openstack
/
tripleo-heat-templates
Code Issues Proposed changes

step3: flatten nova service configuration 

This change combines the previous puppet and docker files
into a single file that performs the docker service installation
and configuration. With this patch the baremetal version of
nova has been removed.

Change-Id: Ic577851f8d865d5eec41dbfb00c27520bedc3fdb
This commit is contained in:
Jill Rouleau 2019-01-28 10:35:37 -07:00 committed by Juan Antonio Osorio Robles
parent 98ecf97609
commit 92ea1131c7
12 changed files with 527 additions and 824 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

334
docker/services/nova-api.yaml → deployment/nova/nova-api-container-puppet.yaml
View File

@ -66,6 +66,70 @@ parameters:
default: false
description: Enable IPv6 in MySQL
type: boolean
NovaWorkers:
default: 0
description: Number of workers for Nova services.
type: number
KeystoneRegion:
type: string
default: 'regionOne'
description: Keystone region for endpoint
NeutronMetadataProxySharedSecret:
description: Shared secret to prevent spoofing
type: string
hidden: true
InstanceNameTemplate:
default: 'instance-%08x'
description: Template string to be used to generate instance names
type: string
NovaEnableDBPurge:
default: true
description: |
Whether to create cron job for purging soft deleted rows in Nova database.
type: boolean
NovaEnableDBArchive:
default: true
description: |
Whether to create cron job for archiving soft deleted rows in Nova database.
type: boolean
MonitoringSubscriptionNovaApi:
default: 'overcloud-nova-api'
type: string
NovaDefaultFloatingPool:
default: 'public'
description: Default pool for floating IP addresses
type: string
NovaApiPolicies:
description: |
A hash of policies to configure for Nova API.
e.g. { nova-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
default: {}
type: json
NovaCronDBArchivedMinute:
type: string
description: >
Cron to move deleted instances to another table that doesn't need backup - Minute
default: '1'
NovaCronDBArchivedHour:
type: string
description: >
Cron to move deleted instances to another table that doesn't need backup - Hour
default: '0'
NovaCronDBArchivedMonthday:
type: string
description: >
Cron to move deleted instances to another table that doesn't need backup - Month Day
default: '*'
NovaCronDBArchivedMonth:
type: string
description: >
Cron to move deleted instances to another table that doesn't need backup - Month
default: '*'
NovaCronDBArchivedWeekday:
type: string
description: >
Cron to move deleted instances to another table that doesn't need backup - Week Day
default: '*'
conditions:
@ -76,45 +140,147 @@ conditions:
- {equals: [{get_param: MysqlIPv6}, true]}
- {equals: [{get_param: EnableInternalTLS}, false]}
nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]}
is_neutron_shared_metadata_notempty: {not: {equals: [{get_param: NeutronMetadataProxySharedSecret}, '']}}
resources:
ContainersCommon:
type: ./containers-common.yaml
type: ../../docker/services/containers-common.yaml
MySQLClient:
type: ../../deployment/database/mysql-client.yaml
NovaApiBase:
type: ../../puppet/services/nova-api.yaml
NovaApiLogging:
type: OS::TripleO::Services::Logging::NovaApi
ApacheServiceBase:
type: ../../puppet/services/apache.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
EnableInternalTLS: {get_param: EnableInternalTLS}
NovaApiLogging:
type: OS::TripleO::Services::Logging::NovaApi
NovaBase:
type: ../../puppet/services/nova-base.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Nova API role.
value:
service_name: {get_attr: [NovaApiBase, role_data, service_name]}
service_name: nova_api
config_settings:
map_merge:
- get_attr: [NovaApiBase, role_data, config_settings]
- get_attr: [NovaBase, role_data, config_settings]
- get_attr: [NovaApiLogging, config_settings]
- apache::default_vhost: false
- nova::cron::archive_deleted_rows::hour: '*/12'
nova::cron::archive_deleted_rows::destination: '/dev/null'
tripleo::nova_api::firewall_rules:
'113 nova_api':
dport:
- 8774
- 13774
nova::keystone::authtoken::project_name: 'service'
nova::keystone::authtoken::user_domain_name: 'Default'
nova::keystone::authtoken::project_domain_name: 'Default'
nova::keystone::authtoken::password: {get_param: NovaPassword}
nova::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
nova::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
nova::api::enabled: true
nova::api::default_floating_pool: {get_param: NovaDefaultFloatingPool}
nova::api::sync_db_api: true
nova::api::enable_proxy_headers_parsing: true
nova::api::api_bind_address:
str_replace:
template:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
nova_wsgi_enabled: true
nova::api::service_name: 'httpd'
nova::wsgi::apache_api::ssl: {get_param: EnableInternalTLS}
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
nova::wsgi::apache_api::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
nova::wsgi::apache_api::servername:
str_replace:
template:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
nova::api::instance_name_template: {get_param: InstanceNameTemplate}
nova_enable_db_purge: {get_param: NovaEnableDBPurge}
nova::cron::archive_deleted_rows::minute: {get_param: NovaCronDBArchivedMinute}
nova::cron::archive_deleted_rows::hour: {get_param: NovaCronDBArchivedHour}
nova::cron::archive_deleted_rows::monthday: {get_param: NovaCronDBArchivedMonthday}
nova::cron::archive_deleted_rows::month: {get_param: NovaCronDBArchivedMonth}
nova::cron::archive_deleted_rows::weekday: {get_param: NovaCronDBArchivedWeekday}
nova_enable_db_archive: {get_param: NovaEnableDBArchive}
nova::policy::policies: {get_param: NovaApiPolicies}
-
if:
- nova_workers_zero
- {}
- nova::api::osapi_compute_workers: {get_param: NovaWorkers}
nova::wsgi::apache_api::workers: {get_param: NovaWorkers}
-
if:
- is_neutron_shared_metadata_notempty
- nova::api::neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
- {}
service_config_settings:
map_merge:
- get_attr: [NovaApiBase, role_data, service_config_settings]
- fluentd:
tripleo_fluentd_groups_nova_api:
- nova
tripleo_fluentd_sources_nova_api:
- {get_param: NovaApiLoggingSource}
fluentd:
tripleo_fluentd_groups_nova_api:
- nova
tripleo_fluentd_sources_nova_api:
- {get_param: NovaApiLoggingSource}
mysql:
map_merge:
- {get_attr: [NovaBase, role_data, service_config_settings, mysql]}
- nova::db::mysql::password: {get_param: NovaPassword}
nova::db::mysql::user: nova
nova::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
nova::db::mysql::dbname: nova
nova::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
