
||||
type: comma_delimited_list
|
||||
description: >
|
||||
List of server hostnames to blacklist from any triggered deployments.
|
||||
|
||||
conditions:
|
||||
add_vips_to_etc_hosts: {equals : [{get_param: AddVipsToEtcHosts}, True]}
|
||||
|
||||
@ -318,14 +324,14 @@ resources:
|
||||
properties:
|
||||
name: {{role.name}}HostsDeployment
|
||||
config: {get_attr: [hostsConfig, config_id]}
|
||||
servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
|
||||
servers: {get_attr: [{{role.name}}Servers, value]}
|
||||
|
||||
{{role.name}}SshKnownHostsDeployment:
|
||||
type: OS::Heat::StructuredDeployments
|
||||
properties:
|
||||
name: {{role.name}}SshKnownHostsDeployment
|
||||
config: {get_resource: SshKnownHostsConfig}
|
||||
servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
|
||||
servers: {get_attr: [{{role.name}}Servers, value]}
|
||||
|
||||
{{role.name}}AllNodesDeployment:
|
||||
type: OS::Heat::StructuredDeployments
|
||||
@ -336,7 +342,7 @@ resources:
|
||||
properties:
|
||||
name: {{role.name}}AllNodesDeployment
|
||||
config: {get_attr: [allNodesConfig, config_id]}
|
||||
servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
|
||||
servers: {get_attr: [{{role.name}}Servers, value]}
|
||||
input_values:
|
||||
# Note we have to use yaql to look up the first hostname/ip in the
|
||||
# list because heat path based attributes operate on the attribute
|
||||
@ -358,7 +364,7 @@ resources:
|
||||
properties:
|
||||
name: {{role.name}}AllNodesValidationDeployment
|
||||
config: {get_resource: AllNodesValidationConfig}
|
||||
servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
|
||||
servers: {get_attr: [{{role.name}}Servers, value]}
|
||||
|
||||
{{role.name}}IpListMap:
|
||||
type: OS::TripleO::Network::Ports::NetIpListMap
|
||||
@ -439,8 +445,39 @@ resources:
|
||||
ServiceNames: {get_attr: [{{role.name}}ServiceNames, value]}
|
||||
MonitoringSubscriptions: {get_attr: [{{role.name}}ServiceChainRoleData, value, monitoring_subscriptions]}
|
||||
ServiceMetadataSettings: {get_attr: [{{role.name}}ServiceChainRoleData, value, service_metadata_settings]}
|
||||
DeploymentServerBlacklistDict: {get_attr: [DeploymentServerBlacklistDict, value]}
|
||||
{% endfor %}
|
||||
|
||||
{% for role in roles %}
|
||||
{{role.name}}Servers:
|
||||
type: OS::Heat::Value
|
||||
depends_on: {{role.name}}
|
||||
properties:
|
||||
type: json
|
||||
value:
|
||||
yaql:
|
||||
expression: let(servers=>switch(isDict($.data.servers) => $.data.servers, true => {})) -> $servers.deleteAll($servers.keys().where($servers[$] = null))
|
||||
data:
