openstack
/
tripleo-heat-templates
Code Issues Proposed changes

Use Ansible for vip_data hieradata 

Migrates the vip_data hieradata to the tripleo-hieradata role which will
use a jinja2 template to create this file on the deployed nodes. Allows
for removing the AllNodesConfig resource/template completely.

Change-Id: I5412f26423a1739088f12705fa47bac2377b9817
Depends-On: Iaf91f36a189d8e00627c21f14ca992a4d60fa10f
This commit is contained in:
James Slagle 2019-06-19 17:09:28 -04:00
parent 4c34147cc1
commit a766106574
5 changed files with 73 additions and 202 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
common/deploy-steps.j2
View File

@ -116,9 +116,6 @@ parameters:
type: json
default: {}
{%- for role in roles %}
{{role.name}}AllNodesDeploymentHieradata:
type: json
default: {}
{{role.name}}DeploymentHieradata:
type: json
default: {}
@ -188,6 +185,23 @@ parameters:
EnabledServices:
default: []
type: comma_delimited_list
ControlVirtualIP:
type: string
EnabledNetworks:
type: comma_delimited_list
NetVipMap:
type: json
{%- for network in networks if network.enabled|default(true) %}
{{network.name}}NetName:
default: {{network.name_lower}}
description: The name of the {{network.name_lower}} network.
type: string
{%- endfor %}
CloudNames:
type: json
EnableInternalTLS:
type: boolean
default: false
conditions:
{% for role in enabled_roles %}
@ -326,6 +340,27 @@ outputs:
stack_update_type: {get_param: StackUpdateType}
container_cli: {get_param: ContainerCli}
enabled_services: {get_param: EnabledServices}
control_virtual_ip: {get_param: ControlVirtualIP}
enabled_networks: {get_param: EnabledNetworks}
net_vip_map: {get_param: NetVipMap}
{%- for network in networks if network.enabled|default(true) %}
{{network.name_lower}}_net_name: {get_param: {{network.name}}NetName}
{%- endfor %}
network_virtual_ips:
ctlplane:
ip_address: {get_param: [NetVipMap, ctlplane]}
index: 1
{%- for network in networks if network.vip|default(false) and network.enabled|default(true) %}
# External virtual ip is currently being handled separately as public_virtual_ip.
# Likewise, optional StorageNFS virtual ip is handled separately as ganesha_vip.
{%- if network.name != 'External' and network.name != 'StorageNFS' %}
{{network.name_lower}}:
ip_address: {get_param: [NetVipMap, {get_param: {{network.name}}NetName}]}
index: {{loop.index + 1}}
{%- endif %}
{%- endfor %}
cloud_names: {get_param: CloudNames}
enable_internal_tls: {get_param: EnableInternalTLS}
common_deploy_steps_tasks: {get_file: deploy-steps-tasks.yaml}
docker_puppet_script: {get_file: ./container-puppet.py}
all_nodes_validation_script.sh : {get_file: ../validation-scripts/all-nodes.sh}
@ -456,16 +491,6 @@ outputs:
any_errors_fatal: yes
tasks:
{%- for role in roles %}
- name: AllNodesDeployment hieradata
include_role:
name: tripleo-hieradata
vars:
hieradata_template: "{{role.name}}/all-nodes-deployment-hieradata.j2.yaml"
hieradata_variable_start_string: $$
hieradata_variable_end_string: $$
hieradata_files: "{{ '{{' }} lookup('file', '{{role.name}}/deployment-hierarchy.yaml') {{ '}}' }}"
when: tripleo_role_name == '{{role.name}}'
- name: Deployment hieradata
include_role:
name: tripleo-hieradata
@ -505,6 +530,7 @@ outputs:
hieradata_templates_list:
- bootstrap_node
- all_nodes
- vip_data
when: tripleo_role_name == '{{role.name}}'
tags:
- overcloud
@ -757,10 +783,6 @@ outputs:
external_deploy_steps_tasks: {get_attr: [ExternalDeployTasks, value]}
external_post_deploy_steps_tasks: {get_attr: [ExternalPostDeployTasks, value]}
{%- for role in roles %}
# TODO (slagle): temporarily write the path with a .yaml extension until
# https://review.opendev.org/#/c/663736 merges. Once merged, this can be
# removed.
{{role.name}}/all-nodes-deployment-hieradata.j2.yaml: {get_param: {{role.name}}AllNodesDeploymentHieradata}
{{role.name}}/deployment-hieradata.j2.yaml: {get_param: {{role.name}}DeploymentHieradata}
{{role.name}}/deployment-hierarchy.yaml: {get_param: {{role.name}}DeploymentHierarchy}
{{role.name}}/per-host-hieradata.j2.yaml: {get_param: {{role.name}}PerHostHieradata}