nova::db::mysql_api::password: {get_param: NovaPassword}
nova::db::mysql_api::user: nova_api
nova::db::mysql_api::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
nova::db::mysql_api::dbname: nova_api
nova::db::mysql_api::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
keystone:
nova::keystone::auth::tenant: 'service'
nova::keystone::auth::public_url: {get_param: [EndpointMap, NovaPublic, uri]}
nova::keystone::auth::internal_url: {get_param: [EndpointMap, NovaInternal, uri]}
nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]}
nova::keystone::auth::password: {get_param: NovaPassword}
nova::keystone::auth::region: {get_param: KeystoneRegion}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: nova
@ -123,7 +289,7 @@ outputs:
list_join:
- "\n"
- - "['Nova_cell_v2'].each |String $val| { noop_resource($val) }"
- {get_attr: [NovaApiBase, role_data, step_config]}
- include tripleo::profile::base::nova::api
- {get_attr: [MySQLClient, role_data, step_config]}
config_image: {get_param: DockerNovaConfigImage}
kolla_config:
@ -314,35 +480,125 @@ outputs:
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
metadata_settings:
get_attr: [NovaApiBase, role_data, metadata_settings]
get_attr: [ApacheServiceBase, role_data, metadata_settings]
host_prep_tasks: {get_attr: [NovaApiLogging, host_prep_tasks]}
upgrade_tasks:
- when: step|int == 0
tags: common
block:
list_concat:
- get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
-
- name: set is_nova_api_bootstrap_node fact
tags: common
set_fact: is_nova_api_bootstrap_node={{nova_api_short_bootstrap_node_name|lower == ansible_hostname|lower}}
- name: Ensure all online data migrations for Nova have been applied
shell: |
if {{ container_cli }} ps | grep nova_api; then
{{ container_cli }} exec nova_api nova-manage db online_data_migrations
# handle situation when container_cli is podman but
# the containers are still under docker
elif docker ps | grep nova_api; then
docker exec nova_api nova-manage db online_data_migrations
fi
- name: Extra migration for nova tripleo/+bug/1656791
tags: pre-upgrade
when: is_nova_api_bootstrap_node|bool
- when: step|int == 3
block:
- name: Set fact for removal of openstack-nova-api package
set_fact:
remove_nova_api_package: {get_param: UpgradeRemoveUnusedPackages}
- name: Remove openstack-nova-api package if operator requests it
package: name=openstack-nova-api state=removed
ignore_errors: True
when:
- remove_nova_api_package|bool
- step|int == 0
- is_nova_api_bootstrap_node|bool
command: nova-manage db online_data_migrations
- name: Stop and disable nova_api service (pre-upgrade not under httpd)
when: step|int == 2
service: name=openstack-nova-api state=stopped enabled=no
- name: Create puppet manifest to set transport_url in nova.conf
when:
- step|int == 5
- is_nova_api_bootstrap_node|bool
copy:
dest: /root/nova-api_upgrade_manifest.pp
mode: 0600
content: >
$transport_url = os_transport_url({
'transport' => hiera('oslo_messaging_rpc_scheme', 'rabbit'),
'hosts' => any2array(hiera('oslo_messaging_rpc_node_names', undef)),
'port' => sprintf('%s',hiera('oslo_messaging_rpc_port', '5672') ),
'username' => hiera('oslo_messaging_rpc_user_name', 'guest'),
'password' => hiera('oslo_messaging_rpc_password'),
'ssl' => sprintf('%s', bool2num(str2bool(hiera('oslo_messaging_rpc_use_ssl', '0'))))
})
oslo::messaging::default { 'nova_config':
transport_url => $transport_url
}
- name: Run puppet apply to set tranport_url in nova.conf
when:
- step|int == 5
- is_nova_api_bootstrap_node|bool
command: puppet apply --summarize --modulepath /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules --detailed-exitcodes /root/nova-api_upgrade_manifest.pp
register: puppet_apply_nova_api_upgrade
failed_when: puppet_apply_nova_api_upgrade.rc not in [0,2]
changed_when: puppet_apply_nova_api_upgrade.rc == 2
- name: Setup cell_v2 (map cell0)
when:
- step|int == 5
- is_nova_api_bootstrap_node|bool
shell: nova-manage cell_v2 map_cell0 --database_connection=$(hiera nova::cell0_database_connection)
- name: Setup cell_v2 (create default cell)
when:
- step|int == 5
- is_nova_api_bootstrap_node|bool
# (owalsh) puppet-nova expects the cell name 'default'
# (owalsh) pass the db uri explicitly to avoid https://bugs.launchpad.net/tripleo/+bug/1662344
shell: nova-manage cell_v2 create_cell --name='default' --database_connection=$(hiera nova::database_connection)
register: nova_api_create_cell
failed_when: nova_api_create_cell.rc not in [0,2]
changed_when: nova_api_create_cell.rc == 0
- name: Setup cell_v2 (sync nova/cell DB)
when:
- step|int == 5
- is_nova_api_bootstrap_node|bool
command: nova-manage db sync
async: {get_param: NovaDbSyncTimeout}
poll: 10
- name: Setup cell_v2 (get cell uuid)
when:
- step|int == 5
- is_nova_api_bootstrap_node|bool
shell: nova-manage cell_v2 list_cells | sed -e '1,3d' -e '$d' | awk -F ' *| *' '$2 == "default" {print $4}'
register: nova_api_cell_uuid
- name: Setup cell_v2 (migrate hosts)
when:
- step|int == 5
- is_nova_api_bootstrap_node|bool
command: nova-manage cell_v2 discover_hosts --cell_uuid {{nova_api_cell_uuid.stdout}} --verbose
- name: Setup cell_v2 (migrate instances)
when:
- step|int == 5
- is_nova_api_bootstrap_node|bool
command: nova-manage cell_v2 map_instances --cell_uuid {{nova_api_cell_uuid.stdout}}
- name: Sync nova_api DB
command: nova-manage api_db sync
when:
- step|int == 5
- is_nova_api_bootstrap_node|bool
- name: Online data migration for nova
when:
- step|int == 5
- is_nova_api_bootstrap_node|bool
command: nova-manage db online_data_migrations
- when: step|int == 0
tags: common
block:
- name: set is_nova_api_bootstrap_node fact
set_fact: is_nova_api_bootstrap_node={{nova_api_short_bootstrap_node_name|lower == ansible_hostname|lower}}
- name: Ensure all online data migrations for Nova have been applied
shell: |
if {{ container_cli }} ps | grep nova_api; then
{{ container_cli }} exec nova_api nova-manage db online_data_migrations
# handle situation when container_cli is podman but
# the containers are still under docker
elif docker ps | grep nova_api; then
docker exec nova_api nova-manage db online_data_migrations
fi
tags: pre-upgrade
when: is_nova_api_bootstrap_node|bool
- when: step|int == 3
block:
- name: Set fact for removal of openstack-nova-api package
set_fact:
remove_nova_api_package: {get_param: UpgradeRemoveUnusedPackages}
- name: Remove openstack-nova-api package if operator requests it
package: name=openstack-nova-api state=removed
ignore_errors: True
when:
- remove_nova_api_package|bool
external_upgrade_tasks:
- when: step|int == 1
block:

