openstack
/
tripleo-heat-templates
Code Issues Proposed changes

Merge "[Q->T] Introduce Queens to Train Upgrade" into stable/train

This commit is contained in:
Zuul 2020-04-15 06:59:07 +00:00 committed by Gerrit Code Review
parent 97a5596442 12bdd6feb4
commit db1583bb14
20 changed files with 766 additions and 340 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
common/deploy-steps.j2
View File

@ -88,6 +88,10 @@ parameters:
type: boolean
default: true
description: Whether containerized puppet executions use modules from the baremetal host. Defaults to true. Can be set to false to consume puppet modules from containers directly.
FastForwardUpgrade:
type: boolean
default: false
description: This flag is being used conditionally run a set of task needed to upgrade three releases within the deployment tasks.
FastForwardUpgradeReleases:
type: comma_delimited_list
default: ['rocky', 'stein', 'train']
@ -424,6 +428,7 @@ outputs:
DOCKER_PUPPET_PROCESS_COUNT: {get_param: DockerPuppetProcessCount}
DOCKER_PUPPET_MOUNT_HOST_PUPPET: {get_param: DockerPuppetMountHostPuppet}
SELINUX_MODE: {get_param: SELinuxMode}
FAST_FORWARD_UPGRADE: {get_param: FastForwardUpgrade}
{% endblock %}
template: |
- import_playbook: common_deploy_steps_playbooks.yaml
@ -699,6 +704,7 @@ outputs:
docker_puppet_debug: DOCKER_PUPPET_DEBUG
docker_puppet_process_count: DOCKER_PUPPET_PROCESS_COUNT
docker_puppet_mount_host_puppet: DOCKER_PUPPET_MOUNT_HOST_PUPPET
tripleo_fast_forward_upgrade: FAST_FORWARD_UPGRADE
tasks:
- name: Write the config_step hieradata for the deploy step {{step}} tasks
{% raw %}

52
deployment/ceph-ansible/ceph-base.yaml
View File

@ -201,6 +201,10 @@ parameters:
ContainerCephDaemonImage:
description: image
type: string
ContainerCeph3DaemonImage:
description: image
type: string
default: ''
CephAnsiblePlaybookVerbosity:
default: 1
description: The number of '-v', '-vv', etc. passed to ansible-playbook command
@ -333,6 +337,7 @@ parameter_groups:
- SwiftFetchDirPutTempurl
conditions:
fast_forward_upgrade: {not: {equals: [{get_param: ContainerCeph3DaemonImage},'']}}
deprecated_data_pool_pgnum: {not: {equals: [{get_param: ManilaCephFSDataPoolPGNum}, 128]}}
deprecated_metadata_pool_pgnum: {not: {equals: [{get_param: ManilaCephFSMetadataPoolPGNum}, 128]}}
dashboard_is_enabled: {equals: [{get_param: CephEnableDashboard}, true]}
@ -381,23 +386,46 @@ resources:
host:
if:
- custom_registry_host
- yaql:
expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*?)/(.*)').split($location)[1]
data: {get_param: ContainerCephDaemonImage}
-
if:
- fast_forward_upgrade
- yaql:
expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*?)/(.*)').split($location)[1]
data: {get_param: ContainerCeph3DaemonImage}
- yaql:
expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*?)/(.*)').split($location)[1]
data: {get_param: ContainerCephDaemonImage}
- docker.io
image:
if:
- custom_registry_host
- yaql:
expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*?)/(.*)').split($location)[2]
data: {get_param: ContainerCephDaemonImage}
- yaql:
expression: $.data.rightSplit(':', 1)[0]
data: {get_param: ContainerCephDaemonImage}
-
if:
- fast_forward_upgrade
- yaql:
expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*?)/(.*)').split($location)[2]
data: {get_param: ContainerCeph3DaemonImage}
- yaql:
expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*?)/(.*)').split($location)[2]
data: {get_param: ContainerCephDaemonImage}
-
if:
- fast_forward_upgrade
- yaql:
expression: $.data.rightSplit(':', 1)[0]
data: {get_param: ContainerCeph3DaemonImage}
- yaql:
expression: $.data.rightSplit(':', 1)[0]
data: {get_param: ContainerCephDaemonImage}
image_tag:
yaql:
expression: $.data.rightSplit(':', 1)[1]
data: {get_param: ContainerCephDaemonImage}
if:
- fast_forward_upgrade
- yaql:
expression: $.data.rightSplit(':', 1)[1]
data: {get_param: ContainerCeph3DaemonImage}
- yaql:
expression: $.data.rightSplit(':', 1)[1]
data: {get_param: ContainerCephDaemonImage}
DefaultCephConfigOverrides:
type: OS::Heat::Value

81
deployment/cinder/cinder-api-container-puppet.yaml
View File

@ -4,6 +4,10 @@ description: >
OpenStack containerized Cinder API service
parameters:
ContainerCinderApiImageStein:
description: image
type: string
default: ''
ContainerCinderApiImage:
description: image
type: string
@ -90,6 +94,7 @@ parameters:
conditions:
fast_forward_upgrade: {not: {equals: [{get_param: ContainerCinderApiImageStein},'']}}
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
cinder_workers_zero: {equals : [{get_param: CinderWorkers}, 0]}
@ -286,26 +291,62 @@ outputs:
- /var/log/containers/httpd/cinder-api:/var/log/httpd:z
command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder']
step_3:
cinder_api_db_sync:
image: *cinder_api_image
net: host
privileged: false
detach: false
user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/cinder/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/cinder/etc/cinder/:/etc/cinder/:ro
- /var/log/containers/cinder:/var/log/cinder:z
- /var/log/containers/httpd/cinder-api:/var/log/httpd:z
command:
- '/usr/bin/bootstrap_host_exec'
- 'cinder_api'
- "su cinder -s /bin/bash -c 'cinder-manage db sync --bump-versions'"
environment:
TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier}
map_merge:
- cinder_api_db_sync:
start_order: 2
image: *cinder_api_image
net: host
privileged: false
detach: false
user: root
volumes: &cinder_volumes
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/cinder/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/cinder/etc/cinder/:/etc/cinder/:ro
- /var/log/containers/cinder:/var/log/cinder:z
- /var/log/containers/httpd/cinder-api:/var/log/httpd:z
command:
- '/usr/bin/bootstrap_host_exec'
- 'cinder_api'
- "su cinder -s /bin/bash -c 'cinder-manage db sync --bump-versions'"
environment:
TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier}
- if:
- fast_forward_upgrade
- cinder_api_online_data_migrations_stein:
start_order: 0
image: &cinder_api_image_stein {get_param: ContainerCinderApiImageStein}
net: host
privileged: false
detach: false
user: root
volumes: *cinder_volumes
# TODO FIXME: we need LP/BZ for this. Each service should provide db
# version and version provided by package so we can check if we need
# update or not.
command:
- '/bin/bash'
- '-c'
- "/bin/hiera -c /etc/puppet/hiera.yaml cinder_api_short_bootstrap_node_name | grep `/bin/hostname -s` && DB_VERSION=$( sudo -u cinder cinder-manage db version ) _RPM_VERSION=$(ls /usr/lib/python3.6/site-packages/cinder/db/sqlalchemy/migrate_repo/versions/ |grep -e '[0-9]_.*.py' | cut -d '_' -f1 | sort | tail -n1) RPM_VERSION=$(expr $_RPM_VERSION + 0) && if (( $RPM_VERSION >= $DB_VERSION )); then sudo -u cinder cinder-manage service list | grep -v Binary| tr '@' ' ' | awk '{print $1 \" \" $2}' | while read i ; do sudo -u cinder cinder-manage service remove $i ; done ; sudo -u cinder cinder-manage db online_data_migrations; else echo DB_VERSION: $DB_VERSION RPM_VERSION: $RPM_VERSION; fi"
environment:
TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier}
cinder_api_db_sync_stein:
start_order: 1
image: *cinder_api_image_stein
net: host
privileged: false
detach: false
user: root
volumes: *cinder_volumes
command:
- '/bin/bash'
- '-c'
- "/bin/hiera -c /etc/puppet/hiera.yaml cinder_api_short_bootstrap_node_name | grep `/bin/hostname -s` && DB_VERSION=$( sudo -u cinder cinder-manage db version ) _RPM_VERSION=$(ls /usr/lib/python3.6/site-packages/cinder/db/sqlalchemy/migrate_repo/versions/ |grep -e '[0-9]_.*.py' | cut -d '_' -f1 | sort | tail -n1) RPM_VERSION=$(expr $_RPM_VERSION + 0) && if (( $RPM_VERSION >= $DB_VERSION )); then sudo -u cinder cinder-manage db sync --bump-versions; else echo DB_VERSION: $DB_VERSION RPM_VERSION: $RPM_VERSION; fi"
environment:
TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier}
- {}
step_4:
cinder_api:
image: *cinder_api_image

30
deployment/database/mysql-container-puppet.yaml
View File

@ -196,6 +196,36 @@ outputs:
volumes: *mysql_volumes
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
mysql_neutron_db_rename:
start_order: 3
detach: false
image: *mysql_image
volumes:
list_concat:
- *mysql_volumes
- - /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro
# required for bootstrap_host_exec
- /etc/puppet:/etc/puppet:ro
- /var/lib/config-data/puppet-generated/mysql/root:/root:rw #provides .my.cnf for puppet, changed on password update
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
net: host
user: root
# Kolla bootstraps aren't idempotent, explicitly checking if bootstrap was done
command:
- 'bash'
- '-ec'
-
list_join:
- "\n"
- - 'if [ -d /var/lib/mysql/neutron ] ; then'
- 'mysql -e "CREATE DATABASE IF NOT EXISTS \`ovs_neutron\`;"'
- 'for table in `mysql -B -N -e "SHOW TABLES;" neutron`'
- 'do'
- 'mysql -e "RENAME TABLE \`neutron\`.\`$table\` to \`ovs_neutron\`.\`$table\`"'
- 'done'
- 'mysql -e "DROP DATABASE \`neutron\`;"'
- 'fi'
step_3:
# sync credentials config on the running container if it was
# changed by the docker_puppet_task during step 2

18
deployment/database/mysql-pacemaker-puppet.yaml
View File

@ -588,6 +588,24 @@ outputs:
LOG_DIR: '/var/log/containers/mysql'
external_upgrade_tasks:
# https://bugs.launchpad.net/tripleo/+bug/1753247
# OC pacemaker part, UC or non pacemaker part is in deployment steps
- name: Rename old neutron database to ovs_neutron
shell: >
if [ -d /var/lib/mysql/neutron ] ; then
mysql -e "CREATE DATABASE IF NOT EXISTS \`ovs_neutron\`;"
for table in `mysql -B -N -e "SHOW TABLES;" neutron`
do
mysql -e "RENAME TABLE \`neutron\`.\`$table\` to \`ovs_neutron\`.\`$table\`"
done
mysql -e "DROP DATABASE \`neutron\`;"
fi
become: true
tags:
- never
- system_upgrade_stop_services
when:
- step|int == 2
- vars:
mysql_upgrade_transfer: {get_param: MysqlUpgradeTransfer}
when:

97
deployment/glance/glance-api-container-puppet.yaml
View File

@ -260,6 +260,10 @@ parameters:
default: []
description: list of optional volumes to be mounted
type: comma_delimited_list
ContainerGlanceApiImageStein:
description: image
type: string
default: ''
ContainerGlanceApiImage:
description: image
type: string
@ -269,6 +273,7 @@ parameters:
conditions:
fast_forward_upgrade: {not: {equals: [{get_param: ContainerGlanceApiImageStein},'']}}
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
cinder_backend_enabled:
or:
@ -576,40 +581,64 @@ outputs:
step_2:
get_attr: [GlanceLogging, docker_config, step_2]
step_3:
glance_api_db_sync:
image: &glance_api_image {get_param: ContainerGlanceApiImage}
net: host
privileged: false
detach: false
user: root
volumes: &glance_volumes
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [GlanceLogging, volumes]}
- {get_param: GlanceApiOptVolumes}
-
- /var/lib/kolla/config_files/glance_api.json:/var/lib/kolla/config_files/config.json
- /var/lib/config-data/puppet-generated/glance_api:/var/lib/kolla/config_files/src:ro
- /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
- /var/lib/glance:/var/lib/glance:slave
-
if:
- cinder_backend_enabled
- - /dev:/dev
- /etc/iscsi:/etc/iscsi
- /var/lib/iscsi:/var/lib/iscsi:z
- []
-
if:
- cinder_multipathd_enabled
- - /etc/multipath:/etc/multipath:z
- /etc/multipath.conf:/etc/multipath.conf:ro
- []
environment:
KOLLA_BOOTSTRAP: true
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier}
command: "/usr/bin/bootstrap_host_exec glance_api su glance -s /bin/bash -c '/usr/local/bin/kolla_start'"
map_merge:
- glance_api_db_sync:
image: &glance_api_image {get_param: ContainerGlanceApiImage}
start_order: 1
net: host
privileged: false
detach: false
user: root
volumes: &glance_volumes
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [GlanceLogging, volumes]}
- {get_param: GlanceApiOptVolumes}
-
- /var/lib/kolla/config_files/glance_api.json:/var/lib/kolla/config_files/config.json
- /var/lib/config-data/puppet-generated/glance_api:/var/lib/kolla/config_files/src:ro
- /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
- /var/lib/glance:/var/lib/glance:slave
-
if:
- cinder_backend_enabled
- - /dev:/dev
- /etc/iscsi:/etc/iscsi
- /var/lib/iscsi:/var/lib/iscsi:z
- []
-
if:
- cinder_multipathd_enabled
- - /etc/multipath:/etc/multipath:z
- /etc/multipath.conf:/etc/multipath.conf:ro
- []
environment:
KOLLA_BOOTSTRAP: true
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier}
command: "/usr/bin/bootstrap_host_exec glance_api su glance -s /bin/bash -c '/usr/local/bin/kolla_start'"
- if:
- fast_forward_upgrade
- glance_api_db_sync_stein:
start_order: 0
image: {get_param: ContainerGlanceApiImageStein}
net: host
privileged: false
detach: false
user: root
volumes: *glance_volumes
environment:
KOLLA_BOOTSTRAP: true
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier}
# TODO FIXME: we need LP/BZ for this. Each service should provide db
# version and version provided by package so we can check if we need
# update or not.
command:
- '/bin/bash'
- '-c'
- "/bin/hiera -c /etc/puppet/hiera.yaml glance_api_short_bootstrap_node_name | grep `/bin/hostname -s` && OUT=$( sudo -u glance -E /usr/local/bin/kolla_start 2>&1 ) || if [[ $OUT =~ train ]]; then echo 'DB is already up to date' ; else echo $OUT; exit 1; fi"
- {}
step_4:
map_merge:
- glance_api:

52
deployment/heat/heat-engine-container-puppet.yaml
View File

@ -4,6 +4,10 @@ description: >
OpenStack containerized Heat Engine service
parameters:
ContainerHeatEngineImageStein:
description: image
type: string
default: ''
ContainerHeatEngineImage:
description: image
type: string
@ -109,6 +113,7 @@ parameters:
description: Create delegated roles
conditions:
fast_forward_upgrade: {not: {equals: [{get_param: ContainerHeatEngineImageStein},'']}}
heat_workers_unset: {equals : [{get_param: HeatWorkers}, 0]}
resources:
@ -232,22 +237,36 @@ outputs:
step_2:
get_attr: [HeatEngineLogging, docker_config, step_2]
step_3:
heat_engine_db_sync:
image: &heat_engine_image {get_param: ContainerHeatEngineImage}
net: host
privileged: false
detach: false
user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [HeatEngineLogging, volumes]}
-
- /var/lib/config-data/heat/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/heat/etc/heat/:/etc/heat/:ro
command: "/usr/bin/bootstrap_host_exec heat_engine su heat -s /bin/bash -c 'heat-manage db_sync'"
environment:
TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier}
map_merge:
- heat_engine_db_sync:
image: &heat_engine_image {get_param: ContainerHeatEngineImage}
net: host
privileged: false
detach: false
user: root
volumes: &heat_volumes
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [HeatEngineLogging, volumes]}
-
- /var/lib/config-data/heat/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/heat/etc/heat/:/etc/heat/:ro
command: "/usr/bin/bootstrap_host_exec heat_engine su heat -s /bin/bash -c 'heat-manage db_sync'"
environment:
TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier}
- if:
- fast_forward_upgrade
- heat_engine_db_sync_stein:
image: {get_param: ContainerHeatEngineImageStein}
net: host
privileged: false
detach: false
user: root
volumes: *heat_volumes
command: "/usr/bin/bootstrap_host_exec heat_engine su heat -s /bin/bash -c 'heat-manage db_sync'"
environment:
TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier}
- {}
step_4:
heat_engine:
image: *heat_engine_image
@ -276,7 +295,6 @@ outputs:
name: virt_sandbox_use_netlink
persistent: yes
state: yes
upgrade_tasks: []
external_upgrade_tasks:
- when:
- step|int == 1

67
deployment/ironic/ironic-api-container-puppet.yaml
View File

@ -4,6 +4,10 @@ description: >
OpenStack containerized Ironic API service
parameters:
ContainerIronicApiImageStein:
description: image
type: string
default: ''
ContainerIronicApiImage:
description: image
type: string
@ -69,6 +73,7 @@ parameters:
default: false
conditions:
fast_forward_upgrade: {not: {equals: [{get_param: ContainerIronicApiImageStein},'']}}
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
cors_allowed_origin_unset: {equals : [{get_param: IronicCorsAllowedOrigin}, '']}
@ -227,24 +232,50 @@ outputs:
- /var/log/containers/httpd/ironic-api:/var/log/httpd:z
command: ['/bin/bash', '-c', 'chown -R ironic:ironic /var/log/ironic']
step_3:
ironic_db_sync:
start_order: 1
image: *ironic_api_image
net: host
privileged: false
detach: false
user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/ironic_api/etc/ironic:/etc/ironic:ro
- /var/log/containers/ironic:/var/log/ironic:z
- /var/log/containers/httpd/ironic-api:/var/log/httpd:z
- /var/lib/config-data/ironic_api/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
command: "/usr/bin/bootstrap_host_exec ironic_api su ironic -s /bin/bash -c 'ironic-dbsync --config-file /etc/ironic/ironic.conf'"
environment:
TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier}
map_merge:
- ironic_db_sync:
start_order: 2
image: *ironic_api_image
net: host
privileged: false
detach: false
user: root
volumes: &ironic_api_volumes
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/ironic_api/etc/ironic:/etc/ironic:ro
- /var/log/containers/ironic:/var/log/ironic:z
- /var/log/containers/httpd/ironic-api:/var/log/httpd:z
- /var/lib/config-data/ironic_api/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
command: "/usr/bin/bootstrap_host_exec ironic_api su ironic -s /bin/bash -c 'ironic-dbsync --config-file /etc/ironic/ironic.conf'"
environment:
TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier}
- if:
- fast_forward_upgrade
- ironic_db_sync_stein:
start_order: 2
image: &ironic_api_image_stein {get_param: ContainerIronicApiImageStein}
net: host
privileged: false
detach: false
user: root
volumes: *ironic_api_volumes
command: "/usr/bin/bootstrap_host_exec ironic_api su ironic -s /bin/bash -c 'ironic-dbsync --config-file /etc/ironic/ironic.conf'"
environment:
TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier}
ironic_online_data_migrations_stein:
start_order: 2
image: *ironic_api_image_stein
net: host
privileged: false
detach: false
user: root
volumes: *ironic_api_volumes
command: "/usr/bin/bootstrap_host_exec ironic_api su ironic -s /bin/bash -c 'ironic-dbsync --config-file /etc/ironic/ironic.conf online_data_migrations'"
environment:
TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier}
- {}
step_4:
ironic_api:
start_order: 10

141
deployment/ironic/ironic-inspector-container-puppet.yaml
View File

@ -4,6 +4,10 @@ description: >
OpenStack containerized Ironic Inspector service (EXPERIMENTAL)
parameters:
ContainerIronicInspectorImageStein:
description: image
type: string
default: ''
ContainerIronicInspectorImage:
description: image
type: string
@ -161,6 +165,8 @@ parameters:
type: comma_delimited_list
conditions:
fast_forward_upgrade: {not: {equals: [{get_param: ContainerIronicInspectorImageStein},'']}}
enable_ipxe: {equals : [{get_param: IronicInspectorIPXEEnabled}, true]}
use_swift: {equals : [{get_param: IronicInspectorUseSwift}, true]}
enable_node_discovery: {equals : [{get_param: IronicInspectorEnableNodeDiscovery}, true]}
@ -367,67 +373,82 @@ outputs:
command: /sbin/dnsmasq --conf-file=/etc/ironic-inspector/dnsmasq.conf -k --log-facility=/var/log/ironic-inspector/dnsmasq.log
docker_config:
step_3:
ironic_inspector_init_log:
start_order: 0
image: &ironic_inspector_image
get_param: ContainerIronicInspectorImage
net: none
user: root
volumes:
- /var/log/containers/ironic-inspector:/var/log/ironic-inspector:z
command: ['/bin/bash', '-c', 'chown -R ironic-inspector:ironic-inspector /var/log/ironic-inspector']
ironic_inspector_init_dnsmasq_dhcp_hostsdir:
start_order: 1
image: *ironic_inspector_image
net: none
user: root
volumes:
- /var/lib/ironic-inspector/dhcp-hostsdir:/var/lib/ironic-inspector/dhcp-hostsdir:shared,z
command: ['/bin/bash', '-c', 'chown -R ironic-inspector:ironic-inspector /var/lib/ironic-inspector/dhcp-hostsdir']
ironic_inspector_db_sync:
start_order: 2
image: *ironic_inspector_image
net: host
user: root
privileged: false
detach: false
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ironic_inspector.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/ironic_inspector/etc/ironic-inspector:/etc/ironic-inspector:ro
map_merge:
- ironic_inspector_init_log:
start_order: 0
image: &ironic_inspector_image
get_param: ContainerIronicInspectorImage
net: none
user: root
volumes:
- /var/log/containers/ironic-inspector:/var/log/ironic-inspector:z
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier}
command: "/usr/bin/bootstrap_host_exec ironic_inspector su ironic-inspector -s /bin/bash -c 'ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade'"
ironic_inspector_get_ipa:
start_order: 2
image: *ironic_inspector_image
net: host
user: root
privileged: false
detach: false
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ironic_inspector.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/ironic:/var/lib/ironic:shared,z
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
command:
if:
- ipa_images
- list_join:
- " "
- - "curl -g -o /var/lib/ironic/httpboot/agent.kernel"
- {get_param: [IPAImageURLs, 0]}
- "-o /var/lib/ironic/httpboot/agent.ramdisk"
- {get_param: [IPAImageURLs, 1]}
- 'true'
command: ['/bin/bash', '-c', 'chown -R ironic-inspector:ironic-inspector /var/log/ironic-inspector']
ironic_inspector_init_dnsmasq_dhcp_hostsdir:
start_order: 1
image: *ironic_inspector_image
net: none
user: root
volumes:
- /var/lib/ironic-inspector/dhcp-hostsdir:/var/lib/ironic-inspector/dhcp-hostsdir:shared,z
command: ['/bin/bash', '-c', 'chown -R ironic-inspector:ironic-inspector /var/lib/ironic-inspector/dhcp-hostsdir']
ironic_inspector_db_sync:
start_order: 3
image: *ironic_inspector_image
net: host
user: root
privileged: false
detach: false
volumes: &ironic_inspector_volumes
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ironic_inspector.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/ironic_inspector/etc/ironic-inspector:/etc/ironic-inspector:ro
- /var/log/containers/ironic-inspector:/var/log/ironic-inspector:z
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier}
command: "/usr/bin/bootstrap_host_exec ironic_inspector su ironic-inspector -s /bin/bash -c 'ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade'"
ironic_inspector_get_ipa:
start_order: 3
image: *ironic_inspector_image
net: host
user: root
privileged: false
detach: false
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ironic_inspector.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/ironic:/var/lib/ironic:shared,z
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
command:
if:
- ipa_images
- list_join:
- " "
- - "curl -g -o /var/lib/ironic/httpboot/agent.kernel"
- {get_param: [IPAImageURLs, 0]}
- "-o /var/lib/ironic/httpboot/agent.ramdisk"
- {get_param: [IPAImageURLs, 1]}
- 'true'
- if:
- fast_forward_upgrade
- ironic_inspector_db_sync_stein:
start_order: 2
image: {get_param: ContainerIronicInspectorImageStein}
net: host
user: root
privileged: false
detach: false
volumes: *ironic_inspector_volumes
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier}
command: "/usr/bin/bootstrap_host_exec ironic_inspector su ironic-inspector -s /bin/bash -c 'ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade'"
- {}
step_4:
ironic_inspector:
start_order: 92

143
deployment/keystone/keystone-container-puppet.yaml
View File

@ -4,6 +4,10 @@ description: >
OpenStack containerized Keystone service
parameters:
ContainerKeystoneImageStein:
description: image
type: string
default: ''
ContainerKeystoneImage:
description: image
type: string
@ -309,6 +313,7 @@ resources:
conditions:
fast_forward_upgrade: {not: {equals: [{get_param: ContainerKeystoneImageStein},'']}}
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
keystone_fernet_tokens: {equals: [{get_param: KeystoneTokenProvider}, "fernet"]}
keystone_ldap_domain_enabled: {equals: [{get_param: KeystoneLDAPDomainEnable}, True]}
@ -592,62 +597,88 @@ outputs:
step_2:
get_attr: [KeystoneLogging, docker_config, step_2]
step_3:
keystone_db_sync:
image: &keystone_image {get_param: ContainerKeystoneImage}
net: host
user: root
privileged: false
detach: false
volumes: &keystone_volumes
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [KeystoneLogging, volumes]}
-
- /var/lib/kolla/config_files/keystone.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/keystone:/var/lib/kolla/config_files/src:ro
- if:
- internal_tls_enabled
- - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
- []
- if:
- internal_tls_enabled
- - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
- []
environment:
map_merge:
- {get_attr: [KeystoneLogging, environment]}
- KOLLA_BOOTSTRAP: true
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier}
command: ['/usr/bin/bootstrap_host_exec', 'keystone', '/usr/local/bin/kolla_start']
keystone:
start_order: 2
image: *keystone_image
net: host
privileged: false
restart: always
healthcheck:
test: /openstack/healthcheck
volumes: *keystone_volumes
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
keystone_bootstrap:
start_order: 3
action: exec
user: root
command:
[ 'keystone', '/usr/bin/bootstrap_host_exec', 'keystone' ,'keystone-manage', 'bootstrap' ]
environment:
KOLLA_BOOTSTRAP: true
OS_BOOTSTRAP_PASSWORD: {get_param: AdminPassword}
OS_BOOTSTRAP_USERNAME: 'admin'
OS_BOOTSTRAP_PROJECT_NAME: 'admin'
OS_BOOTSTRAP_ROLE_NAME: 'admin'
OS_BOOTSTRAP_SERVICE_NAME: 'keystone'
OS_BOOTSTRAP_ADMIN_URL: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
OS_BOOTSTRAP_PUBLIC_URL: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
OS_BOOTSTRAP_INTERNAL_URL: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
OS_BOOTSTRAP_REGION_ID: {get_param: KeystoneRegion}
map_merge:
- keystone_db_sync:
start_order: 1
image: &keystone_image {get_param: ContainerKeystoneImage}
net: host
user: root
privileged: false
detach: false
volumes: &keystone_volumes
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [KeystoneLogging, volumes]}
-
- /var/lib/kolla/config_files/keystone.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/keystone:/var/lib/kolla/config_files/src:ro
- if:
- internal_tls_enabled
- - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
- []
- if:
- internal_tls_enabled
- - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
- []
environment:
map_merge:
- {get_attr: [KeystoneLogging, environment]}
- KOLLA_BOOTSTRAP: true
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier}
command: ['/usr/bin/bootstrap_host_exec', 'keystone', '/usr/local/bin/kolla_start']
keystone:
start_order: 2
image: *keystone_image
net: host
privileged: false
restart: always
healthcheck:
test: /openstack/healthcheck
volumes: *keystone_volumes
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
keystone_bootstrap:
start_order: 3
action: exec
user: root
command:
[ 'keystone', '/usr/bin/bootstrap_host_exec', 'keystone' ,'keystone-manage', 'bootstrap' ]
environment:
KOLLA_BOOTSTRAP: true
OS_BOOTSTRAP_PASSWORD: {get_param: AdminPassword}
OS_BOOTSTRAP_USERNAME: 'admin'
OS_BOOTSTRAP_PROJECT_NAME: 'admin'
OS_BOOTSTRAP_ROLE_NAME: 'admin'
OS_BOOTSTRAP_SERVICE_NAME: 'keystone'
OS_BOOTSTRAP_ADMIN_URL: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
OS_BOOTSTRAP_PUBLIC_URL: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
OS_BOOTSTRAP_INTERNAL_URL: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
OS_BOOTSTRAP_REGION_ID: {get_param: KeystoneRegion}
- if:
- fast_forward_upgrade
- keystone_db_sync_stein:
start_order: 0
image: {get_param: ContainerKeystoneImageStein}
net: host
user: root
privileged: false
detach: false
volumes: *keystone_volumes
environment:
map_merge:
- {get_attr: [KeystoneLogging, environment]}
- KOLLA_BOOTSTRAP: true
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier}
# TODO FIXME: we need LP/BZ for this. Each service should provide db
# version and version provided by package so we can check if we need
# update or not.
command:
- '/bin/bash'
- '-c'
- "/bin/hiera -c /etc/puppet/hiera.yaml keystone_short_bootstrap_node_name | grep `/bin/hostname -s` && DB_VERSION=$( /usr/local/bin/kolla_set_configs && /usr/bin/keystone-manage --config-file /etc/keystone/keystone.conf db_version ) _RPM_VERSION=$(ls /usr/lib/python3.6/site-packages/keystone/common/sql/migrate_repo/versions |grep -e '[0-9]_.*.py' | cut -d '_' -f1 | sort | tail -n1) RPM_VERSION=$(expr $_RPM_VERSION + 0) && if (( $RPM_VERSION > $DB_VERSION )); then /usr/local/bin/kolla_start ; else echo DB_VERSION: $DB_VERSION RPM_VERSION: $RPM_VERSION; fi"
- {}
step_4:
# There are cases where we need to refresh keystone after the resource provisioning,
# such as the case of using LDAP backends for domains. So we trigger a graceful

