From 78bc45758563452ca5c3fd91afa901d93f9d8007 Mon Sep 17 00:00:00 2001 From: Andrew Smith Date: Wed, 27 Sep 2017 15:32:26 -0400 Subject: [PATCH] Support separate oslo.messaging services for RPC and Notification This commit introduces oslo.messaging services in place of a single rabbitmq server. This will enable the separation of rpc and notifications for the continued use of a single backend (e.g. rabbitmq server) or a dual backend for the messaging communications. This patch: * add oslo_messaging_rpc and oslo_messaging_notify services * add puppet services for rpc and notification (rabbitmq and qdrouterd servers) * add docker services to deploy rpc (rabbitmq or qdrouterd) and notify (rabbitmq or shared) * retains rabbit parameters for core services * update resource registries, service_net_map, roles, etc. * update ci environment container scenarios * add environment generator for messaging * add release note Depends-On: Ic2c1a58526febefc1703da5fec12ff68dcc0efa0 Depends-On: I154e2fe6f66b296b9b643627d57696e5178e1815 Depends-On: I03e99d35ed043cf11bea9b7462058bd80f4d99da Needed-By: Ie181a92731e254b7f613ad25fee6cc37e985c315 Change-Id: I934561612d26befd88a9053262836b47bdf4efb0 --- .../multinode-3nodes-registry.yaml | 3 +- ci/environments/multinode-3nodes.yaml | 3 +- ci/environments/multinode-containers.yaml | 6 +- ci/environments/ovb-ha.yaml | 3 +- .../scenario000-multinode-containers.yaml | 6 +- .../scenario001-multinode-containers.yaml | 6 +- .../scenario002-multinode-containers.yaml | 6 +- .../scenario003-multinode-containers.yaml | 6 +- .../scenario004-multinode-containers.yaml | 6 +- .../scenario006-multinode-containers.yaml | 3 +- .../scenario007-multinode-containers.yaml | 3 +- .../deployed-server-roles-data.yaml | 3 +- .../messaging/notify-rabbitmq-shared.yaml | 54 +++ .../services/messaging/notify-rabbitmq.yaml | 260 ++++++++++++ docker/services/messaging/rpc-qdrouterd.yaml | 126 ++++++ docker/services/messaging/rpc-rabbitmq.yaml | 260 ++++++++++++ .../services/pacemaker/notify-rabbitmq.yaml | 378 ++++++++++++++++++ docker/services/pacemaker/rpc-rabbitmq.yaml | 378 ++++++++++++++++++ docker/services/rabbitmq.yaml | 8 +- environments/docker-ha.yaml | 3 +- environments/docker-uc-light.yaml | 5 +- environments/docker.yaml | 2 + .../rpc-qdrouterd-notify-rabbitmq-hybrid.yaml | 22 + .../rpc-rabbitmq-notify-rabbitmq-shared.yaml | 18 + network/service_net_map.j2.yaml | 2 + overcloud-resource-registry-puppet.j2.yaml | 6 +- puppet/services/aodh-base.yaml | 45 ++- puppet/services/barbican-api.yaml | 45 ++- puppet/services/ceilometer-base.yaml | 45 ++- puppet/services/cinder-base.yaml | 44 +- puppet/services/congress.yaml | 45 ++- puppet/services/glance-api.yaml | 45 ++- puppet/services/heat-base.yaml | 45 ++- puppet/services/ironic-base.yaml | 31 +- puppet/services/keystone.yaml | 35 +- puppet/services/manila-base.yaml | 45 ++- .../messaging/notify-rabbitmq-shared.yaml | 63 +++ .../services/messaging/notify-rabbitmq.yaml | 145 +++++++ puppet/services/messaging/rpc-qdrouterd.yaml | 101 +++++ puppet/services/messaging/rpc-rabbitmq.yaml | 146 +++++++ puppet/services/mistral-base.yaml | 45 ++- puppet/services/neutron-base.yaml | 47 +-- puppet/services/nova-api.yaml | 12 +- puppet/services/nova-base.yaml | 54 +-- puppet/services/octavia-base.yaml | 36 +- puppet/services/sahara-base.yaml | 45 ++- puppet/services/swift-proxy.yaml | 37 +- puppet/services/tacker.yaml | 46 +-- ...ng-separate-backends-2d2221066f88f479.yaml | 4 + roles/Controller.yaml | 3 +- roles/ControllerNoCeph.yaml | 3 +- roles/ControllerNovaStandalone.yaml | 3 +- roles/ControllerStorageNfs.yaml | 3 +- roles/Messaging.yaml | 5 +- roles/Undercloud.yaml | 3 +- roles/UndercloudLight.yaml | 3 +- roles_data.yaml | 3 +- roles_data_undercloud.yaml | 3 +- sample-env-generator/messaging.yaml | 35 ++ tools/yaml-validate.py | 17 + 60 files changed, 2461 insertions(+), 402 deletions(-) create mode 100644 docker/services/messaging/notify-rabbitmq-shared.yaml create mode 100644 docker/services/messaging/notify-rabbitmq.yaml create mode 100644 docker/services/messaging/rpc-qdrouterd.yaml create mode 100644 docker/services/messaging/rpc-rabbitmq.yaml create mode 100644 docker/services/pacemaker/notify-rabbitmq.yaml create mode 100644 docker/services/pacemaker/rpc-rabbitmq.yaml create mode 100644 environments/messaging/rpc-qdrouterd-notify-rabbitmq-hybrid.yaml create mode 100644 environments/messaging/rpc-rabbitmq-notify-rabbitmq-shared.yaml create mode 100644 puppet/services/messaging/notify-rabbitmq-shared.yaml create mode 100644 puppet/services/messaging/notify-rabbitmq.yaml create mode 100644 puppet/services/messaging/rpc-qdrouterd.yaml create mode 100644 puppet/services/messaging/rpc-rabbitmq.yaml create mode 100644 releasenotes/notes/oslo-messaging-separate-backends-2d2221066f88f479.yaml create mode 100644 sample-env-generator/messaging.yaml diff --git a/ci/environments/multinode-3nodes-registry.yaml b/ci/environments/multinode-3nodes-registry.yaml index 4e4ce23888..8fc9fc6a38 100644 --- a/ci/environments/multinode-3nodes-registry.yaml +++ b/ci/environments/multinode-3nodes-registry.yaml @@ -2,7 +2,8 @@ resource_registry: OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml OS::TripleO::ControllerApi::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml OS::TripleO::Services::Core: multinode-core.yaml - OS::TripleO::Services::RabbitMQ: ../../docker/services/pacemaker/rabbitmq.yaml + OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml + OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml diff --git a/ci/environments/multinode-3nodes.yaml b/ci/environments/multinode-3nodes.yaml index d99f7bd3d3..fb4df8ff51 100644 --- a/ci/environments/multinode-3nodes.yaml +++ b/ci/environments/multinode-3nodes.yaml @@ -67,7 +67,8 @@ - OS::TripleO::Services::Kernel - OS::TripleO::Services::MySQL - OS::TripleO::Services::MySQLClient - - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::OsloMessagingRpc + - OS::TripleO::Services::OsloMessagingNotify - OS::TripleO::Services::HAproxy - OS::TripleO::Services::Keepalived - OS::TripleO::Services::Memcached diff --git a/ci/environments/multinode-containers.yaml b/ci/environments/multinode-containers.yaml index da2f09011d..2374642e85 100644 --- a/ci/environments/multinode-containers.yaml +++ b/ci/environments/multinode-containers.yaml @@ -1,7 +1,8 @@ resource_registry: OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml - OS::TripleO::Services::RabbitMQ: ../../docker/services/pacemaker/rabbitmq.yaml + OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml + OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml @@ -31,7 +32,8 @@ parameter_defaults: - OS::TripleO::Services::NeutronServer - OS::TripleO::Services::NeutronCorePlugin - OS::TripleO::Services::NeutronOvsAgent - - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::OsloMessagingRpc + - OS::TripleO::Services::OsloMessagingNotify - OS::TripleO::Services::HAproxy - OS::TripleO::Services::Keepalived - OS::TripleO::Services::Memcached diff --git a/ci/environments/ovb-ha.yaml b/ci/environments/ovb-ha.yaml index 8ad7233614..979dbc97fe 100644 --- a/ci/environments/ovb-ha.yaml +++ b/ci/environments/ovb-ha.yaml @@ -25,8 +25,9 @@ parameter_defaults: - OS::TripleO::Services::NovaPlacement - OS::TripleO::Services::NovaScheduler - OS::TripleO::Services::Ntp + - OS::TripleO::Services::OsloMessagingNotify + - OS::TripleO::Services::OsloMessagingRpc - OS::TripleO::Services::Pacemaker - - OS::TripleO::Services::RabbitMQ - OS::TripleO::Services::Sshd - OS::TripleO::Services::SwiftProxy - OS::TripleO::Services::SwiftDispersion diff --git a/ci/environments/scenario000-multinode-containers.yaml b/ci/environments/scenario000-multinode-containers.yaml index 7984f27c04..c5f5169e14 100644 --- a/ci/environments/scenario000-multinode-containers.yaml +++ b/ci/environments/scenario000-multinode-containers.yaml @@ -5,7 +5,8 @@ resource_registry: # Since the OVB jobs also test this functionality we can shut it off here. OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml - OS::TripleO::Services::RabbitMQ: ../../docker/services/pacemaker/rabbitmq.yaml + OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml + OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml @@ -24,7 +25,8 @@ parameter_defaults: - OS::TripleO::Services::Keystone - OS::TripleO::Services::MySQL - OS::TripleO::Services::MySQLClient - - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::OsloMessagingRpc + - OS::TripleO::Services::OsloMessagingNotify - OS::TripleO::Services::HAproxy - OS::TripleO::Services::Keepalived - OS::TripleO::Services::Memcached diff --git a/ci/environments/scenario001-multinode-containers.yaml b/ci/environments/scenario001-multinode-containers.yaml index 768766b214..ae655229d6 100644 --- a/ci/environments/scenario001-multinode-containers.yaml +++ b/ci/environments/scenario001-multinode-containers.yaml @@ -7,7 +7,8 @@ resource_registry: OS::TripleO::Services::CephClient: ../../docker/services/ceph-ansible/ceph-client.yaml OS::TripleO::Services::PankoApi: ../../docker/services/panko-api.yaml OS::TripleO::Services::Collectd: ../../docker/services/collectd.yaml - OS::TripleO::Services::RabbitMQ: ../../docker/services/pacemaker/rabbitmq.yaml + OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml + OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml @@ -47,7 +48,8 @@ parameter_defaults: - OS::TripleO::Services::NeutronServer - OS::TripleO::Services::NeutronCorePlugin - OS::TripleO::Services::NeutronOvsAgent - - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::OsloMessagingRpc + - OS::TripleO::Services::OsloMessagingNotify - OS::TripleO::Services::HAproxy - OS::TripleO::Services::Keepalived - OS::TripleO::Services::Memcached diff --git a/ci/environments/scenario002-multinode-containers.yaml b/ci/environments/scenario002-multinode-containers.yaml index 6e96b3c8a9..0e98f1d20d 100644 --- a/ci/environments/scenario002-multinode-containers.yaml +++ b/ci/environments/scenario002-multinode-containers.yaml @@ -5,7 +5,8 @@ resource_registry: OS::TripleO::Services::Zaqar: ../../docker/services/zaqar.yaml OS::TripleO::Services::Ec2Api: ../../docker/services/ec2-api.yaml OS::TripleO::Services::PankoApi: ../../docker/services/panko-api.yaml - OS::TripleO::Services::RabbitMQ: ../../docker/services/pacemaker/rabbitmq.yaml + OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml + OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml OS::TripleO::Services::Redis: ../../docker/services/pacemaker/database/redis.yaml OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml @@ -42,7 +43,8 @@ parameter_defaults: - OS::TripleO::Services::NeutronServer - OS::TripleO::Services::NeutronCorePlugin - OS::TripleO::Services::NeutronOvsAgent - - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::OsloMessagingRpc + - OS::TripleO::Services::OsloMessagingNotify - OS::TripleO::Services::HAproxy - OS::TripleO::Services::Keepalived - OS::TripleO::Services::Memcached diff --git a/ci/environments/scenario003-multinode-containers.yaml b/ci/environments/scenario003-multinode-containers.yaml index bd7f8c401b..35dc28900b 100644 --- a/ci/environments/scenario003-multinode-containers.yaml +++ b/ci/environments/scenario003-multinode-containers.yaml @@ -7,7 +7,8 @@ resource_registry: OS::TripleO::Services::MistralEngine: ../../docker/services/mistral-engine.yaml OS::TripleO::Services::MistralExecutor: ../../docker/services/mistral-executor.yaml OS::TripleO::Services::MistralEventEngine: ../../docker/services/mistral-event-engine.yaml - OS::TripleO::Services::RabbitMQ: ../../docker/services/pacemaker/rabbitmq.yaml + OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml + OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml @@ -36,7 +37,8 @@ parameter_defaults: - OS::TripleO::Services::NeutronServer - OS::TripleO::Services::NeutronCorePlugin - OS::TripleO::Services::NeutronOvsAgent - - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::OsloMessagingRpc + - OS::TripleO::Services::OsloMessagingNotify - OS::TripleO::Services::HAproxy - OS::TripleO::Services::Keepalived - OS::TripleO::Services::Memcached diff --git a/ci/environments/scenario004-multinode-containers.yaml b/ci/environments/scenario004-multinode-containers.yaml index 8f75b0f50d..fbfe0bc172 100644 --- a/ci/environments/scenario004-multinode-containers.yaml +++ b/ci/environments/scenario004-multinode-containers.yaml @@ -24,7 +24,8 @@ resource_registry: OS::TripleO::Tasks::ControllerPreConfig: OS::Heat::None OS::TripleO::Tasks::ControllerPostConfig: OS::Heat::None OS::TripleO::Tasks::ControllerPostPuppetRestart: ../../extraconfig/tasks/post_puppet_pacemaker_restart.yaml - OS::TripleO::Services::RabbitMQ: ../../docker/services/pacemaker/rabbitmq.yaml + OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml + OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml @@ -58,7 +59,8 @@ parameter_defaults: - OS::TripleO::Services::NeutronServer - OS::TripleO::Services::NeutronCorePlugin - OS::TripleO::Services::NeutronOvsAgent - - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::OsloMessagingRpc + - OS::TripleO::Services::OsloMessagingNotify - OS::TripleO::Services::HAproxy - OS::TripleO::Services::Keepalived - OS::TripleO::Services::ManilaApi diff --git a/ci/environments/scenario006-multinode-containers.yaml b/ci/environments/scenario006-multinode-containers.yaml index f3165f6723..090878c443 100644 --- a/ci/environments/scenario006-multinode-containers.yaml +++ b/ci/environments/scenario006-multinode-containers.yaml @@ -24,7 +24,8 @@ parameter_defaults: - OS::TripleO::Services::NeutronServer - OS::TripleO::Services::NeutronCorePlugin - OS::TripleO::Services::NeutronOvsAgent - - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::OsloMessagingRpc + - OS::TripleO::Services::OsloMessagingNotify - OS::TripleO::Services::HAproxy - OS::TripleO::Services::Keepalived - OS::TripleO::Services::Memcached diff --git a/ci/environments/scenario007-multinode-containers.yaml b/ci/environments/scenario007-multinode-containers.yaml index 2b542400ab..085b3cc3f4 100644 --- a/ci/environments/scenario007-multinode-containers.yaml +++ b/ci/environments/scenario007-multinode-containers.yaml @@ -34,7 +34,8 @@ parameter_defaults: - OS::TripleO::Services::OVNDBs - OS::TripleO::Services::OVNController - OS::TripleO::Services::OVNMetadataAgent - - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::OsloMessagingRpc + - OS::TripleO::Services::OsloMessagingNotify - OS::TripleO::Services::HAproxy - OS::TripleO::Services::Keepalived - OS::TripleO::Services::Memcached diff --git a/deployed-server/deployed-server-roles-data.yaml b/deployed-server/deployed-server-roles-data.yaml index 784f005bad..b2908ab460 100644 --- a/deployed-server/deployed-server-roles-data.yaml +++ b/deployed-server/deployed-server-roles-data.yaml @@ -133,11 +133,12 @@ - OS::TripleO::Services::OctaviaWorker - OS::TripleO::Services::OpenDaylightApi - OS::TripleO::Services::OpenDaylightOvs + - OS::TripleO::Services::OsloMessagingRpc + - OS::TripleO::Services::OsloMessagingNotify - OS::TripleO::Services::OVNDBs - OS::TripleO::Services::OVNController - OS::TripleO::Services::Pacemaker - OS::TripleO::Services::PankoApi - - OS::TripleO::Services::RabbitMQ - OS::TripleO::Services::Redis - OS::TripleO::Services::SaharaApi - OS::TripleO::Services::SaharaEngine diff --git a/docker/services/messaging/notify-rabbitmq-shared.yaml b/docker/services/messaging/notify-rabbitmq-shared.yaml new file mode 100644 index 0000000000..70be8c316f --- /dev/null +++ b/docker/services/messaging/notify-rabbitmq-shared.yaml @@ -0,0 +1,54 @@ +heat_template_version: queens + +description: > + Oslo Notify using a shared OpenStack containerized Rabbitmq service + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + ContainersCommon: + type: ../containers-common.yaml + + RabbitmqBase: + type: ../../../puppet/services/messaging/notify-rabbitmq-shared.