1
overcloud-resource-registry-puppet.j2.yaml
View File

@ -4,7 +4,6 @@ resource_registry:
OS::Heat::SoftwareDeployment: config-download-software.yaml
OS::Heat::StructuredDeployment: config-download-structured.yaml
OS::TripleO::PostDeploySteps: common/post.yaml
OS::TripleO::AllNodes::SoftwareConfig: puppet/all-nodes-config.yaml
OS::TripleO::AllNodesDeployment: OS::Heat::None
OS::TripleO::Hosts::SoftwareConfig: hosts-config.yaml
OS::TripleO::Ssh::HostPubKey: OS::Heat::None

79
overcloud.j2.yaml
View File

@ -577,17 +577,6 @@ resources:
config: {get_resource: SshKnownHostsConfig}
servers: {get_attr: [{{role.name}}Servers, value]}
{{role.name}}AllNodesDeployment:
type: OS::TripleO::AllNodesDeployment
depends_on:
{%- for role_inner in roles %}
- {{role_inner.name}}SshKnownHostsDeployment
{%- endfor %}
properties:
name: {{role.name}}AllNodesDeployment
config: {get_attr: [{{role.name}}allNodesConfig, config_id]}
servers: {get_attr: [{{role.name}}Servers, value]}
{{role.name}}IpListMap:
type: OS::TripleO::Network::Ports::NetIpListMap
properties:
@ -752,6 +741,26 @@ resources:
- '\n'
- {get_attr: [HostsValue, value]}
CloudNames:
type: OS::Heat::Value
properties:
value:
{%- for network in networks if network.vip|default(false) and network.enabled|default(true) %}
{%- if network.name == 'External' %}
# Special case the External hostname param, which is CloudName
cloud_name_{{network.name_lower}}: {get_param: CloudName}
{%- elif network.name == 'InternalApi' %}
# Special case the Internal API hostname param, which is CloudNameInternal
cloud_name_{{network.name_lower}}: {get_param: CloudNameInternal}
{%- elif network.name == 'StorageMgmt' %}
# Special case StorageMgmt hostname param, which is CloudNameStorageManagement
cloud_name_{{network.name_lower}}: {get_param: CloudNameStorageManagement}
{%- else %}
cloud_name_{{network.name_lower}}: {get_param: CloudName{{network.name}}}
{%- endif %}
{%- endfor %}
cloud_name_ctlplane: {get_param: CloudNameCtlplane}
{%- for outer_role in roles %}
{{outer_role.name}}HieradataVars:
@ -762,34 +771,6 @@ resources:
yaql:
expression: coalesce($.data, []).first(null)
data: {get_attr: [{{outer_role.name}}, hostname]}
{{outer_role.name}}allNodesConfig:
type: OS::TripleO::AllNodes::SoftwareConfig
properties:
{%- for network in networks if network.vip|default(false) and network.enabled|default(true) %}
{%- if network.name == 'External' %}
# Special case the External hostname param, which is CloudName
cloud_name_{{network.name_lower}}: {get_param: CloudName}
{%- elif network.name == 'InternalApi' %}
# Special case the Internal API hostname param, which is CloudNameInternal
cloud_name_{{network.name_lower}}: {get_param: CloudNameInternal}
{%- elif network.name == 'StorageMgmt' %}
# Special case StorageMgmt hostname param, which is CloudNameStorageManagement
cloud_name_{{network.name_lower}}: {get_param: CloudNameStorageManagement}
{%- else %}
cloud_name_{{network.name_lower}}: {get_param: CloudName{{network.name}}}
{%- endif %}
{%- endfor %}
cloud_name_ctlplane: {get_param: CloudNameCtlplane}
enabled_services:
list_join:
- ','
{%- for role in roles %}
- {get_attr: [{{role.name}}ServiceNames, value]}
{%- endfor %}
NetVipMap: {get_attr: [VipMap, net_ip_map]}
RedisVirtualIP: {get_attr: [RedisVirtualIP, ip_address]}
ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map_lower]}
{%- endfor %}
GlobalConfig:
@ -980,9 +961,9 @@ resources:
- service_names
- service_configs
- {{role.name.lower()}}
- bootstrap_node # provided by allNodesConfig
- all_nodes # provided by allNodesConfig
- vip_data # provided by allNodesConfig
- bootstrap_node # provided by tripleo-hieradata
- all_nodes # provided by tripleo-hieradata
- vip_data # provided by tripleo-hieradata
- net_ip_map
- '"%{::osfamily}"'
# The following are required for compatibility with the Controller role
@ -1001,9 +982,6 @@ resources:
type: OS::TripleO::PostDeploySteps
depends_on:
- AllNodesExtraConfig
{%- for role in roles %}
- {{role.name}}AllNodesDeployment
{%- endfor %}
properties:
servers:
{%- for role in roles %}
@ -1020,7 +998,6 @@ resources:
ssh_known_hosts_hostnames: {get_attr: [SshKnownHostsHostnames, value]}
{%- for role in roles %}
{{role.name}}Count: {get_param: {{role.name}}Count}
{{role.name}}AllNodesDeploymentHieradata: {get_attr: [{{role.name}}allNodesConfig, all_nodes_config_hieradata]}
{{role.name}}DeploymentHieradata:
map_merge:
list_concat:
@ -1058,6 +1035,16 @@ resources:
{%- for role in roles %}
- {get_attr: [{{role.name}}ServiceNames, value]}
{%- endfor %}
ControlVirtualIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
EnabledNetworks:
{%- for network in networks if network.enabled|default(true) %}
- {{ network.name }}
{%- endfor %}
NetVipMap:
map_merge:
- {get_attr: [VipMap, net_ip_map]}
- redis: {get_attr: [RedisVirtualIP, ip_address]}
CloudNames: {get_attr: [CloudNames, value]}
DeployedServerEnvironment:
type: OS::TripleO::DeployedServerEnvironment

