Heat templates for deploying OpenStack
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
tripleo-heat-templates/puppet/services
Emilien Macchi 559db47223 zaqar: fix hieradata to enable Debug 5 years ago
..
database Convert ServiceNetMap evals to hiera interpolation 5 years ago
disabled Merge "FFU: Fix glance tasks" 5 years ago
logging Always evaluate step first in conditional 5 years ago
metrics Merge "Enable collectd health check" 5 years ago
monitoring Always evaluate step first in conditional 5 years ago
pacemaker Merge "Assign Cinder's backend_host when deploying for HA" 5 years ago
releasenotes/notes upgrades: deploy mod_ssl when upgrading apache 6 years ago
time Add role_specific tag to missing role-specific parameters 5 years ago
README.rst Update service readme files 5 years ago
aide.yaml Remove tags from upgrade tasks for aide.yml. 5 years ago
aodh-api.yaml Convert ServiceNetMap evals to hiera interpolation 5 years ago
aodh-base.yaml Change template names to queens 5 years ago
aodh-evaluator.yaml Always evaluate step first in conditional 5 years ago
aodh-listener.yaml Always evaluate step first in conditional 5 years ago
aodh-notifier.yaml Always evaluate step first in conditional 5 years ago
apache.j2.yaml Convert ServiceNetMap evals to hiera interpolation 5 years ago
auditd.yaml Always evaluate step first in conditional 5 years ago
barbican-api.yaml Convert ServiceNetMap evals to hiera interpolation 5 years ago
barbican-backend-dogtag.yaml Add multiple secret store backends for barbican 5 years ago
barbican-backend-kmip.yaml Add multiple secret store backends for barbican 5 years ago
barbican-backend-pkcs11-crypto.yaml Add multiple secret store backends for barbican 5 years ago
barbican-backend-simple-crypto.yaml Set simple crypto plugin as global default for Barbican 5 years ago
ca-certs.yaml Change template names to queens 5 years ago
ceilometer-agent-central.yaml Merge "logging: use service_config_settings for fluentd" 5 years ago
ceilometer-agent-compute.yaml Always evaluate step first in conditional 5 years ago
ceilometer-agent-ipmi.yaml Merge "logging: use service_config_settings for fluentd" 5 years ago
ceilometer-agent-notification.yaml Merge "logging: use service_config_settings for fluentd" 5 years ago
ceilometer-base.yaml Deprecate CeilometerWorkers 5 years ago
ceph-base.yaml Convert ServiceNetMap evals to hiera interpolation 5 years ago
ceph-client.yaml Change template names to queens 5 years ago
ceph-external.yaml Change template names to queens 5 years ago
ceph-mds.yaml Change template names to queens 5 years ago
ceph-mon.yaml Convert tags to when statements for Q major upgrade workflow 5 years ago
ceph-osd.yaml Convert tags to when statements for Q major upgrade workflow 5 years ago
ceph-rgw.yaml Convert ServiceNetMap evals to hiera interpolation 5 years ago
certmonger-user.yaml Add support for libvirt VNC TLS 5 years ago
cinder-api.yaml Convert ServiceNetMap evals to hiera interpolation 5 years ago
cinder-backend-dellemc-unity.yaml Change template names to queens 5 years ago
cinder-backend-dellemc-vmax-iscsi.yaml Fix the dellemc vmax to use the correct hiera name 5 years ago
cinder-backend-dellemc-vnx.yaml Add support for Dell EMC VNX Cinder Backend 5 years ago
cinder-backend-dellemc-xtremio-iscsi.yaml Add support for Dell EMC XtremIO Cinder ISCSI Backend 5 years ago
cinder-backend-dellps.yaml Change template names to queens 5 years ago
cinder-backend-dellsc.yaml Change template names to queens 5 years ago
cinder-backend-netapp.yaml Change template names to queens 5 years ago
cinder-backend-pure.yaml Change template names to queens 5 years ago
cinder-backend-scaleio.yaml Change template names to queens 5 years ago
cinder-backend-veritas-hyperscale.yaml Change template names to queens 5 years ago
cinder-backup.yaml Allows for configuration of the Ceph cluster name 5 years ago
cinder-base.yaml Change template names to queens 5 years ago
cinder-hpelefthand-iscsi.yaml Change template names to queens 5 years ago
cinder-scheduler.yaml Merge "logging: use service_config_settings for fluentd" 5 years ago
cinder-volume.yaml Convert ServiceNetMap evals to hiera interpolation 5 years ago
congress.yaml Merge "Configure firewall rules for Congress" 5 years ago
docker-registry.yaml Convert ServiceNetMap evals to hiera interpolation 5 years ago
docker.yaml Make the minor update for docker idempotent 5 years ago
ec2-api.yaml Convert ServiceNetMap evals to hiera interpolation 5 years ago
etcd.yaml Convert ServiceNetMap evals to hiera interpolation 5 years ago
external-swift-proxy.yaml Change template names to queens 5 years ago
glance-api.yaml Convert ServiceNetMap evals to hiera interpolation 5 years ago
