Server blacklist support

Adds the ability to blacklist servers from all SoftwareDeployment resources. The servers are specified in a new list parameter, DeploymentServerBlacklist by the Heat assigned name (overcloud-compute-0, etc). implements blueprint disable-deployments Change-Id: I46941e54a476c7cc8645cd1aff391c9c6c5434de
2017-05-12 15:04:23 -04:00 · 2017-05-12 15:04:23 -04:00 · e3c8803295
commit e3c8803295
parent b344f5994f
8 changed files with 166 additions and 8 deletions
--- a/overcloud.j2.yaml
+++ b/overcloud.j2.yaml
@ -197,6 +197,12 @@ parameters:
    description: >
      Set to true to append per network Vips to /etc/hosts on each node.

+  DeploymentServerBlacklist:
+    default: []
+    type: comma_delimited_list
+    description: >
+      List of server hostnames to blacklist from any triggered deployments.
+
 conditions:
  add_vips_to_etc_hosts: {equals : [{get_param: AddVipsToEtcHosts}, True]}

@ -318,14 +324,14 @@ resources:
    properties:
      name: {{role.name}}HostsDeployment
      config: {get_attr: [hostsConfig, config_id]}
-      servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
+      servers: {get_attr: [{{role.name}}Servers, value]}

  {{role.name}}SshKnownHostsDeployment:
    type: OS::Heat::StructuredDeployments
    properties:
      name: {{role.name}}SshKnownHostsDeployment
      config: {get_resource: SshKnownHostsConfig}
-      servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
+      servers: {get_attr: [{{role.name}}Servers, value]}

  {{role.name}}AllNodesDeployment:
    type: OS::Heat::StructuredDeployments
@ -336,7 +342,7 @@ resources:
    properties:
      name: {{role.name}}AllNodesDeployment
      config: {get_attr: [allNodesConfig, config_id]}
-      servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
+      servers: {get_attr: [{{role.name}}Servers, value]}
      input_values:
        # Note we have to use yaql to look up the first hostname/ip in the
        # list because heat path based attributes operate on the attribute
@ -358,7 +364,7 @@ resources:
    properties:
      name: {{role.name}}AllNodesValidationDeployment
      config: {get_resource: AllNodesValidationConfig}
-      servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
+      servers: {get_attr: [{{role.name}}Servers, value]}

  {{role.name}}IpListMap:
    type: OS::TripleO::Network::Ports::NetIpListMap
@ -439,8 +445,39 @@ resources:
          ServiceNames: {get_attr: [{{role.name}}ServiceNames, value]}
          MonitoringSubscriptions: {get_attr: [{{role.name}}ServiceChainRoleData, value, monitoring_subscriptions]}
          ServiceMetadataSettings: {get_attr: [{{role.name}}ServiceChainRoleData, value, service_metadata_settings]}
+          DeploymentServerBlacklistDict: {get_attr: [DeploymentServerBlacklistDict, value]}
 {% endfor %}

+{% for role in roles %}
+  {{role.name}}Servers:
+    type: OS::Heat::Value
+    depends_on: {{role.name}}
+    properties:
+      type: json
+      value:
+        yaql:
+          expression: let(servers=>switch(isDict($.data.servers) => $.data.servers, true => {})) -> $servers.deleteAll($servers.keys().where($servers[$] = null))
+          data:
+            servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
+{% endfor %}
+
+  # This resource just creates a dict out of the DeploymentServerBlacklist,
+  # which is a list. The dict is used in the role templates to set a condition
+  # on whether to create the deployment resources. We can't use the list
+  # directly because there is no way to ask Heat if a list contains a specific
+  # value.
+  DeploymentServerBlacklistDict:
+    type: OS::Heat::Value
+    properties:
+      type: json
+      value:
+        map_merge:
+          repeat:
+            template:
+              hostname: 1
+            for_each:
+              hostname: {get_param: DeploymentServerBlacklist}
+
  hostsConfig:
    type: OS::TripleO::Hosts::SoftwareConfig
    properties:
@ -663,7 +700,7 @@ resources:
    properties:
      servers:
 {% for role in roles %}
-        {{role.name}}: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
+        {{role.name}}: {get_attr: [{{role.name}}Servers, value]}
 {% endfor %}
      input_values:
        deploy_identifier: {get_param: DeployIdentifier}
@ -681,7 +718,7 @@ resources:
    properties:
      servers:
 {% for role in roles %}
-        {{role.name}}: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
+        {{role.name}}: {get_attr: [{{role.name}}Servers, value]}
 {% endfor %}

  # Post deployment steps for all roles
@ -695,7 +732,7 @@ resources:
    properties:
      servers:
 {% for role in roles %}
-        {{role.name}}: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
+        {{role.name}}: {get_attr: [{{role.name}}Servers, value]}
 {% endfor %}
      EndpointMap: {get_attr: [EndpointMap, endpoint_map]}
      role_data:
--- a/puppet/blockstorage-role.yaml
+++ b/puppet/blockstorage-role.yaml
@ -132,6 +132,20 @@ parameters:
      major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
      environment files.
    default: ''
+  DeploymentServerBlacklistDict:
+    default: {}
+    type: json
+    description: >
+      Map of server hostnames to blacklist from any triggered
+      deployments. If the value is 1, the server will be blacklisted. This
+      parameter is generated from the parent template.
+
+conditions:
+  server_not_blacklisted:
+    not:
+      equals:
+        - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
+        - 1

 resources:
  BlockStorage:
@ -362,6 +376,7 @@ resources:
  NetworkDeployment:
    type: OS::TripleO::SoftwareDeployment
    depends_on: PreNetworkConfig
+    condition: server_not_blacklisted
    properties:
      name: NetworkDeployment
      config: {get_resource: NetworkConfig}
@ -385,6 +400,7 @@ resources:
  BlockStorageUpgradeInitDeployment:
    type: OS::Heat::SoftwareDeployment
    depends_on: NetworkDeployment
+    condition: server_not_blacklisted
    properties:
      name: BlockStorageUpgradeInitDeployment
      server: {get_resource: BlockStorage}
@ -393,6 +409,7 @@ resources:
  BlockStorageDeployment:
    type: OS::Heat::StructuredDeployment
    depends_on: BlockStorageUpgradeInitDeployment
+    condition: server_not_blacklisted
    properties:
      name: BlockStorageDeployment
      server: {get_resource: BlockStorage}
@ -459,6 +476,7 @@ resources:
  UpdateDeployment:
    type: OS::Heat::SoftwareDeployment
    depends_on: NetworkDeployment
+    condition: server_not_blacklisted
    properties:
      name: UpdateDeployment
      config: {get_resource: UpdateConfig}
@ -555,6 +573,7 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
    description: Heat resource handle for the block storage server
    value:
      {get_resource: BlockStorage}
+    condition: server_not_blacklisted
  external_ip_address:
    description: IP address of the server in the external network
    value: {get_attr: [ExternalPort, ip_address]}
--- a/puppet/cephstorage-role.yaml
+++ b/puppet/cephstorage-role.yaml
@ -138,6 +138,20 @@ parameters:
      major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
      environment files.
    default: ''
+  DeploymentServerBlacklistDict:
+    default: {}
+    type: json
+    description: >
+      Map of server hostnames to blacklist from any triggered
+      deployments. If the value is 1, the server will be blacklisted. This
+      parameter is generated from the parent template.
+
+conditions:
+  server_not_blacklisted:
+    not:
+      equals:
+        - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
+        - 1

 resources:
  CephStorage:
@ -368,6 +382,7 @@ resources:
  NetworkDeployment:
    type: OS::TripleO::SoftwareDeployment
    depends_on: PreNetworkConfig
+    condition: server_not_blacklisted
    properties:
      name: NetworkDeployment
      config: {get_resource: NetworkConfig}
@ -391,6 +406,7 @@ resources:
  CephStorageUpgradeInitDeployment:
    type: OS::Heat::SoftwareDeployment
    depends_on: NetworkDeployment
+    condition: server_not_blacklisted
    properties:
      name: CephStorageUpgradeInitDeployment
      server: {get_resource: CephStorage}
@ -399,6 +415,7 @@ resources:
  CephStorageDeployment:
    type: OS::Heat::StructuredDeployment
    depends_on: CephStorageUpgradeInitDeployment
+    condition: server_not_blacklisted
    properties:
      name: CephStorageDeployment
      config: {get_resource: CephStorageConfig}
@ -471,6 +488,7 @@ resources:
  UpdateDeployment:
    type: OS::Heat::SoftwareDeployment
    depends_on: NetworkDeployment
+    condition: server_not_blacklisted
    properties:
      config: {get_resource: UpdateConfig}
      server: {get_resource: CephStorage}
@ -566,6 +584,7 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
    description: Heat resource handle for the ceph storage server
    value:
      {get_resource: CephStorage}
+    condition: server_not_blacklisted
  external_ip_address:
    description: IP address of the server in the external network
    value: {get_attr: [ExternalPort, ip_address]}
--- a/puppet/compute-role.yaml
+++ b/puppet/compute-role.yaml
@ -150,6 +150,20 @@ parameters:
      major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
      environment files.
    default: ''
+  DeploymentServerBlacklistDict:
+    default: {}
+    type: json
+    description: >
+      Map of server hostnames to blacklist from any triggered
+      deployments. If the value is 1, the server will be blacklisted. This
+      parameter is generated from the parent template.
+
+conditions:
+  server_not_blacklisted:
+    not:
+      equals:
+        - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
+        - 1

