Heat templates for deploying OpenStack
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
Luca Lorenzetto 0d8f11ffca Support for external swift proxy 5 years ago
..
database Add params to tweak memory limit on mongodb 5 years ago
disabled Put service stop at step1 and quiesce at step2. 6 years ago
logging upgrades/validation: only run validation when services exist 6 years ago
metrics upgrades/validation: only run validation when services exist 6 years ago
monitoring sensu: fix upgrade case when service is added 5 years ago
network Replace references to the 192.0.2 network 5 years ago
pacemaker Pass hieradata for internal TLS for RabbitMQ 6 years ago
time Configuring a default ntp server. 6 years ago
README.rst Put service stop at step1 and quiesce at step2. 6 years ago
aodh-api.yaml Allow to configure policy.json for OpenStack projects 5 years ago
aodh-base.yaml telemetry: switch auth_uri to uri_no_suffix 6 years ago
aodh-evaluator.yaml upgrades/validation: only run validation when services exist 6 years ago
aodh-listener.yaml upgrades/validation: only run validation when services exist 6 years ago
aodh-notifier.yaml upgrades/validation: only run validation when services exist 6 years ago
apache.yaml Change the directory for httpd certs/keys to be service-specific 5 years ago
auditd.yaml upgrades/validation: only run validation when services exist 6 years ago
barbican-api.yaml Allow to configure policy.json for OpenStack projects 5 years ago
ca-certs.yaml Bump template version for all templates to "ocata" 6 years ago
ceilometer-agent-central.yaml upgrades/validation: only run validation when services exist 6 years ago
ceilometer-agent-compute.yaml upgrades/validation: only run validation when services exist 6 years ago
ceilometer-agent-ipmi.yaml Add ceilometer ipmi agent 5 years ago
ceilometer-agent-notification.yaml upgrades/validation: only run validation when services exist 6 years ago
ceilometer-api.yaml Allow to configure policy.json for OpenStack projects 5 years ago
ceilometer-base.yaml Disable ceilometer API 5 years ago
ceilometer-collector.yaml upgrades/validation: only run validation when services exist 6 years ago
ceilometer-expirer.yaml Remove openstack-ceilometer-expirer check 6 years ago
ceph-base.yaml Bump template version for all templates to "ocata" 6 years ago
ceph-client.yaml Bump template version for all templates to "ocata" 6 years ago
ceph-external.yaml Conform CephExternal template to the new hiera hook 6 years ago
ceph-mds.yaml Add support for the deployment of Ceph MDS 6 years ago
ceph-mon.yaml Add checks in ansible upgrade tasks for CephMon and CephOSD 6 years ago
ceph-osd.yaml Add checks in ansible upgrade tasks for CephMon and CephOSD 6 years ago
ceph-rgw.yaml Update ceph-rgw acccepted roles to fix OSP upgrade 5 years ago
certmonger-user.yaml Add certmonger-user profile 6 years ago
cinder-api.yaml Allow to configure policy.json for OpenStack projects 5 years ago
cinder-backend-dellps.yaml Composable services support for Cinder Dell EMC PS Series 6 years ago
cinder-backend-dellsc.yaml Composable service support for Cinder Dell EMC Storage Center 6 years ago
cinder-backend-netapp.yaml Add composable role support for NetApp Cinder back end 5 years ago
cinder-backend-scaleio.yaml Fix bogus parameters in get_param 6 years ago
cinder-backup.yaml Bump template version for all templates to "ocata" 6 years ago
cinder-base.yaml Make the DB URIs host-independent for all services 6 years ago
cinder-hpelefthand-iscsi.yaml Check that all templates are using the release alias 6 years ago
cinder-scheduler.yaml upgrades/validation: only run validation when services exist 6 years ago
cinder-volume.yaml Fix usage of CinderNfsServers 5 years ago
congress.yaml Add password to authtoken section in congress.conf 5 years ago
docker.yaml Add docker composable service template 6 years ago
ec2-api.yaml Merge "Add missing ec2api::api::keystone_ec2_tokens_url config" 5 years ago
etcd.yaml etcd: secure EtcdInitialClusterToken parameter 5 years ago