72
docker/services/nova-conductor.yaml → deployment/nova/nova-conductor-container-puppet.yaml
View File

@ -45,49 +45,65 @@ parameters:
default: false
description: Remove package if the service is being disabled during upgrade
type: boolean
NovaWorkers:
default: 0
description: Number of workers for Nova services.
type: number
MonitoringSubscriptionNovaConductor:
default: 'overcloud-nova-conductor'
type: string
UpgradeLevelNovaCompute:
type: string
description: Nova Compute upgrade level
default: ''
conditions:
nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]}
resources:
ContainersCommon:
type: ./containers-common.yaml
type: ../../docker/services/containers-common.yaml
MySQLClient:
type: ../../deployment/database/mysql-client.yaml
NovaConductorBase:
type: ../../puppet/services/nova-conductor.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
NovaLogging:
type: OS::TripleO::Services::Logging::NovaCommon
properties:
DockerNovaImage: {get_param: DockerNovaConductorImage}
NovaServiceName: 'conductor'
NovaBase:
type: ../../puppet/services/nova-base.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Nova Conductor service.
value:
service_name: {get_attr: [NovaConductorBase, role_data, service_name]}
service_name: nova_conductor
config_settings:
map_merge:
- {get_attr: [NovaConductorBase, role_data, config_settings]}
- {get_attr: [NovaBase, role_data, config_settings]}
- {get_attr: [NovaLogging, config_settings]}
-
if:
- nova_workers_zero
- {}
- nova::conductor::workers: {get_param: NovaWorkers}
service_config_settings:
map_merge:
- get_attr: [NovaConductorBase, role_data, service_config_settings]
- fluentd:
tripleo_fluentd_groups_nova_conductor:
- nova
tripleo_fluentd_sources_nova_conductor:
- {get_param: NovaConductorLoggingSource}
fluentd:
tripleo_fluentd_groups_nova_conductor:
- nova
tripleo_fluentd_sources_nova_conductor:
- {get_param: NovaConductorLoggingSource}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: nova
@ -95,7 +111,7 @@ outputs:
step_config:
list_join:
- "\n"
- - {get_attr: [NovaConductorBase, role_data, step_config]}
- - include tripleo::profile::base::nova::conductor
- {get_attr: [MySQLClient, role_data, step_config]}
config_image: {get_param: DockerNovaConfigImage}
kolla_config:
@ -129,7 +145,7 @@ outputs:
- yaql:
expression: str($.data.port)
data:
port: {get_attr: [NovaConductorBase, role_data, config_settings, 'nova::rabbit_port']}
port: {get_attr: [NovaBase, role_data, config_settings, 'nova::rabbit_port']}
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
@ -148,6 +164,18 @@ outputs:
persistent: yes
state: yes
upgrade_tasks:
- name: Stop nova_conductor service
when: step|int == 1
service: name=openstack-nova-conductor state=stopped
# If not already set by puppet (e.g a pre-ocata version), set the
# upgrade_level for compute to "auto"
- name: Set compute upgrade level to auto
when: step|int == 1
ini_file:
str_replace:
template: "dest=/etc/nova/nova.conf section=upgrade_levels option=compute value=LEVEL"
params:
LEVEL: {get_param: UpgradeLevelNovaCompute}
- when: step|int == 3
block:
- name: Set fact for removal of openstack-nova-conductor package

119
docker/services/nova-placement.yaml → deployment/nova/nova-placement-container-puppet.yaml
View File