|
||||
servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
|
||||
{% endfor %}
|
||||
|
||||
# This resource just creates a dict out of the DeploymentServerBlacklist,
|
||||
# which is a list. The dict is used in the role templates to set a condition
|
||||
# on whether to create the deployment resources. We can't use the list
|
||||
# directly because there is no way to ask Heat if a list contains a specific
|
||||
# value.
|
||||
DeploymentServerBlacklistDict:
|
||||
type: OS::Heat::Value
|
||||
properties:
|
||||
type: json
|
||||
value:
|
||||
map_merge:
|
||||
repeat:
|
||||
template:
|
||||
hostname: 1
|
||||
for_each:
|
||||
hostname: {get_param: DeploymentServerBlacklist}
|
||||
|
||||
hostsConfig:
|
||||
type: OS::TripleO::Hosts::SoftwareConfig
|
||||
properties:
|
||||
@ -663,7 +700,7 @@ resources:
|
||||
properties:
|
||||
servers:
|
||||
{% for role in roles %}
|
||||
{{role.name}}: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
|
||||
{{role.name}}: {get_attr: [{{role.name}}Servers, value]}
|
||||
{% endfor %}
|
||||
input_values:
|
||||
deploy_identifier: {get_param: DeployIdentifier}
|
||||
@ -681,7 +718,7 @@ resources:
|
||||
properties:
|
||||
servers:
|
||||
{% for role in roles %}
|
||||
{{role.name}}: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
|
||||
{{role.name}}: {get_attr: [{{role.name}}Servers, value]}
|
||||
{% endfor %}
|
||||
|
||||
# Post deployment steps for all roles
|
||||
@ -695,7 +732,7 @@ resources:
|
||||
properties:
|
||||
servers:
|
||||
{% for role in roles %}
|
||||
{{role.name}}: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
|
||||
{{role.name}}: {get_attr: [{{role.name}}Servers, value]}
|
||||
{% endfor %}
|
||||
EndpointMap: {get_attr: [EndpointMap, endpoint_map]}
|
||||
role_data:
|
||||
|
@ -132,6 +132,20 @@ parameters:
|
||||
major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
|
||||
environment files.
|
||||
default: ''
|
||||
DeploymentServerBlacklistDict:
|
||||
default: {}
|
||||
type: json
|
||||
description: >
|
||||
Map of server hostnames to blacklist from any triggered
|
||||
deployments. If the value is 1, the server will be blacklisted. This
|
||||
parameter is generated from the parent template.
|
||||
|
||||
conditions:
|
||||
server_not_blacklisted:
|
||||
not:
|
||||
equals:
|
||||
- {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
|
||||
- 1
|
||||
|
||||
resources:
|
||||
BlockStorage:
|
||||
@ -362,6 +376,7 @@ resources:
|
||||
NetworkDeployment:
|
||||
type: OS::TripleO::SoftwareDeployment
|
||||
depends_on: PreNetworkConfig
|
||||
condition: server_not_blacklisted
|
||||
properties:
|
||||
name: NetworkDeployment
|
||||
config: {get_resource: NetworkConfig}
|
||||
@ -385,6 +400,7 @@ resources:
|
||||
BlockStorageUpgradeInitDeployment:
|
||||
type: OS::Heat::SoftwareDeployment
|
||||
depends_on: NetworkDeployment
|
||||
condition: server_not_blacklisted
|
||||
properties:
|
||||
name: BlockStorageUpgradeInitDeployment
|
||||
server: {get_resource: BlockStorage}
|
||||
@ -393,6 +409,7 @@ resources:
|
||||
BlockStorageDeployment:
|
||||
type: OS::Heat::StructuredDeployment
|
||||
depends_on: BlockStorageUpgradeInitDeployment
|
||||
condition: server_not_blacklisted
|
||||
properties:
|
||||
name: BlockStorageDeployment
|
||||
server: {get_resource: BlockStorage}
|
||||
@ -459,6 +476,7 @@ resources:
|
||||
UpdateDeployment:
|
||||
type: OS::Heat::SoftwareDeployment
|
||||
depends_on: NetworkDeployment
|
||||
condition: server_not_blacklisted
|
||||
properties:
|
||||
name: UpdateDeployment
|
||||
config: {get_resource: UpdateConfig}
|
||||
@ -555,6 +573,7 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
|
||||
description: Heat resource handle for the block storage server
|
||||
value:
|
||||
{get_resource: BlockStorage}
|
||||
condition: server_not_blacklisted
|
||||
external_ip_address:
|
||||
description: IP address of the server in the external network
|
||||
value: {get_attr: [ExternalPort, ip_address]}
|
||||
|
@ -138,6 +138,20 @@ parameters:
|
||||
major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
|
||||
environment files.
|
||||
default: ''
|
||||
DeploymentServerBlacklistDict:
|
||||
default: {}
|
||||
type: json
|
||||
description: >
|
||||
Map of server hostnames to blacklist from any triggered
|
||||
deployments. If the value is 1, the server will be blacklisted. This
|
||||
parameter is generated from the parent template.
