Browse Source

Template and role support for the undercloud

Add a new roles data YAML file and environment to help
create the undercloud via t-h-t.

Partially-implements: blueprint heat-undercloud

Change-Id: I36df7fa86c2ff40026d59f02248af529a4a81861
changes/37/352037/24
Dan Prince 6 years ago
parent
commit
b1fe2e8d60
  1. 18
      environments/undercloud.yaml
  2. 126
      extraconfig/post_deploy/undercloud_post.sh
  3. 93
      extraconfig/post_deploy/undercloud_post.yaml
  4. 77
      net-config-undercloud.yaml
  5. 4
      network/scripts/run-os-net-config.sh
  6. 19
      overcloud.j2.yaml
  7. 3
      puppet/services/heat-base.yaml
  8. 2
      roles_data.yaml
  9. 35
      roles_data_undercloud.yaml

18
environments/undercloud.yaml

@ -0,0 +1,18 @@
resource_registry:
OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/noop.yaml
OS::TripleO::Network::Ports::ControlPlaneVipPort: ../deployed-server/deployed-neutron-port.yaml
OS::TripleO::Undercloud::Net::SoftwareConfig: ../net-config-undercloud.yaml
OS::TripleO::NodeExtraConfigPost: ../extraconfig/post_deploy/undercloud_post.yaml
parameter_defaults:
StackAction: CREATE
SoftwareConfigTransport: POLL_SERVER_HEAT
NeutronTunnelTypes: []
NeutronBridgeMappings: ctlplane:br-ctlplane
NeutronAgentExtensions: []
NeutronFlatNetworks: '*'
NovaSchedulerAvailableFilters: 'tripleo_common.filters.list.tripleo_filters'
NovaSchedulerDefaultFilters: ['RetryFilter', 'TripleOCapabilitiesFilter', 'ComputeCapabilitiesFilter', 'AvailabilityZoneFilter', 'RamFilter', 'DiskFilter', 'ComputeFilter', 'ImagePropertiesFilter', 'ServerGroupAntiAffinityFilter', 'ServerGroupAffinityFilter']
NeutronDhcpAgentsPerNetwork: 2
HeatConvergenceEngine: false
HeatMaxResourcesPerStack: -1