gnocchi-api.yaml Convert ServiceNetMap evals to hiera interpolation 5 years ago
gnocchi-base.yaml Allows for configuration of the Ceph cluster name 5 years ago
gnocchi-metricd.yaml Always evaluate step first in conditional 5 years ago
gnocchi-statsd.yaml Always evaluate step first in conditional 5 years ago
haproxy-internal-tls-certmonger.j2.yaml Do not generate apache/haproxy certs for invalid networks 5 years ago
haproxy-public-tls-certmonger.yaml Change template names to queens 5 years ago
haproxy.yaml Always evaluate step first in conditional 5 years ago
heat-api-cfn.yaml Convert ServiceNetMap evals to hiera interpolation 5 years ago
heat-api.yaml Convert ServiceNetMap evals to hiera interpolation 5 years ago
heat-base.yaml Move API cors config to their services 5 years ago
heat-engine.yaml Merge "Make heat parameter plugin_dirs configurable" 5 years ago
horizon.yaml Convert ServiceNetMap evals to hiera interpolation 5 years ago
ironic-api.yaml ironic/undercloud: align configuration with instack-undercloud 5 years ago
ironic-base.yaml undercloud: set default_resource_class to 'baremetal' 5 years ago
ironic-conductor.yaml Merge "ironic-conductor: configure ipxe_timeout to 60" 5 years ago
ironic-inspector.yaml Use ironic::inspector::dnsmasq_ip_subnets 5 years ago
iscsid.yaml Change template names to queens 5 years ago
keepalived.yaml Convert tags to when statements for Q major upgrade workflow 5 years ago
kernel.yaml kernel: make ExtraKernelModules and ExtraSysctlSettings role-specific 5 years ago
keystone.yaml undercloud: increase token expiration time 5 years ago
liquidio-compute-config.yaml Implements: Heat template for integrating Cavium SmartNIC LiquidIO 5 years ago
login-defs.yaml Update templates alias to queens 5 years ago
manila-api.yaml Convert ServiceNetMap evals to hiera interpolation 5 years ago
manila-backend-cephfs.yaml Allows for configuration of the Ceph cluster name 5 years ago
manila-backend-isilon.yaml Change template names to queens 5 years ago
manila-backend-netapp.yaml Change template names to queens 5 years ago
manila-backend-unity.yaml Change template names to queens 5 years ago
manila-backend-vmax.yaml Change template names to queens 5 years ago
manila-backend-vnx.yaml Change template names to queens 5 years ago
manila-base.yaml Manila network plugin address family support 5 years ago
manila-scheduler.yaml Change template names to queens 5 years ago
manila-share.yaml Change template names to queens 5 years ago
masquerade-networks.yaml masquerade: stop using YAQL for iptables data 5 years ago
memcached.yaml [CVE-2018-1000115] memcached: restrict to TCP & internal_api network 5 years ago
mistral-api.yaml Move API cors config to their services 5 years ago
mistral-base.yaml mistral/undercloud: align configuration with instack-undercloud 5 years ago
mistral-engine.yaml mistral: align parameters with undercloud 5 years ago
mistral-event-engine.yaml Always evaluate step first in conditional 5 years ago
mistral-executor.yaml Always evaluate step first in conditional 5 years ago
neutron-api.yaml Convert ServiceNetMap evals to hiera interpolation 5 years ago
neutron-base.yaml Fixes missing SSL configuration for Neutron DHCP agent 5 years ago
neutron-bgpvpn-api.yaml Change template names to queens 5 years ago
neutron-bgpvpn-bagpipe.yaml Change template names to queens 5 years ago
neutron-bigswitch-agent.yaml Change template names to queens 5 years ago
neutron-compute-plugin-midonet.yaml Change template names to queens 5 years ago
neutron-compute-plugin-nuage.yaml Change template names to queens 5 years ago
neutron-compute-plugin-plumgrid.yaml Change template names to queens 5 years ago
neutron-dhcp.yaml Fixes missing SSL configuration for Neutron DHCP agent 5 years ago
neutron-l2gw-agent.yaml Merge "logging: use service_config_settings for fluentd" 5 years ago
neutron-l2gw-api.yaml Change template names to queens 5 years ago
neutron-l3-compute-dvr.yaml Fixes certificate generation error for Neutron agents 5 years ago
neutron-l3.yaml Fixes certificate generation error for Neutron agents 5 years ago
neutron-lbaas.yaml Fixes certificate generation error for Neutron agents 5 years ago
neutron-linuxbridge-agent.yaml Convert ServiceNetMap evals to hiera interpolation 5 years ago
neutron-metadata.yaml Fixes certificate generation error for Neutron agents 5 years ago
neutron-midonet.yaml Change template names to queens 5 years ago
neutron-ovs-agent.yaml Merge "Convert ServiceNetMap evals to hiera interpolation" 5 years ago
neutron-ovs-dpdk-agent.yaml Configure qemu group setting as hugetlbfs for ovs-dpdk 5 years ago
neutron-plugin-ml2-cisco-vts.yaml Fixes certificate generation error for Neutron agents 5 years ago