external-swift-proxy.yaml Support for external swift proxy 5 years ago
glance-api.yaml Allow to configure policy.json for OpenStack projects 5 years ago
gnocchi-api.yaml Allow to configure policy.json for OpenStack projects 5 years ago
gnocchi-base.yaml Swift auth url should use a suffix 5 years ago
gnocchi-metricd.yaml upgrades/validation: only run validation when services exist 6 years ago
gnocchi-statsd.yaml upgrades/validation: only run validation when services exist 6 years ago
haproxy-internal-tls-certmonger.yaml Add metadata settings for needed kerberos principals 6 years ago
haproxy-public-tls-certmonger.yaml Add metadata settings for needed kerberos principals 6 years ago
haproxy.yaml upgrades/validation: only run validation when services exist 6 years ago
heat-api-cfn.yaml Remove double quotes in the "when" Ansible conditional. 6 years ago
heat-api-cloudwatch.yaml Remove double quotes in the "when" Ansible conditional. 6 years ago
heat-api.yaml Allow to configure policy.json for OpenStack projects 5 years ago
heat-base.yaml heat: switch auth_uri to use uri_no_suffix 6 years ago
heat-engine.yaml Change heat and mistral to use v3/ec2tokens url 5 years ago
horizon.yaml Merge "Adds Horizon secure cookie map." 5 years ago
ironic-api.yaml Allow to configure policy.json for OpenStack projects 5 years ago
ironic-base.yaml Make the DB URIs host-independent for all services 6 years ago
ironic-conductor.yaml Add support for "neutron" Ironic networking plugin 5 years ago
keepalived.yaml Bump template version for all templates to "ocata" 6 years ago
kernel.yaml Merge "Add IPv6 disable option" 5 years ago
keystone.yaml Use comma_delimited_list for token flush cron time settings 5 years ago
manila-api.yaml manila: switch auth_uri to use uri_no_suffix 6 years ago
manila-backend-cephfs.yaml Merge "Set manila cephfs backend if ceph is deployed" 6 years ago
manila-backend-generic.yaml Bump template version for all templates to "ocata" 6 years ago
manila-backend-netapp.yaml Bump template version for all templates to "ocata" 6 years ago
manila-base.yaml Make the DB URIs host-independent for all services 6 years ago
manila-scheduler.yaml Bump template version for all templates to "ocata" 6 years ago
manila-share.yaml Use Keystone internal endpoint instead of admin for services 6 years ago
memcached.yaml Reduce memcached memory configuration 6 years ago
mistral-api.yaml Allow to configure policy.json for OpenStack projects 5 years ago
mistral-base.yaml Change heat and mistral to use v3/ec2tokens url 5 years ago
mistral-engine.yaml Add mistral service support for composable upgrades 6 years ago
mistral-executor.yaml Add mistral service support for composable upgrades 6 years ago
neutron-api.yaml Allow to configure policy.json for OpenStack projects 5 years ago
neutron-base.yaml add configurable timeouts for DB sync 5 years ago
neutron-bgpvpn-api.yaml Add BGPVPN composable service 6 years ago
neutron-bigswitch-agent.yaml Re-Add bigswitch agent support 5 years ago
neutron-compute-plugin-midonet.yaml Bump template version for all templates to "ocata" 6 years ago
neutron-compute-plugin-nuage.yaml Addition of firewall rules for Nuage 5 years ago
neutron-compute-plugin-ovn.yaml ovn: Add missing configurations required 5 years ago
neutron-compute-plugin-plumgrid.yaml Bump template version for all templates to "ocata" 6 years ago
neutron-dhcp.yaml upgrades/validation: only run validation when services exist 6 years ago
neutron-l2gw-api.yaml Add l2gw neutron service plugin support 5 years ago
neutron-l3-compute-dvr.yaml Merge "neutron: don't set external_network_bridge option by default" 6 years ago
neutron-l3.yaml upgrades/validation: only run validation when services exist 6 years ago
neutron-metadata.yaml upgrades/validation: only run validation when services exist 6 years ago
neutron-midonet.yaml Bump template version for all templates to "ocata" 6 years ago
neutron-ovs-agent.yaml Add manual ovs upgrade script for workaround ovs upgrade issue 5 years ago