137
puppet/all-nodes-config.j2.yaml
View File

@ -1,137 +0,0 @@
{%- set _networks = [] -%}
{%- for network in networks if network.enabled|default(true) -%}
{%- set _networks = _networks.append(network.name) -%}
{%- endfor -%}
heat_template_version: rocky
description: 'All Nodes Config for Puppet'
parameters:
{%- for network in networks if network.vip|default(false) %}
cloud_name_{{network.name_lower}}:
type: string
{%- endfor %}
cloud_name_ctlplane:
type: string
enabled_services:
type: comma_delimited_list
NetVipMap:
type: json
RedisVirtualIP:
type: string
default: ''
ServiceNetMap:
type: json
EnableInternalTLS:
type: boolean
default: false
AllNodesExtraMapData:
type: json
default: {}
description: Map of extra data (hieradata) to set on each node.
{%- for network in networks if network.enabled|default(true) %}
{{network.name}}NetName:
default: {{network.name_lower}}
description: The name of the {{network.name_lower}} network.
type: string
{%- endfor %}
resources:
allNodesConfigDatafiles:
type: OS::Heat::Value
properties:
value:
datafiles:
all_nodes_extra_map_data: {get_parm: AllNodesExtraMapData}
vip_data:
map_merge:
# Dynamically generate per-service VIP data based on enabled_services
# This works as follows (outer->inner functions)
# yaql - filters services where no mapping exists in ServiceNetMap
# map_replace: substitute e.g internal_api with the IP from NetVipMap
# map_replace: substitute e.g heat_api_network with network name from ServiceNetMap
# map_merge/repeat: generate a per-service mapping
- yaql:
# This filters any entries where the value hasn't been substituted for
# a list, e.g it's still $service_network. This happens when there is
# no network defined for the service in the ServiceNetMap, which is OK
# as not all services have to be bound to a network, so we filter them
expression: dict($.data.map.items().where(isString($[1]) and not $[1].endsWith("_network")))
data:
map:
map_replace:
- map_replace:
- map_merge:
repeat:
template:
SERVICE_vip: SERVICE_network
for_each:
SERVICE: {get_param: enabled_services}
- values: {get_param: ServiceNetMap}
- values: {get_param: NetVipMap}
- keystone_admin_api_vip:
get_param: [NetVipMap, {get_param: [ServiceNetMap, keystone_admin_api_network]}]
keystone_public_api_vip:
get_param: [NetVipMap, {get_param: [ServiceNetMap, keystone_public_api_network]}]
{%- if 'External' in _networks %}
public_virtual_ip: {get_param: [NetVipMap, {get_param: ExternalNetName}]}
{%- else %}
public_virtual_ip: {get_param: [NetVipMap, ctlplane]}
{%- endif %}
controller_virtual_ip: {get_param: [NetVipMap, ctlplane]}
{%- if 'InternalApi' in _networks %}