neutron-plugin-ml2-fujitsu-cfab.yaml Fixes certificate generation error for Neutron agents 5 years ago
neutron-plugin-ml2-fujitsu-fossw.yaml Fixes certificate generation error for Neutron agents 5 years ago
neutron-plugin-ml2-nuage.yaml Resource name correction 5 years ago
neutron-plugin-ml2-odl.yaml Fixes certificate generation error for Neutron agents 5 years ago
neutron-plugin-ml2-ovn.yaml Fixes certificate generation error for Neutron agents 5 years ago
neutron-plugin-ml2.yaml Fixes certificate generation error for Neutron agents 5 years ago
neutron-plugin-nsx.yaml Change template names to queens 5 years ago
neutron-plugin-nuage.yaml Fixes certificate generation error for Neutron agents 5 years ago
neutron-plugin-plumgrid.yaml Change template names to queens 5 years ago
neutron-sfc-api.yaml Change template names to queens 5 years ago
neutron-sriov-agent.yaml Fixes certificate generation error for Neutron agents 5 years ago
neutron-sriov-host-config.yaml Fixes certificate generation error for Neutron agents 5 years ago
neutron-vpp-agent.yaml Fixes certificate generation error for Neutron agents 5 years ago
nova-api.yaml Add purge to Nova cleanup cron. 5 years ago
nova-base.yaml Add purge to Nova cleanup cron. 5 years ago
nova-compute.yaml Convert ServiceNetMap evals to hiera interpolation 5 years ago
nova-conductor.yaml logging: use service_config_settings for fluentd 5 years ago
nova-consoleauth.yaml logging: use service_config_settings for fluentd 5 years ago
nova-ironic.yaml Convert tags to when statements for Q major upgrade workflow 5 years ago
nova-libvirt.yaml Convert ServiceNetMap evals to hiera interpolation 5 years ago
nova-metadata.yaml Convert ServiceNetMap evals to hiera interpolation 5 years ago
nova-migration-target.yaml Convert ServiceNetMap evals to hiera interpolation 5 years ago
nova-placement.yaml Convert ServiceNetMap evals to hiera interpolation 5 years ago
nova-scheduler.yaml logging: use service_config_settings for fluentd 5 years ago
nova-vnc-proxy.yaml Convert ServiceNetMap evals to hiera interpolation 5 years ago
octavia-api.yaml Convert ServiceNetMap evals to hiera interpolation 5 years ago
octavia-base.yaml Add auth_type to service_auth configuration 5 years ago
octavia-health-manager.yaml Add firewall rule to octavia health mgmt iface 5 years ago
octavia-housekeeping.yaml logging: use service_config_settings for fluentd 5 years ago
octavia-worker.yaml logging: use service_config_settings for fluentd 5 years ago
opendaylight-api.yaml Convert ServiceNetMap evals to hiera interpolation 5 years ago
opendaylight-ovs.yaml Configure qemu group setting as hugetlbfs for ovs-dpdk 5 years ago
openvswitch.yaml Always evaluate step first in conditional 5 years ago
ovn-controller.yaml Merge "Convert ServiceNetMap evals to hiera interpolation" 5 years ago
ovn-dbs.yaml Convert ServiceNetMap evals to hiera interpolation 5 years ago
ovn-metadata.yaml Fixes certificate generation error for Neutron agents 5 years ago
pacemaker.yaml Merge "Remove default value for pacmaker passwords" 5 years ago
pacemaker_remote.yaml Remove default value for pacmaker passwords 5 years ago
panko-api.yaml Convert ServiceNetMap evals to hiera interpolation 5 years ago
panko-base.yaml Expose params to enable panko expirer cron 5 years ago
qdr.yaml Convert ServiceNetMap evals to hiera interpolation 5 years ago
rabbitmq.yaml Convert ServiceNetMap evals to hiera interpolation 5 years ago
sahara-api.yaml Convert ServiceNetMap evals to hiera interpolation 5 years ago
sahara-base.yaml Change template names to queens 5 years ago
sahara-engine.yaml logging: use service_config_settings for fluentd 5 years ago
securetty.yaml Change template names to queens 5 years ago
snmp.yaml Restrict SNMP to internal network 5 years ago
sshd.yaml Disable UseDNS in sshd config 5 years ago
swift-base.yaml Change template names to queens 5 years ago
swift-dispersion.yaml Change template names to queens 5 years ago
swift-proxy.yaml Move API cors config to their services 5 years ago
swift-ringbuilder.yaml Change template names to queens 5 years ago
swift-storage.yaml Convert ServiceNetMap evals to hiera interpolation 5 years ago
tacker.yaml Merge "Convert ServiceNetMap evals to hiera interpolation" 5 years ago
tripleo-firewall.yaml Revert "Add firewall chain configuration" 5 years ago
tripleo-packages.yaml [FFU] Hook to allow user to pass a custom script for repo switching. 5 years ago
tripleo-ui.yaml Set TripleoUI bind_host via ServiceNetMap 5 years ago
tuned.yaml Add a tag to all the role specific parameters 5 years ago
veritas-hyperscale-controller.yaml Change template names to queens 5 years ago
vpp.yaml Always evaluate step first in conditional 5 years ago
zaqar-api.yaml zaqar: fix hieradata to enable Debug 5 years ago