neutron-ovs-dpdk-agent.yaml Merge "Add manual ovs upgrade script for workaround ovs upgrade issue" 5 years ago
neutron-plugin-ml2-fujitsu-cfab.yaml Bump missing template names to ocata 6 years ago
neutron-plugin-ml2-fujitsu-fossw.yaml Add THT for fossw ML2 plugin in networking-fujitsu 6 years ago
neutron-plugin-ml2-odl.yaml Fixes port binding controller for OpenDaylight 5 years ago
neutron-plugin-ml2-ovn.yaml OVN plugin configuration fixes 6 years ago
neutron-plugin-ml2.yaml Remove unused SR-IOV parameter NeutronSupportedPCIVendorDevs 6 years ago
neutron-plugin-nuage.yaml Addition of firewall rules for Nuage 5 years ago
neutron-plugin-plumgrid.yaml Make the DB URIs host-independent for all services 6 years ago
neutron-sriov-agent.yaml Bump template version for all templates to "ocata" 6 years ago
nova-api.yaml Merge "[N->O] Fix wrong database connection for cell0 during upgrade." 5 years ago
nova-base.yaml add configurable timeouts for DB sync 5 years ago
nova-compute.yaml Modify pci_passthrough hiera value as string 5 years ago
nova-conductor.yaml Put service stop at step1 and quiesce at step2. 6 years ago
nova-consoleauth.yaml Put service stop at step1 and quiesce at step2. 6 years ago
nova-ironic.yaml Stop openstack-nova-compute during nova-ironic upgrade 5 years ago
nova-libvirt.yaml Configure VNC Server listen address through t-h-t 6 years ago
nova-metadata.yaml Bump template version for all templates to "ocata" 6 years ago
nova-placement.yaml Put service stop at step1 and quiesce at step2. 6 years ago
nova-scheduler.yaml Put service stop at step1 and quiesce at step2. 6 years ago
nova-vnc-proxy.yaml Put service stop at step1 and quiesce at step2. 6 years ago
octavia-api.yaml Allow to configure policy.json for OpenStack projects 5 years ago
octavia-base.yaml Only set EnableConfigPurge on major upgrades 5 years ago
octavia-health-manager.yaml Introduce Octavia implementation services 6 years ago
octavia-housekeeping.yaml Introduce Octavia implementation services 6 years ago
octavia-worker.yaml Introduce Octavia implementation services 6 years ago
opendaylight-api.yaml Merge "Enables OpenDaylight clustering in HA deployments" 5 years ago
opendaylight-ovs.yaml Merge "Add manual ovs upgrade script for workaround ovs upgrade issue" 5 years ago
openvswitch-upgrade.yaml Add manual ovs upgrade script for workaround ovs upgrade issue 5 years ago
ovn-dbs.yaml ovn: Add missing configurations required 5 years ago
pacemaker.yaml Timeout early on pcs cluster status check0 during upgrade. 5 years ago
pacemaker_remote.yaml pacemaker remote profile support 6 years ago
panko-api.yaml Allow to configure policy.json for OpenStack projects 5 years ago
panko-base.yaml telemetry: switch auth_uri to uri_no_suffix 6 years ago
qdr.yaml Qpid dispatch router composable role 5 years ago
rabbitmq.yaml Rabbitmq: Use conditional instead of nested stack for TLS-specific bits 5 years ago
sahara-api.yaml Allow to configure policy.json for OpenStack projects 5 years ago
sahara-base.yaml sahara: configure keystone_authtoken parameters 6 years ago
sahara-engine.yaml Put service stop at step1 and quiesce at step2. 6 years ago
securetty.yaml Adds service for managing securetty 5 years ago
services.yaml Remove yaql call when building logging_groups 5 years ago
snmp.yaml Put service stop at step1 and quiesce at step2. 6 years ago
sshd.yaml sshd template, rename hiera key 6 years ago
swift-base.yaml Bump template version for all templates to "ocata" 6 years ago
swift-proxy.yaml Add parameters for internal TLS for swift proxy 5 years ago
swift-ringbuilder.yaml Decouple Swift ringbuilding logic 5 years ago
swift-storage.yaml Put service stop at step1 and quiesce at step2. 6 years ago
tacker.yaml Setting keystone region for tacker 5 years ago
tripleo-firewall.yaml N->O upgrade, blanks ipv6 rules before activating it. 5 years ago
tripleo-packages.yaml Adds a step0 for pre upgrade-init checks 6 years ago
vpp.yaml Add validation for VPP upgrade tasks 6 years ago
zaqar.yaml Allow to configure policy.json for OpenStack projects 5 years ago

