RETIRED, Heat templates for deploying OpenStack

Go to file

Michele Baldessari 72a12aa833 cinder_api needs etcd certs inside the container When doing A/A we need the etcd certs in the cinder_api container otherwise we fail with: [Mon Aug 16 15:28:58.945345 2021] [wsgi:error] [pid 12] [remote 172.30.1.1:48082] File "/usr/lib/python3.6/site-packages/requests/adapters.py", line 416, in send [Mon Aug 16 15:28:58.945347 2021] [wsgi:error] [pid 12] [remote 172.30.1.1:48082] self.cert_verify(conn, request.url, verify, cert) [Mon Aug 16 15:28:58.945351 2021] [wsgi:error] [pid 12] [remote 172.30.1.1:48082] File "/usr/lib/python3.6/site-packages/requests/adapters.py", line 250, in cert_verify [Mon Aug 16 15:28:58.945354 2021] [wsgi:error] [pid 12] [remote 172.30.1.1:48082] "invalid path: {}".format(conn.cert_file)) [Mon Aug 16 15:28:58.945370 2021] [wsgi:error] [pid 12] [remote 172.30.1.1:48082] OSError: Could not find the TLS certificate file, invalid path: /etc/pki/tls/certs/etcd.crt After this change I correctly see the certs in the containers: [root@ctrl-1-0 ~]# podman exec -it cinder_api sh -c 'ls -lR /etc/pki/tls' \|grep etcd -rw-------. 1 cinder cinder 1907 Aug 16 19:47 etcd.crt -rw-------. 1 cinder cinder 1708 Aug 16 19:47 etcd.key And am able to create a cinder A/A volume. We remove the following two bind mounts: - /var/lib/config-data/puppet-generated/cinder:/var/lib/kolla/config_files/src:ro - /var/log/containers/cinder:/var/log/cinder:z Because they are contained in cinder_common_volumes, which will also bind mount the etcd certs appropriately when needed. Since cinder_common_volumes also containerd ContainersCommon -> volumes we are not removing any bind mount. Likely removed by accident via I0e3d5748a50937880a55413b75fe6eca479c9160 Closes-Bug: #1940306 Change-Id: Ife89262675eefb645e61e6d029b4846f1a33a677		2021-08-17 16:38:30 +02:00
ci	Merge "Add OctaviaAmphoraSshKeyDir for ssh key creation for Octavia"	2021-08-11 17:08:48 +00:00
common	Stop using tripleo_container_manage_systemd_order	2021-08-02 17:59:31 +02:00
container_config_scripts	HA minor update: fix bad pcs invocation	2021-06-09 23:37:14 +02:00
deployed-server	fix typo in readme	2021-07-09 07:30:35 -05:00
deployment	cinder_api needs etcd certs inside the container	2021-08-17 16:38:30 +02:00
doc	Add doc/requirements	2021-01-05 09:49:46 +01:00
environments	Disable postcopy for ovn/ovs-dpdk	2021-08-06 08:52:35 +02:00
extraconfig	Drop mistral configuration from post deploy	2021-06-21 12:02:31 +05:30
firstboot	Use 'wallaby' heat_template_version	2021-03-31 17:35:12 +05:30
network	Add comment for libvirt/vnc network sync	2021-06-30 12:32:32 +02:00
network-data-samples	Add network-v2 default files + vip data examples	2021-06-07 13:22:40 +02:00
plan-samples	Fix plan-samples README.rst	2021-03-04 13:42:01 +05:30
puppet	Make UpgradeLeappDevelSkip per-role	2021-06-13 22:48:01 +01:00
releasenotes	Merge "Add param to configure neutron agent_down_time and report_interval"	2021-08-09 23:11:02 +00:00
roles	Merge "Add a role to run independent designate bind backends"	2021-08-09 18:55:18 +00:00
sample-env-generator	Merge "Keystone: Keep default auth methods in OpenIDC Federation"	2021-08-03 13:15:08 +00:00
scripts	Compute HA: Remove workaround for Newton and older	2021-07-16 11:34:38 +09:00
tools	Merge "Use yaml.safe_load to load YAML files"	2021-07-28 15:48:14 +00:00
tripleo_heat_templates	Use merge strategy for EndpointMap	2021-06-15 09:15:41 +05:30
zuul.d	Wire up renamed upgrade periodic template	2021-07-27 18:17:21 +03:00
.ansible-lint	Remove duplicate keys from yaml files	2021-03-29 13:56:31 +00:00
.gitignore	Deprecate DeployedServerPortMap	2021-06-28 17:44:11 -04:00
.gitreview	OpenDev Migration Patch	2019-04-19 19:34:55 +00:00
.testr.conf	Improve nova statedir ownership logic	2018-07-09 17:07:30 +01:00
babel.cfg	Add release configuration.	2013-10-22 17:49:35 +01:00
bindep.txt	Fixed tox executions	2021-03-26 15:37:07 +00:00
config-download-software.yaml	Use 'wallaby' heat_template_version	2021-03-31 17:35:12 +05:30
config-download-structured.yaml	Use 'wallaby' heat_template_version	2021-03-31 17:35:12 +05:30
j2_excludes.yaml	Remove ipv6 specific network templates	2017-08-31 13:12:17 -07:00
LICENSE	Add license file	2014-01-20 11:58:20 +01:00
network_data_dashboard.yaml	Add a StorageDashboard network used by CephGrafana service	2019-08-30 19:16:47 +02:00
network_data_default.yaml	Add network-v2 default files + vip data examples	2021-06-07 13:22:40 +02:00
network_data_ganesha.yaml	Use appropriate allocation pools for StorageNFS	2020-08-26 15:27:52 +00:00
network_data_routed.yaml	Merge "Allow overlay tunnel endpoints on IPv6 address"	2019-01-10 21:13:19 +00:00
network_data_subnets_routed.yaml	L3 routed networks - data + env (1/3)	2018-12-30 19:24:29 +01:00
network_data_undercloud.yaml	Add network data for the undercloud	2019-01-21 19:35:37 +01:00
network_data.yaml	Add external_resource_vip_id property to network_data.yaml	2019-03-25 10:48:40 -04:00
overcloud-resource-registry-puppet.j2.yaml	Default ganesha-internal service endpoint to external network	2021-08-01 18:18:12 +00:00
overcloud.j2.yaml	Merge "Add THT Jinja2 data sources as stack output"	2021-06-25 00:49:48 +00:00
README.rst	Remove Sahara support	2020-10-19 09:39:36 +09:00
requirements.txt	Deprecate EnablePaunch and remove Paunch support	2020-06-03 17:53:40 +00:00
roles_data_undercloud.yaml	Move ephemeral heat upgrade to the service	2021-06-28 07:30:44 -04:00
roles_data.yaml	Add Pure Storage FlashBlade Manila driver	2021-07-26 16:00:18 -04:00
setup.cfg	Add support for py39	2021-03-24 09:40:57 +00:00
setup.py	Updated from global requirements	2017-03-28 13:03:01 +00:00
test-ansible-requirements.txt	Ansible lint check in THT	2019-10-30 04:56:05 -04:00
test-requirements.txt	Enable ansible-lint	2021-03-30 09:18:15 +01:00
tox.ini	Use merge strategy for EndpointMap	2021-06-15 09:15:41 +05:30
vip_data_default.yaml	Add network-v2 default files + vip data examples	2021-06-07 13:22:40 +02:00

