From ebc9dd98e0b12df90c5d9ffbb23fc9c73f26f0cd Mon Sep 17 00:00:00 2001 From: Dan Prince Date: Fri, 22 Feb 2019 15:17:21 -0500 Subject: [PATCH] flatten the octavia service configurations This change combines the previous puppet and docker files into a single file that performs the containerized service installation and configuration for the octavia services. With this patch the baremetal version of each respective octavia service has been removed. Related-Blueprint: services-yaml-flattening Change-Id: Icf2856fd261b49a4da1f197c7190c9a18d21e30f --- .../scenario010-multinode-containers.yaml | 10 +- .../octavia/octavia-api-container-puppet.yaml | 133 +++++++++-- deployment/octavia/octavia-base.yaml | 215 ++++++++++++++++++ .../octavia/octavia-deployment-config.j2.yaml | 0 ...tavia-health-manager-container-puppet.yaml | 56 +++-- ...octavia-housekeeping-container-puppet.yaml | 47 ++-- .../octavia-worker-container-puppet.yaml | 64 ++++-- environments/services-baremetal/octavia.yaml | 10 +- environments/services/octavia.yaml | 10 +- puppet/services/octavia-api.yaml | 180 --------------- puppet/services/octavia-base.yaml | 164 ------------- puppet/services/octavia-controller.yaml | 108 --------- puppet/services/octavia-health-manager.yaml | 105 --------- puppet/services/octavia-housekeeping.yaml | 97 -------- puppet/services/octavia-worker.yaml | 121 ---------- tools/yaml-validate.py | 2 +- 16 files changed, 468 insertions(+), 854 deletions(-) rename docker/services/octavia-api.yaml => deployment/octavia/octavia-api-container-puppet.yaml (62%) create mode 100644 deployment/octavia/octavia-base.yaml rename {docker/services => deployment}/octavia/octavia-deployment-config.j2.yaml (100%) rename docker/services/octavia-health-manager.yaml => deployment/octavia/octavia-health-manager-container-puppet.yaml (75%) rename docker/services/octavia-housekeeping.yaml => deployment/octavia/octavia-housekeeping-container-puppet.yaml (79%) rename docker/services/octavia-worker.yaml => deployment/octavia/octavia-worker-container-puppet.yaml (77%) delete mode 100644 puppet/services/octavia-api.yaml delete mode 100644 puppet/services/octavia-base.yaml delete mode 100644 puppet/services/octavia-controller.yaml delete mode 100644 puppet/services/octavia-health-manager.yaml delete mode 100644 puppet/services/octavia-housekeeping.yaml delete mode 100644 puppet/services/octavia-worker.yaml diff --git a/ci/environments/scenario010-multinode-containers.yaml b/ci/environments/scenario010-multinode-containers.yaml index 963ba77d12..91556e8db1 100644 --- a/ci/environments/scenario010-multinode-containers.yaml +++ b/ci/environments/scenario010-multinode-containers.yaml @@ -12,11 +12,11 @@ resource_registry: OS::TripleO::Services::MySQL: ../../deployment/database/mysql-pacemaker-puppet.yaml OS::TripleO::Services::Keepalived: OS::Heat::None OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml - OS::TripleO::Services::OctaviaApi: ../../docker/services/octavia-api.yaml - OS::TripleO::Services::OctaviaHousekeeping: ../../docker/services/octavia-housekeeping.yaml - OS::TripleO::Services::OctaviaHealthManager: ../../docker/services/octavia-health-manager.yaml - OS::TripleO::Services::OctaviaWorker: ../../docker/services/octavia-worker.yaml - OS::TripleO::Services::OctaviaDeploymentConfig: ../../docker/services/octavia/octavia-deployment-config.yaml + OS::TripleO::Services::OctaviaApi: ../../deployment/octavia/octavia-api-container-puppet.yaml + OS::TripleO::Services::OctaviaHousekeeping: ../../deployment/octavia/octavia-housekeeping-container-puppet.yaml + OS::TripleO::Services::OctaviaHealthManager: ../../deployment/octavia/octavia-health-manager-container-puppet.yaml + OS::TripleO::Services::OctaviaWorker: ../../deployment/octavia/octavia-worker-container-puppet.yaml + OS::TripleO::Services::OctaviaDeploymentConfig: ../../deployment/octavia/octavia-deployment-config.yaml OS::TripleO::Services::CinderApi: OS::Heat::None OS::TripleO::Services::CinderBackup: OS::Heat::None OS::TripleO::Services::CinderScheduler: OS::Heat::None diff --git a/docker/services/octavia-api.yaml b/deployment/octavia/octavia-api-container-puppet.yaml similarity index 62% rename from docker/services/octavia-api.yaml rename to deployment/octavia/octavia-api-container-puppet.yaml index 8c5a00d6d2..9f766a75e1 100644 --- a/docker/services/octavia-api.yaml +++ b/deployment/octavia/octavia-api-container-puppet.yaml @@ -44,22 +44,58 @@ parameters: EnableInternalTLS: type: boolean default: false + OctaviaUserName: + description: The username for the Octavia database and keystone accounts. + type: string + default: 'octavia' + OctaviaPassword: + description: The password for the Octavia database and keystone accounts. + type: string + hidden: true + OctaviaProjectName: + description: The project name for the keystone Octavia account. + type: string + default: 'service' + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + MonitoringSubscriptionOctaviaApi: + default: 'overcloud-octavia-api' + type: string + OctaviaApiPolicies: + description: | + A hash of policies to configure for Octavia API. + e.g. { octavia-context_is_admin: { key: context_is_admin, value: 'role:admin' } } + default: {} + type: json conditions: internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} - + use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]} resources: ContainersCommon: - type: ./containers-common.yaml + type: ../../docker/services/containers-common.yaml MySQLClient: - type: ../../deployment/database/mysql-client.yaml + type: ../database/mysql-client.yaml - OctaviaApiPuppetBase: - type: ../../puppet/services/octavia-api.yaml + TLSProxyBase: + type: OS::TripleO::Services::TLSProxyBase + properties: + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + EnableInternalTLS: {get_param: EnableInternalTLS} + + OctaviaBase: + type: ./octavia-base.yaml properties: EndpointMap: {get_param: EndpointMap} ServiceData: {get_param: ServiceData} @@ -68,8 +104,8 @@ resources: RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} - OctaviaFlavor: - type: ../../puppet/services/octavia-worker.yaml + OctaviaWorker: # provides Nova flavor + type: ./octavia-worker-container-puppet.yaml properties: EndpointMap: {get_param: EndpointMap} ServiceData: {get_param: ServiceData} @@ -82,19 +118,76 @@ outputs: role_data: description: Role data for the Octavia API role. value: - service_name: {get_attr: [OctaviaApiPuppetBase, role_data, service_name]} + service_name: octavia_api + monitoring_subscription: {get_param: MonitoringSubscriptionOctaviaApi} config_settings: map_merge: - - {get_attr: [OctaviaApiPuppetBase, role_data, config_settings]} - - {get_attr: [OctaviaFlavor, role_data, config_settings]} + - {get_attr: [OctaviaBase, role_data, config_settings]} + - {get_attr: [OctaviaWorker, role_data, config_settings]} + - get_attr: [TLSProxyBase, role_data, config_settings] + - octavia::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } + octavia::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } + octavia::policy::policies: {get_param: OctaviaApiPolicies} + octavia::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} + octavia::keystone::authtoken::project_name: {get_param: OctaviaProjectName} + octavia::keystone::authtoken::password: {get_param: OctaviaPassword} + octavia::api::sync_db: true + tripleo::octavia_api::firewall_rules: + '120 octavia api': + dport: + - 9876 + - 13876 + # NOTE: bind IP is found in hiera replacing the network name with the local node IP + # for the given network; replacement examples (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + tripleo::profile::base::octavia::api::tls_proxy_bind_ip: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, OctaviaApiNetwork]} + tripleo::profile::base::octavia::api::tls_proxy_fqdn: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, OctaviaApiNetwork]} + tripleo::profile::base::octavia::api::tls_proxy_port: + get_param: [EndpointMap, OctaviaInternal, port] + # Bind to localhost if internal TLS is enabled, since we put a TLS + # proxy in front. + octavia::api::host: + if: + - use_tls_proxy + - '127.0.0.1' + - str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, OctaviaApiNetwork]} service_config_settings: - map_merge: - - get_attr: [OctaviaApiPuppetBase, role_data, service_config_settings] - - fluentd: - tripleo_fluentd_groups_octavia_api: - - octavia - tripleo_fluentd_sources_octavia_api: - - {get_param: OctaviaApiLoggingSource} + fluentd: + tripleo_fluentd_groups_octavia_api: + - octavia + tripleo_fluentd_sources_octavia_api: + - {get_param: OctaviaApiLoggingSource} + keystone: + octavia::keystone::auth::tenant: {get_param: OctaviaProjectName} + octavia::keystone::auth::public_url: {get_param: [EndpointMap, OctaviaPublic, uri]} + octavia::keystone::auth::internal_url: { get_param: [ EndpointMap, OctaviaInternal, uri ] } + octavia::keystone::auth::admin_url: { get_param: [ EndpointMap, OctaviaAdmin, uri ] } + octavia::keystone::auth::password: {get_param: OctaviaPassword} + octavia::keystone::auth::region: {get_param: KeystoneRegion} + mysql: + octavia::db::mysql::password: {get_param: OctaviaPassword} + octavia::db::mysql::user: {get_param: OctaviaUserName} + octavia::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + octavia::db::mysql::dbname: octavia + octavia::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" # BEGIN DOCKER SETTINGS # puppet_config: config_volume: octavia @@ -102,7 +195,7 @@ outputs: step_config: list_join: - "\n" - - - {get_attr: [OctaviaApiPuppetBase, role_data, step_config]} + - - "include tripleo::profile::base::octavia::api" - {get_attr: [MySQLClient, role_data, step_config]} config_image: {get_param: DockerOctaviaConfigImage} kolla_config: @@ -133,7 +226,7 @@ outputs: config_volume: octavia puppet_tags: nova_flavor step_config: - get_attr: [OctaviaFlavor, role_data, step_config] + get_attr: [OctaviaWorker, role_data, step_config] config_image: {get_param: DockerOctaviaConfigImage} volumes: - /var/lib/config-data/puppet-generated/nova/etc/nova:/etc/nova:ro @@ -229,7 +322,7 @@ outputs: ignore_errors: true upgrade_tasks: [] metadata_settings: - get_attr: [OctaviaApiPuppetBase, role_data, metadata_settings] + get_attr: [TLSProxyBase, role_data, metadata_settings] post_upgrade_tasks: - when: step|int == 1 import_role: diff --git a/deployment/octavia/octavia-base.yaml b/deployment/octavia/octavia-base.yaml new file mode 100644 index 0000000000..92a2b70ec0 --- /dev/null +++ b/deployment/octavia/octavia-base.yaml @@ -0,0 +1,215 @@ +heat_template_version: rocky + +description: > + OpenStack Octavia base service. Shared for all Octavia services + +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + Debug: + type: boolean + default: false + description: Set to True to enable debugging on all services. + OctaviaDebug: + default: '' + description: Set to True to enable debugging Octavia services. + type: string + constraints: + - allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE'] + EnableConfigPurge: + type: boolean + default: false + description: > + Remove configuration that is not generated by TripleO. Used to avoid + configuration remnants after upgrades. + RpcPort: + default: 5672 + description: The network port for messaging backend + type: number + RpcUserName: + default: guest + description: The username for messaging backend + type: string + RpcPassword: + description: The password for messaging backend + type: string + hidden: true + RpcUseSSL: + default: false + description: > + Messaging client subscriber parameter to specify + an SSL connection to the messaging host. + type: string + NotificationDriver: + type: string + default: 'messagingv2' + description: Driver or drivers to handle sending notifications. + OctaviaUserName: + description: The username for the Octavia database and keystone accounts. + type: string + default: 'octavia' + OctaviaPassword: + description: The password for the Octavia database and keystone accounts. + type: string + hidden: true + OctaviaProjectName: + description: The project name for the keystone Octavia account. + type: string + default: 'service' + OctaviaCaCertFile: + type: string + default: '/etc/octavia/certs/ca_01.pem' + description: Octavia CA certificate file path. + OctaviaCaCert: + type: string + default: '' + description: Octavia CA certificate data. If provided, this will create + or update a file on the host with the path provided in + OctaviaCaCertFile with the certificate data. + OctaviaCaKeyFile: + type: string + default: '/etc/octavia/certs/private/cakey.pem' + description: Octavia CA private key file path. + OctaviaCaKey: + type: string + default: '' + description: The private key for the certificate provided in OctaviaCaCert. + If provided, this will create or update a file on the host + with the path provided in OctaviaCaKeyFile with the key + data. + OctaviaCaKeyPassphrase: + description: CA private key passphrase. + type: string + hidden: true + OctaviaAmphoraImageTag: + default: 'amphora-image' + description: Glance image tag for identifying the amphora image. + type: string + OctaviaAmphoraNetworkList: + default: [] + description: List of networks to attach to amphorae. + type: comma_delimited_list + OctaviaAmphoraSshKeyName: + type: string + default: 