README.rst

services

A TripleO nested stack Heat template that encapsulates generic configuration data to configure a specific service. This generally includes everything needed to configure the service excluding the local bind ports which are still managed in the per-node role templates directly (controller.yaml, compute.yaml, etc.). All other (global) service settings go into the puppet/service templates.

Input Parameters

Each service may define its own input parameters and defaults. Operators will use the parameter_defaults section of any Heat environment to set per service parameters.

Apart from sevice specific inputs, there are few default parameters for all the services. Following are the list of default parameters:

  • ServiceData: Mapping of service specific data. It is used to encapsulate all the service specific data. As of now, it contains net_cidr_map, which contains the CIDR map for all the networks. Additional data will be added as and when required.

  • ServiceNetMap: Mapping of service_name -> network name. Default mappings for service to network names are defined in ../network/service_net_map.j2.yaml, which may be overridden via ServiceNetMap values added to a user environment file via parameter_defaults.

  • EndpointMap: Mapping of service endpoint -> protocol. Contains a mapping of endpoint data generated for all services, based on the data included in ../network/endpoints/endpoint_data.yaml.

  • DefaultPasswords: Mapping of service -> default password. Used to pass some passwords from the parent templates, this is a legacy interface and should not be used by new services.

  • RoleName: Name of the role on which this service is deployed. A service can be deployed in multiple roles. This is an internal parameter (should not be set via environment file), which is fetched from the name attribute of the roles_data.yaml template.

  • RoleParameters: Parameter specific to a role on which the service is applied. Using the format "<RoleName>Parameters" in the parameter_defaults of user environment file, parameters can be provided for a specific role. For example, in order to provide a parameter specific to "Compute" role, below is the format:

    parameter_defaults:
      ComputeParameters:
        Param1: value

Config Settings

Each service may define three ways in which to output variables to configure Hiera settings on the nodes.

  • config_settings: the hiera keys will be pushed on all roles of which the service is a part of.
  • global_config_settings: the hiera keys will be distributed to all roles
  • service_config_settings: Takes an extra key to wire in values that are defined for a service that need to be consumed by some other service. For example: service_config_settings: haproxy: foo: bar This will set the hiera key 'foo' on all roles where haproxy is included.

Deployment Steps

Each service may define an output variable which returns a puppet manifest snippet that will run at each of the following steps. Earlier manifests are re-asserted when applying latter ones.

  • config_settings: Custom hiera settings for this service.