@ -48,50 +48,127 @@ parameters:
default: false
description: Remove package if the service is being disabled during upgrade
type: boolean
NovaWorkers:
default: 0
description: Number of workers for Nova services.
type: number
NovaPassword:
description: The password for the nova service and db account
type: string
hidden: true
KeystoneRegion:
type: string
default: 'regionOne'
description: Keystone region for endpoint
MonitoringSubscriptionNovaPlacement:
default: 'overcloud-nova-placement'
type: string
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]}
resources:
ContainersCommon:
type: ./containers-common.yaml
type: ../../docker/services/containers-common.yaml
MySQLClient:
type: ../../deployment/database/mysql-client.yaml
NovaPlacementBase:
type: ../../puppet/services/nova-placement.yaml
NovaPlacementLogging:
type: OS::TripleO::Services::Logging::NovaPlacement
ApacheServiceBase:
type: ../../puppet/services/apache.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
EnableInternalTLS: {get_param: EnableInternalTLS}
NovaPlacementLogging:
type: OS::TripleO::Services::Logging::NovaPlacement
NovaBase:
type: ../../puppet/services/nova-base.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Nova Placement API role.
value:
service_name: {get_attr: [NovaPlacementBase, role_data, service_name]}
service_name: nova_placement
config_settings:
map_merge:
- get_attr: [NovaPlacementBase, role_data, config_settings]
- get_attr: [NovaBase, role_data, config_settings]
- get_attr: [NovaPlacementLogging, config_settings]
- apache::default_vhost: false
- get_attr: [ApacheServiceBase, role_data, config_settings]
- tripleo::nova_placement::firewall_rules:
'138 nova_placement':
dport:
- 8778
- 13778
nova::keystone::authtoken::project_name: 'service'
nova::keystone::authtoken::password: {get_param: NovaPassword}
nova::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
nova::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
nova::wsgi::apache_placement::api_port: '8778'
nova::wsgi::apache_placement::ssl: {get_param: EnableInternalTLS}
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
nova::wsgi::apache_placement::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NovaPlacementNetwork]}
nova::wsgi::apache_placement::servername:
str_replace:
template:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NovaPlacementNetwork]}
-
if:
- nova_workers_zero
- {}
- nova::wsgi::apache_placement::workers: {get_param: NovaWorkers}
service_config_settings:
map_merge:
- get_attr: [NovaPlacementBase, role_data, service_config_settings]
- fluentd:
tripleo_fluentd_groups_nova_placement:
- nova
tripleo_fluentd_sources_nova_placement:
- {get_param: NovaPlacementLoggingSource}
fluentd:
tripleo_fluentd_groups_nova_placement:
- nova
tripleo_fluentd_sources_nova_placement:
- {get_param: NovaPlacementLoggingSource}
keystone:
nova::keystone::auth_placement::tenant: 'service'
nova::keystone::auth_placement::public_url: {get_param: [EndpointMap, NovaPlacementPublic, uri]}
nova::keystone::auth_placement::internal_url: {get_param: [EndpointMap, NovaPlacementInternal, uri]}
nova::keystone::auth_placement::admin_url: {get_param: [EndpointMap, NovaPlacementAdmin, uri]}
nova::keystone::auth_placement::password: {get_param: NovaPassword}
nova::keystone::auth_placement::region: {get_param: KeystoneRegion}
mysql:
map_merge:
- {get_attr: [NovaBase, role_data, service_config_settings, mysql]}
- nova::db::mysql_placement::password: {get_param: NovaPassword}
nova::db::mysql_placement::user: nova_placement
nova::db::mysql_placement::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
nova::db::mysql_placement::dbname: nova_placement
nova::db::mysql_placement::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: nova_placement
@ -99,7 +176,7 @@ outputs:
step_config:
list_join:
- "\n"
- - {get_attr: [NovaPlacementBase, role_data, step_config]}
- - include tripleo::profile::base::nova::placement
- {get_attr: [MySQLClient, role_data, step_config]}
config_image: {get_param: DockerNovaPlacementConfigImage}
kolla_config:
@ -150,8 +227,6 @@ outputs:
- ''
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
metadata_settings:
get_attr: [NovaPlacementBase, role_data, metadata_settings]
host_prep_tasks:
- {get_attr: [NovaPlacementLogging, host_prep_tasks]}
- name: create persistent directory
@ -160,6 +235,14 @@ outputs:
state: directory
setype: svirt_sandbox_file_t
upgrade_tasks:
- name: Stop nova_placement service (running under httpd)
when: step|int == 1
service: name=httpd state=stopped
# The nova placement API isn't installed in newton images, so install
# it on upgrade
- name: Install nova-placement packages on upgrade
when: step|int == 3
package: name=openstack-nova-placement-api state=latest
- when: step|int == 3
block:
- name: Set fact for removal of httpd package

93
docker/services/nova-scheduler.yaml → deployment/nova/nova-scheduler-container-puppet.yaml
View File

@ -45,48 +45,94 @@ parameters:
default: false
description: Remove package if the service is being disabled during upgrade
type: boolean
NovaSchedulerAvailableFilters:
default: []
description: List of scheduler available filters
type: comma_delimited_list
NovaSchedulerDefaultFilters:
type: comma_delimited_list
default: []
description: >
An array of filters used by Nova to filter a node.These filters will be
applied in the order they are listed, so place your most restrictive
filters first to make the filtering process more efficient.
NovaSchedulerMaxAttempts:
type: number
default: 3
description: >
Maximum number of attempts the scheduler will make when deploying the
instance. You should keep it greater or equal to the number of bare
metal nodes you expect to deploy at once to work around potential race
conditions when scheduling.
MonitoringSubscriptionNovaScheduler:
default: 'overcloud-nova-scheduler'
type: string
NovaSchedulerDiscoverHostsInCellsInterval:
type: number
default: -1
description: >
This value controls how often (in seconds) the scheduler should
attempt to discover new hosts that have been added to cells.
The default value of -1 disables the periodic task completely.
It is recommended to set this parameter for deployments using Ironic.
NovaSchedulerWorkers:
default: 0
description: Number of workers for Nova Scheduler services.
type: number
conditions:
nova_scheduler_workers_zero: {equals : [{get_param: NovaSchedulerWorkers}, 0]}
resources:
ContainersCommon:
type: ./containers-common.yaml
type: ../../docker/services/containers-common.yaml
MySQLClient:
type: ../../deployment/database/mysql-client.yaml
NovaSchedulerBase:
type: ../../puppet/services/nova-scheduler.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
NovaLogging:
type: OS::TripleO::Services::Logging::NovaCommon
properties:
DockerNovaImage: {get_param: DockerNovaSchedulerImage}
NovaServiceName: 'scheduler'
NovaBase:
type: ../../puppet/services/nova-base.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Nova Scheduler service.
value:
service_name: {get_attr: [NovaSchedulerBase, role_data, service_name]}
service_name: nova_scheduler
config_settings:
map_merge:
- {get_attr: [NovaSchedulerBase, role_data, config_settings]}
- {get_attr: [NovaBase, role_data, config_settings]}
- {get_attr: [NovaLogging, config_settings]}
- nova::ram_allocation_ratio: '1.0'
nova::scheduler::filter::scheduler_available_filters: {get_param: NovaSchedulerAvailableFilters}
nova::scheduler::filter::scheduler_default_filters: {get_param: NovaSchedulerDefaultFilters}
nova::scheduler::filter::scheduler_max_attempts: {get_param: NovaSchedulerMaxAttempts}
nova::scheduler::discover_hosts_in_cells_interval: {get_param: NovaSchedulerDiscoverHostsInCellsInterval}
-
if:
- nova_scheduler_workers_zero
- {}
- nova::scheduler::workers: {get_param: NovaSchedulerWorkers}
service_config_settings:
map_merge:
- get_attr: [NovaSchedulerBase, role_data, service_config_settings]
- fluentd:
tripleo_fluentd_groups_nova_scheduler:
- nova
tripleo_fluentd_sources_nova_scheduler:
- {get_param: NovaSchedulerLoggingSource}
fluentd:
tripleo_fluentd_groups_nova_scheduler:
- nova
tripleo_fluentd_sources_nova_scheduler:
- {get_param: NovaSchedulerLoggingSource}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: nova
@ -94,7 +140,7 @@ outputs:
step_config:
list_join:
- "\n"
- - {get_attr: [NovaSchedulerBase, role_data, step_config]}
- - include tripleo::profile::base::nova::scheduler
- {get_attr: [MySQLClient, role_data, step_config]}
config_image: {get_param: DockerNovaConfigImage}
kolla_config:
@ -128,7 +174,7 @@ outputs:
- yaql:
expression: str($.data.port)
data:
port: {get_attr: [NovaSchedulerBase, role_data, config_settings, 'nova::rabbit_port']}
port: {get_attr: [NovaBase, role_data, config_settings, 'nova::rabbit_port']}
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
@ -148,6 +194,9 @@ outputs:
persistent: yes
state: yes
upgrade_tasks:
- name: Stop nova_scheduler service
when: step|int == 1
service: name=openstack-nova-scheduler state=stopped
- when: step|int == 3
block:
- name: Set fact for removal of openstack-nova-scheduler package

2
docker/services/novajoin.yaml → deployment/nova/novajoin-container-puppet.yaml
View File

@ -82,7 +82,7 @@ parameters:
resources:
ContainersCommon:
type: ./containers-common.yaml
type: ../../docker/services/containers-common.yaml
outputs:
role_data:

8
environments/baremetal-services.yaml
View File

@ -37,15 +37,15 @@ resource_registry:
OS::TripleO::Services::NeutronMetadataAgent: ../deployment/neutron/neutron-metadata-container-puppet.yaml
OS::TripleO::Services::NeutronOvsAgent: ../deployment/neutron/neutron-ovs-agent-container-puppet.yaml
OS::TripleO::Services::NeutronServer: ../deployment/neutron/neutron-api-container-puppet.yaml
OS::TripleO::Services::NovaApi: ../puppet/services/nova-api.yaml
OS::TripleO::Services::NovaApi: ../deployment/nova/nova-api-container-puppet.yaml
OS::TripleO::Services::NovaCompute: ../deployment/nova/nova-compute-container-puppet.yaml
OS::TripleO::Services::NovaConductor: ../puppet/services/nova-conductor.yaml
OS::TripleO::Services::NovaConductor: ../deployment/nova/nova-conductor-container-puppet.yaml
OS::TripleO::Services::NovaConsoleauth: ../deployment/nova/nova-consoleauth.yaml
OS::TripleO::Services::NovaLibvirt: ../deployment/nova/nova-libvirt-container-puppet.yaml
OS::TripleO::Services::NovaMetadata: ../deployment/nova/nova-metadata-container-puppet.yaml
OS::TripleO::Services::NovaMigrationTarget: ../deployment/nova/nova-migration-target-container-puppet.yaml
OS::TripleO::Services::NovaPlacement: ../puppet/services/nova-placement.yaml
OS::TripleO::Services::NovaScheduler: ../puppet/services/nova-scheduler.yaml
OS::TripleO::Services::NovaPlacement: ../deployment/nova/nova-placement-container-puppet.yaml
OS::TripleO::Services::NovaScheduler: ../deployment/nova/nova-scheduler-container-puppet.yaml
OS::TripleO::Services::NovaVncProxy: ../deployment/nova/nova-vnc-proxy-container-puppet.yaml
OS::TripleO::Services::PankoApi: ../deployment/panko/panko-api-container-puppet.yaml
OS::TripleO::Services::Qdr: OS::Heat::None

2
environments/services/novajoin.yaml
View File

@ -1,4 +1,4 @@
# A Heat environment file which can be used to enable
# Barbican with the default secret store backend.
resource_registry:
OS::TripleO::Services::Novajoin: ../../docker/services/novajoin.yaml
OS::TripleO::Services::Novajoin: ../../deployment/nova/novajoin-container-puppet.yaml

8
overcloud-resource-registry-puppet.j2.yaml
View File

@ -191,16 +191,16 @@ resource_registry:
OS::TripleO::Services::SELinux: OS::Heat::None
OS::TripleO::Services::Sshd: deployment/sshd/sshd-baremetal-puppet.yaml
OS::TripleO::Services::Redis: docker/services/database/redis.yaml
OS::TripleO::Services::NovaApi: docker/services/nova-api.yaml
OS::TripleO::Services::NovaApi: deployment/nova/nova-api-container-puppet.yaml
OS::TripleO::Services::NovaCompute: deployment/nova/nova-compute-container-puppet.yaml
OS::TripleO::Services::NovaConductor: docker/services/nova-conductor.yaml
OS::TripleO::Services::NovaConductor: deployment/nova/nova-conductor-container-puppet.yaml
OS::TripleO::Services::NovaConsoleauth: deployment/nova/nova-consoleauth-container-puppet.yaml
OS::TripleO::Services::NovaLibvirt: deployment/nova/nova-libvirt-container-puppet.yaml
OS::TripleO::Services::NovaLibvirtGuests: deployment/nova/nova-libvirt-guests-container-puppet.yaml
OS::TripleO::Services::NovaMetadata: deployment/nova/nova-metadata-container-puppet.yaml
OS::TripleO::Services::NovaMigrationTarget: deployment/nova/nova-migration-target-container-puppet.yaml
OS::TripleO::Services::NovaPlacement: docker/services/nova-placement.yaml
OS::TripleO::Services::NovaScheduler: docker/services/nova-scheduler.yaml
OS::TripleO::Services::NovaPlacement: deployment/nova/nova-placement-container-puppet.yaml
OS::TripleO::Services::NovaScheduler: deployment/nova/nova-scheduler-container-puppet.yaml
OS::TripleO::Services::NovaVncProxy: deployment/nova/nova-vnc-proxy-container-puppet.yaml
OS::TripleO::Services::Novajoin: OS::Heat::None
OS::TripleO::Services::ContainersLogrotateCrond: docker/services/logrotate-crond.yaml