|
||||
|
||||
conditions:
|
||||
server_not_blacklisted:
|
||||
not:
|
||||
equals:
|
||||
- {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
|
||||
- 1
|
||||
|
||||
resources:
|
||||
CephStorage:
|
||||
@ -368,6 +382,7 @@ resources:
|
||||
NetworkDeployment:
|
||||
type: OS::TripleO::SoftwareDeployment
|
||||
depends_on: PreNetworkConfig
|
||||
condition: server_not_blacklisted
|
||||
properties:
|
||||
name: NetworkDeployment
|
||||
config: {get_resource: NetworkConfig}
|
||||
@ -391,6 +406,7 @@ resources:
|
||||
CephStorageUpgradeInitDeployment:
|
||||
type: OS::Heat::SoftwareDeployment
|
||||
depends_on: NetworkDeployment
|
||||
condition: server_not_blacklisted
|
||||
properties:
|
||||
name: CephStorageUpgradeInitDeployment
|
||||
server: {get_resource: CephStorage}
|
||||
@ -399,6 +415,7 @@ resources:
|
||||
CephStorageDeployment:
|
||||
type: OS::Heat::StructuredDeployment
|
||||
depends_on: CephStorageUpgradeInitDeployment
|
||||
condition: server_not_blacklisted
|
||||
properties:
|
||||
name: CephStorageDeployment
|
||||
config: {get_resource: CephStorageConfig}
|
||||
@ -471,6 +488,7 @@ resources:
|
||||
UpdateDeployment:
|
||||
type: OS::Heat::SoftwareDeployment
|
||||
depends_on: NetworkDeployment
|
||||
condition: server_not_blacklisted
|
||||
properties:
|
||||
config: {get_resource: UpdateConfig}
|
||||
server: {get_resource: CephStorage}
|
||||
@ -566,6 +584,7 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
|
||||
description: Heat resource handle for the ceph storage server
|
||||
value:
|
||||
{get_resource: CephStorage}
|
||||
condition: server_not_blacklisted
|
||||
external_ip_address:
|
||||
description: IP address of the server in the external network
|
||||
value: {get_attr: [ExternalPort, ip_address]}
|
||||
|
@ -150,6 +150,20 @@ parameters:
|
||||
major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
|
||||
environment files.
|
||||
default: ''
|
||||
DeploymentServerBlacklistDict:
|
||||
default: {}
|
||||
type: json
|
||||
description: >
|
||||
Map of server hostnames to blacklist from any triggered
|
||||
deployments. If the value is 1, the server will be blacklisted. This
|
||||
parameter is generated from the parent template.
|
||||
|
||||
conditions:
|
||||
server_not_blacklisted:
|
||||
not:
|
||||
equals:
|
||||
- {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
|
||||
- 1
|
||||
|
||||
resources:
|
||||
|
||||
@ -382,6 +396,7 @@ resources:
|
||||
NetworkDeployment:
|
||||
type: OS::TripleO::SoftwareDeployment
|
||||
depends_on: PreNetworkConfig
|
||||
condition: server_not_blacklisted
|
||||
properties:
|
||||
name: NetworkDeployment
|
||||
config: {get_resource: NetworkConfig}
|
||||
@ -408,6 +423,7 @@ resources:
|
||||
NovaComputeUpgradeInitDeployment:
|
||||
type: OS::Heat::SoftwareDeployment
|
||||
depends_on: NetworkDeployment
|
||||
condition: server_not_blacklisted
|
||||
properties:
|
||||
name: NovaComputeUpgradeInitDeployment
|
||||
server: {get_resource: NovaCompute}
|
||||
@ -459,6 +475,7 @@ resources:
|
||||
NovaComputeDeployment:
|
||||
type: OS::TripleO::SoftwareDeployment
|
||||
depends_on: NovaComputeUpgradeInitDeployment
|
||||
condition: server_not_blacklisted
|
||||
properties:
|
||||
name: NovaComputeDeployment
|
||||
config: {get_resource: NovaComputeConfig}
|
||||
@ -494,6 +511,7 @@ resources:
|
||||
UpdateDeployment:
|
||||
type: OS::Heat::SoftwareDeployment
|
||||
depends_on: NetworkDeployment
|
||||
condition: server_not_blacklisted
|
||||
properties:
|
||||
name: UpdateDeployment
|
||||
config: {get_resource: UpdateConfig}
|
||||
@ -609,4 +627,5 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
|
||||
nova_server_resource:
|
||||
description: Heat resource handle for the Nova compute server
|
||||
value:
|
||||
{get_resource: NovaCompute}
|
||||
{get_resource: NovaCompute}
|
||||
condition: server_not_blacklisted
|
||||
|
@ -164,6 +164,13 @@ parameters:
|
||||
major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
|
||||
environment files.