126
extraconfig/post_deploy/undercloud_post.sh

@ -0,0 +1,126 @@
#!/bin/bash
set -eux
ln -sf /etc/puppet/hiera.yaml /etc/hiera.yaml
# WRITE OUT STACKRC
if [ ! -e /root/stackrc ]; then
touch /root/stackrc
chmod 0600 /root/stackrc
cat >> /root/stackrc <<-EOF_CAT
export OS_PASSWORD=$admin_password
export OS_AUTH_URL=$auth_url
export OS_USERNAME=admin
export OS_TENANT_NAME=admin
export COMPUTE_API_VERSION=1.1
export NOVA_VERSION=1.1
export OS_BAREMETAL_API_VERSION=1.15
export OS_NO_CACHE=True
export OS_CLOUDNAME=undercloud
EOF_CAT
if [ -n "$ssl_certificate" ]; then
cat >> /root/stackrc <<-EOF_CAT
export PYTHONWARNINGS="ignore:Certificate has no, ignore:A true SSLContext object is not available"
EOF_CAT
fi
fi
source /root/stackrc
if [ ! -f /root/.ssh/authorized_keys ]; then
sudo mkdir -p /root/.ssh
sudo chmod 7000 /root/.ssh/
sudo touch /root/.ssh/authorized_keys
sudo chmod 600 /root/.ssh/authorized_keys
fi
if [ ! -f /root/.ssh/id_rsa ]; then
ssh-keygen -b 1024 -N '' -f /root/.ssh/id_rsa
fi
if ! grep "$(cat /root/.ssh/id_rsa.pub)" /root/.ssh/authorized_keys; then
cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys
fi
PHYSICAL_NETWORK=ctlplane
ctlplane_id=$(openstack network list -f csv -c ID -c Name --quote none | tail -n +2 | grep ctlplane | cut -d, -f1)
subnet_ids=$(openstack subnet list -f csv -c ID --quote none | tail -n +2)
subnet_id=
for subnet_id in $subnet_ids; do
network_id=$(openstack subnet show -f value -c network_id $subnet_id)
if [ "$network_id" = "$ctlplane_id" ]; then
break
fi
done
net_create=1
if [ -n "$subnet_id" ]; then
cidr=$(openstack subnet show $subnet_id -f value -c cidr)
if [ "$cidr" = "$undercloud_network_cidr" ]; then
net_create=0
else
echo "New cidr $undercloud_network_cidr does not equal old cidr $cidr"
echo "Will attempt to delete and recreate subnet $subnet_id"
fi
fi
if [ "$net_create" -eq "1" ]; then
# Delete the subnet and network to make sure it doesn't already exist
if openstack subnet list | grep start; then
openstack subnet delete $(openstack subnet list | grep start | awk '{print $4}')
fi
if openstack network show ctlplane; then
openstack network delete ctlplane
fi
NETWORK_ID=$(openstack network create --provider-network-type=flat --provider-physical-network=ctlplane ctlplane | grep " id " | awk '{print $4}')
NAMESERVER_ARG=""
if [ -n "${undercloud_nameserver:-}" ]; then
NAMESERVER_ARG="--dns-nameserver $undercloud_nameserver"
fi
openstack subnet create --network=$NETWORK_ID \
--gateway=$undercloud_network_gateway \
--subnet-range=$undercloud_network_cidr \
--allocation-pool start=$undercloud_dhcp_start,end=$undercloud_dhcp_end \
--host-route destination=169.254.169.254/32,gateway=$local_ip \
$NAMESERVER_ARG ctlplane
fi
# Disable nova quotas
openstack quota set --cores -1 --instances -1 --ram -1 $(openstack project show admin | awk '$2=="id" {print $4}')
# MISTRAL WORKFLOW CONFIGURATION
if [ "$(hiera mistral_api_enabled)" = "true" ]; then
# load workflows
for workbook in $(openstack workbook list | grep tripleo | cut -f 2 -d ' '); do
openstack workbook delete $workbook
done
for workflow in $(openstack workflow list | grep tripleo | cut -f 2 -d ' '); do
openstack workflow delete $workflow
done
for workbook in $(ls /usr/share/openstack-tripleo-common/workbooks/*); do
openstack workbook create $workbook
done
# Store the SNMP password in a mistral environment
if ! openstack workflow env show tripleo.undercloud-config &>/dev/null; then
TMP_MISTRAL_ENV=$(mktemp)
echo "{\"name\": \"tripleo.undercloud-config\", \"variables\": {\"undercloud_ceilometer_snmpd_password\": \"$snmp_readonly_user_password\"}}" > $TMP_MISTRAL_ENV
openstack workflow env create $TMP_MISTRAL_ENV
fi
fi
# IP forwarding is needed to allow the overcloud nodes access to the outside
# internet in cases where they are on an isolated network.
sysctl -w net.ipv4.ip_forward=1
# Make it persistent
echo "net.ipv4.ip_forward=1" > /etc/sysctl.d/ip-forward.conf

93
extraconfig/post_deploy/undercloud_post.yaml

@ -0,0 +1,93 @@
heat_template_version: ocata
description: >
Post-deployment for the TripleO undercloud
parameters:
servers:
type: json
DeployedServerPortMap:
default: {}
type: json
UndercloudDhcpRangeStart:
type: string
default: '192.168.24.5'
UndercloudDhcpRangeEnd:
type: string
default: '192.168.24.24'
UndercloudNetworkCidr:
type: string
default: '192.168.24.0/24'
UndercloudNetworkGateway:
type: string
default: '192.168.24.1'
UndercloudNameserver:
type: string
default: ''
AdminPassword: #supplied by tripleo-undercloud-passwords.yaml
type: string
description: The password for the keystone admin account, used for monitoring, querying neutron etc.
hidden: True
SSLCertificate:
description: >
The content of the SSL certificate (without Key) in PEM format.
type: string
default: ""
hidden: True
SnmpdReadonlyUserPassword:
description: The user password for SNMPd with readonly rights running on all Overcloud nodes
type: string
hidden: true
conditions:
ssl_disabled: {equals : [{get_param: SSLCertificate}, ""]}
resources:
UndercloudPostConfig:
type: OS::Heat::SoftwareConfig
properties:
group: script
inputs:
- name: deploy_identifier
- name: local_ip
- name: undercloud_dhcp_start
- name: undercloud_dhcp_end
- name: undercloud_network_cidr
- name: undercloud_network_gateway
- name: undercloud_nameserver
- name: admin_password
- name: auth_url
- name: snmp_readonly_user_password
config: {get_file: ./undercloud_post.sh}
UndercloudPostDeployment:
type: OS::Heat::SoftwareDeployments
properties:
servers: {get_param: servers}
config: {get_resource: UndercloudPostConfig}
input_values:
local_ip: {get_param: [DeployedServerPortMap, 'control_virtual_ip', fixed_ips, 0, ip_address]}
undercloud_dhcp_start: {get_param: UndercloudDhcpRangeStart}
undercloud_dhcp_end: {get_param: UndercloudDhcpRangeEnd}
undercloud_network_cidr: {get_param: UndercloudNetworkCidr}
undercloud_network_gateway: {get_param: UndercloudNetworkGateway}
undercloud_nameserver: {get_param: UndercloudNameserver}
ssl_certificate: {get_param: SSLCertificate}
admin_password: {get_param: AdminPassword}
snmp_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
# if SSL is enabled we use the public virtual ip as the stackrc endpoint
auth_url:
if:
- ssl_disabled
- list_join:
- ''
- - 'http://'
- {get_param: [DeployedServerPortMap, 'control_virtual_ip', fixed_ips, 0, ip_address]}
- ':5000/v2.0'
- list_join:
- ''
- - 'https://'
- {get_param: [DeployedServerPortMap, 'public_virtual_ip', fixed_ips, 0, ip_address]}
- ':13000/v2.0'