# the internal_api_virtual_ip is needed for contrail only
internal_api_virtual_ip: {get_param: [NetVipMap, {get_param: InternalApiNetName}]}
{%- endif %}
network_virtual_ips:
ctlplane:
ip_address: {get_param: [NetVipMap, ctlplane]}
index: 1
{%- for network in networks if network.vip|default(false) and network.enabled|default(true) %}
# External virtual ip is currently being handled separately as public_virtual_ip.
# Likewise, optional StorageNFS virtual ip is handled separately as ganesha_vip.
{%- if network.name != 'External' and network.name != 'StorageNFS' %}
{{network.name_lower}}:
ip_address: {get_param: [NetVipMap, {get_param: {{network.name}}NetName}]}
index: {{loop.index + 1}}
{%- endif %}
{%- endfor %}
redis_vip: {get_param: RedisVirtualIP}
{%- for network in networks if network.name == 'StorageNFS' and network.enabled|default(true) %}
ganesha_vip: {get_param: [NetVipMap, {get_param: StorageNFSNetName}]}
{%- endfor %}
# public_virtual_ip and controller_virtual_ip are needed in
# both HAproxy & keepalived.
{%- if 'External' in _networks %}
tripleo::haproxy::public_virtual_ip: {get_param: [NetVipMap, {get_param: ExternalNetName}]}
tripleo::keepalived::public_virtual_ip: {get_param: [NetVipMap, {get_param: ExternalNetName}]}
{%- else %}
tripleo::haproxy::public_virtual_ip: {get_param: [NetVipMap, ctlplane]}
tripleo::keepalived::public_virtual_ip: {get_param: [NetVipMap, ctlplane]}
{%- endif %}
tripleo::haproxy::controller_virtual_ip: {get_param: [NetVipMap, ctlplane]}
tripleo::keepalived::controller_virtual_ip: {get_param: [NetVipMap, ctlplane]}
tripleo::keepalived::redis_virtual_ip: {get_param: RedisVirtualIP}
tripleo::redis_notification::haproxy_monitor_ip: {get_param: [NetVipMap, ctlplane]}
{%- for network in networks if network.vip|default(false) and network.enabled|default(true) %}
cloud_name_{{network.name_lower}}: {get_param: cloud_name_{{network.name_lower}}}
{%- endfor %}
cloud_name_ctlplane: {get_param: cloud_name_ctlplane}
enable_internal_tls: {get_param: EnableInternalTLS}
allNodesConfigImpl:
type: OS::Heat::StructuredConfig
properties:
group: hiera
config: {get_attr: [allNodesConfigDatafiles, value]}
outputs:
config_id:
description: The ID of the allNodesConfigImpl resource.
value:
{get_resource: allNodesConfigImpl}
all_nodes_config_hieradata:
description: The all_nodes config in the full format with datafiles section.
value: {get_attr: [allNodesConfigDatafiles, value]}

2
sample-env-generator/ssl.yaml
View File

@ -31,7 +31,7 @@ environments:
A Heat environment file which can be used to enable TLS for the internal
network via certmonger
files:
puppet/all-nodes-config.yaml:
common/post.yaml:
parameters:
- EnableInternalTLS
deployment/nova/nova-base-puppet.yaml: