Server blacklist support

Adds the ability to blacklist servers from all SoftwareDeployment
resources. The servers are specified in a new list parameter,
DeploymentServerBlacklist by the Heat assigned name
(overcloud-compute-0, etc).

implements blueprint disable-deployments

Change-Id: I46941e54a476c7cc8645cd1aff391c9c6c5434de
This commit is contained in:
James Slagle 2017-05-12 15:04:23 -04:00
parent b344f5994f
commit e3c8803295
8 changed files with 166 additions and 8 deletions

View File

@ -197,6 +197,12 @@ parameters:
description: >
Set to true to append per network Vips to /etc/hosts on each node.
DeploymentServerBlacklist:
default: []
type: comma_delimited_list
description: >
List of server hostnames to blacklist from any triggered deployments.
conditions:
add_vips_to_etc_hosts: {equals : [{get_param: AddVipsToEtcHosts}, True]}
@ -318,14 +324,14 @@ resources:
properties:
name: {{role.name}}HostsDeployment
config: {get_attr: [hostsConfig, config_id]}
servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
servers: {get_attr: [{{role.name}}Servers, value]}
{{role.name}}SshKnownHostsDeployment:
type: OS::Heat::StructuredDeployments
properties:
name: {{role.name}}SshKnownHostsDeployment
config: {get_resource: SshKnownHostsConfig}
servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
servers: {get_attr: [{{role.name}}Servers, value]}
{{role.name}}AllNodesDeployment:
type: OS::Heat::StructuredDeployments
@ -336,7 +342,7 @@ resources:
properties:
name: {{role.name}}AllNodesDeployment
config: {get_attr: [allNodesConfig, config_id]}
servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
servers: {get_attr: [{{role.name}}Servers, value]}
input_values:
# Note we have to use yaql to look up the first hostname/ip in the
# list because heat path based attributes operate on the attribute
@ -358,7 +364,7 @@ resources:
properties:
name: {{role.name}}AllNodesValidationDeployment
config: {get_resource: AllNodesValidationConfig}
servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
servers: {get_attr: [{{role.name}}Servers, value]}
{{role.name}}IpListMap:
type: OS::TripleO::Network::Ports::NetIpListMap
@ -439,8 +445,39 @@ resources:
ServiceNames: {get_attr: [{{role.name}}ServiceNames, value]}
MonitoringSubscriptions: {get_attr: [{{role.name}}ServiceChainRoleData, value, monitoring_subscriptions]}
ServiceMetadataSettings: {get_attr: [{{role.name}}ServiceChainRoleData, value, service_metadata_settings]}
DeploymentServerBlacklistDict: {get_attr: [DeploymentServerBlacklistDict, value]}
{% endfor %}
{% for role in roles %}
{{role.name}}Servers:
type: OS::Heat::Value
depends_on: {{role.name}}
properties:
type: json
value:
yaql:
expression: let(servers=>switch(isDict($.data.servers) => $.data.servers, true => {})) -> $servers.deleteAll($servers.keys().where($servers[$] = null))
data:
servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
{% endfor %}
# This resource just creates a dict out of the DeploymentServerBlacklist,
# which is a list. The dict is used in the role templates to set a condition
# on whether to create the deployment resources. We can't use the list
# directly because there is no way to ask Heat if a list contains a specific
# value.
DeploymentServerBlacklistDict:
type: OS::Heat::Value
properties:
type: json
value:
map_merge:
repeat:
template:
hostname: 1
for_each:
hostname: {get_param: DeploymentServerBlacklist}
hostsConfig:
type: OS::TripleO::Hosts::SoftwareConfig
properties:
@ -663,7 +700,7 @@ resources:
properties:
servers:
{% for role in roles %}
{{role.name}}: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
{{role.name}}: {get_attr: [{{role.name}}Servers, value]}
{% endfor %}
input_values:
deploy_identifier: {get_param: DeployIdentifier}
@ -681,7 +718,7 @@ resources:
properties:
servers:
{% for role in roles %}
{{role.name}}: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
{{role.name}}: {get_attr: [{{role.name}}Servers, value]}
{% endfor %}
# Post deployment steps for all roles
@ -695,7 +732,7 @@ resources:
properties:
servers:
{% for role in roles %}
{{role.name}}: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
{{role.name}}: {get_attr: [{{role.name}}Servers, value]}
{% endfor %}
EndpointMap: {get_attr: [EndpointMap, endpoint_map]}
role_data:

View File

@ -132,6 +132,20 @@ parameters:
major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
environment files.
default: ''
DeploymentServerBlacklistDict:
default: {}
type: json
description: >
Map of server hostnames to blacklist from any triggered
deployments. If the value is 1, the server will be blacklisted. This
parameter is generated from the parent template.
conditions:
server_not_blacklisted:
not:
equals:
- {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
- 1
resources:
BlockStorage:
@ -362,6 +376,7 @@ resources:
NetworkDeployment:
type: OS::TripleO::SoftwareDeployment
depends_on: PreNetworkConfig
condition: server_not_blacklisted
properties:
name: NetworkDeployment
config: {get_resource: NetworkConfig}
@ -385,6 +400,7 @@ resources:
BlockStorageUpgradeInitDeployment:
type: OS::Heat::SoftwareDeployment
depends_on: NetworkDeployment
condition: server_not_blacklisted
properties:
name: BlockStorageUpgradeInitDeployment
server: {get_resource: BlockStorage}
@ -393,6 +409,7 @@ resources:
BlockStorageDeployment:
type: OS::Heat::StructuredDeployment
depends_on: BlockStorageUpgradeInitDeployment
condition: server_not_blacklisted
properties:
name: BlockStorageDeployment
server: {get_resource: BlockStorage}
@ -459,6 +476,7 @@ resources:
UpdateDeployment:
type: OS::Heat::SoftwareDeployment
depends_on: NetworkDeployment
condition: server_not_blacklisted
properties:
name: UpdateDeployment
config: {get_resource: UpdateConfig}
@ -555,6 +573,7 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
description: Heat resource handle for the block storage server
value:
{get_resource: BlockStorage}
condition: server_not_blacklisted
external_ip_address:
description: IP address of the server in the external network
value: {get_attr: [ExternalPort, ip_address]}

View File

@ -138,6 +138,20 @@ parameters:
major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
environment files.
default: ''
DeploymentServerBlacklistDict:
default: {}
type: json
description: >
Map of server hostnames to blacklist from any triggered
deployments. If the value is 1, the server will be blacklisted. This
parameter is generated from the parent template.
conditions:
server_not_blacklisted:
not:
equals:
- {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
- 1
resources:
CephStorage:
@ -368,6 +382,7 @@ resources:
NetworkDeployment:
type: OS::TripleO::SoftwareDeployment
depends_on: PreNetworkConfig
condition: server_not_blacklisted
properties:
name: NetworkDeployment
config: {get_resource: NetworkConfig}
@ -391,6 +406,7 @@ resources:
CephStorageUpgradeInitDeployment:
type: OS::Heat::SoftwareDeployment
depends_on: NetworkDeployment
condition: server_not_blacklisted
properties:
name: CephStorageUpgradeInitDeployment
server: {get_resource: CephStorage}
@ -399,6 +415,7 @@ resources:
CephStorageDeployment:
type: OS::Heat::StructuredDeployment
depends_on: CephStorageUpgradeInitDeployment
condition: server_not_blacklisted
properties:
name: CephStorageDeployment
config: {get_resource: CephStorageConfig}
@ -471,6 +488,7 @@ resources:
UpdateDeployment:
type: OS::Heat::SoftwareDeployment
depends_on: NetworkDeployment
condition: server_not_blacklisted
properties:
config: {get_resource: UpdateConfig}
server: {get_resource: CephStorage}
@ -566,6 +584,7 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
description: Heat resource handle for the ceph storage server
value:
{get_resource: CephStorage}
condition: server_not_blacklisted
external_ip_address:
description: IP address of the server in the external network
value: {get_attr: [ExternalPort, ip_address]}