77
net-config-undercloud.yaml

@ -0,0 +1,77 @@
heat_template_version: ocata
description: >
Software Config to drive os-net-config for a simple bridge configured with a static IP address for the ctlplane network.
parameters:
ControlPlaneIp:
default: ''
description: IP address/subnet on the ctlplane network
type: string
ExternalIpSubnet:
default: ''
description: IP address/subnet on the external network
type: string
InternalApiIpSubnet:
default: ''
description: IP address/subnet on the internal API network
type: string
StorageIpSubnet:
default: ''
description: IP address/subnet on the storage network
type: string
StorageMgmtIpSubnet:
default: ''
description: IP address/subnet on the storage mgmt network
type: string
TenantIpSubnet:
default: ''
description: IP address/subnet on the tenant network
type: string
ManagementIpSubnet:
default: ''
description: IP address/subnet on the management network
type: string
ControlPlaneSubnetCidr: # Override this via parameter_defaults
default: '24'
description: The subnet CIDR of the control plane network.
type: string
DnsServers: # Override this via parameter_defaults
default: []
description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
type: comma_delimited_list
resources:
OsNetConfigImpl:
type: OS::Heat::SoftwareConfig
properties:
group: script
inputs:
- name: disable_configure_safe_defaults
default: true
config:
str_replace:
template:
get_file: network/scripts/run-os-net-config.sh
params:
$network_config:
network_config:
- type: ovs_bridge
name: br-ctlplane
use_dhcp: false
dns_servers:
get_param: DnsServers
addresses:
- ip_netmask:
list_join:
- /
- - get_param: ControlPlaneIp
- get_param: ControlPlaneSubnetCidr
members:
- type: interface
name: eth1
# force the MAC address of the bridge to this interface
primary: true
outputs:
OS::stack_id:
description: The OsNetConfigImpl resource.
value:
get_resource: OsNetConfigImpl

4
network/scripts/run-os-net-config.sh

@ -108,7 +108,9 @@ EOF_CAT
}
if [ -n '$network_config' ]; then
trap configure_safe_defaults EXIT
if [ -z "${disable_configure_safe_defaults:-''}" ]; then
trap configure_safe_defaults EXIT
fi
mkdir -p /etc/os-net-config
# Note these variables come from the calling heat SoftwareConfig