338
puppet/services/nova-api.yaml
View File

@ -1,338 +0,0 @@
heat_template_version: rocky
description: >
OpenStack Nova API service configured with Puppet
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
NovaWorkers:
default: 0
description: Number of workers for Nova services.
type: number
NovaPassword:
description: The password for the nova service and db account
type: string
hidden: true
KeystoneRegion:
type: string
default: 'regionOne'
description: Keystone region for endpoint
NeutronMetadataProxySharedSecret:
description: Shared secret to prevent spoofing
type: string
hidden: true
InstanceNameTemplate:
default: 'instance-%08x'
description: Template string to be used to generate instance names
type: string
NovaEnableDBPurge:
default: true
description: |
Whether to create cron job for purging soft deleted rows in Nova database.
type: boolean
NovaEnableDBArchive:
default: true
description: |
Whether to create cron job for archiving soft deleted rows in Nova database.
type: boolean
MonitoringSubscriptionNovaApi:
default: 'overcloud-nova-api'
type: string
NovaApiLoggingSource:
type: json
default:
tag: openstack.nova.api
path: /var/log/nova/nova-api.log
EnableInternalTLS:
type: boolean
default: false
NovaDefaultFloatingPool:
default: 'public'
description: Default pool for floating IP addresses
type: string
NovaDbSyncTimeout:
default: 300
description: Timeout for Nova db sync
type: number
NovaApiPolicies:
description: |
A hash of policies to configure for Nova API.
e.g. { nova-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
default: {}
type: json
NovaCronDBArchivedMinute:
type: string
description: >
Cron to move deleted instances to another table that doesn't need backup - Minute
default: '1'
NovaCronDBArchivedHour:
type: string
description: >
Cron to move deleted instances to another table that doesn't need backup - Hour
default: '0'
NovaCronDBArchivedMonthday:
type: string
description: >
Cron to move deleted instances to another table that doesn't need backup - Month Day
default: '*'
NovaCronDBArchivedMonth:
type: string
description: >
Cron to move deleted instances to another table that doesn't need backup - Month
default: '*'
NovaCronDBArchivedWeekday:
type: string
description: >
Cron to move deleted instances to another table that doesn't need backup - Week Day
default: '*'
conditions:
nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]}
is_neutron_shared_metadata_notempty: {not: {equals: [{get_param: NeutronMetadataProxySharedSecret}, '']}}
resources:
ApacheServiceBase:
type: ./apache.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
EnableInternalTLS: {get_param: EnableInternalTLS}
NovaBase:
type: ./nova-base.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Nova API service.
value:
service_name: nova_api
monitoring_subscription: {get_param: MonitoringSubscriptionNovaApi}
config_settings:
map_merge:
- get_attr: [NovaBase, role_data, config_settings]
- get_attr: [ApacheServiceBase, role_data, config_settings]
- nova::cron::archive_deleted_rows::hour: '*/12'
nova::cron::archive_deleted_rows::destination: '/dev/null'
tripleo::nova_api::firewall_rules:
'113 nova_api':
dport:
- 8774
- 13774
nova::keystone::authtoken::project_name: 'service'
nova::keystone::authtoken::user_domain_name: 'Default'
nova::keystone::authtoken::project_domain_name: 'Default'
nova::keystone::authtoken::password: {get_param: NovaPassword}
nova::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
nova::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
nova::api::enabled: true
nova::api::default_floating_pool: {get_param: NovaDefaultFloatingPool}
nova::api::sync_db_api: true
nova::api::enable_proxy_headers_parsing: true
nova::api::api_bind_address:
str_replace:
template:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
nova_wsgi_enabled: true
nova::api::service_name: 'httpd'
nova::wsgi::apache_api::ssl: {get_param: EnableInternalTLS}
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
nova::wsgi::apache_api::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
nova::wsgi::apache_api::servername:
str_replace:
template:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
nova::api::instance_name_template: {get_param: InstanceNameTemplate}
nova_enable_db_purge: {get_param: NovaEnableDBPurge}
nova::cron::archive_deleted_rows::minute: {get_param: NovaCronDBArchivedMinute}
nova::cron::archive_deleted_rows::hour: {get_param: NovaCronDBArchivedHour}
nova::cron::archive_deleted_rows::monthday: {get_param: NovaCronDBArchivedMonthday}
nova::cron::archive_deleted_rows::month: {get_param: NovaCronDBArchivedMonth}
nova::cron::archive_deleted_rows::weekday: {get_param: NovaCronDBArchivedWeekday}
nova_enable_db_archive: {get_param: NovaEnableDBArchive}
nova::policy::policies: {get_param: NovaApiPolicies}
-
if:
- nova_workers_zero
- {}
- nova::api::osapi_compute_workers: {get_param: NovaWorkers}
nova::wsgi::apache_api::workers: {get_param: NovaWorkers}
-
if:
- is_neutron_shared_metadata_notempty
- nova::api::neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
- {}
step_config: |
include tripleo::profile::base::nova::api
service_config_settings:
fluentd:
tripleo_fluentd_groups_nova_api:
- nova
tripleo_fluentd_sources_nova_api:
- {get_param: NovaApiLoggingSource}
mysql:
map_merge:
- {get_attr: [NovaBase, role_data, service_config_settings, mysql]}
- nova::db::mysql::password: {get_param: NovaPassword}
nova::db::mysql::user: nova
nova::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
nova::db::mysql::dbname: nova
nova::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
nova::db::mysql_api::password: {get_param: NovaPassword}
nova::db::mysql_api::user: nova_api
nova::db::mysql_api::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
nova::db::mysql_api::dbname: nova_api
nova::db::mysql_api::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
keystone:
nova::keystone::auth::tenant: 'service'
nova::keystone::auth::public_url: {get_param: [EndpointMap, NovaPublic, uri]}
nova::keystone::auth::internal_url: {get_param: [EndpointMap, NovaInternal, uri]}
nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]}
nova::keystone::auth::password: {get_param: NovaPassword}
nova::keystone::auth::region: {get_param: KeystoneRegion}
metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks:
list_concat:
- get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
-
- name: set is_nova_api_bootstrap_node fact
tags: common
set_fact: is_nova_api_bootstrap_node={{nova_api_short_bootstrap_node_name|lower == ansible_hostname|lower}}
- name: Extra migration for nova tripleo/+bug/1656791
tags: pre-upgrade
when:
- step|int == 0
- is_nova_api_bootstrap_node|bool
command: nova-manage db online_data_migrations
- name: Stop and disable nova_api service (pre-upgrade not under httpd)
when: step|int == 2
service: name=openstack-nova-api state=stopped enabled=no
- name: Create puppet manifest to set transport_url in nova.conf
when:
- step|int == 5
- is_nova_api_bootstrap_node|bool
copy:
dest: /root/nova-api_upgrade_manifest.pp
mode: 0600
content: >
$transport_url = os_transport_url({
'transport' => hiera('oslo_messaging_rpc_scheme', 'rabbit'),
'hosts' => any2array(hiera('oslo_messaging_rpc_node_names', undef)),
'port' => sprintf('%s',hiera('oslo_messaging_rpc_port', '5672') ),
'username' => hiera('oslo_messaging_rpc_user_name', 'guest'),
'password' => hiera('oslo_messaging_rpc_password'),
'ssl' => sprintf('%s', bool2num(str2bool(hiera('oslo_messaging_rpc_use_ssl', '0'))))
})
oslo::messaging::default { 'nova_config':
transport_url => $transport_url
}
- name: Run puppet apply to set tranport_url in nova.conf
when:
- step|int == 5
- is_nova_api_bootstrap_node|bool
command: puppet apply --summarize --modulepath /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules --detailed-exitcodes /root/nova-api_upgrade_manifest.pp
register: puppet_apply_nova_api_upgrade
failed_when: puppet_apply_nova_api_upgrade.rc not in [0,2]
changed_when: puppet_apply_nova_api_upgrade.rc == 2
- name: Setup cell_v2 (map cell0)
when:
- step|int == 5
- is_nova_api_bootstrap_node|bool
shell: nova-manage cell_v2 map_cell0 --database_connection=$(hiera nova::cell0_database_connection)
- name: Setup cell_v2 (create default cell)
when:
- step|int == 5
- is_nova_api_bootstrap_node|bool
# (owalsh) puppet-nova expects the cell name 'default'
# (owalsh) pass the db uri explicitly to avoid https://bugs.launchpad.net/tripleo/+bug/1662344
shell: nova-manage cell_v2 create_cell --name='default' --database_connection=$(hiera nova::database_connection)
register: nova_api_create_cell
failed_when: nova_api_create_cell.rc not in [0,2]
changed_when: nova_api_create_cell.rc == 0
- name: Setup cell_v2 (sync nova/cell DB)
when:
- step|int == 5
- is_nova_api_bootstrap_node|bool
command: nova-manage db sync
async: {get_param: NovaDbSyncTimeout}
poll: 10
- name: Setup cell_v2 (get cell uuid)
when:
- step|int == 5
- is_nova_api_bootstrap_node|bool
shell: nova-manage cell_v2 list_cells | sed -e '1,3d' -e '$d' | awk -F ' *| *' '$2 == "default" {print $4}'
register: nova_api_cell_uuid
- name: Setup cell_v2 (migrate hosts)
when:
- step|int == 5
- is_nova_api_bootstrap_node|bool
command: nova-manage cell_v2 discover_hosts --cell_uuid {{nova_api_cell_uuid.stdout}} --verbose
- name: Setup cell_v2 (migrate instances)
when:
- step|int == 5
- is_nova_api_bootstrap_node|bool
command: nova-manage cell_v2 map_instances --cell_uuid {{nova_api_cell_uuid.stdout}}
- name: Sync nova_api DB
command: nova-manage api_db sync
when:
- step|int == 5
- is_nova_api_bootstrap_node|bool
- name: Online data migration for nova
when:
- step|int == 5
- is_nova_api_bootstrap_node|bool
command: nova-manage db online_data_migrations