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the oslo messaging notify role. + value: + service_name: {get_attr: [RabbitmqBase, role_data, service_name]} + global_config_settings: {get_attr: [RabbitmqBase, role_data, global_config_settings]} diff --git a/docker/services/messaging/notify-rabbitmq.yaml b/docker/services/messaging/notify-rabbitmq.yaml new file mode 100644 index 0000000000..4341db4b45 --- /dev/null +++ b/docker/services/messaging/notify-rabbitmq.yaml @@ -0,0 +1,260 @@ +heat_template_version: queens + +description: > + OpenStack containerized Rabbitmq service + +parameters: + DockerRabbitmqImage: + description: image + type: string + DockerRabbitmqConfigImage: + description: The container image to use for the rabbitmq config_volume + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + RabbitCookie: + type: string + default: '' + hidden: true + EnableInternalTLS: + type: boolean + default: false + InternalTLSCAFile: + default: '/etc/ipa/ca.crt' + type: string + description: Specifies the default CA cert to use if TLS is used for + services in the internal network. + UndercloudUpgrade: + type: boolean + description: Flag to indicate undercloud upgrade process is being run. + default: false + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} + +resources: + + ContainersCommon: + type: ../containers-common.yaml + + RabbitmqBase: + type: ../../../puppet/services/messaging/notify-rabbitmq.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Rabbitmq API role. + value: + service_name: {get_attr: [RabbitmqBase, role_data, service_name]} + # RabbitMQ plugins initialization occurs on every node + global_config_settings: {get_attr: [RabbitmqBase, role_data, global_config_settings]} + config_settings: + map_merge: + - {get_attr: [RabbitmqBase, role_data, config_settings]} + - rabbitmq::admin_enable: false + - if: + - internal_tls_enabled + - tripleo::certmonger::rabbitmq::postsave_cmd: "true" # TODO: restart the rabbitmq container here + - {} + logging_source: {get_attr: [RabbitmqBase, role_data, logging_source]} + logging_groups: {get_attr: [RabbitmqBase, role_data, logging_groups]} + service_config_settings: {get_attr: [RabbitmqBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: rabbitmq + step_config: + list_join: + - "\n" + - - "['Rabbitmq_policy', 'Rabbitmq_user'].each |String $val| { noop_resource($val) }" + - get_attr: [RabbitmqBase, role_data, step_config] + config_image: &rabbitmq_config_image {get_param: DockerRabbitmqConfigImage} + kolla_config: + /var/lib/kolla/config_files/rabbitmq.json: + command: /usr/lib/rabbitmq/bin/rabbitmq-server + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + - source: "/var/lib/kolla/config_files/src-tls/*" + dest: "/" + merge: true + preserve_properties: true + optional: true + permissions: + - path: /var/lib/rabbitmq + owner: rabbitmq:rabbitmq + recurse: true + - path: /etc/pki/tls/certs/rabbitmq.crt + owner: rabbitmq:rabbitmq + optional: true + - path: /etc/pki/tls/private/rabbitmq.key + owner: rabbitmq:rabbitmq + optional: true + docker_config: + # Kolla_bootstrap runs before permissions set by kolla_config + step_1: + rabbitmq_init_logs: + start_order: 0 + detach: false + image: &rabbitmq_image {get_param: DockerRabbitmqImage} + privileged: false + user: root + volumes: + - /var/log/containers/rabbitmq:/var/log/rabbitmq + command: ['/bin/bash', '-c', 'chown -R rabbitmq:rabbitmq /var/log/rabbitmq'] + rabbitmq_bootstrap: + start_order: 1 + detach: false + image: *rabbitmq_image + net: host + privileged: false + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/rabbitmq/:/var/lib/kolla/config_files/src:ro + - /var/lib/rabbitmq:/var/lib/rabbitmq + - /var/log/containers/rabbitmq:/var/log/rabbitmq + - if: + - internal_tls_enabled + - + - list_join: + - ':' + - - {get_param: InternalTLSCAFile} + - {get_param: InternalTLSCAFile} + - 'ro' + - /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro + - /etc/pki/tls/private/rabbitmq.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/rabbitmq.key:ro + - null + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + - KOLLA_BOOTSTRAP=True + - + list_join: + - '=' + - - 'RABBITMQ_CLUSTER_COOKIE' + - + yaql: + expression: $.data.passwords.where($ != '').first() + data: + passwords: + - {get_param: RabbitCookie} + - {get_param: [DefaultPasswords, rabbit_cookie]} + rabbitmq: + start_order: 2 + image: *rabbitmq_image + net: host + privileged: false + restart: always + healthcheck: + test: /openstack/healthcheck + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/rabbitmq/:/var/lib/kolla/config_files/src:ro + - /var/lib/rabbitmq:/var/lib/rabbitmq + - /var/log/containers/rabbitmq:/var/log/rabbitmq + - if: + - internal_tls_enabled + - + - list_join: + - ':' + - - {get_param: InternalTLSCAFile} + - {get_param: InternalTLSCAFile} + - 'ro' + - /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro + - /etc/pki/tls/private/rabbitmq.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/rabbitmq.key:ro + - null + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + docker_puppet_tasks: + # RabbitMQ users and policies initialization occurs only on single node + step_1: + config_volume: 'rabbit_init_tasks' + puppet_tags: 'rabbitmq_policy,rabbitmq_user' + step_config: 'include ::tripleo::profile::base::rabbitmq' + config_image: *rabbitmq_config_image + volumes: + - /var/lib/config-data/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/:ro + - /var/lib/rabbitmq:/var/lib/rabbitmq:ro + metadata_settings: + get_attr: [RabbitmqBase, role_data, metadata_settings] + host_prep_tasks: + - name: create persistent directories + file: + path: "{{ item }}" + state: directory + with_items: + - /var/log/containers/rabbitmq + - /var/lib/rabbitmq + - name: rabbitmq logs readme + copy: + dest: /var/log/rabbitmq/readme.txt + content: | + Log files from rabbitmq containers can be found under + /var/log/containers/rabbitmq. + ignore_errors: true + - name: Stop and disable the rabbitmq-server service + service: + name: rabbitmq-server + state: stopped + enabled: no + when: {get_param: UndercloudUpgrade} + upgrade_tasks: + - name: Check if rabbitmq server is deployed + command: systemctl is-enabled --quiet rabbitmq-server + tags: common + ignore_errors: True + register: rabbitmq_enabled + - name: "PreUpgrade step0,validation: Check service rabbitmq server is running" + command: systemctl is-active --quiet rabbitmq-server + when: + - step|int == 0 + - rabbitmq_enabled.rc == 0 + tags: validation + - name: Stop and disable rabbitmq service + when: + - step|int == 2 + - rabbitmq_enabled.rc == 0 + service: name=rabbitmq-server state=stopped enabled=no + update_tasks: + # TODO: Are we sure we want to support this. Rolling update + # without pacemaker may fail. Do we test this ? In any case, + # this is under paunch control so the latest image should be + # pulled in by the deploy steps. Same question for other + # usually managed by pacemaker container. diff --git a/docker/services/messaging/rpc-qdrouterd.yaml b/docker/services/messaging/rpc-qdrouterd.yaml new file mode 100644 index 0000000000..3c5847ee3f --- /dev/null +++ b/docker/services/messaging/rpc-qdrouterd.yaml @@ -0,0 +1,126 @@ +heat_template_version: queens + +description: > + OpenStack containerized Qpid dispatch router service + +parameters: + DockerQdrouterdImage: + description: image + type: string + DockerQdrouterdConfigImage: + description: The container image to use for the qdrouterd config_volume + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + ContainersCommon: + type: ../containers-common.yaml + + QdrouterdBase: + type: ../../../puppet/services/messaging/rpc-qdrouterd.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the qdrouterd service. + value: + service_name: {get_attr: [QdrouterdBase, role_data, service_name]} + global_config_settings: {get_attr: [QdrouterdBase, role_data, global_config_settings]} + config_settings: + map_merge: + - {get_attr: [QdrouterdBase, role_data, config_settings]} + - tripleo.oslo_messaging_rpc.firewall_rules: + '109 qdrouterd': + dport: + - 5672 + - 31459 + - 31460 + service_config_settings: {get_attr: [QdrouterdBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: qdrouterd + step_config: + get_attr: [QdrouterdBase, role_data, step_config] + config_image: {get_param: DockerQdrouterdConfigImage} + kolla_config: + /var/lib/kolla/config_files/qdrouterd.json: + command: /usr/sbin/qdrouterd -c /etc/qpid-dispatch/qdrouterd.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + permissions: + - path: /var/lib/qdrouterd + owner: qdrouterd:qdrouterd + recurse: true + docker_config: + step_1: + qdrouterd_init_logs: + start_order: 0 + detach: false + image: &qdrouterd_image {get_param: DockerQdrouterdImage} + privileged: false + user: root + volumes: + - /var/log/containers/qdrouterd:/var/log/qdrouterd + command: ['/bin/bash', '-c', 'chown -R qdrouterd:qdrouterd /var/log/qdrouterd'] + qdrouterd: + start_order: 1 + image: *qdrouterd_image + net: host + user: qdrouterd + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/qdrouterd.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/qdrouterd/:/var/lib/kolla/config_files/src:ro + - /var/lib/qdrouterd:/var/lib/qdrouterd + - /var/log/containers/qdrouterd:/var/log/qdrouterd + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent logs directory + file: + path: "{{ item }}" + state: directory + with_items: + - /var/log/containers/qdrouterd + - /var/lib/qdrouterd + metadata_settings: + get_attr: [QdrouterdBase, role_data, metadata_settings] diff --git a/docker/services/messaging/rpc-rabbitmq.yaml b/docker/services/messaging/rpc-rabbitmq.yaml new file mode 100644 index 0000000000..5648f6df7c --- /dev/null +++ b/docker/services/messaging/rpc-rabbitmq.yaml @@ -0,0 +1,260 @@ +heat_template_version: queens + +description: > + OpenStack containerized Rabbitmq service + +parameters: + DockerRabbitmqImage: + description: image + type: string + DockerRabbitmqConfigImage: + description: The container image to use for the rabbitmq config_volume + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + RabbitCookie: + type: string + default: '' + hidden: true + EnableInternalTLS: + type: boolean + default: false + InternalTLSCAFile: + default: '/etc/ipa/ca.crt' + type: string + description: Specifies the default CA cert to use if TLS is used for + services in the internal network. + UndercloudUpgrade: + type: boolean + description: Flag to indicate undercloud upgrade process is being run. + default: false + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} + +resources: + + ContainersCommon: + type: ../containers-common.yaml + + RabbitmqBase: + type: ../../../puppet/services/messaging/rpc-rabbitmq.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Rabbitmq API role. + value: + service_name: {get_attr: [RabbitmqBase, role_data, service_name]} + # RabbitMQ plugins initialization occurs on every node + global_config_settings: {get_attr: [RabbitmqBase, role_data, global_config_settings]} + config_settings: + map_merge: + - {get_attr: [RabbitmqBase, role_data, config_settings]} + - rabbitmq::admin_enable: false + - if: + - internal_tls_enabled + - tripleo::certmonger::rabbitmq::postsave_cmd: "true" # TODO: restart the rabbitmq container here + - {} + logging_source: {get_attr: [RabbitmqBase, role_data, logging_source]} + logging_groups: {get_attr: [RabbitmqBase, role_data, logging_groups]} + service_config_settings: {get_attr: [RabbitmqBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: rabbitmq + step_config: + list_join: + - "\n" + - - "['Rabbitmq_policy', 'Rabbitmq_user'].each |String $val| { noop_resource($val) }" + - get_attr: [RabbitmqBase, role_data, step_config] + config_image: &rabbitmq_config_image {get_param: DockerRabbitmqConfigImage} + kolla_config: + /var/lib/kolla/config_files/rabbitmq.json: + command: /usr/lib/rabbitmq/bin/rabbitmq-server + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + - source: "/var/lib/kolla/config_files/src-tls/*" + dest: "/" + merge: true + preserve_properties: true + optional: true + permissions: + - path: /var/lib/rabbitmq + owner: rabbitmq:rabbitmq + recurse: true + - path: /etc/pki/tls/certs/rabbitmq.crt + owner: rabbitmq:rabbitmq + optional: true + - path: /etc/pki/tls/private/rabbitmq.key + owner: rabbitmq:rabbitmq + optional: true + docker_config: + # Kolla_bootstrap runs before permissions set by kolla_config + step_1: + rabbitmq_init_logs: + start_order: 0 + detach: false + image: &rabbitmq_image {get_param: DockerRabbitmqImage} + privileged: false + user: root + volumes: + - /var/log/containers/rabbitmq:/var/log/rabbitmq + command: ['/bin/bash', '-c', 'chown -R rabbitmq:rabbitmq /var/log/rabbitmq'] + rabbitmq_bootstrap: + start_order: 1 + detach: false + image: *rabbitmq_image + net: host + privileged: false + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/rabbitmq/:/var/lib/kolla/config_files/src:ro + - /var/lib/rabbitmq:/var/lib/rabbitmq + - /var/log/containers/rabbitmq:/var/log/rabbitmq + - if: + - internal_tls_enabled + - + - list_join: + - ':' + - - {get_param: InternalTLSCAFile} + - {get_param: InternalTLSCAFile} + - 'ro' + - /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro + - /etc/pki/tls/private/rabbitmq.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/rabbitmq.key:ro + - null + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + - KOLLA_BOOTSTRAP=True + - + list_join: + - '=' + - - 'RABBITMQ_CLUSTER_COOKIE' + - + yaql: + expression: $.data.passwords.where($ != '').first() + data: + passwords: + - {get_param: RabbitCookie} + - {get_param: [DefaultPasswords, rabbit_cookie]} + rabbitmq: + start_order: 2 + image: *rabbitmq_image + net: host + privileged: false + restart: always + healthcheck: + test: /openstack/healthcheck + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/rabbitmq/:/var/lib/kolla/config_files/src:ro + - /var/lib/rabbitmq:/var/lib/rabbitmq + - /var/log/containers/rabbitmq:/var/log/rabbitmq + - if: + - internal_tls_enabled + - + - list_join: + - ':' + - - {get_param: InternalTLSCAFile} + - {get_param: InternalTLSCAFile} + - 'ro' + - /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro + - /etc/pki/tls/private/rabbitmq.