View File

@ -150,6 +150,20 @@ parameters:
major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
environment files.
default: ''
DeploymentServerBlacklistDict:
default: {}
type: json
description: >
Map of server hostnames to blacklist from any triggered
deployments. If the value is 1, the server will be blacklisted. This
parameter is generated from the parent template.
conditions:
server_not_blacklisted:
not:
equals:
- {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
- 1
resources:
@ -382,6 +396,7 @@ resources:
NetworkDeployment:
type: OS::TripleO::SoftwareDeployment
depends_on: PreNetworkConfig
condition: server_not_blacklisted
properties:
name: NetworkDeployment
config: {get_resource: NetworkConfig}
@ -408,6 +423,7 @@ resources:
NovaComputeUpgradeInitDeployment:
type: OS::Heat::SoftwareDeployment
depends_on: NetworkDeployment
condition: server_not_blacklisted
properties:
name: NovaComputeUpgradeInitDeployment
server: {get_resource: NovaCompute}
@ -459,6 +475,7 @@ resources:
NovaComputeDeployment:
type: OS::TripleO::SoftwareDeployment
depends_on: NovaComputeUpgradeInitDeployment
condition: server_not_blacklisted
properties:
name: NovaComputeDeployment
config: {get_resource: NovaComputeConfig}
@ -494,6 +511,7 @@ resources:
UpdateDeployment:
type: OS::Heat::SoftwareDeployment
depends_on: NetworkDeployment
condition: server_not_blacklisted
properties:
name: UpdateDeployment
config: {get_resource: UpdateConfig}
@ -609,4 +627,5 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
nova_server_resource:
description: Heat resource handle for the Nova compute server
value:
{get_resource: NovaCompute}
{get_resource: NovaCompute}
condition: server_not_blacklisted

View File

@ -164,6 +164,13 @@ parameters:
major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
environment files.
default: ''
DeploymentServerBlacklistDict:
default: {}
type: json
description: >
Map of server hostnames to blacklist from any triggered
deployments. If the value is 1, the server will be blacklisted. This
parameter is generated from the parent template.
parameter_groups:
- label: deprecated
@ -171,6 +178,14 @@ parameter_groups:
parameters:
- controllerExtraConfig
conditions:
server_not_blacklisted:
not:
equals:
- {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
- 1
resources:
Controller:
@ -400,6 +415,7 @@ resources:
NetworkDeployment:
type: OS::TripleO::SoftwareDeployment
condition: server_not_blacklisted
depends_on: PreNetworkConfig
properties:
name: NetworkDeployment
@ -441,6 +457,7 @@ resources:
# but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first
ControllerUpgradeInitDeployment:
type: OS::Heat::SoftwareDeployment
condition: server_not_blacklisted
depends_on: NetworkDeployment
properties:
name: ControllerUpgradeInitDeployment
@ -449,6 +466,7 @@ resources:
ControllerDeployment:
type: OS::TripleO::SoftwareDeployment
condition: server_not_blacklisted
depends_on: ControllerUpgradeInitDeployment
properties:
name: ControllerDeployment
@ -532,6 +550,7 @@ resources:
UpdateDeployment:
type: OS::Heat::SoftwareDeployment
condition: server_not_blacklisted
depends_on: NetworkDeployment
properties:
name: UpdateDeployment
@ -649,6 +668,7 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
description: Heat resource handle for the Nova compute server
value:
{get_resource: Controller}
condition: server_not_blacklisted
tls_key_modulus_md5:
description: MD5 checksum of the TLS Key Modulus
value: {get_attr: [NodeTLSData, key_modulus_md5]}