README.rst

services

A TripleO nested stack Heat template that encapsulates generic configuration data to configure a specific service. This generally includes everything needed to configure the service excluding the local bind ports which are still managed in the per-node role templates directly (controller.yaml, compute.yaml, etc.). All other (global) service settings go into the puppet/service templates.

Input Parameters

Each service may define its own input parameters and defaults. Operators will use the parameter_defaults section of any Heat environment to set per service parameters.

Config Settings

Each service may define three ways in which to output variables to configure Hiera settings on the nodes.

  • config_settings: the hiera keys will be pushed on all roles of which the service is a part of.
  • global_config_settings: the hiera keys will be distributed to all roles
  • service_config_settings: Takes an extra key to wire in values that are defined for a service that need to be consumed by some other service. For example: service_config_settings: haproxy: foo: bar This will set the hiera key 'foo' on all roles where haproxy is included.

Deployment Steps

Each service may define an output variable which returns a puppet manifest snippet that will run at each of the following steps. Earlier manifests are re-asserted when applying latter ones.

  • config_settings: Custom hiera settings for this service.

  • global_config_settings: Additional hiera settings distributed to all roles.

  • step_config: A puppet manifest that is used to step through the deployment sequence. Each sequence is given a "step" (via hiera('step') that provides information for when puppet classes should activate themselves.

    Steps correlate to the following:

    1. Load Balancer configuration
    2. Core Services (Database/Rabbit/NTP/etc.)
    3. Early Openstack Service setup (Ringbuilder, etc.)
    4. General OpenStack Services
    5. Service activation (Pacemaker)

Batch Upgrade Steps

Each service template may optionally define a upgrade_batch_tasks key, which is a list of ansible tasks to be performed during the upgrade process.

Similar to the step_config, we allow a series of steps for the per-service upgrade sequence, defined as ansible tasks with a tag e.g "step1" for the first step, "step2" for the second, etc (currently only two steps are supported, but more may be added when required as additional services get converted to batched upgrades).

Note that each step is performed in batches, then we move on to the next step which is also performed in batches (we don't perform all steps on one node, then move on to the next one which means you can sequence rolling upgrades of dependent services via the step value).

The tasks performed at each step is service specific, but note that all batch upgrade steps are performed before the upgrade_tasks described below. This means that all services that support rolling upgrades can be upgraded without downtime during upgrade_batch_tasks, then any remaining services are stopped and upgraded during upgrade_tasks

The default batch size is 1, but this can be overridden for each role via the upgrade_batch_size option in roles_data.yaml

Upgrade Steps

Each service template may optionally define a upgrade_tasks key, which is a list of ansible tasks to be performed during the upgrade process.

Similar to the step_config, we allow a series of steps for the per-service upgrade sequence, defined as ansible tasks with a tag e.g "step1" for the first step, "step2" for the second, etc.

Steps/tages correlate to the following:

  1. Stop all control-plane services.

  2. Quiesce the control-plane, e.g disable LoadBalancer, stop pacemaker cluster: this will stop the following resource:

    • ocata:
      • galera
      • rabbit
      • redis
      • haproxy
      • vips
      • cinder-volumes
      • cinder-backup
      • manilla-share
      • rbd-mirror

    The exact order is controlled by the cluster constraints.

  3. Perform a package update and install new packages: A general upgrade is done, and only new package should go into service ansible tasks.

  4. Start services needed for migration tasks (e.g DB)

  5. Perform any migration tasks, e.g DB sync commands

Note that the services are not started in the upgrade tasks - we instead re-run puppet which does any reconfiguration required for the new version, then starts the services.

Nova Server Metadata Settings

One can use the hook of type OS::TripleO::ServiceServerMetadataHook to pass entries to the nova instances' metadata. It is, however, disabled by default. In order to overwrite it one needs to define it in the resource registry. An implementation of this hook needs to conform to the following:

  • It needs to define an input called RoleData of json type. This gets as input the contents of the role_data for each role's ServiceChain.
  • This needs to define an output called metadata which will be given to the Nova Server resource as the instance's metadata.