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/rabbitmq.key:ro + - null + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + docker_puppet_tasks: + # RabbitMQ users and policies initialization occurs only on single node + step_1: + config_volume: 'rabbit_init_tasks' + puppet_tags: 'rabbitmq_policy,rabbitmq_user' + step_config: 'include ::tripleo::profile::base::rabbitmq' + config_image: *rabbitmq_config_image + volumes: + - /var/lib/config-data/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/:ro + - /var/lib/rabbitmq:/var/lib/rabbitmq:ro + metadata_settings: + get_attr: [RabbitmqBase, role_data, metadata_settings] + host_prep_tasks: + - name: create persistent directories + file: + path: "{{ item }}" + state: directory + with_items: + - /var/log/containers/rabbitmq + - /var/lib/rabbitmq + - name: rabbitmq logs readme + copy: + dest: /var/log/rabbitmq/readme.txt + content: | + Log files from rabbitmq containers can be found under + /var/log/containers/rabbitmq. + ignore_errors: true + - name: Stop and disable the rabbitmq-server service + service: + name: rabbitmq-server + state: stopped + enabled: no + when: {get_param: UndercloudUpgrade} + upgrade_tasks: + - name: Check if rabbitmq server is deployed + command: systemctl is-enabled --quiet rabbitmq-server + tags: common + ignore_errors: True + register: rabbitmq_enabled + - name: "PreUpgrade step0,validation: Check service rabbitmq server is running" + command: systemctl is-active --quiet rabbitmq-server + when: + - step|int == 0 + - rabbitmq_enabled.rc == 0 + tags: validation + - name: Stop and disable rabbitmq service + when: + - step|int == 2 + - rabbitmq_enabled.rc == 0 + service: name=rabbitmq-server state=stopped enabled=no + update_tasks: + # TODO: Are we sure we want to support this. Rolling update + # without pacemaker may fail. Do we test this ? In any case, + # this is under paunch control so the latest image should be + # pulled in by the deploy steps. Same question for other + # usually managed by pacemaker container. diff --git a/docker/services/pacemaker/notify-rabbitmq.yaml b/docker/services/pacemaker/notify-rabbitmq.yaml new file mode 100644 index 0000000000..55f1ec5697 --- /dev/null +++ b/docker/services/pacemaker/notify-rabbitmq.yaml @@ -0,0 +1,378 @@ +heat_template_version: queens + +description: > + OpenStack containerized Rabbitmq service + +parameters: + DockerRabbitmqImage: + description: image + type: string + DockerRabbitmqConfigImage: + description: The container image to use for the rabbitmq config_volume + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RabbitCookie: + type: string + default: '' + hidden: true + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + ConfigDebug: + default: false + description: Whether to run config management (e.g. Puppet) in debug mode. + type: boolean + +conditions: + puppet_debug_enabled: {get_param: ConfigDebug} + +resources: + + ContainersCommon: + type: ../containers-common.yaml + + RabbitmqBase: + type: ../../../puppet/services/messaging/notify-rabbitmq.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Rabbitmq API role. + value: + service_name: {get_attr: [RabbitmqBase, role_data, service_name]} + global_config_settings: {get_attr: [RabbitmqBase, role_data, global_config_settings]} + config_settings: + map_merge: + - {get_attr: [RabbitmqBase, role_data, config_settings]} + - rabbitmq::service_manage: false + tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image: &rabbitmq_image_pcmklatest + list_join: + - ':' + - - yaql: + data: {get_param: DockerRabbitmqImage} + expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0] + - 'pcmklatest' + tripleo::profile::pacemaker::rabbitmq_bundle::control_port: 3122 + tripleo.oslo_messaging_notify.firewall_rules: + '109 rabbitmq-bundle': + dport: + - 3122 + - 4369 + - 5672 + - 25672 + logging_source: {get_attr: [RabbitmqBase, role_data, logging_source]} + logging_groups: {get_attr: [RabbitmqBase, role_data, logging_groups]} + service_config_settings: {get_attr: [RabbitmqBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: rabbitmq + puppet_tags: file + step_config: + list_join: + - "\n" + - - "['Rabbitmq_policy', 'Rabbitmq_user'].each |String $val| { noop_resource($val) }" + - get_attr: [RabbitmqBase, role_data, step_config] + config_image: {get_param: DockerRabbitmqConfigImage} + kolla_config: + /var/lib/kolla/config_files/rabbitmq.json: + command: /usr/sbin/pacemaker_remoted + config_files: + - dest: /etc/libqb/force-filesystem-sockets + source: /dev/null + owner: root + perm: '0644' + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + - source: "/var/lib/kolla/config_files/src-tls/*" + dest: "/" + merge: true + optional: true + preserve_properties: true + permissions: + - path: /var/lib/rabbitmq + owner: rabbitmq:rabbitmq + recurse: true + - path: /var/log/rabbitmq + owner: rabbitmq:rabbitmq + recurse: true + - path: /etc/pki/tls/certs/rabbitmq.crt + owner: rabbitmq:rabbitmq + perm: '0600' + optional: true + - path: /etc/pki/tls/private/rabbitmq.key + owner: rabbitmq:rabbitmq + perm: '0600' + optional: true + # When using pacemaker we don't launch the container, instead that is done by pacemaker + # itself. + docker_config_scripts: {get_attr: [ContainersCommon, docker_config_scripts]} + docker_config: + step_1: + rabbitmq_bootstrap: + start_order: 0 + image: {get_param: DockerRabbitmqImage} + net: host + privileged: false + volumes: + - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/rabbitmq/:/var/lib/kolla/config_files/src:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /var/lib/rabbitmq:/var/lib/rabbitmq + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + - KOLLA_BOOTSTRAP=True + - + list_join: + - '=' + - - 'RABBITMQ_CLUSTER_COOKIE' + - + yaql: + expression: $.data.passwords.where($ != '').first() + data: + passwords: + - {get_param: RabbitCookie} + - {get_param: [DefaultPasswords, rabbit_cookie]} + rabbitmq_image_tag: + start_order: 1 + detach: false + net: host + user: root + command: + - '/bin/bash' + - '-c' + - str_replace: + template: + "/usr/bin/docker tag 'RABBITMQ_IMAGE' 'RABBITMQ_IMAGE_PCMKLATEST'" + params: + RABBITMQ_IMAGE: {get_param: DockerRabbitmqImage} + RABBITMQ_IMAGE_PCMKLATEST: *rabbitmq_image_pcmklatest + image: {get_param: DockerRabbitmqImage} + volumes: + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /dev/shm:/dev/shm:rw + - /etc/sysconfig/docker:/etc/sysconfig/docker:ro + - /usr/bin:/usr/bin:ro + - /var/run/docker.sock:/var/run/docker.sock:rw + step_2: + rabbitmq_init_bundle: + start_order: 0 + detach: false + net: host + user: root + command: # '/docker_puppet_apply.sh "STEP" "TAGS" "CONFIG" "DEBUG"' + list_concat: + - - '/docker_puppet_apply.sh' + - '2' + - 'file,file_line,concat,augeas,pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation,rabbitmq_policy,rabbitmq_user,rabbitmq_ready' + - 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::rabbitmq_bundle' + - if: + - puppet_debug_enabled + - - '--debug' + - - '' + image: {get_param: DockerRabbitmqImage} + volumes: + list_concat: + - {get_attr: [ContainersCommon, docker_puppet_apply_volumes]} + - - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro + - /dev/shm:/dev/shm:rw + - /bin/true:/bin/epmd + host_prep_tasks: + - name: create persistent directories + file: + path: "{{ item }}" + state: directory + with_items: + - /var/lib/rabbitmq + - /var/log/containers/rabbitmq + - name: rabbitmq logs readme + copy: + dest: /var/log/rabbitmq/readme.txt + content: | + Log files from rabbitmq containers can be found under + /var/log/containers/rabbitmq. + ignore_errors: true + - name: stop the Erlang port mapper on the host and make sure it cannot bind to the port used by container + shell: | + echo 'export ERL_EPMD_ADDRESS=127.0.0.1' > /etc/rabbitmq/rabbitmq-env.conf + echo 'export ERL_EPMD_PORT=4370' >> /etc/rabbitmq/rabbitmq-env.conf + for pid in $(pgrep epmd --ns 1 --nslist pid); do kill $pid; done + metadata_settings: + get_attr: [RabbitmqBase, role_data, metadata_settings] + update_tasks: + - name: Rabbit fetch and retag container image for pacemaker + when: step|int == 2 + block: &rabbitmq_fetch_retag_container_tasks + - name: Get docker Rabbitmq image + set_fact: + docker_image: {get_param: DockerRabbitmqImage} + docker_image_latest: *rabbitmq_image_pcmklatest + - name: Get previous Rabbitmq image id + shell: "docker images | awk '/rabbitmq.* pcmklatest/{print $3}'" + register: rabbitmq_image_id + - block: + - name: Get a list of container using Rabbitmq image + shell: "docker ps -a -q -f 'ancestor={{rabbitmq_image_id.stdout}}'" + register: rabbitmq_containers_to_destroy + # It will be recreated with the delpoy step. + - name: Remove any container using the same Rabbitmq image + shell: "docker rm -fv {{item}}" + with_items: "{{ rabbitmq_containers_to_destroy.stdout_lines }}" + - name: Remove previous Rabbitmq images + shell: "docker rmi -f {{rabbitmq_image_id.stdout}}" + when: + - rabbitmq_image_id.stdout != '' + - name: Pull latest Rabbitmq images + command: "docker pull {{docker_image}}" + - name: Retag pcmklatest to latest Rabbitmq image + shell: "docker tag {{docker_image}} {{docker_image_latest}}" + # Got to check that pacemaker_is_active is working fine with bundle. + # TODO: pacemaker_is_active resource doesn't support bundle. + upgrade_tasks: + - name: Get docker Rabbitmq image + set_fact: + docker_image_latest: *rabbitmq_image_pcmklatest + - name: Check for Rabbitmq Kolla configuration + stat: + path: /var/lib/config-data/puppet-generated/rabbitmq + register: rabbit_kolla_config + - name: Check if Rabbitmq is already containerized + set_fact: + rabbit_containerized: "{{rabbit_kolla_config.stat.isdir | default(false)}}" + - name: get bootstrap nodeid + command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid + register: bootstrap_node + - name: set is_bootstrap_node fact + set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}} + - name: Rabbitmq baremetal to container upgrade tasks + when: + - step|int == 1 + - not rabbit_containerized|bool + block: + - name: Check cluster resource status of rabbitmq + pacemaker_resource: + resource: {get_attr: [RabbitmqBase, role_data, service_name]} + check_mode: false + state: show + ignore_errors: true + register: rabbitmq_res + - when: (is_bootstrap_node) and (rabbitmq_res|succeeded) + block: + - name: Disable the rabbitmq cluster resource. + pacemaker_resource: + resource: {get_attr: [RabbitmqBase, role_data, service_name]} + state: disable + wait_for_resource: true + register: output + retries: 5 + until: output.rc == 0 + - name: Delete the stopped rabbitmq cluster resource. + pacemaker_resource: + resource: {get_attr: [RabbitmqBase, role_data, service_name]} + state: delete + wait_for_resource: true + register: output + retries: 5 + until: output.rc == 0 + - name: Disable rabbitmq service + service: name=rabbitmq-server enabled=no + - name: Move rabbitmq logging to /var/log/containers + when: + - step|int == 1 + - rabbit_containerized|bool + - is_bootstrap_node + block: + - name: Check rabbitmq logging configuration in pacemaker + command: cibadmin --query --xpath "//storage-mapping[@id='rabbitmq-log']" + ignore_errors: true + register: rabbitmq_logs_moved + - name: Change rabbitmq logging configuration in pacemaker + # rc == 6 means the configuration doesn't exist in the CIB + when: rabbitmq_logs_moved.rc == 6 + block: + - name: Disable the rabbitmq cluster resource + pacemaker_resource: + resource: rabbitmq + state: disable + wait_for_resource: true + register: output + retries: 5 + until: output.rc == 0 + - name: Add a bind mount for logging in the rabbitmq bundle + command: pcs resource bundle update rabbitmq-bundle storage-map add id=rabbitmq-log source-dir=/var/log/containers/rabbitmq target-dir=/var/log/rabbitmq options=rw + - name: Enable the rabbitmq cluster resource + pacemaker_resource: + resource: rabbitmq + state: enable + wait_for_resource: true + register: output + retries: 5 + until: output.rc == 0 + - name: Retag the pacemaker image if containerized + when: + - step|int == 3 + - rabbit_containerized|bool + block: *rabbitmq_fetch_retag_container_tasks + fast_forward_upgrade_tasks: + - name: Check cluster resource status of rabbitmq + pacemaker_resource: + resource: {get_attr: [RabbitmqBase, role_data, service_name]} + state: show + check_mode: false + ignore_errors: true + register: rabbitmq_res_result + when: + - step|int == 0 + - release == 'ocata' + - is_bootstrap_node|bool + - name: Set fact rabbitmq_res + set_fact: + rabbitmq_res: "{{ rabbitmq_res_result.rc == 0 }}" + when: + - step|int == 0 + - release == 'ocata' + - is_bootstrap_node|bool + - name: Disable the rabitmq cluster resource + pacemaker_resource: + resource: {get_attr: [RabbitmqBase, role_data, service_name]} + state: disable + wait_for_resource: true + register: rabbitmq_output + retries: 5 + until: rabbitmq_output.rc == 0 + when: + - step|int == 2 + - release == 'ocata' + - is_bootstrap_node|bool + - rabbitmq_res|bool diff --git a/docker/services/pacemaker/rpc-rabbitmq.yaml b/docker/services/pacemaker/rpc-rabbitmq.yaml new file mode 100644 index 0000000000..b42c21224e --- /dev/null +++ b/docker/services/pacemaker/rpc-rabbitmq.yaml @@ -0,0 +1,378 @@ +heat_template_version: queens + +description: > + OpenStack containerized Rabbitmq service + +parameters: + DockerRabbitmqImage: + description: image + type: string + DockerRabbitmqConfigImage: + description: The container image to use for the rabbitmq config_volume + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RabbitCookie: + type: string + default: '' + hidden: true + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + ConfigDebug: + default: false + description: Whether to run config management (e.g. Puppet) in debug mode. + type: boolean + +conditions: + puppet_debug_enabled: {get_param: ConfigDebug} + +resources: + + ContainersCommon: + type: ../containers-common.yaml + + RabbitmqBase: + type: ../../../puppet/services/messaging/rpc-rabbitmq.