107efc1f5e
Statements to setfacl on fast forward upgrade were added for the l3 agent container and the neutron dhcp container. But they are missing from the metadata proxy container, which can lead to this sort of thing after an FFU upgrade - but not immediately, waiting for the metadata container to restart. After restarting neutron_metadata_agent, the permission will be changed as follows. [root@overcloud-controller-0 neutron]# ll total 24 drwxrwxr-x+ 2 42435 42435 6 Jun 18 08:57 dhcp -rwxrwxr-x+ 1 42435 42435 998 Jun 18 08:43 dhcp_haproxy_wrapper -rwxrwxr-x+ 1 42435 42435 1099 Jun 18 08:43 dibbler_wrapper -rwxrwxr-x+ 1 42435 42435 995 Jun 18 08:43 dnsmasq_wrapper drwxrwxr-x+ 2 42435 42435 6 Jun 18 08:59 ha_confs srwxrwxr-x+ 1 42435 42435 0 Jun 20 02:23 keepalived-state-change -rwxrwxr-x+ 1 42435 42435 1035 Jun 18 08:43 keepalived_state_change_wrapper -rwxrwxr-x+ 1 42435 42435 1076 Jun 18 08:43 keepalived_wrapper -rwxrwxr-x+ 1 42435 42435 996 Jun 18 08:43 l3_haproxy_wrapper srw-rwxr--+ 1 42435 42435 0 Jun 20 02:24 metadata_proxy [root@overcloud-controller-0 neutron]# getfacl metadata_proxy # file: metadata_proxy # owner: 42435 # group: 42435 user::rw- user:neutron:rwx group::r-x mask::rwx other::r-- [root@overcloud-controller-0 neutron]# docker restart neutron_metadata_agent neutron_metadata_agent [root@overcloud-controller-0 neutron]# ll total 24 drwxrwxr-x+ 2 42435 42435 6 Jun 18 08:57 dhcp -rwxrwxr-x+ 1 42435 42435 998 Jun 18 08:43 dhcp_haproxy_wrapper -rwxrwxr-x+ 1 42435 42435 1099 Jun 18 08:43 dibbler_wrapper -rwxrwxr-x+ 1 42435 42435 995 Jun 18 08:43 dnsmasq_wrapper drwxrwxr-x+ 2 42435 42435 6 Jun 18 08:59 ha_confs srwxrwxr-x+ 1 42435 42435 0 Jun 20 02:23 keepalived-state-change -rwxrwxr-x+ 1 42435 42435 1035 Jun 18 08:43 keepalived_state_change_wrapper -rwxrwxr-x+ 1 42435 42435 1076 Jun 18 08:43 keepalived_wrapper -rwxrwxr-x+ 1 42435 42435 996 Jun 18 08:43 l3_haproxy_wrapper srw-r--r--+ 1 42435 42435 0 Jun 20 02:29 metadata_proxy [root@overcloud-controller-0 neutron]# getfacl metadata_proxy # file: metadata_proxy # owner: 42435 # group: 42435 user::rw- user:neutron:rwx #effective:r-- group::r-x #effective:r-- mask::r-- other::r-- Change-Id: Idec372ae008cab9b27bd1ddc79b6b50c1de98563 |
||
|---|---|---|
| ci | ||
| common | ||
| container_config_scripts | ||
| deployed-server | ||
| deployment | ||
| environments | ||
| extraconfig | ||
| firstboot | ||
| network | ||
| plan-samples | ||
| puppet | ||
| releasenotes | ||
| roles | ||
| sample-env-generator | ||
| scripts | ||
| tools | ||
| tripleo_heat_templates | ||
| validation-scripts | ||
| zuul.d | ||
| .gitignore | ||
| .gitreview | ||
| .testr.conf | ||
| LICENSE | ||
| README.rst | ||
| all-nodes-validation.yaml | ||
| babel.cfg | ||
| bindep.txt | ||
| capabilities-map.yaml | ||
| config-download-software.yaml | ||
| config-download-structured.yaml | ||
| default_passwords.yaml | ||
| hosts-config.yaml | ||
| j2_excludes.yaml | ||
| lower-constraints.txt | ||
| net-config-bond.j2.yaml | ||
| net-config-bridge.j2.yaml | ||
| net-config-linux-bridge.j2.yaml | ||
| net-config-noop.j2.yaml | ||
| net-config-standalone.j2.yaml | ||
| net-config-static-bridge-with-external-dhcp.j2.yaml | ||
| net-config-static-bridge.j2.yaml | ||
| net-config-static.j2.yaml | ||
| net-config-undercloud.j2.yaml | ||
| network_data.yaml | ||
| network_data_dashboard.yaml | ||
| network_data_ganesha.yaml | ||
| network_data_routed.yaml | ||
| network_data_subnets_routed.yaml | ||
| network_data_undercloud.yaml | ||
| overcloud-resource-registry-puppet.j2.yaml | ||
| overcloud.j2.yaml | ||
| plan-environment.yaml | ||
| requirements.txt | ||
| roles_data.yaml | ||
| roles_data_undercloud.yaml | ||
| setup.cfg | ||
| setup.py | ||
| test-ansible-requirements.txt | ||
| test-requirements.txt | ||
| tox.ini | ||
README.rst
Team and repository tags
tripleo-heat-templates
Heat templates to deploy OpenStack using OpenStack.
