Blacklist support for ExtraConfig

Commit I46941e54a476c7cc8645cd1aff391c9c6c5434de added support for
blacklisting servers from triggered Heat deployments.

This commit adds that functionality to the remaining Deployments in
tripleo-heat-templates for the ExtraConfig interfaces.

Since we can not (should not) change the interface to ExtraConfig, Heat
conditions are used on the actual <role>ExtraConfigPre and
NodeExtraConfig resources instead of using the actions approach on
Deployments.

Change-Id: I38fdb50d1d966a6c3651980c52298317fa3bece4
changes/03/475003/1
James Slagle 6 years ago
parent 0354927a11
commit d6c0979eb3
  1. 25
      extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml
  2. 24
      extraconfig/pre_network/config_then_reboot.yaml
  3. 23
      extraconfig/pre_network/host_config_and_reboot.role.j2.yaml
  4. 23
      extraconfig/pre_network/host_config_and_reboot.yaml
  5. 8
      extraconfig/tasks/ssh/host_public_key.yaml
  6. 14
      puppet/blockstorage-role.yaml
  7. 17
      puppet/cephstorage-role.yaml
  8. 17
      puppet/compute-role.yaml
  9. 17
      puppet/controller-role.yaml
  10. 14
      puppet/objectstorage-role.yaml
  11. 17
      puppet/role.role.j2.yaml

@ -59,6 +59,19 @@ parameters:
description: |
When enabled, the system will perform a yum update after performing the
RHEL Registration process.
deployment_actions:
default: ['CREATE', 'UPDATE']
type: comma_delimited_list
description: >
List of stack actions that will trigger any deployments in this
templates. The actions will be an empty list of the server is in the
toplevel DeploymentServerBlacklist parameter's value.
conditions:
deployment_actions_empty:
equals:
- {get_param: deployment_actions}
- []
resources:
@ -136,7 +149,11 @@ resources:
name: RHELUnregistrationDeployment
server: {get_param: server}
config: {get_resource: RHELUnregistration}
actions: ['DELETE'] # Only do this on DELETE
actions:
if:
- deployment_actions_empty
- []
- ['DELETE'] # Only do this on DELETE
input_values:
REG_METHOD: {get_param: rhel_reg_method}
@ -169,7 +186,11 @@ resources:
name: UpdateDeploymentAfterRHELRegistration
config: {get_resource: YumUpdateConfigurationAfterRHELRegistration}
server: {get_param: server}
actions: ['CREATE'] # Only do this on CREATE
actions:
if:
- deployment_actions_empty
- []
- ['CREATE'] # Only do this on CREATE
outputs:
deploy_stdout:

@ -7,6 +7,19 @@ description: >
parameters:
server:
type: string
deployment_actions:
default: ['CREATE', 'UPDATE']
type: comma_delimited_list
description: >
List of stack actions that will trigger any deployments in this
templates. The actions will be an empty list of the server is in the
toplevel DeploymentServerBlacklist parameter's value.
conditions:
deployment_actions_empty:
equals:
- {get_param: deployment_actions}
- []
resources:
@ -24,6 +37,11 @@ resources:
name: SomeDeployment
server: {get_param: server}
config: {get_resource: SomeConfig}
actions:
if:
- deployment_actions_empty
- []
- ['CREATE'] # Only do this on CREATE
actions: ['CREATE'] # Only do this on CREATE
RebootConfig:
@ -44,5 +62,9 @@ resources:
name: RebootDeployment
server: {get_param: server}
config: {get_resource: RebootConfig}
actions: ['CREATE'] # Only do this on CREATE
actions:
if:
- deployment_actions_empty
- []
- ['CREATE'] # Only do this on CREATE
signal_transport: NO_SIGNAL