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Rabbitmq API role. + value: + service_name: {get_attr: [RabbitmqBase, role_data, service_name]} + global_config_settings: {get_attr: [RabbitmqBase, role_data, global_config_settings]} + config_settings: + map_merge: + - {get_attr: [RabbitmqBase, role_data, config_settings]} + - rabbitmq::service_manage: false + tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image: &rabbitmq_image_pcmklatest + list_join: + - ':' + - - yaql: + data: {get_param: DockerRabbitmqImage} + expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0] + - 'pcmklatest' + tripleo::profile::pacemaker::rabbitmq_bundle::control_port: 3122 + tripleo.oslo_messaging_rpc.firewall_rules: + '109 rabbitmq-bundle': + dport: + - 3122 + - 4369 + - 5672 + - 25672 + logging_source: {get_attr: [RabbitmqBase, role_data, logging_source]} + logging_groups: {get_attr: [RabbitmqBase, role_data, logging_groups]} + service_config_settings: {get_attr: [RabbitmqBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: rabbitmq + puppet_tags: file + step_config: + list_join: + - "\n" + - - "['Rabbitmq_policy', 'Rabbitmq_user'].each |String $val| { noop_resource($val) }" + - get_attr: [RabbitmqBase, role_data, step_config] + config_image: {get_param: DockerRabbitmqConfigImage} + kolla_config: + /var/lib/kolla/config_files/rabbitmq.json: + command: /usr/sbin/pacemaker_remoted + config_files: + - dest: /etc/libqb/force-filesystem-sockets + source: /dev/null + owner: root + perm: '0644' + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + - source: "/var/lib/kolla/config_files/src-tls/*" + dest: "/" + merge: true + optional: true + preserve_properties: true + permissions: + - path: /var/lib/rabbitmq + owner: rabbitmq:rabbitmq + recurse: true + - path: /var/log/rabbitmq + owner: rabbitmq:rabbitmq + recurse: true + - path: /etc/pki/tls/certs/rabbitmq.crt + owner: rabbitmq:rabbitmq + perm: '0600' + optional: true + - path: /etc/pki/tls/private/rabbitmq.key + owner: rabbitmq:rabbitmq + perm: '0600' + optional: true + # When using pacemaker we don't launch the container, instead that is done by pacemaker + # itself. + docker_config_scripts: {get_attr: [ContainersCommon, docker_config_scripts]} + docker_config: + step_1: + rabbitmq_bootstrap: + start_order: 0 + image: {get_param: DockerRabbitmqImage} + net: host + privileged: false + volumes: + - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/rabbitmq/:/var/lib/kolla/config_files/src:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /var/lib/rabbitmq:/var/lib/rabbitmq + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + - KOLLA_BOOTSTRAP=True + - + list_join: + - '=' + - - 'RABBITMQ_CLUSTER_COOKIE' + - + yaql: + expression: $.data.passwords.where($ != '').first() + data: + passwords: + - {get_param: RabbitCookie} + - {get_param: [DefaultPasswords, rabbit_cookie]} + rabbitmq_image_tag: + start_order: 1 + detach: false + net: host + user: root + command: + - '/bin/bash' + - '-c' + - str_replace: + template: + "/usr/bin/docker tag 'RABBITMQ_IMAGE' 'RABBITMQ_IMAGE_PCMKLATEST'" + params: + RABBITMQ_IMAGE: {get_param: DockerRabbitmqImage} + RABBITMQ_IMAGE_PCMKLATEST: *rabbitmq_image_pcmklatest + image: {get_param: DockerRabbitmqImage} + volumes: + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /dev/shm:/dev/shm:rw + - /etc/sysconfig/docker:/etc/sysconfig/docker:ro + - /usr/bin:/usr/bin:ro + - /var/run/docker.sock:/var/run/docker.sock:rw + step_2: + rabbitmq_init_bundle: + start_order: 0 + detach: false + net: host + user: root + command: # '/docker_puppet_apply.sh "STEP" "TAGS" "CONFIG" "DEBUG"' + list_concat: + - - '/docker_puppet_apply.sh' + - '2' + - 'file,file_line,concat,augeas,pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation,rabbitmq_policy,rabbitmq_user,rabbitmq_ready' + - 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::rabbitmq_bundle' + - if: + - puppet_debug_enabled + - - '--debug' + - - '' + image: {get_param: DockerRabbitmqImage} + volumes: + list_concat: + - {get_attr: [ContainersCommon, docker_puppet_apply_volumes]} + - - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro + - /dev/shm:/dev/shm:rw + - /bin/true:/bin/epmd + host_prep_tasks: + - name: create persistent directories + file: + path: "{{ item }}" + state: directory + with_items: + - /var/lib/rabbitmq + - /var/log/containers/rabbitmq + - name: rabbitmq logs readme + copy: + dest: /var/log/rabbitmq/readme.txt + content: | + Log files from rabbitmq containers can be found under + /var/log/containers/rabbitmq. + ignore_errors: true + - name: stop the Erlang port mapper on the host and make sure it cannot bind to the port used by container + shell: | + echo 'export ERL_EPMD_ADDRESS=127.0.0.1' > /etc/rabbitmq/rabbitmq-env.conf + echo 'export ERL_EPMD_PORT=4370' >> /etc/rabbitmq/rabbitmq-env.conf + for pid in $(pgrep epmd --ns 1 --nslist pid); do kill $pid; done + metadata_settings: + get_attr: [RabbitmqBase, role_data, metadata_settings] + update_tasks: + - name: Rabbit fetch and retag container image for pacemaker + when: step|int == 2 + block: &rabbitmq_fetch_retag_container_tasks + - name: Get docker Rabbitmq image + set_fact: + docker_image: {get_param: DockerRabbitmqImage} + docker_image_latest: *rabbitmq_image_pcmklatest + - name: Get previous Rabbitmq image id + shell: "docker images | awk '/rabbitmq.* pcmklatest/{print $3}'" + register: rabbitmq_image_id + - block: + - name: Get a list of container using Rabbitmq image + shell: "docker ps -a -q -f 'ancestor={{rabbitmq_image_id.stdout}}'" + register: rabbitmq_containers_to_destroy + # It will be recreated with the delpoy step. + - name: Remove any container using the same Rabbitmq image + shell: "docker rm -fv {{item}}" + with_items: "{{ rabbitmq_containers_to_destroy.stdout_lines }}" + - name: Remove previous Rabbitmq images + shell: "docker rmi -f {{rabbitmq_image_id.stdout}}" + when: + - rabbitmq_image_id.stdout != '' + - name: Pull latest Rabbitmq images + command: "docker pull {{docker_image}}" + - name: Retag pcmklatest to latest Rabbitmq image + shell: "docker tag {{docker_image}} {{docker_image_latest}}" + # Got to check that pacemaker_is_active is working fine with bundle. + # TODO: pacemaker_is_active resource doesn't support bundle. + upgrade_tasks: + - name: Get docker Rabbitmq image + set_fact: + docker_image_latest: *rabbitmq_image_pcmklatest + - name: Check for Rabbitmq Kolla configuration + stat: + path: /var/lib/config-data/puppet-generated/rabbitmq + register: rabbit_kolla_config + - name: Check if Rabbitmq is already containerized + set_fact: + rabbit_containerized: "{{rabbit_kolla_config.stat.isdir | default(false)}}" + - name: get bootstrap nodeid + command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid + register: bootstrap_node + - name: set is_bootstrap_node fact + set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}} + - name: Rabbitmq baremetal to container upgrade tasks + when: + - step|int == 1 + - not rabbit_containerized|bool + block: + - name: Check cluster resource status of rabbitmq + pacemaker_resource: + resource: {get_attr: [RabbitmqBase, role_data, service_name]} + check_mode: false + state: show + ignore_errors: true + register: rabbitmq_res + - when: (is_bootstrap_node) and (rabbitmq_res|succeeded) + block: + - name: Disable the rabbitmq cluster resource. + pacemaker_resource: + resource: {get_attr: [RabbitmqBase, role_data, service_name]} + state: disable + wait_for_resource: true + register: output + retries: 5 + until: output.rc == 0 + - name: Delete the stopped rabbitmq cluster resource. + pacemaker_resource: + resource: {get_attr: [RabbitmqBase, role_data, service_name]} + state: delete + wait_for_resource: true + register: output + retries: 5 + until: output.rc == 0 + - name: Disable rabbitmq service + service: name=rabbitmq-server enabled=no + - name: Move rabbitmq logging to /var/log/containers + when: + - step|int == 1 + - rabbit_containerized|bool + - is_bootstrap_node + block: + - name: Check rabbitmq logging configuration in pacemaker + command: cibadmin --query --xpath "//storage-mapping[@id='rabbitmq-log']" + ignore_errors: true + register: rabbitmq_logs_moved + - name: Change rabbitmq logging configuration in pacemaker + # rc == 6 means the configuration doesn't exist in the CIB + when: rabbitmq_logs_moved.rc == 6 + block: + - name: Disable the rabbitmq cluster resource + pacemaker_resource: + resource: rabbitmq + state: disable + wait_for_resource: true + register: output + retries: 5 + until: output.rc == 0 + - name: Add a bind mount for logging in the rabbitmq bundle + command: pcs resource bundle update rabbitmq-bundle storage-map add id=rabbitmq-log source-dir=/var/log/containers/rabbitmq target-dir=/var/log/rabbitmq options=rw + - name: Enable the rabbitmq cluster resource + pacemaker_resource: + resource: rabbitmq + state: enable + wait_for_resource: true + register: output + retries: 5 + until: output.rc == 0 + - name: Retag the pacemaker image if containerized + when: + - step|int == 3 + - rabbit_containerized|bool + block: *rabbitmq_fetch_retag_container_tasks + fast_forward_upgrade_tasks: + - name: Check cluster resource status of rabbitmq + pacemaker_resource: + resource: {get_attr: [RabbitmqBase, role_data, service_name]} + state: show + check_mode: false + ignore_errors: true + register: rabbitmq_res_result + when: + - step|int == 0 + - release == 'ocata' + - is_bootstrap_node|bool + - name: Set fact rabbitmq_res + set_fact: + rabbitmq_res: "{{ rabbitmq_res_result.rc == 0 }}" + when: + - step|int == 0 + - release == 'ocata' + - is_bootstrap_node|bool + - name: Disable the rabitmq cluster resource + pacemaker_resource: + resource: {get_attr: [RabbitmqBase, role_data, service_name]} + state: disable + wait_for_resource: true + register: rabbitmq_output + retries: 5 + until: rabbitmq_output.rc == 0 + when: + - step|int == 2 + - release == 'ocata' + - is_bootstrap_node|bool + - rabbitmq_res|bool diff --git a/docker/services/rabbitmq.yaml b/docker/services/rabbitmq.yaml index ffc919eccd..fd14ba449a 100644 --- a/docker/services/rabbitmq.yaml +++ b/docker/services/rabbitmq.yaml @@ -149,7 +149,7 @@ outputs: - /var/log/containers/rabbitmq:/var/log/rabbitmq - if: - internal_tls_enabled - - + - - list_join: - ':' - - {get_param: InternalTLSCAFile} @@ -157,7 +157,7 @@ outputs: - 'ro' - /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro - /etc/pki/tls/private/rabbitmq.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/rabbitmq.key:ro - - null + - null environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - KOLLA_BOOTSTRAP=True @@ -190,7 +190,7 @@ outputs: - /var/log/containers/rabbitmq:/var/log/rabbitmq - if: - internal_tls_enabled - - + - - list_join: - ':' - - {get_param: InternalTLSCAFile} @@ -198,7 +198,7 @@ outputs: - 'ro' - /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro - /etc/pki/tls/private/rabbitmq.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/rabbitmq.key:ro - - null + - null environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS docker_puppet_tasks: diff --git a/environments/docker-ha.yaml b/environments/docker-ha.yaml index 88bcab9017..065ef2b7a9 100644 --- a/environments/docker-ha.yaml +++ b/environments/docker-ha.yaml @@ -16,5 +16,6 @@ resource_registry: OS::TripleO::Services::Clustercheck: ../docker/services/pacemaker/clustercheck.yaml OS::TripleO::Services::HAproxy: ../docker/services/pacemaker/haproxy.yaml OS::TripleO::Services::MySQL: ../docker/services/pacemaker/database/mysql.yaml - OS::TripleO::Services::RabbitMQ: ../docker/services/pacemaker/rabbitmq.yaml + OS::TripleO::Services::OsloMessagingRpc: ../docker/services/pacemaker/rpc-rabbitmq.yaml + OS::TripleO::Services::OsloMessagingNotify: ../docker/services/messaging/notify-rabbitmq-shared.yaml OS::TripleO::Services::Redis: ../docker/services/pacemaker/database/redis.yaml diff --git a/environments/docker-uc-light.yaml b/environments/docker-uc-light.yaml index 3220489c16..7c3b0fb955 100644 --- a/environments/docker-uc-light.yaml +++ b/environments/docker-uc-light.yaml @@ -18,7 +18,8 @@ resource_registry: OS::TripleO::Services::NeutronCorePlugin: ../docker/services/neutron-plugin-ml2.yaml OS::TripleO::Services::NeutronDhcpAgent: ../docker/services/neutron-dhcp.yaml OS::TripleO::Services::NeutronServer: ../docker/services/neutron-api.yaml - OS::TripleO::Services::RabbitMQ: ../docker/services/rabbitmq.yaml + OS::TripleO::Services::OsloMessagingRpc: ../docker/services/messaging/rpc-rabbitmq.yaml + OS::TripleO::Services::OsloMessagingNotify: ../docker/services/messaging/notify-rabbitmq-shared.yaml OS::TripleO::Services::SwiftProxy: ../docker/services/swift-proxy.yaml OS::TripleO::Services::SwiftRingBuilder: ../docker/services/swift-ringbuilder.yaml OS::TripleO::Services::SwiftStorage: ../docker/services/swift-storage.yaml @@ -26,4 +27,4 @@ resource_registry: parameter_defaults: ZaqarMessageStore: 'swift' - ZaqarManagementStore: 'sqlalchemy' \ No newline at end of file + ZaqarManagementStore: 'sqlalchemy' diff --git a/environments/docker.yaml b/environments/docker.yaml index d290e0ba9f..4468dbae65 100644 --- a/environments/docker.yaml +++ b/environments/docker.yaml @@ -29,6 +29,8 @@ resource_registry: OS::TripleO::Services::NeutronL3Agent: ../docker/services/neutron-l3.yaml OS::TripleO::Services::HAproxy: ../docker/services/haproxy.yaml OS::TripleO::Services::MySQL: ../docker/services/database/mysql.yaml + OS::TripleO::Services::OsloMessagingRpc: ../docker/services/messaging/rpc-rabbitmq.yaml + OS::TripleO::Services::OsloMessagingNotify: ../docker/services/messaging/notify-rabbitmq-shared.yaml OS::TripleO::Services::Qdr: ../docker/services/qdrouterd.yaml OS::TripleO::Services::RabbitMQ: ../docker/services/rabbitmq.yaml OS::TripleO::Services::Redis: ../docker/services/database/redis.yaml diff --git a/environments/messaging/rpc-qdrouterd-notify-rabbitmq-hybrid.yaml b/environments/messaging/rpc-qdrouterd-notify-rabbitmq-hybrid.yaml new file mode 100644 index 0000000000..3215c33611 --- /dev/null +++ b/environments/messaging/rpc-qdrouterd-notify-rabbitmq-hybrid.yaml @@ -0,0 +1,22 @@ +# ******************************************************************* +# This file was created automatically by the sample environment +# generator. Developers should use `tox -e genconfig` to update it. +# Users are recommended to make changes to a copy of the file instead +# of the original, if any customizations are needed. +# ******************************************************************* +# title: Hybrid qdrouterd for rpc and rabbitmq for notify messaging backend +# description: | +# Include this environment to enable hybrid messaging backends for +# oslo.messaging rpc and notification services +parameter_defaults: + # The network port for messaging Notify backend + # Type: number + NotifyPort: 5672 + + # The network port for messaging backend + # Type: number + RpcPort: 31459 + +resource_registry: + OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq.yaml + OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/messaging/rpc-qdrouterd.yaml diff --git a/environments/messaging/rpc-rabbitmq-notify-rabbitmq-shared.yaml b/environments/messaging/rpc-rabbitmq-notify-rabbitmq-shared.yaml new file mode 100644 index 0000000000..46e718a1f9 --- /dev/null +++ b/environments/messaging/rpc-rabbitmq-notify-rabbitmq-shared.yaml @@ -0,0 +1,18 @@ +# ******************************************************************* +# This file was created automatically by the sample environment +# generator. Developers should use `tox -e genconfig` to update it. +# Users are recommended to make changes to a copy of the file instead +# of the original, if any customizations are needed. +# ******************************************************************* +# title: Share single rabbitmq backend for rpc and notify messaging backend +# description: | +# Include this environment to enable a shared rabbitmq backend for +# oslo.messaging rpc and notification services +parameter_defaults: + # The network port for messaging backend + # Type: number + RpcPort: 5672 + +resource_registry: + OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml + OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/messaging/rpc-rabbitmq.yaml