 resources:

@ -382,6 +396,7 @@ resources:
  NetworkDeployment:
    type: OS::TripleO::SoftwareDeployment
    depends_on: PreNetworkConfig
+    condition: server_not_blacklisted
    properties:
      name: NetworkDeployment
      config: {get_resource: NetworkConfig}
@ -408,6 +423,7 @@ resources:
  NovaComputeUpgradeInitDeployment:
    type: OS::Heat::SoftwareDeployment
    depends_on: NetworkDeployment
+    condition: server_not_blacklisted
    properties:
      name: NovaComputeUpgradeInitDeployment
      server: {get_resource: NovaCompute}
@ -459,6 +475,7 @@ resources:
  NovaComputeDeployment:
    type: OS::TripleO::SoftwareDeployment
    depends_on: NovaComputeUpgradeInitDeployment
+    condition: server_not_blacklisted
    properties:
      name: NovaComputeDeployment
      config: {get_resource: NovaComputeConfig}
@ -494,6 +511,7 @@ resources:
  UpdateDeployment:
    type: OS::Heat::SoftwareDeployment
    depends_on: NetworkDeployment
+    condition: server_not_blacklisted
    properties:
      name: UpdateDeployment
      config: {get_resource: UpdateConfig}
@ -609,4 +627,5 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
  nova_server_resource:
    description: Heat resource handle for the Nova compute server
    value:
-      {get_resource: NovaCompute}
+      {get_resource: NovaCompute}
+    condition: server_not_blacklisted
--- a/puppet/controller-role.yaml
+++ b/puppet/controller-role.yaml
@ -164,6 +164,13 @@ parameters:
      major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
      environment files.
    default: ''
+  DeploymentServerBlacklistDict:
+    default: {}
+    type: json
+    description: >
+      Map of server hostnames to blacklist from any triggered
+      deployments. If the value is 1, the server will be blacklisted. This
+      parameter is generated from the parent template.

 parameter_groups:
 - label: deprecated
@ -171,6 +178,14 @@ parameter_groups:
  parameters:
  - controllerExtraConfig

+conditions:
+  server_not_blacklisted:
+    not:
+      equals:
+        - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
+        - 1
+
+
 resources:

  Controller:
@ -400,6 +415,7 @@ resources:

  NetworkDeployment:
    type: OS::TripleO::SoftwareDeployment
+    condition: server_not_blacklisted
    depends_on: PreNetworkConfig
    properties:
      name: NetworkDeployment
@ -441,6 +457,7 @@ resources:
  # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first
  ControllerUpgradeInitDeployment:
    type: OS::Heat::SoftwareDeployment
+    condition: server_not_blacklisted
    depends_on: NetworkDeployment
    properties:
      name: ControllerUpgradeInitDeployment
@ -449,6 +466,7 @@ resources:

  ControllerDeployment:
    type: OS::TripleO::SoftwareDeployment
+    condition: server_not_blacklisted
    depends_on: ControllerUpgradeInitDeployment
    properties:
      name: ControllerDeployment
@ -532,6 +550,7 @@ resources:

  UpdateDeployment:
    type: OS::Heat::SoftwareDeployment
+    condition: server_not_blacklisted
    depends_on: NetworkDeployment
    properties:
      name: UpdateDeployment
@ -649,6 +668,7 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
    description: Heat resource handle for the Nova compute server
    value:
      {get_resource: Controller}
+    condition: server_not_blacklisted
  tls_key_modulus_md5:
    description: MD5 checksum of the TLS Key Modulus
    value: {get_attr: [NodeTLSData, key_modulus_md5]}
--- a/puppet/objectstorage-role.yaml
+++ b/puppet/objectstorage-role.yaml
@ -132,6 +132,20 @@ parameters:
      major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
      environment files.
    default: ''
+  DeploymentServerBlacklistDict:
+    default: {}
+    type: json
+    description: >
+      Map of server hostnames to blacklist from any triggered
+      deployments. If the value is 1, the server will be blacklisted. This
+      parameter is generated from the parent template.
+
+conditions:
+  server_not_blacklisted:
+    not:
+      equals:
+        - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
+        - 1

 resources:

@ -362,6 +376,7 @@ resources:
  NetworkDeployment:
    type: OS::TripleO::SoftwareDeployment
    depends_on: PreNetworkConfig
+    condition: server_not_blacklisted
    properties:
      name: NetworkDeployment
      config: {get_resource: NetworkConfig}
@ -385,6 +400,7 @@ resources:
  SwiftStorageUpgradeInitDeployment:
    type: OS::Heat::SoftwareDeployment
    depends_on: NetworkDeployment
+    condition: server_not_blacklisted
    properties:
      name: SwiftStorageUpgradeInitDeployment
      server: {get_resource: SwiftStorage}
@ -430,6 +446,7 @@ resources:
  SwiftStorageHieraDeploy:
    type: OS::Heat::StructuredDeployment
    depends_on: SwiftStorageUpgradeInitDeployment
+    condition: server_not_blacklisted
    properties:
      name: SwiftStorageHieraDeploy
      server: {get_resource: SwiftStorage}
@ -458,6 +475,7 @@ resources:
  UpdateDeployment:
    type: OS::Heat::SoftwareDeployment
    depends_on: NetworkDeployment
+    condition: server_not_blacklisted
    properties:
      config: {get_resource: UpdateConfig}
      server: {get_resource: SwiftStorage}
@ -553,6 +571,7 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
    description: Heat resource handle for the swift storage server
    value:
      {get_resource: SwiftStorage}
+    condition: server_not_blacklisted
  external_ip_address:
    description: IP address of the server in the external network
    value: {get_attr: [ExternalPort, ip_address]}
--- a/puppet/role.role.j2.yaml
+++ b/puppet/role.role.j2.yaml
@ -154,6 +154,20 @@ parameters:
      major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
      environment files.
    default: ''
+  DeploymentServerBlacklistDict:
+    default: {}
+    type: json
+    description: >
+      Map of server hostnames to blacklist from any triggered
+      deployments. If the value is 1, the server will be blacklisted. This
+      parameter is generated from the parent template.
+
+conditions:
+  server_not_blacklisted:
+    not:
+      equals:
+        - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
+        - 1

 resources:
  {{role}}:
@ -384,6 +398,7 @@ resources:
  NetworkDeployment:
    type: OS::TripleO::SoftwareDeployment
    depends_on: PreNetworkConfig
+    condition: server_not_blacklisted
    properties:
      name: NetworkDeployment
      config: {get_resource: NetworkConfig}
@ -410,6 +425,7 @@ resources:
  {{role}}UpgradeInitDeployment:
    type: OS::Heat::SoftwareDeployment
    depends_on: NetworkDeployment
+    condition: server_not_blacklisted
    properties:
      name: {{role}}UpgradeInitDeployment
      server: {get_resource: {{role}}}
@ -418,6 +434,7 @@ resources:
  {{role}}Deployment:
    type: OS::Heat::StructuredDeployment
    depends_on: {{role}}UpgradeInitDeployment
+    condition: server_not_blacklisted
    properties:
      name: {{role}}Deployment
      config: {get_resource: {{role}}Config}
@ -492,6 +509,7 @@ resources:
  UpdateDeployment:
    type: OS::Heat::SoftwareDeployment
    depends_on: NetworkDeployment
+    condition: server_not_blacklisted
    properties:
      name: UpdateDeployment
      config: {get_resource: UpdateConfig}
@ -588,6 +606,7 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
    description: Heat resource handle for {{role}} server
    value:
      {get_resource: {{role}}}
+    condition: server_not_blacklisted
  external_ip_address:
    description: IP address of the server in the external network
    value: {get_attr: [ExternalPort, ip_address]}
--- a/releasenotes/notes/server-blacklist-support-370c1a1f15a28a41.yaml
+++ b/releasenotes/notes/server-blacklist-support-370c1a1f15a28a41.yaml
@ -0,0 +1,6 @@
+---
+features:
+  - Added the ability to blacklist servers by name from being
+    associated with any Heat triggered SoftwareDeployment
+    resources. The servers are specified in the new
+    DeploymentServerBlacklist parameter.