View File

@ -132,6 +132,20 @@ parameters:
major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
environment files.
default: ''
DeploymentServerBlacklistDict:
default: {}
type: json
description: >
Map of server hostnames to blacklist from any triggered
deployments. If the value is 1, the server will be blacklisted. This
parameter is generated from the parent template.
conditions:
server_not_blacklisted:
not:
equals:
- {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
- 1
resources:
@ -362,6 +376,7 @@ resources:
NetworkDeployment:
type: OS::TripleO::SoftwareDeployment
depends_on: PreNetworkConfig
condition: server_not_blacklisted
properties:
name: NetworkDeployment
config: {get_resource: NetworkConfig}
@ -385,6 +400,7 @@ resources:
SwiftStorageUpgradeInitDeployment:
type: OS::Heat::SoftwareDeployment
depends_on: NetworkDeployment
condition: server_not_blacklisted
properties:
name: SwiftStorageUpgradeInitDeployment
server: {get_resource: SwiftStorage}
@ -430,6 +446,7 @@ resources:
SwiftStorageHieraDeploy:
type: OS::Heat::StructuredDeployment
depends_on: SwiftStorageUpgradeInitDeployment
condition: server_not_blacklisted
properties:
name: SwiftStorageHieraDeploy
server: {get_resource: SwiftStorage}
@ -458,6 +475,7 @@ resources:
UpdateDeployment:
type: OS::Heat::SoftwareDeployment
depends_on: NetworkDeployment
condition: server_not_blacklisted
properties:
config: {get_resource: UpdateConfig}
server: {get_resource: SwiftStorage}
@ -553,6 +571,7 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
description: Heat resource handle for the swift storage server
value:
{get_resource: SwiftStorage}
condition: server_not_blacklisted
external_ip_address:
description: IP address of the server in the external network
value: {get_attr: [ExternalPort, ip_address]}

View File

@ -154,6 +154,20 @@ parameters:
major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
environment files.
default: ''
DeploymentServerBlacklistDict:
default: {}
type: json
description: >
Map of server hostnames to blacklist from any triggered
deployments. If the value is 1, the server will be blacklisted. This
parameter is generated from the parent template.
conditions:
server_not_blacklisted:
not:
equals:
- {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
- 1
resources:
{{role}}:
@ -384,6 +398,7 @@ resources:
NetworkDeployment:
type: OS::TripleO::SoftwareDeployment
depends_on: PreNetworkConfig
condition: server_not_blacklisted
properties:
name: NetworkDeployment
config: {get_resource: NetworkConfig}
@ -410,6 +425,7 @@ resources:
{{role}}UpgradeInitDeployment:
type: OS::Heat::SoftwareDeployment
depends_on: NetworkDeployment
condition: server_not_blacklisted
properties:
name: {{role}}UpgradeInitDeployment
server: {get_resource: {{role}}}
@ -418,6 +434,7 @@ resources:
{{role}}Deployment:
type: OS::Heat::StructuredDeployment
depends_on: {{role}}UpgradeInitDeployment
condition: server_not_blacklisted
properties:
name: {{role}}Deployment
config: {get_resource: {{role}}Config}
@ -492,6 +509,7 @@ resources:
UpdateDeployment:
type: OS::Heat::SoftwareDeployment
depends_on: NetworkDeployment
condition: server_not_blacklisted
properties:
name: UpdateDeployment
config: {get_resource: UpdateConfig}
@ -588,6 +606,7 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
description: Heat resource handle for {{role}} server
value:
{get_resource: {{role}}}
condition: server_not_blacklisted
external_ip_address:
description: IP address of the server in the external network
value: {get_attr: [ExternalPort, ip_address]}

View File

@ -0,0 +1,6 @@
---
features:
- Added the ability to blacklist servers by name from being
associated with any Heat triggered SoftwareDeployment
resources. The servers are specified in the new
DeploymentServerBlacklist parameter.