- Free software: Apache License (2.0)
- Documentation: https://docs.openstack.org/tripleo-docs/latest/
- Source: https://opendev.org/openstack/tripleo-heat-templates
- Bugs: https://bugs.launchpad.net/tripleo
- Release notes: https://docs.openstack.org/releasenotes/tripleo-heat-templates/
Features
The ability to deploy a multi-node, role based OpenStack deployment using OpenStack Heat. Notable features include:
- Choice of deployment/configuration tooling: puppet, (soon) docker
- Role based deployment: roles for the controller, compute, ceph, swift, and cinder storage
- physical network configuration: support for isolated networks, bonding, and standard ctlplane networking
Directories
A description of the directory layout in TripleO Heat Templates.
- environments: contains heat environment files that can be used with -e
on the command like to enable features, etc.
- extraconfig: templates used to enable 'extra' functionality. Includes
functionality for distro specific registration and upgrades.
- firstboot: example first_boot scripts that can be used when initially
creating instances.
- network: heat templates to help create isolated networks and ports
- puppet: templates mostly driven by configuration with puppet. To use these
templates you can use the overcloud-resource-registry-puppet.yaml.
- validation-scripts: validation scripts useful to all deployment
configurations
- roles: example roles that can be used with the tripleoclient to generate
a roles_data.yaml for a deployment See the roles/README.rst for additional details.
Service testing matrix
The configuration for the CI scenarios will be defined in tripleo-heat-templates/ci/ and should be executed according to the following table:
| - | scn000 | scn001 | scn002 | scn003 | scn004 | scn006 | scn007 | scn009 | scn010 | non-ha | ovh-ha |
|---|---|---|---|---|---|---|---|---|---|---|---|
| keystone |
|
|
|
|
|
|
|
|
|
|
|
| glance |
|
swift |
|
|
|
|
|
|
|
||
| cinder |
|
iscsi | |||||||||
| heat |
|
|
|||||||||
| ironic |
|
||||||||||
| mysql |
|
|
|
|
|
|
|
|
|
|
|
| neutron |
|
|
|
|
|
|
|
|
|
||
| neutron-bgpvpn |
|
||||||||||
| ovn |
|
||||||||||
| neutron-l2gw |
|
||||||||||
| om-rpc | rabbit | rabbit |
|
rabbit | rabbit | rabbit | rabbit | rabbit | rabbit | ||
| om-notify | rabbit | rabbit | rabbit | rabbit | rabbit | rabbit | rabbit | rabbit | rabbit | ||
| redis |
|
|
|||||||||
| haproxy |
|
|
|
|
|
|
|
|
|
||
| memcached |
|
|
|
|
|
|
|
|
|
||
| pacemaker |
|
|
|
|
|
|
|
|
|
||
| nova |
|
|
|
|
ironic |
|
|
|
|
||
| ntp |
|
|
|
|
|
|
|
|
|
|
|
| snmp |
|
|
|
|
|
|
|
|
|
|
|
| timezone |
|
|
|
|
|
|
|
|
|
|
|
| sahara |
|
||||||||||
| mistral |
|
||||||||||
| swift |
|
||||||||||
| aodh |
|
|
|||||||||
| ceilometer |
|
|
|||||||||
| gnocchi |
|
|
|||||||||
| barbican |
|
||||||||||
| zaqar |
|
||||||||||
| cephrgw |
|
||||||||||
| tacker |
|
||||||||||
| cephmds |
|
||||||||||
| manila |
|
||||||||||
| collectd |
|
||||||||||
| designate |
|
||||||||||
| octavia |
|