61
deployment/mistral/mistral-api-container-puppet.yaml
View File

@ -4,6 +4,10 @@ description: >
OpenStack containerized Mistral API service
parameters:
ContainerMistralApiImageStein:
description: image
type: string
default: ''
ContainerMistralApiImage:
description: image
type: string
@ -76,6 +80,7 @@ parameters:
description: Keystone region for endpoint
conditions:
fast_forward_upgrade: {not: {equals: [{get_param: ContainerMistralApiImageStein},'']}}
mistral_workers_zero: {equals : [{get_param: MistralWorkers}, 0]}
cors_allowed_origin_unset: {equals : [{get_param: MistralCorsAllowedOrigin}, '']}
@ -191,22 +196,46 @@ outputs:
- /var/log/containers/mistral:/var/log/mistral:z
command: ['/bin/bash', '-c', 'chown -R mistral:mistral /var/log/mistral']
step_3:
mistral_db_sync:
start_order: 0
image: *mistral_api_image
net: host
privileged: false
detach: false
user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro
- /var/log/containers/mistral:/var/log/mistral:z
command: "/usr/bin/bootstrap_host_exec mistral_api su mistral -s /bin/bash -c 'mistral-db-manage --config-file /etc/mistral/mistral.conf --openstack_actions_mapping_path=/etc/mistral/mapping.json upgrade head'"
environment:
TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier}
map_merge:
- mistral_db_sync:
start_order: 1
image: *mistral_api_image
net: host
privileged: false
detach: false
user: root
volumes: &mistral_api_volumes
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro
- /var/log/containers/mistral:/var/log/mistral:z
command: "/usr/bin/bootstrap_host_exec mistral_api su mistral -s /bin/bash -c 'mistral-db-manage --config-file /etc/mistral/mistral.conf upgrade head'"
environment:
TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier}
- if:
- fast_forward_upgrade
- mistral_db_sync_stein:
start_order: 0
image: {get_param: ContainerMistralApiImageStein}
net: host
privileged: false
detach: false
user: root
volumes: *mistral_api_volumes
# TODO FIXME: we need LP/BZ for this. Each service should provide db
# version and version provided by package so we can check if we need
# update or not.
# Here we sadly just expect that if we can't run mistral-db-manage curent
# it means we already updated. If there is any issue with the service the
# upgrade will continue regardless...
command:
- '/bin/bash'
- '-c'
- "/bin/hiera -c /etc/puppet/hiera.yaml mistral_api_short_bootstrap_node_name | grep `/bin/hostname -s` && sudo -u mistral mistral-db-manage --config-file /etc/mistral/mistral.conf current && sudo -u mistral mistral-db-manage --config-file /etc/mistral/mistral.conf upgrade head ; exit 0"
environment:
TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier}
- {}
step_4:
mistral_api:
start_order: 15

68
deployment/neutron/neutron-api-container-puppet.yaml
View File

@ -4,6 +4,10 @@ description: >
OpenStack containerized Neutron API service
parameters:
ContainerNeutronApiImageStein:
description: image
type: string
default: ''
ContainerNeutronApiImage:
description: image
type: string
@ -178,6 +182,7 @@ parameter_groups:
- NeutronL3HA
conditions:
fast_forward_upgrade: {not: {equals: [{get_param: ContainerNeutronApiImageStein},'']}}
use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
neutron_workers_unset: {equals : [{get_param: NeutronWorkers}, '']}
neutron_rpc_workers_unset: {equals : [{get_param: NeutronRpcWorkers}, '']}
@ -449,25 +454,50 @@ outputs:
step_2:
get_attr: [NeutronLogging, docker_config, step_2]
step_3:
neutron_db_sync:
image: &neutron_api_image {get_param: ContainerNeutronApiImage}
net: host
privileged: false
detach: false
user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [NeutronLogging, volumes]}
-
- /var/lib/config-data/neutron/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/neutron/etc/neutron:/etc/neutron:ro
command: ['/usr/bin/bootstrap_host_exec', 'neutron_api', 'neutron-db-manage', 'upgrade', 'heads']
# FIXME: we should make config file permissions right
# and run as neutron user
#command: "/usr/bin/bootstrap_host_exec neutron_api su neutron -s /bin/bash -c 'neutron-db-manage upgrade heads'"
environment:
TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier}
map_merge:
- neutron_db_sync:
start_order: 1
image: &neutron_api_image {get_param: ContainerNeutronApiImage}
net: host
privileged: false
detach: false
user: root
volumes: &neutron_api_volumes
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [NeutronLogging, volumes]}
-
- /var/lib/config-data/neutron/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/neutron/etc/neutron:/etc/neutron:ro
command: ['/usr/bin/bootstrap_host_exec', 'neutron_api', 'neutron-db-manage', 'upgrade', 'heads']
# FIXME: we should make config file permissions right
# and run as neutron user
#command: "/usr/bin/bootstrap_host_exec neutron_api su neutron -s /bin/bash -c 'neutron-db-manage upgrade heads'"
environment:
TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier}
- if:
- fast_forward_upgrade
- neutron_db_sync_stein:
start_order: 0
image: &neutron_api_image_stein {get_param: ContainerNeutronApiImageStein}
net: host
privileged: false
detach: false
user: root
volumes: *neutron_api_volumes
# TODO FIXME: we need LP/BZ for this. Each service should provide db
# version and version provided by package so we can check if we need
# update or not.
# Here we sadly just expect that if we can't run neutron-db-manage curent
# it means we already updated. If there is any issue with the service the
# upgrade will continue regardless...
command:
- '/bin/bash'
- '-c'
- "/bin/hiera -c /etc/puppet/hiera.yaml neutron_api_short_bootstrap_node_name | grep `/bin/hostname -s` && neutron-db-manage --subproject neutron current && neutron-db-manage upgrade heads ; exit 0 "
environment:
TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier}
- {}
step_4:
map_merge:
- neutron_api:

151
deployment/nova/nova-api-container-puppet.yaml
View File

@ -4,6 +4,10 @@ description: >
OpenStack containerized Nova API service
parameters:
ContainerNovaApiImageStein:
description: image
type: string
default: ''
ContainerNovaApiImage:
description: image
type: string
@ -104,6 +108,7 @@ parameters:
conditions:
fast_forward_upgrade: {not: {equals: [{get_param: ContainerNovaApiImageStein},'']}}
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
mysql_ipv6_use_ip_address:
@ -341,64 +346,94 @@ outputs:
step_2:
get_attr: [NovaApiLogging, docker_config, step_2]
step_3:
nova_api_db_sync:
start_order: 0 # Runs before nova-conductor dbsync
image: &nova_api_image {get_param: ContainerNovaApiImage}
net: host
detach: false
user: root
volumes: &nova_api_bootstrap_volumes
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [NovaApiLogging, volumes]}
-
- /var/lib/config-data/nova/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro
command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage api_db sync'"
environment:
TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier}
nova_api_map_cell0:
start_order: 1 # Runs before nova-conductor dbsync
image: *nova_api_image
net: host
detach: false
user: root
volumes: *nova_api_bootstrap_volumes
command:
str_replace:
template: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 map_cell0 --database_connection=\"CELL0DB\"'"
params:
CELL0DB:
list_join:
- ''
- - '{scheme}'
- '://'
- '{username}'
- ':'
- '{password}'
- '@'
-
if:
- mysql_ipv6_use_ip_address
- '[{hostname}]'
- '{hostname}'
- '/'
- 'nova_cell0'
- '?'
- '{query}'
nova_api_ensure_default_cell:
start_order: 2 # Runs before nova-conductor dbsync
image: *nova_api_image
net: host
detach: false
volumes:
list_concat:
- *nova_api_bootstrap_volumes
-
- /var/lib/config-data/puppet-generated/nova:/var/lib/kolla/config_files/src:ro
- /var/lib/container-config-scripts/nova_api_ensure_default_cell.sh:/nova_api_ensure_default_cell.sh:ro
user: root
command: "/usr/bin/bootstrap_host_exec nova_api /nova_api_ensure_default_cell.sh"
map_merge:
- nova_api_db_sync:
start_order: 3 # Runs before nova-conductor dbsync
image: &nova_api_image {get_param: ContainerNovaApiImage}
net: host
detach: false
user: root
volumes: &nova_api_bootstrap_volumes
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [NovaApiLogging, volumes]}
-
- /var/lib/config-data/nova/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro
command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage api_db sync'"
environment:
TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier}
nova_api_map_cell0:
start_order: 4 # Runs before nova-conductor dbsync
image: *nova_api_image
net: host
detach: false
user: root
volumes: *nova_api_bootstrap_volumes
command:
str_replace:
template: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 map_cell0 --database_connection=\"CELL0DB\"'"
params:
CELL0DB:
list_join:
- ''
- - '{scheme}'
- '://'
- '{username}'
- ':'
- '{password}'
- '@'
-
if:
- mysql_ipv6_use_ip_address
- '[{hostname}]'
- '{hostname}'
- '/'
- 'nova_cell0'
- '?'
- '{query}'
nova_api_ensure_default_cell:
start_order: 5 # Runs before nova-conductor dbsync
image: *nova_api_image
net: host
detach: false
volumes:
list_concat:
- *nova_api_bootstrap_volumes
-
- /var/lib/config-data/puppet-generated/nova:/var/lib/kolla/config_files/src:ro
- /var/lib/container-config-scripts/nova_api_ensure_default_cell.sh:/nova_api_ensure_default_cell.sh:ro
user: root
command: "/usr/bin/bootstrap_host_exec nova_api /nova_api_ensure_default_cell.sh"
- if:
- fast_forward_upgrade
- nova_api_db_sync_stein:
start_order: 0 # Runs before nova-conductor dbsync Stein
image: &nova_api_image_stein {get_param: ContainerNovaApiImageStein}
net: host
detach: false
user: root
volumes: *nova_api_bootstrap_volumes
# TODO FIXME: we need LP/BZ for this. Each service should provide db
# version and version provided by package so we can check if we need
# update or not.
command:
- '/bin/bash'
- '-c'
- "/bin/hiera -c /etc/puppet/hiera.yaml nova_api_short_bootstrap_node_name | grep `/bin/hostname -s` && DB_VERSION=$( sudo -u nova /usr/bin/nova-manage api_db version ) _RPM_VERSION=$(ls /usr/lib/python3.6/site-packages/nova/db/sqlalchemy/api_migrations/migrate_repo/versions |grep -e '[0-9]_.*.py' | cut -d '_' -f1 | sort | tail -n1) RPM_VERSION=$(expr $_RPM_VERSION + 0) && if (( $RPM_VERSION >= $DB_VERSION )); then sudo -u nova /usr/bin/nova-manage api_db sync; else echo DB_VERSION: $DB_VERSION RPM_VERSION: $RPM_VERSION; fi"
environment:
TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier}
nova_api_online_data_migrations_stein:
start_order: 2 # Runs after nova-conductor dbsync Stein
image: *nova_api_image_stein
net: host
detach: false
user: root
volumes: *nova_api_bootstrap_volumes
command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage db online_data_migrations'"
environment:
TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier}
- {}
step_4:
nova_api:
start_order: 2

57
deployment/nova/nova-conductor-container-puppet.yaml
View File

@ -4,6 +4,10 @@ description: >
OpenStack containerized Nova Conductor service
parameters:
ContainerNovaConductorImageStein:
description: image
type: string
default: ''
ContainerNovaConductorImage:
description: image
type: string
@ -66,6 +70,7 @@ parameters:
- role_specific
conditions:
fast_forward_upgrade: {not: {equals: [{get_param: ContainerNovaConductorImageStein},'']}}
nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]}
resources:
@ -164,22 +169,42 @@ outputs:
step_2:
get_attr: [NovaLogging, docker_config, step_2]
step_3:
nova_db_sync:
image: &nova_conductor_image {get_param: ContainerNovaConductorImage}
start_order: 3 # Runs after nova-api tasks if installed on this host
net: host
detach: false
volumes: &nova_conductor_bootstrap_volumes
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [NovaLogging, volumes]}
-
- /var/lib/config-data/nova/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro
user: root
command: "/usr/bin/bootstrap_host_exec nova_conductor su nova -s /bin/bash -c '/usr/bin/nova-manage db sync'"
environment:
TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier}
map_merge:
- nova_db_sync:
image: &nova_conductor_image {get_param: ContainerNovaConductorImage}
start_order: 6 # Runs after nova-api tasks if installed on this host
net: host
detach: false
volumes: &nova_conductor_bootstrap_volumes
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [NovaLogging, volumes]}
-
- /var/lib/config-data/nova/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro
user: root
command: "/usr/bin/bootstrap_host_exec nova_conductor su nova -s /bin/bash -c '/usr/bin/nova-manage db sync'"
environment:
TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier}
- if:
- fast_forward_upgrade
- nova_db_sync_stein:
image: {get_param: ContainerNovaConductorImageStein}
start_order: 1 # Runs after nova-api db sync Stein
net: host
detach: false
volumes: *nova_conductor_bootstrap_volumes
user: root
# TODO FIXME: we need LP/BZ for this. Each service should provide db
# version and version provided by package so we can check if we need
# update or not.
command:
- '/bin/bash'
- '-c'
- "/bin/hiera -c /etc/puppet/hiera.yaml nova_conductor_short_bootstrap_node_name | grep `/bin/hostname -s` && DB_VERSION=$( sudo -u nova /usr/bin/nova-manage db version ) _RPM_VERSION=$(ls /usr/lib/python3.6/site-packages/nova/db/sqlalchemy/migrate_repo/versions | grep -e '[0-9]_.*.py' | cut -d '_' -f1 | sort | tail -n1) RPM_VERSION=$(expr $_RPM_VERSION + 0) && if (( $RPM_VERSION >= $DB_VERSION )); then sudo -u nova /usr/bin/nova-manage db sync; else echo DB_VERSION: $DB_VERSION RPM_VERSION: $RPM_VERSION; fi"
environment:
TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier}
- {}
step_4:
nova_conductor:
image: *nova_conductor_image