19
overcloud.j2.yaml

@ -1,3 +1,4 @@
{% set primary_role_name = roles[0].name -%}
heat_template_version: ocata
description: >
@ -415,8 +416,8 @@ resources:
{% for role in roles %}
- {get_attr: [{{role.name}}ServiceChain, role_data, logging_sources]}
{% endfor %}
controller_ips: {get_attr: [Controller, ip_address]}
controller_names: {get_attr: [Controller, hostname]}
controller_ips: {get_attr: [{{primary_role_name}}, ip_address]}
controller_names: {get_attr: [{{primary_role_name}}, hostname]}
service_ips:
# Note (shardy) this somewhat complex yaql may be replaced
# with a map_deep_merge function in ocata. It merges the
@ -454,7 +455,7 @@ resources:
- {get_attr: [{{role.name}}IpListMap, short_service_bootstrap_hostnames]}
{% endfor %}
# FIXME(shardy): These require further work to move into service_ips
memcache_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, MemcachedNetwork]}]}
memcache_node_ips: {get_attr: [{{primary_role_name}}IpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, MemcachedNetwork]}]}
NetVipMap: {get_attr: [VipMap, net_ip_map]}
RedisVirtualIP: {get_attr: [RedisVirtualIP, ip_address]}
ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map_lower]}
@ -560,12 +561,12 @@ resources:
PingTestIps:
list_join:
- ' '
- - {get_attr: [Controller, resource.0.external_ip_address]}
- {get_attr: [Controller, resource.0.internal_api_ip_address]}
- {get_attr: [Controller, resource.0.storage_ip_address]}
- {get_attr: [Controller, resource.0.storage_mgmt_ip_address]}
- {get_attr: [Controller, resource.0.tenant_ip_address]}
- {get_attr: [Controller, resource.0.management_ip_address]}
- - {get_attr: [{{primary_role_name}}, resource.0.external_ip_address]}
- {get_attr: [{{primary_role_name}}, resource.0.internal_api_ip_address]}
- {get_attr: [{{primary_role_name}}, resource.0.storage_ip_address]}
- {get_attr: [{{primary_role_name}}, resource.0.storage_mgmt_ip_address]}
- {get_attr: [{{primary_role_name}}, resource.0.tenant_ip_address]}
- {get_attr: [{{primary_role_name}}, resource.0.management_ip_address]}
UpdateWorkflow:
type: OS::TripleO::Tasks::UpdateWorkflow

3
puppet/services/heat-base.yaml

@ -57,6 +57,7 @@ outputs:
heat::rabbit_port: {get_param: RabbitClientPort}
heat::debug: {get_param: Debug}
heat::enable_proxy_headers_parsing: true
heat::rpc_response_timeout: 600
# We need this because the default heat policy.json no longer works on TripleO
# https://git.openstack.org/cgit/openstack/heat/commit/?id=ac86702172ddf01f5bdc3f3cd99d2e32ad9b7024
heat::policy::policies:
@ -77,6 +78,8 @@ outputs:
heat::cron::purge_deleted::destination: '/dev/null'
heat::db::database_db_max_retries: -1
heat::db::database_max_retries: -1
heat::yaql_memory_quota: 100000
heat::yaql_limit_iterators: 1000
service_config_settings:
keystone:
tripleo::profile::base::keystone::heat_admin_domain: 'heat_stack'

2
roles_data.yaml

@ -21,7 +21,7 @@
# on the role, defaults to an empty list. Sets the default for the
# {{role.name}}Services parameter in overcloud.yaml
- name: Controller
- name: Controller # the 'primary' role goes first
CountDefault: 1
ServicesDefault:
- OS::TripleO::Services::CACerts

35
roles_data_undercloud.yaml

@ -0,0 +1,35 @@
- name: Undercloud # the 'primary' role goes first
CountDefault: 1
disable_constraints: True
ServicesDefault:
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::MySQL
- OS::TripleO::Services::MongoDb
- OS::TripleO::Services::Keystone
- OS::TripleO::Services::Apache
- OS::TripleO::Services::RabbitMQ
- OS::TripleO::Services::GlanceApi
- OS::TripleO::Services::GlanceRegistry
- OS::TripleO::Services::SwiftProxy
- OS::TripleO::Services::SwiftStorage
- OS::TripleO::Services::SwiftRingBuilder
- OS::TripleO::Services::Memcached
- OS::TripleO::Services::HeatApi
- OS::TripleO::Services::HeatApiCfn
- OS::TripleO::Services::HeatEngine
- OS::TripleO::Services::NovaApi
- OS::TripleO::Services::NovaMetadata
- OS::TripleO::Services::NovaScheduler
- OS::TripleO::Services::NovaConductor
- OS::TripleO::Services::MistralEngine
- OS::TripleO::Services::MistralApi
- OS::TripleO::Services::MistralExecutor
- OS::TripleO::Services::IronicApi
- OS::TripleO::Services::IronicConductor
- OS::TripleO::Services::NovaIronic
- OS::TripleO::Services::Zaqar
- OS::TripleO::Services::NeutronServer
- OS::TripleO::Services::NeutronApi
- OS::TripleO::Services::NeutronCorePlugin
- OS::TripleO::Services::NeutronOvsAgent
- OS::TripleO::Services::NeutronDhcpAgent
Loading…
Cancel
Save