RETIRED, Heat templates for deploying OpenStack

Go to file

Damien Ciabrini 916b9385c6 Rolling certificate update for HA services (manually squashed the subsequent fix [1] into a single commit) (also manually squashed [2] because of #1906505) There are certain HA clustered services (e.g. galera) that don't have the ability natively to reload their TLS certificate without being restarted. If too many replicas are restarted concurrently this might result in full service disruption. To ensure service availability, provide a means to ensure that only one service replica is restarted at a time in the cluster. This works by using pacemaker's CIB to implement a cluster-wide restart lock for a service. The lock has a TTL so it's guaranteed to be eventually released without requiring complex contingency cleanup in case of failures. Tested locally by running the following: 1. force recreate certificate on all nodes at once for galera (ipa-cert resubmit -i mysql), and verify that the resources restart one after the other 2. create a lock manually in pacemaker, recreate certificate for galera on all nodes, and verify that no resource is restarted before the manually created lock expires. 3. create a lock manually, let it expires, recreate a certificate, and verify that the resource is restarted appropriately and the lock gets cleaned up from pacemaker once the restart finished. [1] Id10f026c8b31cad7b7313ac9427a99b3e6744788 [2] I17f1364932e43b8487515084e41b525e186888db Related-Bug: #1904193 Closes-Bug: #1885113 Change-Id: Ib2b62e33b34cf72edfdae6299cf432259bf960a2 (cherry picked from commit `0f54889408`) (cherry picked from commit `c8f5fdfc36`) (cherry picked from commit `8b16911cc2`) (cherry picked from commit `8968c7efd6`)		2021-01-28 13:04:07 +01:00
ci	Disable notification from services by default	2021-01-20 08:46:10 +01:00
common	Merge "Fix swift containers idempotency" into stable/train	2021-01-26 10:18:37 +00:00
container_config_scripts	Rolling certificate update for HA services	2021-01-28 13:04:07 +01:00
deployed-server	enable-ssh-admin: allow to override plan name	2020-09-25 12:50:47 +00:00
deployment	Rolling certificate update for HA services	2021-01-28 13:04:07 +01:00
environments	Merge "Disable notification from services by default" into stable/train	2021-01-27 21:41:53 +00:00
extraconfig	Fix krb-service-principals with service_net_map_replace	2020-02-24 19:41:32 +00:00
firstboot	Replace chronyc "waitsync" with "makestep"	2020-03-13 11:39:42 -04:00
network	[stable/ussuri,train] Add cidr to outputs of port_from_pool.j2	2020-12-01 08:43:45 +00:00
plan-samples	Role specific derive parameters workflow parameter	2018-06-28 08:10:27 -04:00
puppet	Get the CIDR of the neutron port for NetworkConfig	2020-09-22 08:57:06 +00:00
releasenotes	Merge "Disable notification from services by default" into stable/train	2021-01-27 21:41:53 +00:00
roles	Define a new CinderVolumeEdge service	2021-01-21 14:58:40 -08:00
sample-env-generator	Define a new CinderVolumeEdge service	2021-01-21 14:58:40 -08:00
scripts	Drop unused remnants of the hosts-config bits	2020-04-01 06:43:23 +00:00
tools	Remove skydive	2020-08-28 10:58:38 -04:00
tripleo_heat_templates	Enforce pep8/pyflakes rule on python codes	2019-09-05 15:40:46 +09:00
validation-scripts	Remove ValidateNtp	2020-06-08 19:24:13 +00:00
zuul.d	Merge "remove c7 update/upgrdae jobs" into stable/train	2021-01-15 11:36:18 +00:00
.gitignore	Remove mac_hostname & random_string	2019-07-18 19:10:31 +00:00
.gitreview	Update .gitreview for stable/train	2019-10-21 14:21:06 +00:00
.testr.conf	Improve nova statedir ownership logic	2018-07-09 17:07:30 +01:00
LICENSE	Add license file	2014-01-20 11:58:20 +01:00
README.rst	Revert "Remove panko"	2020-01-30 20:34:27 +00:00
babel.cfg	Add release configuration.	2013-10-22 17:49:35 +01:00
bindep.txt	Tolerate NFS exports in /var/lib/nova when selinux relabelling	2020-03-31 13:41:55 +01:00
capabilities-map.yaml	Remove OpenDaylight templates and environments	2019-11-06 06:19:15 +00:00
config-download-software.yaml	Don't use POLL_SERVER_CFN transport for DeployedServer	2020-10-21 13:01:49 +00:00
config-download-structured.yaml	Don't use POLL_SERVER_CFN transport for DeployedServer	2020-10-21 13:01:49 +00:00
default_passwords.yaml	Change template names to rocky	2018-05-09 08:28:42 +02:00
j2_excludes.yaml	Remove ipv6 specific network templates	2017-08-31 13:12:17 -07:00
net-config-bond.j2.yaml	Drop EC2MetadataIp parameter and its uses	2019-07-05 14:05:59 +02:00
net-config-bridge.j2.yaml	Add DNS related settings	2020-03-31 12:05:09 -05:00
net-config-linux-bridge.j2.yaml	Add DNS related settings	2020-03-31 12:05:09 -05:00
net-config-noop.j2.yaml	Drop EC2MetadataIp parameter and its uses	2019-07-05 14:05:59 +02:00
net-config-standalone.j2.yaml	Drop EC2MetadataIp parameter and its uses	2019-07-05 14:05:59 +02:00
net-config-static-bridge-with-external-dhcp.j2.yaml	Add DNS related settings	2020-03-31 12:05:09 -05:00
net-config-static-bridge.j2.yaml	Drop EC2MetadataIp parameter and its uses	2019-07-05 14:05:59 +02:00
net-config-static.j2.yaml	Drop EC2MetadataIp parameter and its uses	2019-07-05 14:05:59 +02:00
net-config-undercloud.j2.yaml	Drop EC2MetadataIp parameter and its uses	2019-07-05 14:05:59 +02:00
network_data.yaml	Add external_resource_vip_id property to network_data.yaml	2019-03-25 10:48:40 -04:00
network_data_dashboard.yaml	Add a StorageDashboard network used by CephGrafana service	2019-08-30 19:16:47 +02:00
network_data_ganesha.yaml	Use appropriate allocation pools for StorageNFS	2020-09-04 12:41:40 +00:00
network_data_routed.yaml	Merge "Allow overlay tunnel endpoints on IPv6 address"	2019-01-10 21:13:19 +00:00
network_data_subnets_routed.yaml	L3 routed networks - data + env (1/3)	2018-12-30 19:24:29 +01:00
network_data_undercloud.yaml	Add network data for the undercloud	2019-01-21 19:35:37 +01:00
overcloud-resource-registry-puppet.j2.yaml	Define a new CinderVolumeEdge service	2021-01-21 14:58:40 -08:00
overcloud.j2.yaml	Get the CIDR of the neutron port for NetworkConfig	2020-09-22 08:57:06 +00:00
plan-environment.yaml	Add name and description fields to plan-environment.yaml	2017-04-12 17:25:40 +02:00
requirements.txt	Enable paunch logging to its full extent	2019-03-22 11:42:12 +01:00
roles_data.yaml	Create external bridge on Compute nodes by default for OVN with DVR	2020-10-02 13:27:33 -07:00
roles_data_undercloud.yaml	Add composible service for tls enrollment	2020-06-11 01:32:53 -05:00
setup.cfg	Replace git.openstack.org URLs with opendev.org URLs	2019-06-26 02:43:46 +00:00
setup.py	Updated from global requirements	2017-03-28 13:03:01 +00:00
test-requirements.txt	Sync Sphinx requirement	2019-05-29 11:23:29 +08:00
tox.ini	The lower constraint file has been removed	2020-12-09 09:51:56 -06:00