4
deployment/placement/placement-api-container-puppet.yaml
View File

@ -215,7 +215,7 @@ outputs:
get_attr: [PlacementLogging, docker_config, step_2]
step_3:
placement_api_db_extract_data_from_nova_api:
start_order: 0
start_order: 3
image: &placement_api_image {get_param: ContainerPlacementImage}
net: host
detach: false
@ -247,7 +247,7 @@ outputs:
# 6: Unable to execute placement's CLI commands
command: "/usr/bin/bootstrap_host_exec placement su placement -s /bin/bash -c 'cd /tmp && /usr/share/placement/mysql-migrate-db.sh --migrate -; ret=$?; if [ $ret -ne 0 ] && [ $ret -ne 3 ] && [ $ret -ne 4 ] && [ $ret -ne 5 ]; then exit $ret; else exit 0; fi'"
placement_api_db_sync:
start_order: 1
start_order: 4
image: *placement_api_image
net: host
detach: false

19
deployment/swift/swift-storage-container-puppet.yaml
View File

@ -302,10 +302,8 @@ outputs:
preserve_properties: true
docker_config:
step_3:
# The puppet config sets this up but we don't have a way to mount the named
# volume during the configuration stage. We just need to create this
# directory and make sure it's owned by swift.
swift_setup_srv:
start_order: 1
image: &swift_account_image {get_param: ContainerSwiftAccountImage}
net: none
user: root
@ -314,6 +312,7 @@ outputs:
- /srv/node:/srv/node:z
# FIXME (cschwede): remove this once the pid file setting is disabled
swift_rsync_fix:
start_order: 1
image: {get_param: ContainerSwiftObjectImage}
net: host
user: root
@ -604,6 +603,20 @@ outputs:
- name: Set swift_use_local_disks fact
set_fact:
swift_use_local_disks: {get_param: SwiftUseLocalDir}
- name: Move deprecated UC Swift storage directory if it exists
shell: |
set -o pipefail
EXIT_CODE=0
if [ -d /srv/node/1 ]; then
mv /srv/node/1 /srv/node/d1
EXIT_CODE=2
fi
exit ${EXIT_CODE}
args:
executable: /bin/bash
register: _move_dir
changed_when: _move_dir.rc == 2
failed_when: _move_dir.rc not in [0,2]
- name: Create Swift d1 directory if needed
file:
path: "/srv/node/d1"

52
deployment/tripleo-packages/tripleo-packages-baremetal-puppet.yaml
View File

@ -114,16 +114,44 @@ outputs:
- system_upgrade_prepare
when: step|int == 3
block:
- name: remove all OpenStack packages
- name: Hack around broken ceph-common rpm removing /etc/ceph /var/lib/ceph
ignore_errors: true
shell: |
yum -y remove *el7ost* -- \
-*openvswitch* \
-python2-babel \
-python2-dateutil \
-python2-ipaddress \
-python2-jinja2 \
-python2-markupsafe \
-python2-six
rpm -e --nodeps --noscripts ceph-common
- name: remove all OpenStack packages
shell: >-
yum -y remove
*el7ost*
galera*
haproxy*
httpd
kernel-devel
mysql*
pacemaker*
python-jsonpointer
qemu-kvm-common-rhev
qemu-img-rhev
rabbit*
redis*
--
-*openvswitch*
-python-docker
-python-PyMySQL
-python-pysocks
-python2-asn1crypto
-python2-babel
-python2-cffi
-python2-cryptography
-python2-dateutil
-python2-idna
-python2-ipaddress
-python2-jinja2
-python2-jsonpatch
-python2-markupsafe
-python2-pyOpenSSL
-python2-requests
-python2-six
-python2-urllib3
when: upgrade_leapp_enabled
- name: install leapp
package:
@ -138,6 +166,10 @@ outputs:
- system_upgrade_prepare
when: step|int == 4
block:
- name: set leapp options
shell: >
leapp answer --section remove_pam_pkcs11_module_check.confirm=True --add
when: upgrade_leapp_enabled
- name: run leapp upgrade (download packages)
shell: >
{% if upgrade_leapp_devel_skip|default(false) %}{{ upgrade_leapp_devel_skip }}{% endif %}
@ -165,6 +197,8 @@ outputs:
meta: clear_facts
- name: Force facts refresh after OS upgrade to refresh cache.
setup:
- name: Set the python to python3
shell: alternatives --set python /usr/bin/python3
- name: Package and repo update tasks
when: step|int == 0

4
deployment/zaqar/zaqar-container-puppet.yaml
View File

@ -4,6 +4,10 @@ description: >
OpenStack containerized Zaqar services
parameters:
ContainerZaqarImageStein:
description: image
type: string
default: ''
ContainerZaqarImage:
description: image
type: string

1
environments/lifecycle/ffwd-upgrade-converge.yaml
View File

@ -7,3 +7,4 @@ parameter_defaults:
UpgradeInitCommand: ''
StackUpdateType: ''
NetworkDeploymentActions: ['CREATE']
FastForwardUpgrade: false

2
environments/lifecycle/ffwd-upgrade-prepare.yaml
View File

@ -2,6 +2,7 @@
# This file is required by the tripleoclient and not expected to be updated
# by the operator. Please use additional -e env.yaml.
resource_registry:
OS::TripleO::Ssh::HostPubKey: OS::Heat::None
OS::TripleO::Services::Core: OS::Heat::None
OS::TripleO::Services::VipHosts: OS::Heat::None
OS::TripleO::Services::MongoDb: OS::Heat::None
@ -9,3 +10,4 @@ resource_registry:
parameter_defaults:
StackUpdateType: FASTFORWARDUPGRADE
NetworkDeploymentActions: ['CREATE','UPDATE']
FastForwardUpgrade: true