README.rst

Team and repository tags

tripleo-heat-templates

Heat templates to deploy OpenStack using OpenStack.

Free software: Apache License (2.0)
Documentation: https://docs.openstack.org/tripleo-docs/latest/
Source: https://opendev.org/openstack/tripleo-heat-templates
Bugs: https://bugs.launchpad.net/tripleo
Release notes: https://docs.openstack.org/releasenotes/tripleo-heat-templates/

Features

The ability to deploy a multi-node, role based OpenStack deployment using OpenStack Heat. Notable features include:

Choice of deployment/configuration tooling: puppet, (soon) docker

Role based deployment: roles for the controller, compute, ceph, swift, and cinder storage

physical network configuration: support for isolated networks, bonding, and standard ctlplane networking

Directories

A description of the directory layout in TripleO Heat Templates.

environments: contains heat environment files that can be used with -e

on the command like to enable features, etc.

extraconfig: templates used to enable 'extra' functionality. Includes

functionality for distro specific registration and upgrades.

firstboot: example first_boot scripts that can be used when initially

creating instances.

network: heat templates to help create isolated networks and ports

puppet: templates mostly driven by configuration with puppet. To use these

templates you can use the overcloud-resource-registry-puppet.yaml.

validation-scripts: validation scripts useful to all deployment

configurations

roles: example roles that can be used with the tripleoclient to generate

a roles_data.yaml for a deployment See the roles/README.rst for additional details.

Service testing matrix

The configuration for the CI scenarios will be defined in tripleo-heat-templates/ci/ and should be executed according to the following table:

-	scn000	scn001	scn002	scn003	scn004	scn006	scn007	scn009	scn010	scn013	non-ha	ovh-ha
keystone	X	X	X	X	X	X	X		X	X	X	X
glance		rbd	swift	file	rgw	file	file		rbd	file	file	file
cinder		rbd	iscsi
heat		X	X
ironic						X
mysql	X	X	X	X	X	X	X		X	X	X	X
neutron		ovn	ovn	ovn	ovn	ovn	ovs		ovn	ovn	ovn	ovn
neutron-bgpvpn					wip
ovn							X
neutron-l2gw					wip
om-rpc		rabbit	rabbit	amqp1	rabbit	rabbit	rabbit		rabbit	rabbit	rabbit	rabbit
om-notify		rabbit	rabbit	rabbit	rabbit	rabbit	rabbit		rabbit	rabbit	rabbit	rabbit
redis		X	X
haproxy		X	X	X	X	X	X		X	X	X	X
memcached		X	X	X	X	X	X		X	X	X	X
pacemaker		X	X	X	X	X	X		X	X	X	X
nova		qemu	qemu	qemu	qemu	ironic	qemu		qemu	qemu	qemu	qemu
placement		X	X	X	X	X	X		X	X	X	X
ntp	X	X	X	X	X	X	X	X	X	X	X	X
snmp	X	X	X	X	X	X	X	X	X	X	X	X
timezone	X	X	X	X	X	X	X	X	X	X	X	X
mistral				X
swift			X
aodh		X	X
ceilometer		X	X
gnocchi		rbd	swift
barbican			X
zaqar			X
cephrgw					X
cephmds					X
manila					X
collectd		X
designate				X
octavia									X	X
rear		X
Extra Firewall				X