@ -19,6 +19,13 @@ parameters:
{{role}}HostCpusList:
type: string
default: ""
deployment_actions:
default: ['CREATE', 'UPDATE']
type: comma_delimited_list
description: >
List of stack actions that will trigger any deployments in this
templates. The actions will be an empty list of the server is in the
toplevel DeploymentServerBlacklist parameter's value.
parameter_group:
- label: deprecated
@ -38,6 +45,10 @@ conditions:
equals:
- get_param: {{role}}TunedProfileName
- ""
deployment_actions_empty:
equals:
- {get_param: deployment_actions}
- []
resources:
@ -62,7 +73,11 @@ resources:
name: HostParametersDeployment
server: {get_param: server}
config: {get_resource: HostParametersConfig}
actions: ['CREATE'] # Only do this on CREATE
actions:
if:
- deployment_actions_empty
- []
- ['CREATE'] # Only do this on CREATE
input_values:
_KERNEL_ARGS_: {get_param: {{role}}KernelArgs}
_TUNED_PROFILE_NAME_: {get_param: {{role}}TunedProfileName}
@ -88,7 +103,11 @@ resources:
name: RebootDeployment
server: {get_param: server}
config: {get_resource: RebootConfig}
actions: ['CREATE'] # Only do this on CREATE
actions:
if:
- deployment_actions_empty
- []
- ['CREATE'] # Only do this on CREATE
signal_transport: NO_SIGNAL
outputs:

@ -11,9 +11,20 @@ parameters:
type: json
description: Role Specific parameters
default: {}
deployment_actions:
default: ['CREATE', 'UPDATE']
type: comma_delimited_list
description: >
List of stack actions that will trigger any deployments in this
templates. The actions will be an empty list of the server is in the
toplevel DeploymentServerBlacklist parameter's value.
conditions:
is_host_config_required: {not: {equals: [{get_param: [RoleParameters, KernelArgs]}, ""]}}
deployment_actions_empty:
equals:
- {get_param: deployment_actions}
- []
resources:
HostParametersConfig:
@ -37,7 +48,11 @@ resources:
name: HostParametersDeployment
server: {get_param: server}
config: {get_resource: HostParametersConfig}
actions: ['CREATE'] # Only do this on CREATE
actions:
if:
- deployment_actions_empty
- []
- ['CREATE'] # Only do this on CREATE
input_values:
_KERNEL_ARGS_: {get_param: [RoleParameters, KernelArgs]}
_TUNED_PROFILE_NAME_: {get_param: [RoleParameters, TunedProfileName]}
@ -63,7 +78,11 @@ resources:
name: RebootDeployment
server: {get_param: server}
config: {get_resource: RebootConfig}
actions: ['CREATE'] # Only do this on CREATE
actions:
if:
- deployment_actions_empty
- []
- ['CREATE'] # Only do this on CREATE
signal_transport: NO_SIGNAL
outputs:

@ -7,6 +7,13 @@ parameters:
server:
description: ID of the node to apply this config to
type: string
deployment_actions:
default: ['CREATE', 'UPDATE']
type: comma_delimited_list
description: >
List of stack actions that will trigger any deployments in this
templates. The actions will be an empty list of the server is in the
toplevel DeploymentServerBlacklist parameter's value.
resources:
SshHostPubKeyConfig:
@ -28,6 +35,7 @@ resources:
properties:
config: {get_resource: SshHostPubKeyConfig}
server: {get_param: server}
actions: {get_param: deployment_actions}
outputs:

@ -377,6 +377,7 @@ resources:
properties:
server: {get_resource: BlockStorage}
RoleParameters: {get_param: RoleParameters}
deployment_actions: {get_attr: [DeploymentActions, value]}
NetworkDeployment:
type: OS::TripleO::SoftwareDeployment
@ -485,6 +486,9 @@ resources:
NodeExtraConfig:
depends_on: NodeTLSCAData
type: OS::TripleO::NodeExtraConfig
# We have to use conditions here so that we don't break backwards
# compatibility with templates everywhere
condition: server_not_blacklisted
properties:
server: {get_resource: BlockStorage}
@ -507,11 +511,21 @@ resources:
- ['CREATE', 'UPDATE']
- []
DeploymentActions:
type: OS::Heat::Value
properties:
value:
if:
- server_not_blacklisted
- ['CREATE', 'UPDATE']
- []
SshHostPubKey:
type: OS::TripleO::Ssh::HostPubKey
depends_on: BlockStorageDeployment
properties:
server: {get_resource: BlockStorage}
deployment_actions: {get_attr: [DeploymentActions, value]}
outputs:
ip_address:

@ -383,6 +383,7 @@ resources:
properties:
server: {get_resource: CephStorage}
RoleParameters: {get_param: RoleParameters}
deployment_actions: {get_attr: [DeploymentActions, value]}
NetworkDeployment:
type: OS::TripleO::SoftwareDeployment
@ -489,6 +490,9 @@ resources:
CephStorageExtraConfigPre:
depends_on: CephStorageDeployment
type: OS::TripleO::CephStorageExtraConfigPre
# We have to use conditions here so that we don't break backwards
# compatibility with templates everywhere
condition: server_not_blacklisted
properties:
server: {get_resource: CephStorage}
@ -497,6 +501,9 @@ resources:
NodeExtraConfig:
depends_on: [CephStorageExtraConfigPre, NodeTLSCAData]
type: OS::TripleO::NodeExtraConfig
# We have to use conditions here so that we don't break backwards
# compatibility with templates everywhere
condition: server_not_blacklisted
properties:
server: {get_resource: CephStorage}
@ -518,11 +525,21 @@ resources:
- ['CREATE', 'UPDATE']
- []
DeploymentActions:
type: OS::Heat::Value
properties:
value:
if:
- server_not_blacklisted
- ['CREATE', 'UPDATE']
- []
SshHostPubKey:
type: OS::TripleO::Ssh::HostPubKey
depends_on: CephStorageDeployment
properties:
server: {get_resource: CephStorage}
deployment_actions: {get_attr: [DeploymentActions, value]}
outputs:
ip_address:

@ -386,6 +386,7 @@ resources:
properties:
server: {get_resource: NovaCompute}
RoleParameters: {get_param: RoleParameters}
deployment_actions: {get_attr: [DeploymentActions, value]}
NetworkConfig:
type: OS::TripleO::Compute::Net::SoftwareConfig
@ -512,6 +513,9 @@ resources:
ComputeExtraConfigPre:
depends_on: NovaComputeDeployment
type: OS::TripleO::ComputeExtraConfigPre
# We have to use conditions here so that we don't break backwards
# compatibility with templates everywhere
condition: server_not_blacklisted
properties:
server: {get_resource: NovaCompute}
@ -520,6 +524,9 @@ resources:
NodeExtraConfig:
depends_on: [ComputeExtraConfigPre, NodeTLSCAData]
type: OS::TripleO::NodeExtraConfig
# We have to use conditions here so that we don't break backwards
# compatibility with templates everywhere
condition: server_not_blacklisted
properties:
server: {get_resource: NovaCompute}
@ -542,11 +549,21 @@ resources:
update_identifier:
get_param: UpdateIdentifier
DeploymentActions:
type: OS::Heat::Value
properties:
value:
if:
- server_not_blacklisted
- ['CREATE', 'UPDATE']
- []
SshHostPubKey:
type: OS::TripleO::Ssh::HostPubKey
depends_on: NovaComputeDeployment
properties:
server: {get_resource: NovaCompute}
deployment_actions: {get_attr: [DeploymentActions, value]}
outputs:
ip_address:

@ -406,6 +406,7 @@ resources:
properties:
server: {get_resource: Controller}
RoleParameters: {get_param: RoleParameters}
deployment_actions: {get_attr: [DeploymentActions, value]}
NetworkConfig:
type: OS::TripleO::Controller::Net::SoftwareConfig
@ -552,6 +553,9 @@ resources:
ControllerExtraConfigPre:
depends_on: ControllerDeployment
type: OS::TripleO::ControllerExtraConfigPre
# We have to use conditions here so that we don't break backwards
# compatibility with templates everywhere
condition: server_not_blacklisted
properties:
server: {get_resource: Controller}
@ -560,6 +564,9 @@ resources:
NodeExtraConfig:
depends_on: [ControllerExtraConfigPre, NodeTLSData]
type: OS::TripleO::NodeExtraConfig
# We have to use conditions here so that we don't break backwards
# compatibility with templates everywhere
condition: server_not_blacklisted
properties:
server: {get_resource: Controller}
@ -582,11 +589,21 @@ resources:
update_identifier:
get_param: UpdateIdentifier
DeploymentActions:
type: OS::Heat::Value
properties:
value:
if:
- server_not_blacklisted
- ['CREATE', 'UPDATE']
- []
SshHostPubKey:
type: OS::TripleO::Ssh::HostPubKey
depends_on: ControllerDeployment
properties:
server: {get_resource: Controller}
deployment_actions: {get_attr: [DeploymentActions, value]}
outputs:
ip_address:

@ -377,6 +377,7 @@ resources:
properties:
server: {get_resource: SwiftStorage}
RoleParameters: {get_param: RoleParameters}
deployment_actions: {get_attr: [DeploymentActions, value]}
NetworkDeployment:
type: OS::TripleO::SoftwareDeployment
@ -485,6 +486,9 @@ resources:
NodeExtraConfig:
depends_on: NodeTLSCAData
type: OS::TripleO::NodeExtraConfig
# We have to use conditions here so that we don't break backwards
# compatibility with templates everywhere
condition: server_not_blacklisted
properties:
server: {get_resource: SwiftStorage}
@ -506,11 +510,21 @@ resources:
- ['CREATE', 'UPDATE']
- []
DeploymentActions:
type: OS::Heat::Value
properties:
value:
if:
- server_not_blacklisted
- ['CREATE', 'UPDATE']
- []
SshHostPubKey:
type: OS::TripleO::Ssh::HostPubKey
depends_on: SwiftStorageHieraDeploy
properties:
server: {get_resource: SwiftStorage}
deployment_actions: {get_attr: [DeploymentActions, value]}
outputs:
ip_address:

@ -399,6 +399,7 @@ resources:
properties:
server: {get_resource: {{role}}}
RoleParameters: {get_param: RoleParameters}
deployment_actions: {get_attr: [DeploymentActions, value]}
NetworkDeployment:
type: OS::TripleO::SoftwareDeployment
@ -511,6 +512,9 @@ resources:
{{role}}ExtraConfigPre:
depends_on: {{role}}Deployment
type: OS::TripleO::{{role}}ExtraConfigPre
# We have to use conditions here so that we don't break backwards
# compatibility with templates everywhere
condition: server_not_blacklisted
properties:
server: {get_resource: {{role}}}
@ -519,6 +523,9 @@ resources:
NodeExtraConfig:
depends_on: [{{role}}ExtraConfigPre, NodeTLSCAData]
type: OS::TripleO::NodeExtraConfig
# We have to use conditions here so that we don't break backwards
# compatibility with templates everywhere
condition: server_not_blacklisted
properties:
server: {get_resource: {{role}}}
@ -541,11 +548,21 @@ resources:
- ['CREATE', 'UPDATE']
- []
DeploymentActions:
type: OS::Heat::Value
properties:
value:
if:
- server_not_blacklisted
- ['CREATE', 'UPDATE']
- []
SshHostPubKey:
type: OS::TripleO::Ssh::HostPubKey
depends_on: {{role}}Deployment
properties:
server: {get_resource: {{role}}}
deployment_actions: {get_attr: [DeploymentActions, value]}
outputs:
ip_address:

Loading…
Cancel
Save