  • global_config_settings: Additional hiera settings distributed to all roles.

  • step_config: A puppet manifest that is used to step through the deployment sequence. Each sequence is given a "step" (via hiera('step') that provides information for when puppet classes should activate themselves.

    Steps correlate to the following:

    1. Load Balancer configuration
    2. Core Services (Database/Rabbit/NTP/etc.)
    3. Early Openstack Service setup (Ringbuilder, etc.)
    4. General OpenStack Services
    5. Service activation (Pacemaker)

It is also possible to use Mistral actions or workflows together with a deployment step, these are executed before the main configuration run. To describe actions or workflows from within a service use:

  • workflow_tasks: One or more workflow task properties

which expects a map where the key is the step and the value a list of dictionaries descrbing each a workflow task, for example:

workflow_tasks:
  step2:
    - name: echo
      action: std.echo output=Hello
  step3:
    - name: external
      workflow: my-pre-existing-workflow-name
      input:
        workflow_param1: value
        workflow_param2: value

The Heat guide for the OS::Mistral::Workflow task property has more details about the expected dictionary.

  • external_deploy_tasks: Ansible tasks to be run each step on the undercloud where a variable "step" is provided to enable conditionally running tasks at a given step.
  • external_post_deploy_tasks: Ansible tasks to be run on the undercloud after all other deploy steps have completed.

Batch Upgrade Steps (deprecated)

Note: the upgrade_batch_tasks are no longer used and deprecated for Queens. The information below applies to upgrade_batch_tasks as they were used for the Ocata major upgrade. The upgrade_batch_tasks were used exclusively by the ceph services and for Pike ceph is now configured by ceph-ansible.

Each service template may optionally define a upgrade_batch_tasks key, which is a list of ansible tasks to be performed during the upgrade process.

Similar to the step_config, we allow a series of steps for the per-service upgrade sequence, defined as ansible tasks with a tag e.g "step1" for the first step, "step2" for the second, etc (currently only two steps are supported, but more may be added when required as additional services get converted to batched upgrades).

Note that each step is performed in batches, then we move on to the next step which is also performed in batches (we don't perform all steps on one node, then move on to the next one which means you can sequence rolling upgrades of dependent services via the step value).

The tasks performed at each step is service specific, but note that all batch upgrade steps are performed before the upgrade_tasks described below. This means that all services that support rolling upgrades can be upgraded without downtime during upgrade_batch_tasks, then any remaining services are stopped and upgraded during upgrade_tasks

The default batch size is 1, but this can be overridden for each role via the upgrade_batch_size option in roles_data.yaml

Update Steps

Each service template may optionally define a update_tasks key, which is a list of ansible tasks to be performed during the minor update process. These are executed in a rolling manner node-by-node.

We allow a series of steps for the per-service update sequence via conditionals referencing a step variable e.g when: step|int == 2.

Pre-upgrade Rolling Steps

Each service template may optionally define a pre_upgrade_rolling_tasks key, which is a list of ansible tasks to be performed before the main upgrade phase, and these tasks are executed in a node-by-node rolling manner on the overcloud, similarly as update_tasks.

Upgrade Steps

Each service template may optionally define a upgrade_tasks key, which is a list of ansible tasks to be performed during the upgrade process.

Similar to the update_tasks, we allow a series of steps for the per-service upgrade sequence, defined as ansible tasks with a "when: step|int == 1" for for the first step, "== 2" for the second, etc.

Steps correlate to the following:

  1. Perform any pre-upgrade validations.
  2. Stop the control-plane services, e.g disable LoadBalancer, stop pacemaker cluster and stop any managed resources. The exact order is controlled by the cluster constraints.
  3. Perform a package update and install new packages: A general upgrade is done, and only new package should go into service ansible tasks.
  4. Start services needed for migration tasks (e.g DB)
  5. Perform any migration tasks, e.g DB sync commands

Note that the services are not started in the upgrade tasks - we instead re-run puppet which does any reconfiguration required for the new version, then starts the services.

Nova Server Metadata Settings

One can use the hook of type OS::TripleO::ServiceServerMetadataHook to pass entries to the nova instances' metadata. It is, however, disabled by default. In order to overwrite it one needs to define it in the resource registry. An implementation of this hook needs to conform to the following:

  • It needs to define an input called RoleData of json type. This gets as input the contents of the role_data for each role's ServiceChain.
  • This needs to define an output called metadata which will be given to the Nova Server resource as the instance's metadata.