98
puppet/services/nova-conductor.yaml
View File

@ -1,98 +0,0 @@
heat_template_version: rocky
description: >
OpenStack Nova Conductor service configured with Puppet
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
NovaWorkers:
default: 0
description: Number of workers for Nova services.
type: number
NovaConductorLoggingSource:
type: json
default:
tag: openstack.nova.conductor
path: /var/log/nova/nova-conductor.log
MonitoringSubscriptionNovaConductor:
default: 'overcloud-nova-conductor'
type: string
UpgradeLevelNovaCompute:
type: string
description: Nova Compute upgrade level
default: ''
conditions:
nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]}
resources:
NovaBase:
type: ./nova-base.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Nova Conductor service.
value:
service_name: nova_conductor
monitoring_subscription: {get_param: MonitoringSubscriptionNovaConductor}
config_settings:
map_merge:
- get_attr: [NovaBase, role_data, config_settings]
-
if:
- nova_workers_zero
- {}
- nova::conductor::workers: {get_param: NovaWorkers}
service_config_settings:
fluentd:
tripleo_fluentd_groups_nova_conductor:
- nova
tripleo_fluentd_sources_nova_conductor:
- {get_param: NovaConductorLoggingSource}
step_config: |
include tripleo::profile::base::nova::conductor
upgrade_tasks:
- name: Stop nova_conductor service
when: step|int == 1
service: name=openstack-nova-conductor state=stopped
# If not already set by puppet (e.g a pre-ocata version), set the
# upgrade_level for compute to "auto"
- name: Set compute upgrade level to auto
when: step|int == 1
ini_file:
str_replace:
template: "dest=/etc/nova/nova.conf section=upgrade_levels option=compute value=LEVEL"
params:
LEVEL: {get_param: UpgradeLevelNovaCompute}