|
||||
default: ''
|
||||
DeploymentServerBlacklistDict:
|
||||
default: {}
|
||||
type: json
|
||||
description: >
|
||||
Map of server hostnames to blacklist from any triggered
|
||||
deployments. If the value is 1, the server will be blacklisted. This
|
||||
parameter is generated from the parent template.
|
||||
|
||||
parameter_groups:
|
||||
- label: deprecated
|
||||
@ -171,6 +178,14 @@ parameter_groups:
|
||||
parameters:
|
||||
- controllerExtraConfig
|
||||
|
||||
conditions:
|
||||
server_not_blacklisted:
|
||||
not:
|
||||
equals:
|
||||
- {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
|
||||
- 1
|
||||
|
||||
|
||||
resources:
|
||||
|
||||
Controller:
|
||||
@ -400,6 +415,7 @@ resources:
|
||||
|
||||
NetworkDeployment:
|
||||
type: OS::TripleO::SoftwareDeployment
|
||||
condition: server_not_blacklisted
|
||||
depends_on: PreNetworkConfig
|
||||
properties:
|
||||
name: NetworkDeployment
|
||||
@ -441,6 +457,7 @@ resources:
|
||||
# but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first
|
||||
ControllerUpgradeInitDeployment:
|
||||
type: OS::Heat::SoftwareDeployment
|
||||
condition: server_not_blacklisted
|
||||
depends_on: NetworkDeployment
|
||||
properties:
|
||||
name: ControllerUpgradeInitDeployment
|
||||
@ -449,6 +466,7 @@ resources:
|
||||
|
||||
ControllerDeployment:
|
||||
type: OS::TripleO::SoftwareDeployment
|
||||
condition: server_not_blacklisted
|
||||
depends_on: ControllerUpgradeInitDeployment
|
||||
properties:
|
||||
name: ControllerDeployment
|
||||
@ -532,6 +550,7 @@ resources:
|
||||
|
||||
UpdateDeployment:
|
||||
type: OS::Heat::SoftwareDeployment
|
||||
condition: server_not_blacklisted
|
||||
depends_on: NetworkDeployment
|
||||
properties:
|
||||
name: UpdateDeployment
|
||||
@ -649,6 +668,7 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
|
||||
description: Heat resource handle for the Nova compute server
|
||||
value:
|
||||
{get_resource: Controller}
|
||||
condition: server_not_blacklisted
|
||||
tls_key_modulus_md5:
|
||||
description: MD5 checksum of the TLS Key Modulus
|
||||
value: {get_attr: [NodeTLSData, key_modulus_md5]}
|
||||
|
@ -132,6 +132,20 @@ parameters:
|
||||
major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
|
||||
environment files.
|
||||
default: ''
|
||||
DeploymentServerBlacklistDict:
|
||||
default: {}
|
||||
type: json
|
||||
description: >
|
||||
Map of server hostnames to blacklist from any triggered
|
||||
deployments. If the value is 1, the server will be blacklisted. This
|
||||
parameter is generated from the parent template.