diff --git a/network/service_net_map.j2.yaml b/network/service_net_map.j2.yaml index 8c7df9a41a..1cc174171e 100644 --- a/network/service_net_map.j2.yaml +++ b/network/service_net_map.j2.yaml @@ -61,6 +61,8 @@ parameters: SaharaApiNetwork: internal_api HorizonNetwork: internal_api MemcachedNetwork: internal_api + OsloMessagingRpcNetwork: internal_api + OsloMessagingNotifyNetwork: internal_api RabbitmqNetwork: internal_api QdrNetwork: internal_api RedisNetwork: internal_api diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index a0b0dc0acf..3758bd7037 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -169,8 +169,10 @@ resource_registry: OS::TripleO::Services::PacemakerRemote: OS::Heat::None OS::TripleO::Services::NeutronSriovAgent: OS::Heat::None OS::TripleO::Services::NeutronSriovHostConfig: OS::Heat::None - OS::TripleO::Services::RabbitMQ: docker/services/rabbitmq.yaml - OS::TripleO::Services::Qdr: docker/services/qdrouterd.yaml + OS::TripleO::Services::OsloMessagingRpc: docker/services/messaging/rpc-rabbitmq.yaml + OS::TripleO::Services::OsloMessagingNotify: docker/services/messaging/notify-rabbitmq-shared.yaml + OS::TripleO::Services::RabbitMQ: OS::Heat::None + OS::TripleO::Services::Qdr: OS::Heat::None OS::TripleO::Services::HAproxy: docker/services/haproxy.yaml OS::TripleO::Services::HAProxyPublicTLS: OS::Heat::None OS::TripleO::Services::HAProxyInternalTLS: OS::Heat::None diff --git a/puppet/services/aodh-base.yaml b/puppet/services/aodh-base.yaml index b613dee7e3..17654347a5 100644 --- a/puppet/services/aodh-base.yaml +++ b/puppet/services/aodh-base.yaml @@ -38,24 +38,6 @@ parameters: description: The password for the redis service account. type: string hidden: true - RabbitPassword: - description: The password for RabbitMQ - type: string - hidden: true - RabbitUserName: - default: guest - description: The username for RabbitMQ - type: string - RabbitClientUseSSL: - default: false - description: > - Rabbit client subscriber parameter to specify - an SSL connection to the RabbitMQ host. - type: string - RabbitClientPort: - default: 5672 - description: Set rabbit subscriber port, change this if using SSL - type: number Debug: default: false description: Set to True to enable debugging on all services. @@ -76,6 +58,24 @@ parameters: description: Driver or drivers to handle sending notifications. constraints: - allowed_values: [ 'messagingv2', 'noop' ] + RpcPort: + default: 5672 + description: The network port for messaging backend + type: number + RpcUserName: + default: guest + description: The username for messaging backend + type: string + RpcPassword: + description: The password for messaging backend + type: string + hidden: true + RpcUseSSL: + default: false + description: > + Messaging client subscriber parameter to specify + an SSL connection to the messaging host. + type: string conditions: service_debug_unset: {equals : [{get_param: AodhDebug}, '']} @@ -104,10 +104,11 @@ outputs: - {get_param: AodhDebug } aodh::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } aodh::notification_driver: {get_param: NotificationDriver} - aodh::rabbit_userid: {get_param: RabbitUserName} - aodh::rabbit_password: {get_param: RabbitPassword} - aodh::rabbit_use_ssl: {get_param: RabbitClientUseSSL} - aodh::rabbit_port: {get_param: RabbitClientPort} + # TODO(ansmith): remove once p-t-o switches to oslo params + aodh::rabbit_userid: {get_param: RpcUserName} + aodh::rabbit_password: {get_param: RpcPassword} + aodh::rabbit_use_ssl: {get_param: RpcUseSSL} + aodh::rabbit_port: {get_param: RpcPort} aodh::keystone::authtoken::project_name: 'service' aodh::keystone::authtoken::user_domain_name: 'Default' aodh::keystone::authtoken::project_domain_name: 'Default' diff --git a/puppet/services/barbican-api.yaml b/puppet/services/barbican-api.yaml index 59f64b43d5..930261d607 100644 --- a/puppet/services/barbican-api.yaml +++ b/puppet/services/barbican-api.yaml @@ -52,24 +52,6 @@ parameters: type: string default: 'regionOne' description: Keystone region for endpoint - RabbitClientPort: - default: 5672 - description: Set rabbit subscriber port, change this if using SSL - type: number - RabbitClientUseSSL: - default: false - description: > - Rabbit client subscriber parameter to specify - an SSL connection to the RabbitMQ host. - type: string - RabbitPassword: - description: The password for RabbitMQ - type: string - hidden: true - RabbitUserName: - default: guest - description: The username for RabbitMQ - type: string EnableInternalTLS: type: boolean default: false @@ -85,6 +67,24 @@ parameters: description: Driver or drivers to handle sending notifications. constraints: - allowed_values: [ 'messagingv2', 'noop' ] + RpcPort: + default: 5672 + description: The network port for messaging backend + type: number + RpcUserName: + default: guest + description: The username for messaging backend + type: string + RpcPassword: + description: The password for messaging backend + type: string + hidden: true + RpcUseSSL: + default: false + description: > + Messaging client subscriber parameter to specify + an SSL connection to the messaging host. + type: string resources: @@ -126,10 +126,11 @@ outputs: - {get_param: Debug } - {get_param: BarbicanDebug } barbican::api::notification_driver: {get_param: NotificationDriver} - barbican::api::rabbit_use_ssl: {get_param: RabbitClientUseSSL} - barbican::api::rabbit_userid: {get_param: RabbitUserName} - barbican::api::rabbit_password: {get_param: RabbitPassword} - barbican::api::rabbit_port: {get_param: RabbitClientPort} + # TODO(ansmith): remove once p-t-o switches to oslo params + barbican::api::rabbit_use_ssl: {get_param: RpcUseSSL} + barbican::api::rabbit_userid: {get_param: RpcUserName} + barbican::api::rabbit_password: {get_param: RpcPassword} + barbican::api::rabbit_port: {get_param: RpcPort} barbican::api::rabbit_heartbeat_timeout_threshold: 60 barbican::api::service_name: 'httpd' barbican::wsgi::apache::bind_host: diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml index 57439c2904..fc1607757c 100644 --- a/puppet/services/ceilometer-base.yaml +++ b/puppet/services/ceilometer-base.yaml @@ -84,24 +84,6 @@ parameters: type: string default: 'regionOne' description: Keystone region for endpoint - RabbitPassword: - description: The password for RabbitMQ - type: string - hidden: true - RabbitUserName: - default: guest - description: The username for RabbitMQ - type: string - RabbitClientUseSSL: - default: false - description: > - Rabbit client subscriber parameter to specify - an SSL connection to the RabbitMQ host. - type: string - RabbitClientPort: - default: 5672 - description: Set rabbit subscriber port, change this if using SSL - type: number CeilometerApiEndpoint: default: false description: Whether to create or skip API endpoint. Set this to @@ -125,6 +107,24 @@ parameters: default: 'low' type: string description: archive policy to use with gnocchi backend + RpcPort: + default: 5672 + description: The network port for messaging backend + type: number + RpcUserName: + default: guest + description: The username for messaging backend + type: string + RpcPassword: + description: The password for messaging backend + type: string + hidden: true + RpcUseSSL: + default: false + description: > + Messaging client subscriber parameter to specify + an SSL connection to the messaging host. + type: string parameter_groups: - label: deprecated @@ -173,10 +173,11 @@ outputs: ceilometer::dispatcher::gnocchi::archive_policy: {get_param: GnocchiArchivePolicy} ceilometer::dispatcher::gnocchi::resources_definition_file: 'gnocchi_resources.yaml' ceilometer::notification_driver: {get_param: NotificationDriver} - ceilometer::rabbit_userid: {get_param: RabbitUserName} - ceilometer::rabbit_password: {get_param: RabbitPassword} - ceilometer::rabbit_use_ssl: {get_param: RabbitClientUseSSL} - ceilometer::rabbit_port: {get_param: RabbitClientPort} + # TODO(ansmith): remove once p-t-o switches to oslo params + ceilometer::rabbit_userid: {get_param: RpcUserName} + ceilometer::rabbit_password: {get_param: RpcPassword} + ceilometer::rabbit_use_ssl: {get_param: RpcUseSSL} + ceilometer::rabbit_port: {get_param: RpcPort} ceilometer::rabbit_heartbeat_timeout_threshold: 60 ceilometer::telemetry_secret: {get_param: CeilometerMeteringSecret} ceilometer::snmpd_readonly_username: {get_param: SnmpdReadonlyUserName} diff --git a/puppet/services/cinder-base.yaml b/puppet/services/cinder-base.yaml index 16d943cfff..3f4aaae622 100644 --- a/puppet/services/cinder-base.yaml +++ b/puppet/services/cinder-base.yaml @@ -44,24 +44,6 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json - RabbitClientPort: - default: 5672 - description: Set rabbit subscriber port, change this if using SSL - type: number - RabbitClientUseSSL: - default: false - description: > - Rabbit client subscriber parameter to specify - an SSL connection to the RabbitMQ host. - type: string - RabbitPassword: - description: The password for RabbitMQ - type: string - hidden: true - RabbitUserName: - default: guest - description: The username for RabbitMQ - type: string CinderCronDbPurgeMinute: type: string description: > @@ -102,6 +84,24 @@ parameters: description: > Cron to move deleted instances to another table - Log destination default: '/var/log/cinder/cinder-rowsflush.log' + RpcPort: + default: 5672 + description: The network port for messaging backend + type: number + RpcUserName: + default: guest + description: The username for messaging backend + type: string + RpcPassword: + description: The password for messaging backend + type: string + hidden: true + RpcUseSSL: + default: false + description: > + Messaging client subscriber parameter to specify + an SSL connection to the messaging host. + type: string conditions: service_debug_unset: {equals : [{get_param: CinderDebug}, '']} @@ -127,11 +127,11 @@ outputs: - service_debug_unset - {get_param: Debug } - {get_param: CinderDebug } - cinder::rabbit_use_ssl: {get_param: RabbitClientUseSSL} - cinder::rabbit_userid: {get_param: RabbitUserName} - cinder::rabbit_password: {get_param: RabbitPassword} - cinder::rabbit_port: {get_param: RabbitClientPort} cinder::rabbit_heartbeat_timeout_threshold: 60 + cinder::rabbit_userid: {get_param: RpcUserName} + cinder::rabbit_password: {get_param: RpcPassword} + cinder::rabbit_use_ssl: {get_param: RpcUseSSL} + cinder::rabbit_port: {get_param: RpcPort} cinder::cron::db_purge::destination: '/dev/null' cinder::db::database_db_max_retries: -1 cinder::db::database_max_retries: -1 diff --git a/puppet/services/congress.yaml b/puppet/services/congress.yaml index f8b8bec852..678048ed1a 100644 --- a/puppet/services/congress.yaml +++ b/puppet/services/congress.yaml @@ -48,24 +48,6 @@ parameters: type: string default: 'regionOne' description: Keystone region for endpoint - RabbitPassword: - description: The password for RabbitMQ - type: string - hidden: true - RabbitUserName: - default: guest - description: The username for RabbitMQ - type: string - RabbitClientUseSSL: - default: false - description: > - Rabbit client subscriber parameter to specify - an SSL connection to the RabbitMQ host. - type: string - RabbitClientPort: - default: 5672 - description: Set rabbit subscriber port, change this if using SSL - type: number CongressPolicies: description: | A hash of policies to configure for Congress. @@ -78,6 +60,24 @@ parameters: description: Driver or drivers to handle sending notifications. constraints: - allowed_values: [ 'messagingv2', 'noop' ] + RpcPort: + default: 5672 + description: The network port for messaging backend + type: number + RpcUserName: + default: guest + description: The username for messaging backend + type: string + RpcPassword: + description: The password for messaging backend + type: string + hidden: true + RpcUseSSL: + default: false + description: > + Messaging client subscriber parameter to specify + an SSL connection to the messaging host. + type: string conditions: service_debug_unset: {equals : [{get_param: CongressDebug}, '']} @@ -106,10 +106,11 @@ outputs: - {get_param: CongressDebug } congress::rpc_backend: rabbit congress::notification_driver: {get_param: NotificationDriver} - congress::rabbit_userid: {get_param: RabbitUserName} - congress::rabbit_password: {get_param: RabbitPassword} - congress::rabbit_use_ssl: {get_param: RabbitClientUseSSL} - congress::rabbit_port: {get_param: RabbitClientPort} + # TODO(ansmith): remove once p-t-o switches to oslo params + congress::rabbit_userid: {get_param: RpcUserName} + congress::rabbit_password: {get_param: RpcPassword} + congress::rabbit_use_ssl: {get_param: RpcUseSSL} + congress::rabbit_port: {get_param: RpcPort} congress::server::bind_host: str_replace: template: diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml index 64d357dc1e..9985f72e54 100644 --- a/puppet/services/glance-api.yaml +++ b/puppet/services/glance-api.yaml @@ -131,24 +131,6 @@ parameters: default: false description: Whether to enable or not the Rbd backend for Nova type: boolean - RabbitPassword: - description: The password for RabbitMQ - type: string - hidden: true - RabbitUserName: - default: guest - description: The username for RabbitMQ - type: string - RabbitClientPort: - default: 5672 - description: Set rabbit subscriber port, change this if using SSL - type: number - RabbitClientUseSSL: - default: false - description: > - Rabbit client subscriber parameter to specify - an SSL connection to the RabbitMQ host. - type: string KeystoneRegion: type: string default: 'regionOne' @@ -165,6 +147,24 @@ parameters: description: Driver or drivers to handle sending notifications. constraints: - allowed_values: [ 'messagingv2', 'noop' ] + RpcPort: + default: 5672 + description: The network port for messaging backend + type: number + RpcUserName: + default: guest + description: The username for messaging backend + type: string + RpcPassword: + description: The password for messaging backend + type: string + hidden: true + RpcUseSSL: + default: false + description: > + Messaging client subscriber parameter to specify + an SSL connection to the messaging host. + type: string conditions: use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]} @@ -284,10 +284,11 @@ outputs: glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName} glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName} glance_backend: {get_param: GlanceBackend} - glance::notify::rabbitmq::rabbit_userid: {get_param: RabbitUserName} - glance::notify::rabbitmq::rabbit_port: {get_param: RabbitClientPort} - glance::notify::rabbitmq::rabbit_password: {get_param: RabbitPassword} - glance::notify::rabbitmq::rabbit_use_ssl: {get_param: RabbitClientUseSSL} + # TODO(ansmith): remove once p-t-o switches to oslo params + glance::notify::rabbitmq::rabbit_userid: {get_param: RpcUserName} + glance::notify::rabbitmq::rabbit_port: {get_param: RpcPort} + glance::notify::rabbitmq::rabbit_password: {get_param: RpcPassword} + glance::notify::rabbitmq::rabbit_use_ssl: {get_param: RpcUseSSL} glance::notify::rabbitmq::notification_driver: {get_param: NotificationDriver} tripleo::profile::base::glance::api::glance_nfs_enabled: {get_param: GlanceNfsEnabled} tripleo::glance::nfs_mount::share: {get_param: GlanceNfsShare} diff --git a/puppet/services/heat-base.yaml b/puppet/services/heat-base.yaml index d65ac04da8..381d6fe267 100644 --- a/puppet/services/heat-base.yaml +++ b/puppet/services/heat-base.yaml @@ -14,24 +14,6 @@ parameters: type: string constraints: - allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE'] - RabbitPassword: - description: The password for RabbitMQ - type: string - hidden: true - RabbitUserName: - default: guest - description: The username for RabbitMQ - type: string - RabbitClientUseSSL: - default: false - description: > - Rabbit client subscriber parameter to specify - an SSL connection to the RabbitMQ host. - type: string - RabbitClientPort: - default: 5672 - description: Set rabbit subscriber port, change this if using SSL - type: number ServiceData: default: {} description: Dictionary packing service data @@ -132,6 +114,24 @@ parameters: default: '' description: Indicate whether this resource may be shared with the domain received in the request "origin" header. + RpcPort: + default: 5672 + description: The network port for messaging backend + type: number + RpcUserName: + default: guest + description: The username for messaging backend + type: string + RpcPassword: + description: The password for messaging backend + type: string + hidden: true + RpcUseSSL: + default: false + description: > + Messaging client subscriber parameter to specify + an SSL connection to the messaging host. + type: string conditions: service_debug_unset: {equals : [{get_param: HeatDebug}, '']} @@ -150,10 +150,11 @@ outputs: - {} - heat::cors::allowed_origin: {get_param: HeatCorsAllowedOrigin} - heat::notification_driver: {get_param: NotificationDriver} - heat::rabbit_userid: {get_param: RabbitUserName} - heat::rabbit_password: {get_param: RabbitPassword} - heat::rabbit_use_ssl: {get_param: RabbitClientUseSSL} - heat::rabbit_port: {get_param: RabbitClientPort} + # TODO(ansmith): remove once p-t-o switches to oslo params + heat::rabbit_userid: {get_param: RpcUserName} + heat::rabbit_password: {get_param: RpcPassword} + heat::rabbit_use_ssl: {get_param: RpcUseSSL} + heat::rabbit_port: {get_param: RpcPort} heat::debug: if: - service_debug_unset diff --git a/puppet/services/ironic-base.yaml b/puppet/services/ironic-base.yaml index cd89da939c..f2776cb7c1 100644 --- a/puppet/services/ironic-base.yaml +++ b/puppet/services/ironic-base.yaml @@ -48,23 +48,23 @@ parameters: description: The password for the Ironic service and db account, used by the Ironic services type: string hidden: true - RabbitUserName: + RpcPort: + default: 5672 + description: The network port for messaging backend + type: number + RpcUserName: default: guest - description: The username for RabbitMQ + description: The username for messaging backend type: string - RabbitPassword: - description: The password for RabbitMQ + RpcPassword: + description: The password for messaging backend type: string hidden: true - RabbitClientPort: - default: 5672 - description: Set rabbit subscriber port, change this if using SSL - type: number - RabbitClientUseSSL: + RpcUseSSL: default: false description: > - Rabbit client subscriber parameter to specify - an SSL connection to the RabbitMQ host. + Messaging client subscriber parameter to specify + an SSL connection to the messaging host. type: string conditions: @@ -94,10 +94,11 @@ outputs: - service_debug_unset - {get_param: Debug } - {get_param: IronicDebug } - ironic::rabbit_userid: {get_param: RabbitUserName} - ironic::rabbit_password: {get_param: RabbitPassword} - ironic::rabbit_port: {get_param: RabbitClientPort} - ironic::rabbit_use_ssl: {get_param: RabbitClientUseSSL} + # TODO(ansmith): remove once p-t-o switches to oslo params + ironic::rabbit_userid: {get_param: RpcUserName} + ironic::rabbit_password: {get_param: RpcPassword} + ironic::rabbit_port: {get_param: RpcPort} + ironic::rabbit_use_ssl: {get_param: RpcUseSSL} - if: - default_rsc_unset diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index 97bd775630..26e90ba2ca 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -91,24 +91,24 @@ parameters: description: The keystone auth secret and db password. type: string hidden: true - RabbitPassword: - description: The password for RabbitMQ + RpcPort: + default: 5672 + description: The network port for messaging backend + type: number + RpcUserName: + default: guest + description: The username for messaging backend + type: string + RpcPassword: + description: The password for messaging backend type: string hidden: true - RabbitUserName: - default: guest - description: The username for RabbitMQ - type: string - RabbitClientUseSSL: + RpcUseSSL: default: false description: > - Rabbit client subscriber parameter to specify - an SSL connection to the RabbitMQ host. + Messaging client subscriber parameter to specify + an SSL connection to the messaging host. type: string - RabbitClientPort: - default: 5672 - description: Set rabbit subscriber port, change this if using SSL - type: number TokenExpiration: default: 3600 description: Set a token expiration time in seconds. @@ -377,10 +377,11 @@ outputs: - service_debug_unset - {get_param: Debug } - {get_param: KeystoneDebug } - keystone::rabbit_userid: {get_param: RabbitUserName} - keystone::rabbit_password: {get_param: RabbitPassword} - keystone::rabbit_use_ssl: {get_param: RabbitClientUseSSL} - keystone::rabbit_port: {get_param: RabbitClientPort} + # TODO(ansmith): remove once p-t-o switches to oslo params + keystone::rabbit_userid: {get_param: RpcUserName} + keystone::rabbit_password: {get_param: RpcPassword} + keystone::rabbit_use_ssl: {get_param: RpcUseSSL} + keystone::rabbit_port: {get_param: RpcPort} keystone::notification_driver: {get_param: NotificationDriver} keystone::notification_format: {get_param: KeystoneNotificationFormat} tripleo::profile::base::keystone::extra_notification_topics: {get_param: KeystoneNotificationTopics} diff --git a/puppet/services/manila-base.yaml b/puppet/services/manila-base.yaml index 664260dccb..295ec422fb 100644 --- a/puppet/services/manila-base.yaml +++ b/puppet/services/manila-base.yaml @@ -44,24 +44,6 @@ parameters: type: string constraints: - allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE'] - RabbitPassword: - description: The password for RabbitMQ - type: string - hidden: true - RabbitUserName: - default: guest - description: The username for RabbitMQ - type: string - RabbitClientUseSSL: - default: false - description: > - Rabbit client subscriber parameter to specify - an SSL connection to the RabbitMQ host. - type: string - RabbitClientPort: - default: 5672 - description: Set rabbit subscriber port, change this if using SSL - type: number ManilaPassword: description: The password for the manila service account. type: string @@ -72,6 +54,24 @@ parameters: description: Driver or drivers to handle sending notifications. constraints: - allowed_values: [ 'messagingv2', 'noop' ] + RpcPort: + default: 5672 + description: The network port for messaging backend + type: number + RpcUserName: + default: guest + description: The username for messaging backend + type: string + RpcPassword: + description: The password for messaging backend + type: string + hidden: true + RpcUseSSL: + default: false + description: > + Messaging client subscriber parameter to specify + an SSL connection to the messaging host. + type: string conditions: service_debug_unset: {equals : [{get_param: ManilaDebug}, '']} @@ -84,10 +84,11 @@ outputs: service_name: manila_base config_settings: manila::notification_driver: {get_param: NotificationDriver} - manila::rabbit_userid: {get_param: RabbitUserName} - manila::rabbit_password: {get_param: RabbitPassword} - manila::rabbit_use_ssl: {get_param: RabbitClientUseSSL} - manila::rabbit_port: {get_param: RabbitClientPort} + # TODO(ansmith): remove once p-t-o switches to oslo params + manila::rabbit_userid: {get_param: RpcUserName} + manila::rabbit_password: {get_param: RpcPassword} + manila::rabbit_use_ssl: {get_param: RpcUseSSL} + manila::rabbit_port: {get_param: RpcPort} manila::debug: if: - service_debug_unset diff --git a/puppet/services/messaging/notify-rabbitmq-shared.yaml b/puppet/services/messaging/notify-rabbitmq-shared.yaml new file mode 100644 index 0000000000..52486b9226 --- /dev/null +++ b/puppet/services/messaging/notify-rabbitmq-shared.yaml @@ -0,0 +1,63 @@ +heat_template_version: queens + +description: > + RabbitMQ service for messaging Notifications configured with Puppet + using a single shared rabbit backend + +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + RpcPort: + default: 5672 + description: The network port for messaging backend + type: number + RpcUserName: + default: guest + description: The username for messaging backend + type: string + RpcPassword: + description: The password for messaging backend + type: string + hidden: true + RpcUseSSL: + default: false + description: > + Messaging client subscriber parameter to specify + an SSL connection to the messaging host. + type: string + +outputs: + role_data: + description: Role data for the OsloMessagingNotify role. + value: + service_name: oslo_messaging_notify + global_config_settings: + oslo_messaging_notify_scheme: rabbit + oslo_messaging_notify_user_name: {get_param: RpcUserName} + oslo_messaging_notify_password: {get_param: RpcPassword} + oslo_messaging_notify_use_ssl: {get_param: RpcUseSSL} + oslo_messaging_notify_port: {get_param: RpcPort} diff --git a/puppet/services/messaging/notify-rabbitmq.yaml b/puppet/services/messaging/notify-rabbitmq.yaml new file mode 100644 index 0000000000..6dee3d9071 --- /dev/null +++ b/puppet/services/messaging/notify-rabbitmq.yaml @@ -0,0 +1,145 @@ +heat_template_version: queens + +description: > + RabbitMQ service for messaging Notifications configured with Puppet + +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NotifyPort: + default: 5672 + description: The network port for messaging Notify backend + type: number + NotifyUserName: + default: guest + description: The username for messaging Notifications + type: string + NotifyPassword: + description: The password for messaging Notifications + type: string + hidden: true + NotifyUseSSL: + default: false + description: Messaging Notification client subscriber parameter to specify + an SSL connection to the messaging host. + type: string + EnableInternalTLS: + type: boolean + default: false + +resources: + RabbitMQServiceBase: + type: ../rabbitmq.yaml + properties: + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +conditions: + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} + +outputs: + role_data: + description: Role data for the OsloMessagingNotify role. + value: + service_name: oslo_messaging_notify + monitoring_subscription: {get_attr: [RabbitMQServiceBase, role_data, monitoring_subscription]} + global_config_settings: + map_merge: + - get_attr: [RabbitMQServiceBase, role_data, global_config_settings] + - oslo_messaging_notify_scheme: rabbit + oslo_messaging_notify_user_name: {get_param: NotifyUserName} + oslo_messaging_notify_password: {get_param: NotifyPassword} + oslo_messaging_notify_use_ssl: {get_param: NotifyUseSSL} + oslo_messaging_notify_port: {get_param: NotifyPort} + config_settings: + map_merge: + - get_attr: [RabbitMQServiceBase, role_data, config_settings] + - rabbitmq::default_user: {get_param: NotifyUserName} + rabbitmq::default_pass: {get_param: NotifyPassword} + tripleo.oslo_messaging_notify.firewall_rules: + '109 rabbitmq': + dport: + - 4369 + - {get_param: NotifyPort} + - 25672 + rabbitmq::port: {get_param: NotifyPort} + rabbitmq::interface: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, OsloMessagingNotifyNetwork]} + rabbitmq::ssl: {get_param: EnableInternalTLS} + rabbitmq::ssl_erl_dist: {get_param: EnableInternalTLS} + rabbitmq::ssl_port: {get_param: NotifyPort} + rabbitmq::ssl_only: {get_param: EnableInternalTLS} + rabbitmq::ssl_interface: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, OsloMessagingNotifyNetwork]} + tripleo::profile::base::rabbitmq::enable_internal_tls: {get_param: EnableInternalTLS} + - + if: + - internal_tls_enabled + - generate_service_certificates: true + tripleo::profile::base::rabbitmq::certificate_specs: + service_certificate: '/etc/pki/tls/certs/rabbitmq.crt' + service_key: '/etc/pki/tls/private/rabbitmq.key' + hostname: + str_replace: + template: "%{hiera('fqdn_NETWORK')}" + params: + NETWORK: {get_param: [ServiceNetMap, OsloMessagingNotifyNetwork]} + principal: + str_replace: + template: "rabbitmq/%{hiera('fqdn_NETWORK')}" + params: + NETWORK: {get_param: [ServiceNetMap, OsloMessagingNotifyNetwork]} + - {} + step_config: | + include ::tripleo::profile::base::rabbitmq + upgrade_tasks: + - name: Stop rabbitmq service + when: step|int == 2 + service: name=rabbitmq-server state=stopped + - name: Start rabbitmq service + when: step|int == 4 + service: name=rabbitmq-server state=started + metadata_settings: + if: + - internal_tls_enabled + - + - service: oslo_messaging_notify + network: {get_param: [ServiceNetMap, OsloMessagingNotifyNetwork]} + type: node + - null diff --git a/puppet/services/messaging/rpc-qdrouterd.yaml b/puppet/services/messaging/rpc-qdrouterd.yaml new file mode 100644 index 0000000000..93ee568d5b --- /dev/null +++ b/puppet/services/messaging/rpc-qdrouterd.yaml @@ -0,0 +1,101 @@ +heat_template_version: queens + +description: > + Qpid dispatch router service for messaging RPCs configured with Puppet + +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + RpcPort: + default: 5672 + description: The network port for messaging backend + type: number + RpcUserName: + default: guest + description: The username for messaging backend + type: string + RpcPassword: + description: The password for messaging backend + type: string + hidden: true + RpcUseSSL: + default: false + description: > + Messaging client subscriber parameter to specify + an SSL connection to the messaging host. + type: string + +resources: + QdrouterdServiceBase: + type: ../qdr.yaml + properties: + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the OsloMessagingRpc role. + value: + service_name: oslo_messaging_rpc + monitoring_subscription: {get_attr: [QdrouterdServiceBase, role_data, monitoring_subscription]} + global_config_settings: + map_merge: + - get_attr: [QdrouterdServiceBase, role_data, global_config_settings] + - oslo_messaging_rpc_scheme: amqp + oslo_messaging_rpc_user_name: {get_param: RpcUserName} + oslo_messaging_rpc_password: {get_param: RpcPassword} + oslo_messaging_rpc_use_ssl: {get_param: RpcUseSSL} + oslo_messaging_rpc_port: {get_param: RpcPort} + config_settings: + map_merge: + - get_attr: [QdrouterdServiceBase, role_data, config_settings] + - tripleo.oslo_messaging_rpc.firewall_rules: + '109 qdrouterd': + dport: + - {get_param: RpcPort} + - 31459 + - 31460 + qdr::listener_addr: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, OsloMessagingRpcNetwork]} + tripleo::profile::base::qdr::qdr_listener_port: {get_param: RpcPort} + tripleo::profile::base::qdr::qdr_username: {get_param: RpcUserName} + tripleo::profile::base::qdr::qdr_password: {get_param: RpcPassword} + step_config: | + include ::tripleo::profile::base::qdr diff --git a/puppet/services/messaging/rpc-rabbitmq.yaml b/puppet/services/messaging/rpc-rabbitmq.yaml new file mode 100644 index 0000000000..de1009353f --- /dev/null +++ b/puppet/services/messaging/rpc-rabbitmq.yaml @@ -0,0 +1,146 @@ +heat_template_version: queens + +description: > + RabbitMQ service for messaging RPCs configured with Puppet + +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + RpcPort: + default: 5672 + description: The network port for messaging backend + type: number + RpcUserName: + default: guest + description: The username for messaging backend + type: string + RpcPassword: + description: The password for messaging backend + type: string + hidden: true + RpcUseSSL: + default: false + description: > + Messaging client subscriber parameter to specify + an SSL connection to the messaging host. + type: string + EnableInternalTLS: + type: boolean + default: false + +resources: + RabbitMQServiceBase: + type: ../rabbitmq.yaml + properties: + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +conditions: + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} + +outputs: + role_data: + description: Role data for the OsloMessagingRpc role. + value: + service_name: oslo_messaging_rpc + monitoring_subscription: {get_attr: [RabbitMQServiceBase, role_data, monitoring_subscription]} + global_config_settings: + map_merge: + - get_attr: [RabbitMQServiceBase, role_data, global_config_settings] + - oslo_messaging_rpc_scheme: rabbit + oslo_messaging_rpc_user_name: {get_param: RpcUserName} + oslo_messaging_rpc_password: {get_param: RpcPassword} + oslo_messaging_rpc_use_ssl: {get_param: RpcUseSSL} + oslo_messaging_rpc_port: {get_param: RpcPort } + config_settings: + map_merge: + - get_attr: [RabbitMQServiceBase, role_data, config_settings] + - rabbitmq::default_user: {get_param: RpcUserName} + rabbitmq::default_pass: {get_param: RpcPassword} + tripleo.oslo_messaging_rpc.firewall_rules: + '109 rabbitmq': + dport: + - 4369 + - {get_param: RpcPort} + - 25672 + rabbitmq::port: {get_param: RpcPort} + rabbitmq::interface: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, OsloMessagingRpcNetwork]} + rabbitmq::ssl: {get_param: EnableInternalTLS} + rabbitmq::ssl_erl_dist: {get_param: EnableInternalTLS} + rabbitmq::ssl_port: {get_param: RpcPort} + rabbitmq::ssl_only: {get_param: EnableInternalTLS} + rabbitmq::ssl_interface: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, OsloMessagingRpcNetwork]} + tripleo::profile::base::rabbitmq::enable_internal_tls: {get_param: EnableInternalTLS} + - + if: + - internal_tls_enabled + - generate_service_certificates: true + tripleo::profile::base::rabbitmq::certificate_specs: + service_certificate: '/etc/pki/tls/certs/rabbitmq.crt' + service_key: '/etc/pki/tls/private/rabbitmq.key' + hostname: + str_replace: + template: "%{hiera('fqdn_NETWORK')}" + params: + NETWORK: {get_param: [ServiceNetMap, OsloMessagingRpcNetwork]} + principal: + str_replace: + template: "rabbitmq/%{hiera('fqdn_NETWORK')}" + params: + NETWORK: {get_param: [ServiceNetMap, OsloMessagingRpcNetwork]} + - {} + step_config: | + include ::tripleo::profile::base::rabbitmq + upgrade_tasks: + - name: Stop rabbitmq service + when: step|int == 2 + service: name=rabbitmq-server state=stopped + - name: Start rabbitmq service + when: step|int == 4 + service: name=rabbitmq-server state=started + metadata_settings: + if: + - internal_tls_enabled + - + - service: oslo_messaging_rpc + network: {get_param: [ServiceNetMap, OsloMessagingRpcNetwork]} + type: node + - null diff --git a/puppet/services/mistral-base.yaml b/puppet/services/mistral-base.yaml index fd346fdc1c..df5c93527f 100644 --- a/puppet/services/mistral-base.yaml +++ b/puppet/services/mistral-base.yaml @@ -41,24 +41,6 @@ parameters: type: string constraints: - allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE'] - RabbitPassword: - description: The password for RabbitMQ - type: string - hidden: true - RabbitUserName: - default: guest - description: The username for RabbitMQ - type: string - RabbitClientUseSSL: - default: false - description: > - Rabbit client subscriber parameter to specify - an SSL connection to the RabbitMQ host. - type: string - RabbitClientPort: - default: 5672 - description: Set rabbit subscriber port, change this if using SSL - type: number MistralPassword: description: The password for the Mistral service and db account, used by the Mistral services. type: string @@ -73,6 +55,24 @@ parameters: description: Driver or drivers to handle sending notifications. constraints: - allowed_values: [ 'messagingv2', 'noop' ] + RpcPort: + default: 5672 + description: The network port for messaging backend + type: number + RpcUserName: + default: guest + description: The username for messaging backend + type: string + RpcPassword: + description: The password for messaging backend + type: string + hidden: true + RpcUseSSL: + default: false + description: > + Messaging client subscriber parameter to specify + an SSL connection to the messaging host. + type: string conditions: service_debug_unset: {equals : [{get_param: MistralDebug}, '']} @@ -94,10 +94,11 @@ outputs: read_default_file: /etc/my.cnf.d/tripleo.cnf read_default_group: tripleo mistral::notification_driver: {get_param: NotificationDriver} - mistral::rabbit_userid: {get_param: RabbitUserName} - mistral::rabbit_password: {get_param: RabbitPassword} - mistral::rabbit_use_ssl: {get_param: RabbitClientUseSSL} - mistral::rabbit_port: {get_param: RabbitClientPort} + # TODO(ansmith): remove once p-t-o switches to oslo params + mistral::rabbit_userid: {get_param: RpcUserName} + mistral::rabbit_password: {get_param: RpcPassword} + mistral::rabbit_use_ssl: {get_param: RpcUseSSL} + mistral::rabbit_port: {get_param: RpcPort} mistral::debug: if: - service_debug_unset diff --git a/puppet/services/neutron-base.yaml b/puppet/services/neutron-base.yaml index c92dfc0ec3..1fe0c3f339 100644 --- a/puppet/services/neutron-base.yaml +++ b/puppet/services/neutron-base.yaml @@ -4,24 +4,6 @@ description: > OpenStack Neutron base service. Shared for all Neutron agents. parameters: - RabbitPassword: - description: The password for RabbitMQ - type: string - hidden: true - RabbitUserName: - default: guest - description: The username for RabbitMQ - type: string - RabbitClientUseSSL: - default: false - description: > - Rabbit client subscriber parameter to specify - an SSL connection to the RabbitMQ host. - type: string - RabbitClientPort: - default: 5672 - description: Set rabbit subscriber port, change this if using SSL - type: number DatabaseSyncTimeout: default: 300 description: DB Sync Timeout default @@ -116,6 +98,24 @@ parameters: EnableInternalTLS: type: boolean default: false + RpcPort: + default: 5672 + description: The network port for messaging backend + type: number + RpcUserName: + default: guest + description: The username for messaging backend + type: string + RpcPassword: + description: The password for messaging backend + type: string + hidden: true + RpcUseSSL: + default: false + description: > + Messaging client subscriber parameter to specify + an SSL connection to the messaging host. + type: string conditions: dhcp_agents_zero: {equals : [{get_param: NeutronDhcpAgentsPerNetwork}, 0]} @@ -129,11 +129,12 @@ outputs: service_name: neutron_base config_settings: map_merge: - - neutron::rabbit_password: {get_param: RabbitPassword} - neutron::rabbit_user: {get_param: RabbitUserName} - neutron::rabbit_use_ssl: {get_param: RabbitClientUseSSL} - neutron::rabbit_port: {get_param: RabbitClientPort} - neutron::notification_driver: {get_param: NotificationDriver} + - neutron::notification_driver: {get_param: NotificationDriver} + # TODO(ansmith): remove once p-t-o switches to oslo params + neutron::rabbit_password: {get_param: RpcPassword} + neutron::rabbit_user: {get_param: RpcUserName} + neutron::rabbit_use_ssl: {get_param: RpcUseSSL} + neutron::rabbit_port: {get_param: RpcPort} neutron::core_plugin: {get_param: NeutronCorePlugin} neutron::service_plugins: {get_param: NeutronServicePlugins} neutron::debug: diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml index 65ed64360c..c13030e584 100644 --- a/puppet/services/nova-api.yaml +++ b/puppet/services/nova-api.yaml @@ -238,12 +238,12 @@ outputs: mode: 0600 content: > $transport_url = os_transport_url({ - 'transport' => hiera('messaging_service_name', 'rabbit'), - 'hosts' => any2array(hiera('rabbitmq_node_names', undef)), - 'port' => sprintf('%s',hiera('nova::rabbit_port', '5672') ), - 'username' => hiera('nova::rabbit_userid', 'guest'), - 'password' => hiera('nova::rabbit_password'), - 'ssl' => sprintf('%s', bool2num(str2bool(hiera('nova::rabbit_use_ssl', '0')))) + 'transport' => hiera('oslo_messaging_rpc_scheme', 'rabbit'), + 'hosts' => any2array(hiera('oslo_messaging_rpc_node_names', undef)), + 'port' => sprintf('%s',hiera('oslo_messaging_rpc_port', '5672') ), + 'username' => hiera('oslo_messaging_rpc_user_name', 'guest'), + 'password' => hiera('oslo_messaging_rpc_password'), + 'ssl' => sprintf('%s', bool2num(str2bool(hiera('oslo_messaging_rpc_use_ssl', '0')))) }) oslo::messaging::default { 'nova_config': transport_url => $transport_url diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml index 7e743797c4..6b884feb4d 100644 --- a/puppet/services/nova-base.yaml +++ b/puppet/services/nova-base.yaml @@ -52,24 +52,6 @@ parameters: default: 'br-int' description: Name of integration bridge used by Open vSwitch type: string - RabbitPassword: - description: The password for RabbitMQ - type: string - hidden: true - RabbitUserName: - default: guest - description: The username for RabbitMQ - type: string - RabbitClientUseSSL: - default: false - description: > - Rabbit client subscriber parameter to specify - an SSL connection to the RabbitMQ host. - type: string - RabbitClientPort: - default: 5672 - description: Set rabbit subscriber port, change this if using SSL - type: number DatabaseSyncTimeout: default: 300 description: DB Sync Timeout default @@ -207,6 +189,24 @@ parameters: description: > Endpoint interface to be used for the placement API. default: 'internal' + RpcPort: + default: 5672 + description: The network port for messaging backend + type: number + RpcUserName: + default: guest + description: The username for messaging backend + type: string + RpcPassword: + description: The password for messaging backend + type: string + hidden: true + RpcUseSSL: + default: false + description: > + Messaging client subscriber parameter to specify + an SSL connection to the messaging host. + type: string conditions: @@ -226,10 +226,11 @@ outputs: "%{hiera('$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]} - nova::rabbit_password: {get_param: RabbitPassword} - nova::rabbit_userid: {get_param: RabbitUserName} - nova::rabbit_use_ssl: {get_param: RabbitClientUseSSL} - nova::rabbit_port: {get_param: RabbitClientPort} + # TODO(ansmith): remove once p-t-o switches to oslo params + nova::rabbit_password: {get_param: RpcPassword} + nova::rabbit_userid: {get_param: RpcUserName} + nova::rabbit_use_ssl: {get_param: RpcUseSSL} + nova::rabbit_port: {get_param: RpcPort} nova::placement::project_name: 'service' nova::placement::password: {get_param: NovaPassword} nova::placement::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} @@ -333,7 +334,8 @@ outputs: # complex cell v2 configurations. For now, this is the default cell # created for the cell v2 configuration nova::db::mysql_api::setup_cell0: true - nova::rabbit_password: {get_param: RabbitPassword} - nova::rabbit_userid: {get_param: RabbitUserName} - nova::rabbit_use_ssl: {get_param: RabbitClientUseSSL} - nova::rabbit_port: {get_param: RabbitClientPort} + # TODO(ansmith): remove once p-t-o switches to oslo params + nova::rabbit_password: {get_param: RpcPassword} + nova::rabbit_userid: {get_param: RpcUserName} + nova::rabbit_use_ssl: {get_param: RpcUseSSL} + nova::rabbit_port: {get_param: RpcPort} diff --git a/puppet/services/octavia-base.yaml b/puppet/services/octavia-base.yaml index 918cce25a0..7d407793ec 100644 --- a/puppet/services/octavia-base.yaml +++ b/puppet/services/octavia-base.yaml @@ -46,24 +46,24 @@ parameters: description: > Remove configuration that is not generated by TripleO. Used to avoid configuration remnants after upgrades. - RabbitPassword: - description: The password for RabbitMQ + RpcPort: + default: 5672 + description: The network port for messaging backend + type: number + RpcUserName: + default: guest + description: The username for messaging backend + type: string + RpcPassword: + description: The password for messaging backend type: string hidden: true - RabbitUserName: - default: guest - description: The username for RabbitMQ - type: string - RabbitClientUseSSL: + RpcUseSSL: default: false description: > - Rabbit client subscriber parameter to specify - an SSL connection to the RabbitMQ host. + Messaging client subscriber parameter to specify + an SSL connection to the messaging host. type: string - RabbitClientPort: - default: 5672 - description: Set rabbit subscriber port, change this if using SSL - type: number NotificationDriver: type: string default: 'messagingv2' @@ -111,6 +111,7 @@ outputs: value: service_name: octavia_base config_settings: + map_merge: - octavia::debug: if: @@ -119,10 +120,11 @@ outputs: - {get_param: OctaviaDebug } octavia::purge_config: {get_param: EnableConfigPurge} octavia::notification_driver: {get_param: NotificationDriver} - octavia::rabbit_use_ssl: {get_param: RabbitClientUseSSL} - octavia::rabbit_userid: {get_param: RabbitUserName} - octavia::rabbit_password: {get_param: RabbitPassword} - octavia::rabbit_port: {get_param: RabbitClientPort} + # TODO(ansmith): remove once p-t-o switches to oslo params + octavia::rabbit_use_ssl: {get_param: RpcUseSSL} + octavia::rabbit_userid: {get_param: RpcUserName} + octavia::rabbit_password: {get_param: RpcPassword} + octavia::rabbit_port: {get_param: RpcPort} octavia::service_auth::auth_url: {get_param: [EndpointMap, KeystonePublic, uri]} octavia::service_auth::auth_type: 'password' octavia::service_auth::username: 'octavia' diff --git a/puppet/services/sahara-base.yaml b/puppet/services/sahara-base.yaml index ca7362c94e..e2ab0e621a 100644 --- a/puppet/services/sahara-base.yaml +++ b/puppet/services/sahara-base.yaml @@ -30,24 +30,6 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json - RabbitPassword: - description: The password for RabbitMQ - type: string - hidden: true - RabbitUserName: - default: guest - description: The username for RabbitMQ - type: string - RabbitClientUseSSL: - default: false - description: > - Rabbit client subscriber parameter to specify - an SSL connection to the RabbitMQ host. - type: string - RabbitClientPort: - default: 5672 - description: Set rabbit subscriber port, change this if using SSL - type: number