'octavia-ssh-key' + description: SSH key name. + OctaviaLoadBalancerTopology: + default: '' + description: Load balancer topology configuration. + type: string + OctaviaFlavorId: + default: '65' + description: Nova flavor ID to be used when creating the nova flavor for + amphora. + type: string + OctaviaTimeoutClientData: + default: 50000 + description: Frontend client inactivity timeout. + type: number + OctaviaTimeoutMemberConnect: + default: 5000 + description: Backend member connection timeout. + type: number + OctaviaTimeoutMemberData: + default: 50000 + description: Backend member inactivity timeout. + type: number + OctaviaTimeoutTcpInspect: + default: 0 + description: Time to wait for TCP packets for content inspection. + type: number + +conditions: + service_debug_unset: {equals : [{get_param: OctaviaDebug}, '']} + octavia_ca_cert_unset: {equals: [{get_param: OctaviaCaCert}, '']} + octavia_ca_key_unset: {equals: [{get_param: OctaviaCaKey}, '']} + octavia_topology_unset: {equals : [{get_param: OctaviaLoadBalancerTopology}, ""]} + +outputs: + role_data: + description: Base role data for Octavia services + value: + service_name: octavia_base + config_settings: + map_merge: + - octavia::logging::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: OctaviaDebug } + octavia::purge_config: {get_param: EnableConfigPurge} + octavia::notification_driver: {get_param: NotificationDriver} + octavia::db::database_connection: + make_url: + scheme: {get_param: [EndpointMap, MysqlInternal, protocol]} + username: {get_param: OctaviaUserName} + password: {get_param: OctaviaPassword} + host: {get_param: [EndpointMap, MysqlInternal, host]} + path: /octavia + query: + read_default_file: /etc/my.cnf.d/tripleo.cnf + read_default_group: tripleo + # TODO(ansmith): remove once p-t-o switches to oslo params + octavia::rabbit_use_ssl: {get_param: RpcUseSSL} + octavia::rabbit_userid: {get_param: RpcUserName} + octavia::rabbit_password: {get_param: RpcPassword} + octavia::rabbit_port: {get_param: RpcPort} + octavia::service_auth::auth_url: {get_param: [EndpointMap, KeystonePublic, uri]} + octavia::service_auth::auth_type: 'password' + octavia::service_auth::username: {get_param: OctaviaUserName} + octavia::service_auth::password: {get_param: OctaviaPassword} + octavia::service_auth::project_name: {get_param: OctaviaProjectName} + octavia::service_auth::project_domain_name: 'Default' + octavia::service_auth::user_domain_name: 'Default' + octavia::service_auth::auth_type: 'password' + octavia::certificates::ca_certificate: {get_param: OctaviaCaCertFile} + octavia::certificates::ca_private_key: {get_param: OctaviaCaKeyFile} + octavia::certificates::ca_private_key_passphrase: {get_param: OctaviaCaKeyPassphrase} + octavia::controller::amp_boot_network_list: {get_param: OctaviaAmphoraNetworkList} + octavia::controller::amp_flavor_id: {get_param: OctaviaFlavorId} + octavia::controller::amp_image_tag: {get_param: OctaviaAmphoraImageTag} + octavia::controller::amp_ssh_key_name: {get_param: OctaviaAmphoraSshKeyName} + octavia::controller::enable_ssh_access: true + octavia::controller::timeout_client_data: {get_param: OctaviaTimeoutClientData} + octavia::controller::timeout_member_connect: {get_param: OctaviaTimeoutMemberConnect} + octavia::controller::timeout_member_data: {get_param: OctaviaTimeoutMemberData} + octavia::controller::timeout_tcp_inspect: {get_param: OctaviaTimeoutTcpInspect} + - + if: + - octavia_topology_unset + - {} + - octavia::controller::loadbalancer_topology: {get_param: OctaviaLoadBalancerTopology} + - + if: + - octavia_ca_cert_unset + - {} + - octavia::certificates::ca_certificate_data: {get_param: OctaviaCaCert} + - + if: + - octavia_ca_key_unset + - {} + - octavia::certificates::ca_private_key_data: {get_param: OctaviaCaKey} diff --git a/docker/services/octavia/octavia-deployment-config.j2.yaml b/deployment/octavia/octavia-deployment-config.j2.yaml similarity index 100% rename from docker/services/octavia/octavia-deployment-config.j2.yaml rename to deployment/octavia/octavia-deployment-config.j2.yaml diff --git a/docker/services/octavia-health-manager.yaml b/deployment/octavia/octavia-health-manager-container-puppet.yaml similarity index 75% rename from docker/services/octavia-health-manager.yaml rename to deployment/octavia/octavia-health-manager-container-puppet.yaml index 72e9108cef..2c6571a0de 100644 --- a/docker/services/octavia-health-manager.yaml +++ b/deployment/octavia/octavia-health-manager-container-puppet.yaml @@ -45,17 +45,37 @@ parameters: default: false description: Remove package if the service is being disabled during upgrade type: boolean + MonitoringSubscriptionOctaviaHealthManager: + default: 'overcloud-octavia-health-manager' + type: string + OctaviaHeartbeatKey: + type: string + description: Key to identify heartbeat messages for amphorae. + hidden: true + OctaviaMgmtPortDevName: + type: string + default: "o-hm0" + description: Name of the octavia management network interface using + for communication between octavia worker/health-manager + with the amphora machine. + OctaviaEventStreamerDriver: + type: string + default: "noop_event_streamer" + description: Name of the event streamer driver to use for syncing Octavia + and Neutron LBaaS databases. It is highly recommended to + disable if one doesn't need to sync the database or is running + Octavia in standalone mode by setting to noop_event_streamer. resources: ContainersCommon: - type: ./containers-common.yaml + type: ../../docker/services/containers-common.yaml MySQLClient: - type: ../../deployment/database/mysql-client.yaml + type: ../database/mysql-client.yaml - OctaviaHealthManagerPuppetBase: - type: ../../puppet/services/octavia-health-manager.yaml + OctaviaBase: + type: ./octavia-base.yaml properties: EndpointMap: {get_param: EndpointMap} ServiceData: {get_param: ServiceData} @@ -68,16 +88,24 @@ outputs: role_data: description: Role data for the Octavia health-manager role. value: - service_name: {get_attr: [OctaviaHealthManagerPuppetBase, role_data, service_name]} - config_settings: {get_attr: [OctaviaHealthManagerPuppetBase, role_data, config_settings]} - service_config_settings: + service_name: octavia_health_manager + monitoring_subscription: {get_param: MonitoringSubscriptionOctaviaHealthManager} + config_settings: map_merge: - - get_attr: [OctaviaHealthManagerPuppetBase, role_data, service_config_settings] - - fluentd: - tripleo_fluentd_groups_octavia_health_manager: - - octavia - tripleo_fluentd_sources_octavia_health_manager: - - {get_param: OctaviaHealthManagerLoggingSource} + - get_attr: [OctaviaBase, role_data, config_settings] + - octavia::health_manager::heartbeat_key: {get_param: OctaviaHeartbeatKey} + octavia::health_manager::event_streamer_driver: {get_param: OctaviaEventStreamerDriver} + tripleo::octavia_health_manager::firewall_rules: + '200 octavia health manager interface': + proto: udp + dport: 5555 + iniface: {get_param: OctaviaMgmtPortDevName} + service_config_settings: + fluentd: + tripleo_fluentd_groups_octavia_health_manager: + - octavia + tripleo_fluentd_sources_octavia_health_manager: + - {get_param: OctaviaHealthManagerLoggingSource} # BEGIN DOCKER SETTINGS # puppet_config: config_volume: octavia @@ -85,7 +113,7 @@ outputs: step_config: list_join: - "\n" - - - {get_attr: [OctaviaHealthManagerPuppetBase, role_data, step_config]} + - - "include tripleo::profile::base::octavia::health_manager" - {get_attr: [MySQLClient, role_data, step_config]} config_image: {get_param: DockerOctaviaConfigImage} kolla_config: diff --git a/docker/services/octavia-housekeeping.yaml b/deployment/octavia/octavia-housekeeping-container-puppet.yaml similarity index 79% rename from docker/services/octavia-housekeeping.yaml rename to deployment/octavia/octavia-housekeeping-container-puppet.yaml index 0d5ace15bc..9f12fe6e19 100644 --- a/docker/services/octavia-housekeeping.yaml +++ b/deployment/octavia/octavia-housekeeping-container-puppet.yaml @@ -41,17 +41,30 @@ parameters: default: {} description: Parameters specific to the role type: json + OctaviaAmphoraExpiryAge: + default: 0 + description: The interval in seconds after which an unused Amphora will + be considered expired and cleaned up. If left to 0, the + configuration will not be set and the system will use + the service defaults. + type: number + MonitoringSubscriptionOctaviaHousekeeping: + default: 'overcloud-octavia-housekeeping' + type: string + +conditions: + amphora_expiry_is_zero: {equals: [{get_param: OctaviaAmphoraExpiryAge}, 0]} resources: ContainersCommon: - type: ./containers-common.yaml + type: ../../docker/services/containers-common.yaml MySQLClient: - type: ../../deployment/database/mysql-client.yaml + type: ../database/mysql-client.yaml - OctaviaHousekeepingPuppetBase: - type: ../../puppet/services/octavia-housekeeping.yaml + OctaviaBase: + type: ./octavia-base.yaml properties: EndpointMap: {get_param: EndpointMap} ServiceData: {get_param: ServiceData} @@ -64,16 +77,22 @@ outputs: role_data: description: Role data for the Octavia housekeeping role. value: - service_name: {get_attr: [OctaviaHousekeepingPuppetBase, role_data, service_name]} - config_settings: {get_attr: [OctaviaHousekeepingPuppetBase, role_data, config_settings]} - service_config_settings: + service_name: octavia_housekeeping + monitoring_subscription: {get_param: MonitoringSubscriptionOctaviaHousekeeping} + config_settings: map_merge: - - get_attr: [OctaviaHousekeepingPuppetBase, role_data, service_config_settings] - - fluentd: - tripleo_fluentd_groups_octavia_housekeeping: - - octavia - tripleo_fluentd_sources_octavia_housekeeping: - - {get_param: OctaviaHousekeepingLoggingSource} + - get_attr: [OctaviaBase, role_data, config_settings] + - + if: + - amphora_expiry_is_zero + - {} + - octavia::housekeeping::amphora_expiry_age: {get_param: OctaviaAmphoraExpiryAge} + service_config_settings: + fluentd: + tripleo_fluentd_groups_octavia_housekeeping: + - octavia + tripleo_fluentd_sources_octavia_housekeeping: + - {get_param: OctaviaHousekeepingLoggingSource} # BEGIN DOCKER SETTINGS # puppet_config: config_volume: octavia @@ -81,7 +100,7 @@ outputs: step_config: list_join: - "\n" - - - {get_attr: [OctaviaHousekeepingPuppetBase, role_data, step_config]} + - - "include tripleo::profile::base::octavia::housekeeping" - {get_attr: [MySQLClient, role_data, step_config]} config_image: {get_param: DockerOctaviaConfigImage} kolla_config: diff --git a/docker/services/octavia-worker.yaml b/deployment/octavia/octavia-worker-container-puppet.yaml similarity index 77% rename from docker/services/octavia-worker.yaml rename to deployment/octavia/octavia-worker-container-puppet.yaml index 8bc6ac25b1..9910ebec60 100644 --- a/docker/services/octavia-worker.yaml +++ b/deployment/octavia/octavia-worker-container-puppet.yaml @@ -45,17 +45,52 @@ parameters: default: 'false' description: Set to true to enable package installation at deploy time type: boolean + MonitoringSubscriptionOctaviaWorker: + default: 'overcloud-octavia-worker' + type: string + OctaviaFlavorProperties: + default: + ram : '1024' + disk : '3' + vcpus : '1' + description: Dictionary describing the nova flavor for amphora. + type: json + OctaviaManageNovaFlavor: + default: true + description: Configure the nova flavor for the amphora. + type: boolean + OctaviaClientCertFile: + default: '/etc/octavia/certs/client.pem' + description: client certificate for amphoras + type: string + OctaviaClientCert: + default: '' + description: Client certificate data. If provided, this will create or update + a file on the host with the path provided in OctaviaClientCertFile + with the certificate data. + type: string + OctaviaProjectName: + description: The project name for the keystone Octavia account. + type: string + default: 'service' + RpcPort: + default: 5672 + description: The network port for messaging backend + type: number + +conditions: + octavia_client_cert_unset: {equals: [{get_param: OctaviaClientCert}, ""]} resources: ContainersCommon: - type: ./containers-common.yaml + type: ../../docker/services/containers-common.yaml MySQLClient: - type: ../../deployment/database/mysql-client.yaml + type: ../database/mysql-client.yaml - OctaviaWorkerPuppetBase: - type: ../../puppet/services/octavia-worker.yaml + OctaviaBase: + type: ./octavia-base.yaml properties: EndpointMap: {get_param: EndpointMap} ServiceData: {get_param: ServiceData} @@ -68,16 +103,15 @@ outputs: role_data: description: Role data for the Octavia worker role. value: - service_name: {get_attr: [OctaviaWorkerPuppetBase, role_data, service_name]} - config_settings: {get_attr: [OctaviaWorkerPuppetBase, role_data, config_settings]} + service_name: octavia_worker + monitoring_subscription: {get_param: MonitoringSubscriptionOctaviaWorker} + config_settings: {get_attr: [OctaviaBase, role_data, config_settings]} service_config_settings: - map_merge: - - get_attr: [OctaviaWorkerPuppetBase, role_data, service_config_settings] - - fluentd: - tripleo_fluentd_groups_octavia_worker: - - octavia - tripleo_fluentd_sources_octavia_worker: - - {get_param: OctaviaWorkerLoggingSource} + fluentd: + tripleo_fluentd_groups_octavia_worker: + - octavia + tripleo_fluentd_sources_octavia_worker: + - {get_param: OctaviaWorkerLoggingSource} # BEGIN DOCKER SETTINGS # puppet_config: config_volume: octavia @@ -86,7 +120,7 @@ outputs: list_join: - "\n" - - "['nova_flavor'].each |String $val| { noop_resource($val) }" - - {get_attr: [OctaviaWorkerPuppetBase, role_data, step_config]} + - "include tripleo::profile::base::octavia::worker" - {get_attr: [MySQLClient, role_data, step_config]} config_image: {get_param: DockerOctaviaConfigImage} kolla_config: @@ -130,7 +164,7 @@ outputs: - yaql: expression: str($.data.port) data: - port: {get_attr: [OctaviaWorkerPuppetBase, role_data, config_settings, 'octavia::rabbit_port']} + port: {get_param: RpcPort} volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} diff --git a/environments/services-baremetal/octavia.yaml b/environments/services-baremetal/octavia.yaml index b592bf8e43..c62008ab4a 100644 --- a/environments/services-baremetal/octavia.yaml +++ b/environments/services-baremetal/octavia.yaml @@ -1,9 +1,9 @@ resource_registry: - OS::TripleO::Services::OctaviaApi: ../../puppet/services/octavia-api.yaml - OS::TripleO::Services::OctaviaHousekeeping: ../../puppet/services/octavia-housekeeping.yaml - OS::TripleO::Services::OctaviaHealthManager: ../../puppet/services/octavia-health-manager.yaml - OS::TripleO::Services::OctaviaWorker: ../../puppet/services/octavia-worker.yaml - OS::TripleO::Services::OctaviaDeploymentConfig: ../../puppet/services/octavia/octavia-deployment-config.yaml + OS::TripleO::Services::OctaviaApi: ../../deployment/octavia/octavia-api-container-puppet.yaml + OS::TripleO::Services::OctaviaHousekeeping: ../../deployment/octavia/octavia-housekeeping-container-puppet.yaml + OS::TripleO::Services::OctaviaHealthManager: ../../deployment/octavia/octavia-health-manager-container-puppet.yaml + OS::TripleO::Services::OctaviaWorker: ../../deployment/octavia/octavia-worker-container-puppet.yaml + OS::TripleO::Services::OctaviaDeploymentConfig: ../../deployment/octavia/octavia-deployment-config.yaml parameter_defaults: NeutronEnableForceMetadata: true diff --git a/environments/services/octavia.yaml b/environments/services/octavia.yaml index ef78ebcef1..223ba4f16d 100644 --- a/environments/services/octavia.yaml +++ b/environments/services/octavia.yaml @@ -1,9 +1,9 @@ resource_registry: - OS::TripleO::Services::OctaviaApi: ../../docker/services/octavia-api.yaml - OS::TripleO::Services::OctaviaHousekeeping: ../../docker/services/octavia-housekeeping.yaml - OS::TripleO::Services::OctaviaHealthManager: ../../docker/services/octavia-health-manager.yaml - OS::TripleO::Services::OctaviaWorker: ../../docker/services/octavia-worker.yaml - OS::TripleO::Services::OctaviaDeploymentConfig: ../../docker/services/octavia/octavia-deployment-config.yaml + OS::TripleO::Services::OctaviaApi: ../../deployment/octavia/octavia-api-container-puppet.yaml + OS::TripleO::Services::OctaviaHousekeeping: ../../deployment/octavia/octavia-housekeeping-container-puppet.yaml + OS::TripleO::Services::OctaviaHealthManager: ../../deployment/octavia/octavia-health-manager-container-puppet.yaml + OS::TripleO::Services::OctaviaWorker: ../../deployment/octavia/octavia-worker-container-puppet.yaml + OS::TripleO::Services::OctaviaDeploymentConfig: ../../deployment/octavia/octavia-deployment-config.yaml parameter_defaults: NeutronEnableForceMetadata: true diff --git a/puppet/services/octavia-api.yaml b/puppet/services/octavia-api.yaml deleted file mode 100644 index c07d3de9e3..0000000000 --- a/puppet/services/octavia-api.yaml +++ /dev/null @@ -1,180 +0,0 @@ -heat_template_version: rocky - -description: > - OpenStack Octavia API service. - -parameters: - ServiceData: - default: {} - description: Dictionary packing service data - type: json - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - RoleName: - default: '' - description: Role name on which the service is applied - type: string - RoleParameters: - default: {} - description: Parameters specific to the role - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - OctaviaUserName: - description: The username for the Octavia database and keystone accounts. - type: string - default: 'octavia' - OctaviaPassword: - description: The password for the Octavia database and keystone accounts. - type: string - hidden: true - OctaviaProjectName: - description: The project name for the keystone Octavia account. - type: string - default: 'service' - KeystoneRegion: - type: string - default: 'regionOne' - description: Keystone region for endpoint - MonitoringSubscriptionOctaviaApi: - default: 'overcloud-octavia-api' - type: string - OctaviaApiLoggingSource: - type: json - default: - tag: openstack.octavia.api - path: /var/log/octavia/api.log - OctaviaApiPolicies: - description: | - A hash of policies to configure for Octavia API. - e.g. { octavia-context_is_admin: { key: context_is_admin, value: 'role:admin' } } - default: {} - type: json - EnableInternalTLS: - type: boolean - default: false - -conditions: - use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]} - -resources: - - TLSProxyBase: - type: OS::TripleO::Services::TLSProxyBase - properties: - ServiceData: {get_param: ServiceData} - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - RoleName: {get_param: RoleName} - RoleParameters: {get_param: RoleParameters} - EnableInternalTLS: {get_param: EnableInternalTLS} - - OctaviaBase: - type: ./octavia-base.yaml - properties: - ServiceData: {get_param: ServiceData} - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - RoleName: {get_param: RoleName} - RoleParameters: {get_param: RoleParameters} - - OctaviaController: - type: ./octavia-controller.yaml - properties: - ServiceData: {get_param: ServiceData} - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - RoleName: {get_param: RoleName} - RoleParameters: {get_param: RoleParameters} - -outputs: - role_data: - description: Role data for the Octavia API service. - value: - service_name: octavia_api - monitoring_subscription: {get_param: MonitoringSubscriptionOctaviaApi} - config_settings: - map_merge: - - get_attr: [OctaviaBase, role_data, config_settings] - - get_attr: [OctaviaController, role_data, config_settings] - - get_attr: [TLSProxyBase, role_data, config_settings] - - octavia::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } - octavia::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } - octavia::policy::policies: {get_param: OctaviaApiPolicies} - octavia::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} - octavia::keystone::authtoken::project_name: {get_param: OctaviaProjectName} - octavia::keystone::authtoken::password: {get_param: OctaviaPassword} - octavia::api::sync_db: true - tripleo::octavia_api::firewall_rules: - '120 octavia api': - dport: - - 9876 - - 13876 - # NOTE: bind IP is found in hiera replacing the network name with the local node IP - # for the given network; replacement examples (eg. for internal_api): - # internal_api -> IP - # internal_api_uri -> [IP] - # internal_api_subnet - > IP/CIDR - tripleo::profile::base::octavia::api::tls_proxy_bind_ip: - str_replace: - template: - "%{hiera('$NETWORK')}" - params: - $NETWORK: {get_param: [ServiceNetMap, OctaviaApiNetwork]} - tripleo::profile::base::octavia::api::tls_proxy_fqdn: - str_replace: - template: - "%{hiera('fqdn_$NETWORK')}" - params: - $NETWORK: {get_param: [ServiceNetMap, OctaviaApiNetwork]} - tripleo::profile::base::octavia::api::tls_proxy_port: - get_param: [EndpointMap, OctaviaInternal, port] - # Bind to localhost if internal TLS is enabled, since we put a TLS - # proxy in front. - octavia::api::host: - if: - - use_tls_proxy - - '127.0.0.1' - - str_replace: - template: - "%{hiera('$NETWORK')}" - params: - $NETWORK: {get_param: [ServiceNetMap, OctaviaApiNetwork]} - step_config: | - include tripleo::profile::base::octavia::api - service_config_settings: - fluentd: - tripleo_fluentd_groups_octavia_api: - - octavia - tripleo_fluentd_sources_octavia_api: - - {get_param: OctaviaApiLoggingSource} - keystone: - octavia::keystone::auth::tenant: {get_param: OctaviaProjectName} - octavia::keystone::auth::public_url: {get_param: [EndpointMap, OctaviaPublic, uri]} - octavia::keystone::auth::internal_url: { get_param: [ EndpointMap, OctaviaInternal, uri ] } - octavia::keystone::auth::admin_url: { get_param: [ EndpointMap, OctaviaAdmin, uri ] } - octavia::keystone::auth::password: {get_param: OctaviaPassword} - octavia::keystone::auth::region: {get_param: KeystoneRegion} - mysql: - octavia::db::mysql::password: {get_param: OctaviaPassword} - octavia::db::mysql::user: {get_param: OctaviaUserName} - octavia::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} - octavia::db::mysql::dbname: octavia - octavia::db::mysql::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" - metadata_settings: - get_attr: [TLSProxyBase, role_data, metadata_settings] diff --git a/puppet/services/octavia-base.yaml b/puppet/services/octavia-base.yaml deleted file mode 100644 index 8d50a2f90a..0000000000 --- a/puppet/services/octavia-base.yaml +++ /dev/null @@ -1,164 +0,0 @@ -heat_template_version: rocky - -description: > - OpenStack Octavia base service. Shared for all Octavia services - -parameters: - ServiceData: - default: {} - description: Dictionary packing service data - type: json - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - RoleName: - default: '' - description: Role name on which the service is applied - type: string - RoleParameters: - default: {} - description: Parameters specific to the role - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - Debug: - type: boolean - default: false - description: Set to True to enable debugging on all services. - OctaviaDebug: - default: '' - description: Set to True to enable debugging Octavia services. - type: string - constraints: - - allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE'] - EnableConfigPurge: - type: boolean - default: false - description: > - Remove configuration that is not generated by TripleO. Used to avoid - configuration remnants after upgrades. - RpcPort: - default: 5672 - description: The network port for messaging backend - type: number - RpcUserName: - default: guest - description: The username for messaging backend - type: string - RpcPassword: - description: The password for messaging backend - type: string - hidden: true - RpcUseSSL: - default: false - description: > - Messaging client subscriber parameter to specify - an SSL connection to the messaging host. - type: string - NotificationDriver: - type: string - default: 'messagingv2' - description: Driver or drivers to handle sending notifications. - OctaviaUserName: - description: The username for the Octavia database and keystone accounts. - type: string - default: 'octavia' - OctaviaPassword: - description: The password for the Octavia database and keystone accounts. - type: string - hidden: true - OctaviaProjectName: - description: The project name for the keystone Octavia account. - type: string - default: 'service' - OctaviaCaCertFile: - type: string - default: '/etc/octavia/certs/ca_01.pem' - description: Octavia CA certificate file path. - OctaviaCaCert: - type: string - default: '' - description: Octavia CA certificate data. If provided, this will create - or update a file on the host with the path provided in - OctaviaCaCertFile with the certificate data. - OctaviaCaKeyFile: - type: string - default: '/etc/octavia/certs/private/cakey.pem' - description: Octavia CA private key file path. - OctaviaCaKey: - type: string - default: '' - description: The private key for the certificate provided in OctaviaCaCert. - If provided, this will create or update a file on the host - with the path provided in OctaviaCaKeyFile with the key - data. - OctaviaCaKeyPassphrase: - description: CA private key passphrase. - type: string - hidden: true - -conditions: - service_debug_unset: {equals : [{get_param: OctaviaDebug}, '']} - octavia_ca_cert_unset: {equals: [{get_param: OctaviaCaCert}, '']} - octavia_ca_key_unset: {equals: [{get_param: OctaviaCaKey}, '']} - -outputs: - role_data: - description: Base role data for Octavia services - value: - service_name: octavia_base - config_settings: - - map_merge: - - octavia::logging::debug: - if: - - service_debug_unset - - {get_param: Debug } - - {get_param: OctaviaDebug } - octavia::purge_config: {get_param: EnableConfigPurge} - octavia::notification_driver: {get_param: NotificationDriver} - octavia::db::database_connection: - make_url: - scheme: {get_param: [EndpointMap, MysqlInternal, protocol]} - username: {get_param: OctaviaUserName} - password: {get_param: OctaviaPassword} - host: {get_param: [EndpointMap, MysqlInternal, host]} - path: /octavia - query: - read_default_file: /etc/my.cnf.d/tripleo.cnf - read_default_group: tripleo - # TODO(ansmith): remove once p-t-o switches to oslo params - octavia::rabbit_use_ssl: {get_param: RpcUseSSL} - octavia::rabbit_userid: {get_param: RpcUserName} - octavia::rabbit_password: {get_param: RpcPassword} - octavia::rabbit_port: {get_param: RpcPort} - octavia::service_auth::auth_url: {get_param: [EndpointMap, KeystonePublic, uri]} - octavia::service_auth::auth_type: 'password' - octavia::service_auth::username: {get_param: OctaviaUserName} - octavia::service_auth::password: {get_param: OctaviaPassword} - octavia::service_auth::project_name: {get_param: OctaviaProjectName} - octavia::service_auth::project_domain_name: 