|
||||
|
||||
conditions:
|
||||
server_not_blacklisted:
|
||||
not:
|
||||
equals:
|
||||
- {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
|
||||
- 1
|
||||
|
||||
resources:
|
||||
|
||||
@ -362,6 +376,7 @@ resources:
|
||||
NetworkDeployment:
|
||||
type: OS::TripleO::SoftwareDeployment
|
||||
depends_on: PreNetworkConfig
|
||||
condition: server_not_blacklisted
|
||||
properties:
|
||||
name: NetworkDeployment
|
||||
config: {get_resource: NetworkConfig}
|
||||
@ -385,6 +400,7 @@ resources:
|
||||
SwiftStorageUpgradeInitDeployment:
|
||||
type: OS::Heat::SoftwareDeployment
|
||||
depends_on: NetworkDeployment
|
||||
condition: server_not_blacklisted
|
||||
properties:
|
||||
name: SwiftStorageUpgradeInitDeployment
|
||||
server: {get_resource: SwiftStorage}
|
||||
@ -430,6 +446,7 @@ resources:
|
||||
SwiftStorageHieraDeploy:
|
||||
type: OS::Heat::StructuredDeployment
|
||||
depends_on: SwiftStorageUpgradeInitDeployment
|
||||
condition: server_not_blacklisted
|
||||
properties:
|
||||
name: SwiftStorageHieraDeploy
|
||||
server: {get_resource: SwiftStorage}
|
||||
@ -458,6 +475,7 @@ resources:
|
||||
UpdateDeployment:
|
||||
type: OS::Heat::SoftwareDeployment
|
||||
depends_on: NetworkDeployment
|
||||
condition: server_not_blacklisted
|
||||
properties:
|
||||
config: {get_resource: UpdateConfig}
|
||||
server: {get_resource: SwiftStorage}
|
||||
@ -553,6 +571,7 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
|
||||
description: Heat resource handle for the swift storage server
|
||||
value:
|
||||
{get_resource: SwiftStorage}
|
||||
condition: server_not_blacklisted
|
||||
external_ip_address:
|
||||
description: IP address of the server in the external network
|
||||
value: {get_attr: [ExternalPort, ip_address]}
|
||||
|
@ -154,6 +154,20 @@ parameters:
|
||||
major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
|
||||
environment files.
|
||||
default: ''
|
||||
DeploymentServerBlacklistDict:
|
||||
default: {}
|
||||
type: json
|
||||
description: >
|
||||
Map of server hostnames to blacklist from any triggered
|
||||
deployments. If the value is 1, the server will be blacklisted. This
|
||||
parameter is generated from the parent template.
|
||||
|
||||
conditions:
|
||||
server_not_blacklisted:
|
||||
not:
|
||||
equals:
|
||||
- {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
|
||||
- 1
|
||||
|
||||
resources:
|
||||
{{role}}:
|
||||
@ -384,6 +398,7 @@ resources:
|
||||
NetworkDeployment:
|
||||
type: OS::TripleO::SoftwareDeployment
|
||||
depends_on: PreNetworkConfig
|
||||
condition: server_not_blacklisted
|
||||
properties:
|
||||
name: NetworkDeployment
|
||||
config: {get_resource: NetworkConfig}
|
||||
@ -410,6 +425,7 @@ resources:
|
||||
{{role}}UpgradeInitDeployment:
|
||||
type: OS::Heat::SoftwareDeployment
|
||||
depends_on: NetworkDeployment
|
||||
condition: server_not_blacklisted
|
||||
properties:
|
||||
name: {{role}}UpgradeInitDeployment
|
||||
server: {get_resource: {{role}}}
|
||||
@ -418,6 +434,7 @@ resources:
|
||||
{{role}}Deployment:
|
||||
type: OS::Heat::StructuredDeployment
|
||||
depends_on: {{role}}UpgradeInitDeployment
|
||||
condition: server_not_blacklisted
|
||||
properties:
|
||||
name: {{role}}Deployment
|
||||
config: {get_resource: {{role}}Config}
|
||||
@ -492,6 +509,7 @@ resources:
|
||||
UpdateDeployment:
|
||||
type: OS::Heat::SoftwareDeployment
|
||||
depends_on: NetworkDeployment
|
||||
condition: server_not_blacklisted
|
||||
properties:
|
||||
name: UpdateDeployment
|
||||
config: {get_resource: UpdateConfig}
|
||||
@ -588,6 +606,7 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
|
||||
description: Heat resource handle for {{role}} server
|
||||
value:
|
||||
{get_resource: {{role}}}
|
||||
condition: server_not_blacklisted
|
||||
external_ip_address:
|
||||
description: IP address of the server in the external network
|
||||
value: {get_attr: [ExternalPort, ip_address]}
|
||||
|
@ -0,0 +1,6 @@
|
||||
---
|
||||
features:
|
||||
- Added the ability to blacklist servers by name from being
|
||||
associated with any Heat triggered SoftwareDeployment
|
||||
resources. The servers are specified in the new
|
||||
DeploymentServerBlacklist parameter.
|
Loading…
Reference in New Issue
Block a user