159
puppet/services/nova-placement.yaml
View File

@ -1,159 +0,0 @@
heat_template_version: rocky
description: >
OpenStack Nova Placement API service configured with Puppet
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
NovaWorkers:
default: 0
description: Number of workers for Nova services.
type: number
NovaPassword:
description: The password for the nova service and db account
type: string
hidden: true
KeystoneRegion:
type: string
default: 'regionOne'
description: Keystone region for endpoint
MonitoringSubscriptionNovaPlacement:
default: 'overcloud-nova-placement'
type: string
NovaPlacementLoggingSource:
type: json
default:
tag: openstack.nova.placement
path: /var/log/httpd/nova_placement_wsgi_error_ssl.log
EnableInternalTLS:
type: boolean
default: false
conditions:
nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]}
resources:
ApacheServiceBase:
type: ./apache.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
EnableInternalTLS: {get_param: EnableInternalTLS}
NovaBase:
type: ./nova-base.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Nova Placement API service.
value:
service_name: nova_placement
monitoring_subscription: {get_param: MonitoringSubscriptionNovaPlacement}
config_settings:
map_merge:
- get_attr: [NovaBase, role_data, config_settings]
- get_attr: [ApacheServiceBase, role_data, config_settings]
- tripleo::nova_placement::firewall_rules:
'138 nova_placement':
dport:
- 8778
- 13778
nova::keystone::authtoken::project_name: 'service'
nova::keystone::authtoken::password: {get_param: NovaPassword}
nova::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
nova::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
nova::wsgi::apache_placement::api_port: '8778'
nova::wsgi::apache_placement::ssl: {get_param: EnableInternalTLS}
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
nova::wsgi::apache_placement::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NovaPlacementNetwork]}
nova::wsgi::apache_placement::servername:
str_replace:
template:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NovaPlacementNetwork]}
-
if:
- nova_workers_zero
- {}
- nova::wsgi::apache_placement::workers: {get_param: NovaWorkers}
step_config: |
include tripleo::profile::base::nova::placement
service_config_settings:
fluentd:
tripleo_fluentd_groups_nova_placement:
- nova
tripleo_fluentd_sources_nova_placement:
- {get_param: NovaPlacementLoggingSource}
keystone:
nova::keystone::auth_placement::tenant: 'service'
nova::keystone::auth_placement::public_url: {get_param: [EndpointMap, NovaPlacementPublic, uri]}
nova::keystone::auth_placement::internal_url: {get_param: [EndpointMap, NovaPlacementInternal, uri]}
nova::keystone::auth_placement::admin_url: {get_param: [EndpointMap, NovaPlacementAdmin, uri]}
nova::keystone::auth_placement::password: {get_param: NovaPassword}
nova::keystone::auth_placement::region: {get_param: KeystoneRegion}
mysql:
map_merge:
- {get_attr: [NovaBase, role_data, service_config_settings, mysql]}
- nova::db::mysql_placement::password: {get_param: NovaPassword}
nova::db::mysql_placement::user: nova_placement
nova::db::mysql_placement::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
nova::db::mysql_placement::dbname: nova_placement
nova::db::mysql_placement::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
upgrade_tasks:
- name: Stop nova_placement service (running under httpd)
when: step|int == 1
service: name=httpd state=stopped
# The nova placement API isn't installed in newton images, so install
# it on upgrade
- name: Install nova-placement packages on upgrade
when: step|int == 3
package: name=openstack-nova-placement-api state=latest

118
puppet/services/nova-scheduler.yaml
View File

@ -1,118 +0,0 @@
heat_template_version: rocky
description: >
OpenStack Nova Scheduler service configured with Puppet
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
NovaSchedulerAvailableFilters:
default: []
description: List of scheduler available filters
type: comma_delimited_list
NovaSchedulerDefaultFilters:
type: comma_delimited_list
default: []
description: >
An array of filters used by Nova to filter a node.These filters will be
applied in the order they are listed, so place your most restrictive
filters first to make the filtering process more efficient.
NovaSchedulerMaxAttempts:
type: number
default: 3
description: >
Maximum number of attempts the scheduler will make when deploying the
instance. You should keep it greater or equal to the number of bare
metal nodes you expect to deploy at once to work around potential race
conditions when scheduling.
MonitoringSubscriptionNovaScheduler:
default: 'overcloud-nova-scheduler'
type: string
NovaSchedulerLoggingSource:
type: json
default:
tag: openstack.nova.scheduler
path: /var/log/nova/nova-scheduler.log
NovaSchedulerDiscoverHostsInCellsInterval:
type: number
default: -1
description: >
This value controls how often (in seconds) the scheduler should
attempt to discover new hosts that have been added to cells.
The default value of -1 disables the periodic task completely.
It is recommended to set this parameter for deployments using Ironic.
NovaSchedulerWorkers:
default: 0
description: Number of workers for Nova Scheduler services.
type: number
conditions:
nova_scheduler_workers_zero: {equals : [{get_param: NovaSchedulerWorkers}, 0]}
resources:
NovaBase:
type: ./nova-base.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Nova Scheduler service.
value:
service_name: nova_scheduler
monitoring_subscription: {get_param: MonitoringSubscriptionNovaScheduler}
config_settings:
map_merge:
- get_attr: [NovaBase, role_data, config_settings]
- nova::ram_allocation_ratio: '1.0'
nova::scheduler::filter::scheduler_available_filters: {get_param: NovaSchedulerAvailableFilters}
nova::scheduler::filter::scheduler_default_filters: {get_param: NovaSchedulerDefaultFilters}
nova::scheduler::filter::scheduler_max_attempts: {get_param: NovaSchedulerMaxAttempts}
nova::scheduler::discover_hosts_in_cells_interval: {get_param: NovaSchedulerDiscoverHostsInCellsInterval}
-
if:
- nova_scheduler_workers_zero
- {}
- nova::scheduler::workers: {get_param: NovaSchedulerWorkers}
service_config_settings:
fluentd:
tripleo_fluentd_groups_nova_scheduler:
- nova
tripleo_fluentd_sources_nova_scheduler:
- {get_param: NovaSchedulerLoggingSource}
step_config: |
include tripleo::profile::base::nova::scheduler
upgrade_tasks:
- name: Stop nova_scheduler service
when: step|int == 1
service: name=openstack-nova-scheduler state=stopped