'Default' - octavia::service_auth::user_domain_name: 'Default' - octavia::service_auth::auth_type: 'password' - octavia::certificates::ca_certificate: {get_param: OctaviaCaCertFile} - octavia::certificates::ca_private_key: {get_param: OctaviaCaKeyFile} - octavia::certificates::ca_private_key_passphrase: {get_param: OctaviaCaKeyPassphrase} - - - if: - - octavia_ca_cert_unset - - {} - - octavia::certificates::ca_certificate_data: {get_param: OctaviaCaCert} - - - if: - - octavia_ca_key_unset - - {} - - octavia::certificates::ca_private_key_data: {get_param: OctaviaCaKey} diff --git a/puppet/services/octavia-controller.yaml b/puppet/services/octavia-controller.yaml deleted file mode 100644 index 7b23ffe484..0000000000 --- a/puppet/services/octavia-controller.yaml +++ /dev/null @@ -1,108 +0,0 @@ -heat_template_version: rocky - -description: > - OpenStack Octavia Worker service. - -parameters: - ServiceData: - default: {} - description: Dictionary packing service data - type: json - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - RoleName: - default: '' - description: Role name on which the service is applied - type: string - RoleParameters: - default: {} - description: Parameters specific to the role - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - OctaviaAmphoraImageTag: - default: 'amphora-image' - description: Glance image tag for identifying the amphora image. - type: string - OctaviaAmphoraNetworkList: - default: [] - description: List of networks to attach to amphorae. - type: comma_delimited_list - OctaviaAmphoraSshKeyName: - type: string - default: 'octavia-ssh-key' - description: SSH key name. - OctaviaLoadBalancerTopology: - default: '' - description: Load balancer topology configuration. - type: string - OctaviaFlavorId: - default: '65' - description: Nova flavor ID to be used when creating the nova flavor for - amphora. - type: string - OctaviaTimeoutClientData: - default: 50000 - description: Frontend client inactivity timeout. - type: number - OctaviaTimeoutMemberConnect: - default: 5000 - description: Backend member connection timeout. - type: number - OctaviaTimeoutMemberData: - default: 50000 - description: Backend member inactivity timeout. - type: number - OctaviaTimeoutTcpInspect: - default: 0 - description: Time to wait for TCP packets for content inspection. - type: number - -conditions: - octavia_topology_unset: {equals : [{get_param: OctaviaLoadBalancerTopology}, ""]} - -resources: - - OctaviaBase: - type: ./octavia-base.yaml - properties: - ServiceData: {get_param: ServiceData} - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - RoleName: {get_param: RoleName} - RoleParameters: {get_param: RoleParameters} - -outputs: - role_data: - description: Role data for Octavia controller services. - value: - service_name: octavia_controller - config_settings: - map_merge: - - get_attr: [OctaviaBase, role_data, config_settings] - - octavia::controller::amp_boot_network_list: {get_param: OctaviaAmphoraNetworkList} - octavia::controller::amp_flavor_id: {get_param: OctaviaFlavorId} - octavia::controller::amp_image_tag: {get_param: OctaviaAmphoraImageTag} - octavia::controller::amp_ssh_key_name: {get_param: OctaviaAmphoraSshKeyName} - octavia::controller::enable_ssh_access: true - octavia::controller::timeout_client_data: {get_param: OctaviaTimeoutClientData} - octavia::controller::timeout_member_connect: {get_param: OctaviaTimeoutMemberConnect} - octavia::controller::timeout_member_data: {get_param: OctaviaTimeoutMemberData} - octavia::controller::timeout_tcp_inspect: {get_param: OctaviaTimeoutTcpInspect} - - - if: - - octavia_topology_unset - - {} - - octavia::controller::loadbalancer_topology: {get_param: OctaviaLoadBalancerTopology} - diff --git a/puppet/services/octavia-health-manager.yaml b/puppet/services/octavia-health-manager.yaml deleted file mode 100644 index 0e406bd993..0000000000 --- a/puppet/services/octavia-health-manager.yaml +++ /dev/null @@ -1,105 +0,0 @@ -heat_template_version: rocky - -description: > - OpenStack Octavia Health Manager service. - -parameters: - ServiceData: - default: {} - description: Dictionary packing service data - type: json - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - RoleName: - default: '' - description: Role name on which the service is applied - type: string - RoleParameters: - default: {} - description: Parameters specific to the role - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - MonitoringSubscriptionOctaviaHealthManager: - default: 'overcloud-octavia-health-manager' - type: string - OctaviaHealthManagerLoggingSource: - type: json - default: - tag: openstack.octavia.health-manager - path: /var/log/octavia/health-manager.log - OctaviaHeartbeatKey: - type: string - description: Key to identify heartbeat messages for amphorae. - hidden: true - OctaviaMgmtPortDevName: - type: string - default: "o-hm0" - description: Name of the octavia management network interface using - for communication between octavia worker/health-manager - with the amphora machine. - OctaviaEventStreamerDriver: - type: string - default: "noop_event_streamer" - description: Name of the event streamer driver to use for syncing Octavia - and Neutron LBaaS databases. It is highly recommended to - disable if one doesn't need to sync the database or is running - Octavia in standalone mode by setting to noop_event_streamer. - -resources: - - OctaviaBase: - type: ./octavia-base.yaml - properties: - ServiceData: {get_param: ServiceData} - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - RoleName: {get_param: RoleName} - RoleParameters: {get_param: RoleParameters} - - OctaviaController: - type: ./octavia-controller.yaml - properties: - ServiceData: {get_param: ServiceData} - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - RoleName: {get_param: RoleName} - RoleParameters: {get_param: RoleParameters} - -outputs: - role_data: - description: Role data for the Octavia Health Manager service. - value: - service_name: octavia_health_manager - monitoring_subscription: {get_param: MonitoringSubscriptionOctaviaHealthManager} - config_settings: - map_merge: - - get_attr: [OctaviaBase, role_data, config_settings] - - get_attr: [OctaviaController, role_data, config_settings] - - octavia::health_manager::heartbeat_key: {get_param: OctaviaHeartbeatKey} - octavia::health_manager::event_streamer_driver: {get_param: OctaviaEventStreamerDriver} - tripleo::octavia_health_manager::firewall_rules: - '200 octavia health manager interface': - proto: udp - dport: 5555 - iniface: {get_param: OctaviaMgmtPortDevName} - service_config_settings: - fluentd: - tripleo_fluentd_groups_octavia_health_manager: - - octavia - tripleo_fluentd_sources_octavia_health_manager: - - {get_param: OctaviaHealthManagerLoggingSource} - step_config: | - include tripleo::profile::base::octavia::health_manager diff --git a/puppet/services/octavia-housekeeping.yaml b/puppet/services/octavia-housekeeping.yaml deleted file mode 100644 index 72ad77a9c6..0000000000 --- a/puppet/services/octavia-housekeeping.yaml +++ /dev/null @@ -1,97 +0,0 @@ -heat_template_version: rocky - -description: > - OpenStack Octavia Housekeeping service. - -parameters: - ServiceData: - default: {} - description: Dictionary packing service data - type: json - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - RoleName: - default: '' - description: Role name on which the service is applied - type: string - RoleParameters: - default: {} - description: Parameters specific to the role - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - OctaviaAmphoraExpiryAge: - default: 0 - description: The interval in seconds after which an unused Amphora will - be considered expired and cleaned up. If left to 0, the - configuration will not be set and the system will use - the service defaults. - type: number - MonitoringSubscriptionOctaviaHousekeeping: - default: 'overcloud-octavia-housekeeping' - type: string - OctaviaHousekeepingLoggingSource: - type: json - default: - tag: openstack.octavia.housekeeping - path: /var/log/octavia/housekeeping.log - -conditions: - amphora_expiry_is_zero: {equals: [{get_param: OctaviaAmphoraExpiryAge}, 0]} - - -resources: - - OctaviaBase: - type: ./octavia-base.yaml - properties: - ServiceData: {get_param: ServiceData} - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - RoleName: {get_param: RoleName} - RoleParameters: {get_param: RoleParameters} - - OctaviaController: - type: ./octavia-controller.yaml - properties: - ServiceData: {get_param: ServiceData} - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - RoleName: {get_param: RoleName} - RoleParameters: {get_param: RoleParameters} - -outputs: - role_data: - description: Role data for the Octavia Housekeeping service. - value: - service_name: octavia_housekeeping - monitoring_subscription: {get_param: MonitoringSubscriptionOctaviaHousekeeping} - config_settings: - map_merge: - - get_attr: [OctaviaBase, role_data, config_settings] - - get_attr: [OctaviaController, role_data, config_settings] - - - if: - - amphora_expiry_is_zero - - {} - - octavia::housekeeping::amphora_expiry_age: {get_param: OctaviaAmphoraExpiryAge} - service_config_settings: - fluentd: - tripleo_fluentd_groups_octavia_housekeeping: - - octavia - tripleo_fluentd_sources_octavia_housekeeping: - - {get_param: OctaviaHousekeepingLoggingSource} - step_config: | - include tripleo::profile::base::octavia::housekeeping diff --git a/puppet/services/octavia-worker.yaml b/puppet/services/octavia-worker.yaml deleted file mode 100644 index 085c338d2d..0000000000 --- a/puppet/services/octavia-worker.yaml +++ /dev/null @@ -1,121 +0,0 @@ -heat_template_version: rocky - -description: > - OpenStack Octavia Worker service. - -parameters: - ServiceData: - default: {} - description: Dictionary packing service data - type: json - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - RoleName: - default: '' - description: Role name on which the service is applied - type: string - RoleParameters: - default: {} - description: Parameters specific to the role - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - MonitoringSubscriptionOctaviaWorker: - default: 'overcloud-octavia-worker' - type: string - OctaviaWorkerLoggingSource: - type: json - default: - tag: openstack.octavia.worker - path: /var/log/octavia/worker.log - OctaviaFlavorProperties: - default: - ram : '1024' - disk : '3' - vcpus : '1' - description: Dictionary describing the nova flavor for amphora. - type: json - OctaviaManageNovaFlavor: - default: true - description: Configure the nova flavor for the amphora. - type: boolean - OctaviaClientCertFile: - default: '/etc/octavia/certs/client.pem' - description: client certificate for amphoras - type: string - OctaviaClientCert: - default: '' - description: Client certificate data. If provided, this will create or update - a file on the host with the path provided in OctaviaClientCertFile - with the certificate data. - type: string - OctaviaProjectName: - description: The project name for the keystone Octavia account. - type: string - default: 'service' - -conditions: - octavia_client_cert_unset: {equals: [{get_param: OctaviaClientCert}, ""]} - -resources: - - OctaviaBase: - type: ./octavia-base.yaml - properties: - ServiceData: {get_param: ServiceData} - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - RoleName: {get_param: RoleName} - RoleParameters: {get_param: RoleParameters} - - OctaviaController: - type: ./octavia-controller.yaml - properties: - ServiceData: {get_param: ServiceData} - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - RoleName: {get_param: RoleName} - RoleParameters: {get_param: RoleParameters} - -outputs: - role_data: - description: Role data for the Octavia Worker service. - value: - service_name: octavia_worker - monitoring_subscription: {get_param: MonitoringSubscriptionOctaviaWorker} - config_settings: - map_merge: - - get_attr: [OctaviaBase, role_data, config_settings] - - get_attr: [OctaviaController, role_data, config_settings] - - octavia::worker::amp_project_name: {get_param: OctaviaProjectName} - octavia::worker::nova_flavor_config: {get_param: OctaviaFlavorProperties} - octavia::worker::manage_nova_flavor: {get_param: OctaviaManageNovaFlavor} - octavia::worker::nova_flavor_config: {get_param: OctaviaFlavorProperties} - octavia::certificates::client_cert: {get_param: OctaviaClientCertFile} - - - if: - - octavia_client_cert_unset - - {} - - octavia::certificates::client_cert_data: {get_param: OctaviaClientCert} - - service_config_settings: - fluentd: - tripleo_fluentd_groups_octavia_worker: - - octavia - tripleo_fluentd_sources_octavia_worker: - - {get_param: OctaviaWorkerLoggingSource} - step_config: | - include tripleo::profile::base::octavia::worker - diff --git a/tools/yaml-validate.py b/tools/yaml-validate.py index 9feafc1d89..47d78114e5 100755 --- a/tools/yaml-validate.py +++ b/tools/yaml-validate.py @@ -259,7 +259,7 @@ CONFIG_RESOURCE_TYPES = [ ] WORKFLOW_TASKS_EXCLUSIONS = [ - './docker/services/octavia/octavia-deployment-config.yaml', + './deployment/octavia/octavia-deployment-config.yaml', './docker/services/ceph-ansible/ceph-external.yaml', './docker/services/ceph-ansible/ceph-osd.yaml', './docker/services/ceph-ansible/ceph-rbdmirror.yaml',