README.rst

Team and repository tags

tripleo-heat-templates

Heat templates to deploy OpenStack using OpenStack.

Free software: Apache License (2.0)
Documentation: https://docs.openstack.org/tripleo-docs/latest/
Source: https://opendev.org/openstack/tripleo-heat-templates
Bugs: https://bugs.launchpad.net/tripleo
Release notes: https://docs.openstack.org/releasenotes/tripleo-heat-templates/

Features

The ability to deploy a multi-node, role based OpenStack deployment using OpenStack Heat. Notable features include:

Choice of deployment/configuration tooling: puppet, (soon) docker

Role based deployment: roles for the controller, compute, ceph, swift, and cinder storage

physical network configuration: support for isolated networks, bonding, and standard ctlplane networking

Directories

A description of the directory layout in TripleO Heat Templates.

environments: contains heat environment files that can be used with -e

on the command like to enable features, etc.

extraconfig: templates used to enable 'extra' functionality. Includes

functionality for distro specific registration and upgrades.

firstboot: example first_boot scripts that can be used when initially

creating instances.

network: heat templates to help create isolated networks and ports

puppet: templates mostly driven by configuration with puppet. To use these

templates you can use the overcloud-resource-registry-puppet.yaml.

validation-scripts: validation scripts useful to all deployment

configurations

roles: example roles that can be used with the tripleoclient to generate

a roles_data.yaml for a deployment See the roles/README.rst for additional details.

Service testing matrix

The configuration for the CI scenarios will be defined in tripleo-heat-templates/ci/ and should be executed according to the following table:

-	scn000	scn001	scn002	scn003	scn004	scn006	scn007	scn009	scn010	non-ha	ovh-ha
keystone	X	X	X	X	X	X	X		X	X	X
glance		rbd	swift	file	rgw	file	file		rbd	file	file
cinder		rbd	iscsi
heat		X	X
ironic						X
mysql	X	X	X	X	X	X	X		X	X	X
neutron		ovn	ovn	ovn	ovn	ovn	ovs		ovn	ovn	ovn
neutron-bgpvpn					wip
ovn							X
neutron-l2gw					wip
om-rpc		rabbit	rabbit	amqp1	rabbit	rabbit	rabbit		rabbit	rabbit	rabbit
om-notify		rabbit	rabbit	rabbit	rabbit	rabbit	rabbit		rabbit	rabbit	rabbit
redis		X	X
haproxy		X	X	X	X	X	X		X	X	X
memcached		X	X	X	X	X	X		X	X	X
pacemaker		X	X	X	X	X	X		X	X	X
nova		qemu	qemu	qemu	qemu	ironic	qemu		qemu	qemu	qemu
ntp	X	X	X	X	X	X	X	X	X	X	X
snmp	X	X	X	X	X	X	X	X	X	X	X
timezone	X	X	X	X	X	X	X	X	X	X	X
sahara				X
mistral				X
swift			X
aodh		X	X
ceilometer		X	X
gnocchi		rbd	swift
panko		X	X
barbican			X
zaqar			X
ec2api			X
cephrgw					X
tacker							X
cephmds					X
manila					X
collectd		X
designate				X
octavia									X