SaharaPassword: description: The password for the sahara service account, used by sahara-api. type: string @@ -72,6 +54,24 @@ parameters: description: Driver or drivers to handle sending notifications. constraints: - allowed_values: [ 'messagingv2', 'noop' ] + RpcPort: + default: 5672 + description: The network port for messaging backend + type: number + RpcUserName: + default: guest + description: The username for messaging backend + type: string + RpcPassword: + description: The password for messaging backend + type: string + hidden: true + RpcUseSSL: + default: false + description: > + Messaging client subscriber parameter to specify + an SSL connection to the messaging host. + type: string conditions: service_debug_unset: {equals : [{get_param: SaharaDebug}, '']} @@ -93,10 +93,11 @@ outputs: read_default_file: /etc/my.cnf.d/tripleo.cnf read_default_group: tripleo sahara::notify::notification_driver: {get_param: NotificationDriver} - sahara::rabbit_password: {get_param: RabbitPassword} - sahara::rabbit_user: {get_param: RabbitUserName} - sahara::rabbit_use_ssl: {get_param: RabbitClientUseSSL} - sahara::rabbit_port: {get_param: RabbitClientPort} + # TODO(ansmith): remove once p-t-o switches to oslo params + sahara::rabbit_password: {get_param: RpcPassword} + sahara::rabbit_user: {get_param: RpcUserName} + sahara::rabbit_use_ssl: {get_param: RpcUseSSL} + sahara::rabbit_port: {get_param: RpcPort} sahara::debug: if: - service_debug_unset diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml index 8142d87224..36ef0b2ff4 100644 --- a/puppet/services/swift-proxy.yaml +++ b/puppet/services/swift-proxy.yaml @@ -53,14 +53,6 @@ parameters: MonitoringSubscriptionSwiftProxy: default: 'overcloud-swift-proxy' type: string - RabbitPassword: - description: The password for RabbitMQ - type: string - hidden: true - RabbitUserName: - default: guest - description: The username for RabbitMQ - type: string SwiftCeilometerPipelineEnabled: description: Set to False to disable the swift proxy ceilometer pipeline. default: false @@ -73,15 +65,23 @@ parameters: description: Set to True to enable data-at-rest encryption in Swift default: false type: boolean - RabbitClientPort: + RpcPort: default: 5672 - description: Set rabbit subscriber port, change this if using SSL + description: The network port for messaging backend type: number - RabbitClientUseSSL: + RpcUserName: + default: guest + description: The username for messaging backend + type: string + RpcPassword: + description: The password for messaging backend + type: string + hidden: true + RpcUseSSL: default: false description: > - Rabbit client subscriber parameter to specify - an SSL connection to the RabbitMQ host. + Messaging client subscriber parameter to specify + an SSL connection to the messaging host. type: string EnableInternalTLS: type: boolean @@ -144,18 +144,19 @@ outputs: if: - ceilometer_pipeline_enabled - - swift::proxy::ceilometer::rabbit_user: {get_param: RabbitUserName} - swift::proxy::ceilometer::rabbit_password: {get_param: RabbitPassword} + # TODO(ansmith): remove once p-t-o switches to oslo params + swift::proxy::ceilometer::rabbit_user: {get_param: RpcUserName} + swift::proxy::ceilometer::rabbit_password: {get_param: RpcPassword} + swift::proxy::ceilometer::rabbit_use_ssl: {get_param: RpcUseSSL} swift::proxy::ceilometer::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} swift::proxy::ceilometer::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} swift::proxy::ceilometer::password: {get_param: SwiftPassword} swift::proxy::ceilometer::ignore_projects: {get_param: SwiftCeilometerIgnoreProjects} swift::proxy::ceilometer::nonblocking_notify: true - swift::proxy::ceilometer::rabbit_use_ssl: {get_param: RabbitClientUseSSL} - {} - swift::proxy::staticweb::url_base: {get_param: [EndpointMap, SwiftPublic, uri_no_suffix]} - tripleo::profile::base::swift::proxy::rabbit_port: {get_param: RabbitClientPort} - tripleo::profile::base::swift::proxy::ceilometer_messaging_use_ssl: {get_param: RabbitClientUseSSL} + tripleo::profile::base::swift::proxy::rabbit_port: {get_param: RpcPort} + tripleo::profile::base::swift::proxy::ceilometer_messaging_use_ssl: {get_param: RpcUseSSL} tripleo::profile::base::swift::proxy::ceilometer_enabled: {get_param: SwiftCeilometerPipelineEnabled} tripleo.swift_proxy.firewall_rules: '122 swift proxy': diff --git a/puppet/services/tacker.yaml b/puppet/services/tacker.yaml index ecc2b09cc1..053ef97c52 100644 --- a/puppet/services/tacker.yaml +++ b/puppet/services/tacker.yaml @@ -48,24 +48,6 @@ parameters: type: string default: 'regionOne' description: Keystone region for endpoint - RabbitPassword: - description: The password for RabbitMQ - type: string - hidden: true - RabbitUserName: - default: guest - description: The username for RabbitMQ - type: string - RabbitClientUseSSL: - default: false - description: > - Rabbit client subscriber parameter to specify - an SSL connection to the RabbitMQ host. - type: string - RabbitClientPort: - default: 5672 - description: Set rabbit subscriber port, change this if using SSL - type: number TackerPolicies: description: | A hash of policies to configure for Tacker. @@ -78,6 +60,24 @@ parameters: description: Driver or drivers to handle sending notifications. constraints: - allowed_values: [ 'messagingv2', 'noop' ] + RpcPort: + default: 5672 + description: The network port for messaging backend + type: number + RpcUserName: + default: guest + description: The username for messaging backend + type: string + RpcPassword: + description: The password for messaging backend + type: string + hidden: true + RpcUseSSL: + default: false + description: > + Messaging client subscriber parameter to specify + an SSL connection to the messaging host. + type: string conditions: service_debug_unset: {equals : [{get_param: TackerDebug}, '']} @@ -105,12 +105,12 @@ outputs: - service_debug_unset - {get_param: Debug } - {get_param: TackerDebug } - tacker::rpc_backend: rabbit tacker::notification_driver: {get_param: NotificationDriver} - tacker::rabbit_userid: {get_param: RabbitUserName} - tacker::rabbit_password: {get_param: RabbitPassword} - tacker::rabbit_use_ssl: {get_param: RabbitClientUseSSL} - tacker::rabbit_port: {get_param: RabbitClientPort} + # TODO(ansmith): remove once p-t-o switches to oslo params + tacker::rabbit_userid: {get_param: RpcUserName} + tacker::rabbit_password: {get_param: RpcPassword} + tacker::rabbit_use_ssl: {get_param: RpcUseSSL} + tacker::rabbit_port: {get_param: RpcPort} tacker::server::bind_host: str_replace: template: diff --git a/releasenotes/notes/oslo-messaging-separate-backends-2d2221066f88f479.yaml b/releasenotes/notes/oslo-messaging-separate-backends-2d2221066f88f479.yaml new file mode 100644 index 0000000000..48da1e111b --- /dev/null +++ b/releasenotes/notes/oslo-messaging-separate-backends-2d2221066f88f479.yaml @@ -0,0 +1,4 @@ +--- +features: + - Support separate oslo.messaging services for RPC and Notifications. + Enable separate messaging backend servers. diff --git a/roles/Controller.yaml b/roles/Controller.yaml index 8580802ff3..8f369597b3 100644 --- a/roles/Controller.yaml +++ b/roles/Controller.yaml @@ -152,7 +152,8 @@ - OS::TripleO::Services::OVNController - OS::TripleO::Services::Pacemaker - OS::TripleO::Services::PankoApi - - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::OsloMessagingRpc + - OS::TripleO::Services::OsloMessagingNotify - OS::TripleO::Services::Redis - OS::TripleO::Services::Rhsm - OS::TripleO::Services::RsyslogSidecar diff --git a/roles/ControllerNoCeph.yaml b/roles/ControllerNoCeph.yaml index e6f4501f34..8d8f0c4e7b 100644 --- a/roles/ControllerNoCeph.yaml +++ b/roles/ControllerNoCeph.yaml @@ -145,7 +145,8 @@ - OS::TripleO::Services::OVNController - OS::TripleO::Services::Pacemaker - OS::TripleO::Services::PankoApi - - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::OsloMessagingRpc + - OS::TripleO::Services::OsloMessagingNotify - OS::TripleO::Services::Redis - OS::TripleO::Services::Rhsm - OS::TripleO::Services::RsyslogSidecar diff --git a/roles/ControllerNovaStandalone.yaml b/roles/ControllerNovaStandalone.yaml index c3386b1880..a1dfd5163d 100644 --- a/roles/ControllerNovaStandalone.yaml +++ b/roles/ControllerNovaStandalone.yaml @@ -123,7 +123,8 @@ - OS::TripleO::Services::OVNController - OS::TripleO::Services::Pacemaker - OS::TripleO::Services::PankoApi - - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::OsloMessagingRpc + - OS::TripleO::Services::OsloMessagingNotify - OS::TripleO::Services::Redis - OS::TripleO::Services::Rhsm - OS::TripleO::Services::RsyslogSidecar diff --git a/roles/ControllerStorageNfs.yaml b/roles/ControllerStorageNfs.yaml index db039cd41e..f2f03eff59 100644 --- a/roles/ControllerStorageNfs.yaml +++ b/roles/ControllerStorageNfs.yaml @@ -136,7 +136,8 @@ - OS::TripleO::Services::OVNController - OS::TripleO::Services::Pacemaker - OS::TripleO::Services::PankoApi - - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::OsloMessagingRpc + - OS::TripleO::Services::OsloMessagingNotify - OS::TripleO::Services::Redis - OS::TripleO::Services::Rhsm - OS::TripleO::Services::RsyslogSidecar diff --git a/roles/Messaging.yaml b/roles/Messaging.yaml index df50618a56..7269a34ff0 100644 --- a/roles/Messaging.yaml +++ b/roles/Messaging.yaml @@ -3,7 +3,7 @@ ############################################################################### - name: Messaging description: | - Standalone messaging role with RabbitMQ being managed via Pacemaker + Standalone messaging role with backends being managed via Pacemaker networks: - InternalApi HostnameFormatDefault: '%stackname%-messaging-%index%' @@ -21,7 +21,8 @@ - OS::TripleO::Services::Ntp - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Pacemaker - - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::OsloMessagingRpc + - OS::TripleO::Services::OsloMessagingNotify - OS::TripleO::Services::Rhsm - OS::TripleO::Services::SensuClient - OS::TripleO::Services::Snmp diff --git a/roles/Undercloud.yaml b/roles/Undercloud.yaml index f483a2b6bc..3cf20dc7a5 100644 --- a/roles/Undercloud.yaml +++ b/roles/Undercloud.yaml @@ -48,7 +48,8 @@ - OS::TripleO::Services::Novajoin - OS::TripleO::Services::Ntp - OS::TripleO::Services::ContainersLogrotateCrond - - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::OsloMessagingRpc + - OS::TripleO::Services::OsloMessagingNotify - OS::TripleO::Services::Rhsm - OS::TripleO::Services::MasqueradeNetworks - OS::TripleO::Services::SwiftProxy diff --git a/roles/UndercloudLight.yaml b/roles/UndercloudLight.yaml index 0e5b8207d3..dbf53b6d14 100644 --- a/roles/UndercloudLight.yaml +++ b/roles/UndercloudLight.yaml @@ -29,7 +29,8 @@ - OS::TripleO::Services::NeutronApi - OS::TripleO::Services::NeutronCorePlugin - OS::TripleO::Services::NeutronDhcpAgent - - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::OsloMessagingRpc + - OS::TripleO::Services::OsloMessagingNotify - OS::TripleO::Services::Rhsm - OS::TripleO::Services::MasqueradeNetworks - OS::TripleO::Services::SwiftProxy diff --git a/roles_data.yaml b/roles_data.yaml index 85ca148bbb..d4771c309c 100644 --- a/roles_data.yaml +++ b/roles_data.yaml @@ -155,7 +155,8 @@ - OS::TripleO::Services::OVNController - OS::TripleO::Services::Pacemaker - OS::TripleO::Services::PankoApi - - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::OsloMessagingRpc + - OS::TripleO::Services::OsloMessagingNotify - OS::TripleO::Services::Redis - OS::TripleO::Services::Rhsm - OS::TripleO::Services::RsyslogSidecar diff --git a/roles_data_undercloud.yaml b/roles_data_undercloud.yaml index c33917ac71..b2c22872a7 100644 --- a/roles_data_undercloud.yaml +++ b/roles_data_undercloud.yaml @@ -51,7 +51,8 @@ - OS::TripleO::Services::Novajoin - OS::TripleO::Services::Ntp - OS::TripleO::Services::ContainersLogrotateCrond - - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::OsloMessagingRpc + - OS::TripleO::Services::OsloMessagingNotify - OS::TripleO::Services::Rhsm - OS::TripleO::Services::MasqueradeNetworks - OS::TripleO::Services::SwiftProxy diff --git a/sample-env-generator/messaging.yaml b/sample-env-generator/messaging.yaml new file mode 100644 index 0000000000..6bd53cd835 --- /dev/null +++ b/sample-env-generator/messaging.yaml @@ -0,0 +1,35 @@ +environments: + - + name: messaging/rpc-rabbitmq-notify-rabbitmq-shared + title: Share single rabbitmq backend for rpc and notify messaging backend + files: + puppet/services/messaging/rpc-rabbitmq.yaml: + parameters: + - RpcPort + sample_value: + RpcPort: 5672 + resource_registry: + OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/messaging/rpc-rabbitmq.yaml + OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml + description: | + Include this environment to enable a shared rabbitmq backend for + oslo.messaging rpc and notification services + - + name: messaging/rpc-qdrouterd-notify-rabbitmq-hybrid + title: Hybrid qdrouterd for rpc and rabbitmq for notify messaging backend + files: + puppet/services/messaging/rpc-qdrouterd.yaml: + parameters: + - RpcPort + puppet/services/messaging/notify-rabbitmq.yaml: + parameters: + - NotifyPort + sample_values: + RpcPort: 31459 + NotifyPort: 5672 + resource_registry: + OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/messaging/rpc-qdrouterd.yaml + OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq.yaml + description: | + Include this environment to enable hybrid messaging backends for + oslo.messaging rpc and notification services diff --git a/tools/yaml-validate.py b/tools/yaml-validate.py index a7e214f813..ca542a9ce4 100755 --- a/tools/yaml-validate.py +++ b/tools/yaml-validate.py @@ -150,12 +150,29 @@ PREFERRED_CAMEL_CASE = { VALIDATE_PUPPET_OVERRIDE = { # docker/service/sshd.yaml is a variation of the puppet sshd service './docker/services/sshd.yaml': True, + # docker/services/messaging/*.yaml provide oslo_messaging services + './docker/services/messaging/notify-rabbitmq-shared.yaml': False, + './docker/services/messaging/notify-rabbitmq.yaml': False, + './docker/services/messaging/rpc-rabbitmq.yaml': False, + './docker/services/messaging/rpc-qdrouterd.yaml': False, + # docker/services/pacemaker/*-rabbitmq.yaml provide oslo_messaging services + './docker/services/pacemaker/notify-rabbitmq.yaml': False, + './docker/services/pacemaker/rpc-rabbitmq.yaml': False, # qdr aliases rabbitmq service to provide alternative messaging backend './puppet/services/qdr.yaml': False, + # puppet/services/messaging/*.yaml provide oslo_messaging services + './puppet/services/messaging/notify-rabbitmq-shared.yaml': False, + './puppet/services/messaging/notify-rabbitmq.yaml': False, + './puppet/services/messaging/rpc-rabbitmq.yaml': False, + './puppet/services/messaging/rpc-qdrouterd.yaml': False, + } VALIDATE_DOCKER_OVERRIDE = { # docker/service/sshd.yaml is a variation of the puppet sshd service './docker/services/sshd.yaml': False, + # docker/services/messaging/notify-rabbitmq-shared.yaml does not + # deploy container + './docker/services/messaging/notify-rabbitmq-shared.yaml': False, } DEPLOYMENT_RESOURCE_TYPES = [ 'OS::Heat::SoftwareDeploymentGroup',