Heat templates for deploying OpenStack
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
Slawek Kaplonski ed657b487a Neutron ML2/OVS: add support to enable of IGMP snooping 1 year ago
..
database Redis metadata using incorrect network/service 2 years ago
disabled Group fast_forward_upgrade_tasks tasks into blocks 3 years ago
logging ansible: replace yum module by package module when possible 3 years ago
messaging TLS everywhere: Set post-save command for RabbitMQ 2 years ago
metrics Run collectd socket cleanup on container start 2 years ago
monitoring ansible: replace yum module by package module when possible 3 years ago
pacemaker Ensure we get dedicated logging file for HAProxy 2 years ago
releasenotes/notes Sets ODL OVSDB inactivity probe timer 3 years ago
time Fix reload notification file 2 years ago
README.rst trivialfix:fix a typo 3 years ago
aide.yaml ansible: replace yum module by package module when possible 3 years ago
aodh-api.yaml Change template names to rocky 3 years ago
aodh-base.yaml Change template names to rocky 3 years ago
aodh-evaluator.yaml Change template names to rocky 3 years ago
aodh-listener.yaml Change template names to rocky 3 years ago
aodh-notifier.yaml Change template names to rocky 3 years ago
apache.j2.yaml Disable a directory listing of /icons in httpd. 2 years ago
auditd.yaml Change template names to rocky 3 years ago
barbican-api.yaml ansible: replace yum module by package module when possible 3 years ago
barbican-backend-dogtag.yaml Change template names to rocky 3 years ago
barbican-backend-kmip.yaml Change template names to rocky 3 years ago
barbican-backend-pkcs11-crypto.yaml Change template names to rocky 3 years ago
barbican-backend-simple-crypto.yaml Change template names to rocky 3 years ago
ca-certs.yaml Change template names to rocky 3 years ago
ceilometer-agent-central.yaml Change template names to rocky 3 years ago
ceilometer-agent-compute.yaml Change template names to rocky 3 years ago
ceilometer-agent-ipmi.yaml ansible: replace yum module by package module when possible 3 years ago
ceilometer-agent-notification.yaml Change template names to rocky 3 years ago
ceilometer-base.yaml Update to the ceilometer publisher list 2 years ago
certmonger-user.yaml Change template names to rocky 3 years ago
cinder-api.yaml Add cinder credentials to nova conf 2 years ago
cinder-backend-dellemc-unity.yaml Change template names to rocky 3 years ago
cinder-backend-dellemc-vmax-iscsi.yaml Change template names to rocky 3 years ago
cinder-backend-dellemc-vnx.yaml storage_vnx_pool_name is incorrect for VNX cinder driver. 3 years ago
cinder-backend-dellemc-xtremio-iscsi.yaml Change template names to rocky 3 years ago
cinder-backend-dellps.yaml Change template names to rocky 3 years ago
cinder-backend-dellsc.yaml Added Dell EMC SC multipath support 3 years ago
cinder-backend-netapp.yaml Correct Cinder NetApp backend name parameter mapping 3 years ago
cinder-backend-nvmeof.yaml Remove step_config from NVMEoF cinder backend 3 years ago
cinder-backend-pure.yaml Add missing entries for Pure Storage Cinder Backend and fix typos 2 years ago
cinder-backend-scaleio.yaml Change template names to rocky 3 years ago
cinder-backend-veritas-hyperscale.yaml Change template names to rocky 3 years ago
cinder-backup.yaml Fluentd: Set cinder-backup log path 3 years ago
cinder-base.yaml Fix incorrect parameter to set max delay in cinder db purge cron 1 year ago
cinder-hpelefthand-iscsi.yaml Change template names to rocky 3 years ago
cinder-scheduler.yaml Change template names to rocky 3 years ago
cinder-volume.yaml Add support for cinder NFS snapshots 2 years ago
congress.yaml ansible: replace yum module by package module when possible 3 years ago
container-image-prepare.j2.yaml Fix tasks in check mode 3 years ago
designate-api.yaml Set correct project name for designate-neutron integration 3 years ago
designate-base.yaml Change template names to rocky 3 years ago
designate-central.yaml Enable configuration of Designate's pools.yaml 3 years ago
designate-mdns.yaml Open designate-mdns ports in firewall 3 years ago
designate-producer.yaml Change template names to rocky 3 years ago
designate-sink.yaml Change template names to rocky 3 years ago
designate-worker.yaml Don't configure BIND to listen on localhost 3 years ago
docker-registry.yaml Perform docker reconfiguration on upgrade_tasks. 3 years ago
docker.yaml Rocky: enable container auth support 2 years ago
ec2-api.yaml Support TLS deployments with KernelDisableIPv6 enabled 2 years ago
etcd.yaml Change template names to rocky 3 years ago
external-swift-proxy.yaml Change template names to rocky 3 years ago
glance-api.yaml Merge "Revert "Do not forcibly enable Glance multiple locations for RBD backend"" into stable/rocky 2 years ago
gnocchi-api.yaml Add support to set cors config in gnocchi templates 3 years ago
gnocchi-base.yaml Add GnocchiStorageS3BucketPrefix into deployment 2 years ago
gnocchi-metricd.yaml Change template names to rocky 3 years ago
gnocchi-statsd.yaml Change template names to rocky 3 years ago
haproxy-internal-tls-certmonger.j2.yaml Request certificate for using host service principals 2 years ago
haproxy-public-tls-certmonger.yaml certmonger: Don't restart haproxy on cert renewal 2 years ago
haproxy-public-tls-inject.yaml [Rocky ONLY] Fix haproxy cert inject for check mode 3 years ago
haproxy.yaml Fix haproxy stats network binding 2 years ago
heat-api-cfn.yaml Change template names to rocky 3 years ago
heat-api.yaml Change template names to rocky 3 years ago
heat-base.yaml Make heat yaql limits configurable 2 years ago
heat-engine.yaml Change template names to rocky 3 years ago
horizon.yaml Add possibility to set logging source for Horizon 5 months ago
ironic-api.yaml Change template names to rocky 3 years ago
ironic-base.yaml Change template names to rocky 3 years ago
ironic-conductor.yaml Add support for configuring ppc64le in ironic 3 years ago
ironic-inspector.yaml Ironic Inspector - disjoint ip range(s) for HA 3 years ago
ironic-neutron-agent.yaml Change template names to rocky 3 years ago
iscsid.yaml Change template names to rocky 3 years ago
keepalived.yaml Change template names to rocky 3 years ago
kernel.yaml Remove dracut-config-generic package. 1 year ago
keystone.yaml Enable _member_ role for undercloud install. 3 years ago
liquidio-compute-config.yaml Change template names to rocky 3 years ago
login-defs.yaml Change template names to rocky 3 years ago
manila-api.yaml Switch Manila API to httpd and support TLS 2 years ago
manila-backend-cephfs.yaml Check Ceph*Key value format and halt on error 1 year ago
manila-backend-isilon.yaml Change template names to rocky 3 years ago
manila-backend-netapp.yaml Change template names to rocky 3 years ago
manila-backend-unity.yaml Fix for the manila backend configuration errors 3 years ago
manila-backend-vmax.yaml Fix for the manila backend configuration errors 3 years ago
manila-backend-vnx.yaml Fix for the manila backend configuration errors 3 years ago
manila-base.yaml Change template names to rocky 3 years ago
manila-scheduler.yaml Refactored configuration options for nova/neutron in manila 2 years ago
manila-share.yaml Refactored configuration options for nova/neutron in manila 2 years ago
masquerade-networks.yaml Change template names to rocky 3 years ago
memcached.yaml Activate memcached debug only when using MemcachedDebug param. 3 years ago
mistral-api.yaml Set allow_action_execution_deletion to true in mistral api config 3 years ago
mistral-base.yaml Allow a containerized mistral-executor to access docker 3 years ago
mistral-engine.yaml ansible: replace yum module by package module when possible 3 years ago
mistral-event-engine.yaml ansible: replace yum module by package module when possible 3 years ago
mistral-executor.yaml ansible: replace yum module by package module when possible 3 years ago
neutron-api.yaml Support TLS deployments with KernelDisableIPv6 enabled 2 years ago
neutron-base.yaml Only request neutron certificate from neutron dhcp service 2 years ago
neutron-bgpvpn-api.yaml Change template names to rocky 3 years ago
neutron-bgpvpn-bagpipe.yaml Change template names to rocky 3 years ago
neutron-bigswitch-agent.yaml Change template names to rocky 3 years ago
neutron-compute-plugin-midonet.yaml Change template names to rocky 3 years ago
neutron-compute-plugin-nuage.yaml Change template names to rocky 3 years ago
neutron-compute-plugin-plumgrid.yaml Change template names to rocky 3 years ago
neutron-dhcp.yaml Only request neutron certificate from neutron dhcp service 2 years ago
neutron-l2gw-agent.yaml Change template names to rocky 3 years ago
neutron-l2gw-api.yaml Change template names to rocky 3 years ago
neutron-l3-compute-dvr.yaml Change template names to rocky 3 years ago
neutron-l3.yaml Merge "Add compute node L3 agent container for DVR" 3 years ago
neutron-lbaas-agent.yaml Change template names to rocky 3 years ago
neutron-lbaas-api.yaml Change template names to rocky 3 years ago
neutron-linuxbridge-agent.yaml Change template names to rocky 3 years ago
neutron-metadata.yaml Remove deprecated value used to set nova_metadata_ip 2 years ago
neutron-midonet.yaml Change template names to rocky 3 years ago
neutron-ovs-agent.yaml Neutron ML2/OVS: add support to enable of IGMP snooping 5 months ago
neutron-ovs-dpdk-agent.yaml Incorrect group name issue on non DPDK compute 2 years ago
neutron-plugin-ml2-ansible.yaml Add networking-ansible ML2 plugin support 3 years ago
neutron-plugin-ml2-cisco-vts.yaml Add site id parameter to cisco vts ml2 template 3 years ago
neutron-plugin-ml2-fujitsu-cfab.yaml Change template names to rocky 3 years ago
neutron-plugin-ml2-fujitsu-fossw.yaml Change template names to rocky 3 years ago
neutron-plugin-ml2-mlnx-sdn-assist.yaml Change template names to rocky 3 years ago
neutron-plugin-ml2-nuage.yaml Change template names to rocky 3 years ago
neutron-plugin-ml2-odl.yaml Change template names to rocky 3 years ago
neutron-plugin-ml2-ovn.yaml Add posibilities to configure OVNNorthboundServerPort in split stacks 2 years ago
neutron-plugin-ml2.yaml Allow setting physical network MTU via heat template 3 years ago
neutron-plugin-nsx.yaml Add more NSX config parameters 3 years ago
neutron-plugin-nuage.yaml Change template names to rocky 3 years ago
neutron-plugin-plumgrid.yaml Change template names to rocky 3 years ago
neutron-sfc-api.yaml Change template names to rocky 3 years ago
neutron-sriov-agent.yaml Change template names to rocky 3 years ago
neutron-sriov-host-config.yaml Change template names to rocky 3 years ago
neutron-vpp-agent.yaml Change template names to rocky 3 years ago
nova-api.yaml Fix TLS when using a containerized undercloud 3 years ago
nova-base.yaml Add parameter to configure maxdelay in db purge/archive job 2 years ago
nova-compute.yaml Check Ceph*Key value format and halt on error 1 year ago
nova-conductor.yaml Change template names to rocky 3 years ago
nova-consoleauth.yaml Change template names to rocky 3 years ago
nova-ironic.yaml Merge "Remove ironic_host_manager usage" 3 years ago
nova-libvirt-guests.yaml Add NovaResumeGuestsStateOnHostBoot and NovaResumeGuestsShutdownTimeout 3 years ago
nova-libvirt.yaml Check Ceph*Key value format and halt on error 1 year ago
nova-metadata.yaml Fix TLS when using a containerized undercloud 3 years ago
nova-migration-target.yaml Change template names to rocky 3 years ago
nova-placement.yaml ansible: replace yum module by package module when possible 3 years ago
nova-scheduler.yaml Add nova-scheduler worker support 3 years ago
nova-vnc-proxy.yaml Revert "Point InternalTLSVncCAFile to /etc/ipa/ca.crt" 2 years ago
octavia-api.yaml Fix typo in setting octavia wsgi server name 12 months ago
octavia-base.yaml Adds constraint: OctaviaServerCertsKeyPassphrase must be 32 chars long 2 years ago
octavia-controller.yaml Fix Octavia to use correct Puppet class 1 year ago
octavia-health-manager.yaml Merge "Fix Octavia hieradata keys" into stable/rocky 2 years ago
octavia-housekeeping.yaml Fix Octavia hieradata keys 3 years ago
octavia-worker.yaml Fix Octavia hieradata keys 3 years ago
opendaylight-api.yaml Sets ODL OVSDB inactivity probe timer 3 years ago
opendaylight-ovs.yaml Handle LP openvswitch meta-package on upgrade 3 years ago
openstack-clients.yaml Include python-panko client. 2 years ago
openvswitch.yaml Change datatype of revalidator,handler threads 2 years ago
ovn-controller.yaml Add posibilities to set ovn_openflow_probe_interval for controller 2 years ago
ovn-dbs.yaml Change template names to rocky 3 years ago
ovn-metadata.yaml Configure http/https on OVN Metadata service to talk to Nova 2 years ago
pacemaker.yaml Support TLS priorities for pacemaker 2 years ago
pacemaker_remote.yaml Enable deep_compare by default for stonith resources 2 years ago
panko-api.yaml ansible: replace yum module by package module when possible 3 years ago
panko-base.yaml Change template names to rocky 3 years ago
qdr.yaml Change template names to rocky 3 years ago
rabbitmq.yaml Increase rabbitmq tcp backlog 2 years ago
sahara-api.yaml Change template names to rocky 3 years ago
sahara-base.yaml Change template names to rocky 3 years ago
sahara-engine.yaml Change template names to rocky 3 years ago
securetty.yaml Change template names to rocky 3 years ago
selinux.yaml Add SELinux management to containerized undercloud 3 years ago
snmp.yaml Check if snmpd is enabled for upgrade_tasks 9 months ago
sshd.yaml Allow ssh from all for undercloud 2 years ago
swift-base.yaml Change template names to rocky 3 years ago
swift-dispersion.yaml Change template names to rocky 3 years ago
swift-proxy.yaml Support TLS deployments with KernelDisableIPv6 enabled 2 years ago
swift-ringbuilder.yaml Change template names to rocky 3 years ago
swift-storage.yaml Enable recon middleware for swift account/container server 2 years ago
tacker.yaml ansible: replace yum module by package module when possible 3 years ago
tripleo-firewall.yaml Rocky only - allow SSH from any source 2 years ago
tripleo-packages.yaml [Rocky&QueensOnly] Update ovs to 2.11 without network loss 6 months ago
tripleo-ui.yaml Merge "[tripleo-ui] Explicitly configure Nova CORS" 3 years ago
tripleo-validations.yaml Implement TripleoValidations composable service 3 years ago
tuned.yaml Add TunedCustomProfile parameter and HCI Ceph filestore environment 2 years ago
veritas-hyperscale-controller.yaml Change template names to rocky 3 years ago
vpp.yaml Change template names to rocky 3 years ago
zaqar-api.yaml ansible: replace yum module by package module when possible 3 years ago

README.rst

services

A TripleO nested stack Heat template that encapsulates generic configuration data to configure a specific service. This generally includes everything needed to configure the service excluding the local bind ports which are still managed in the per-node role templates directly (controller.yaml, compute.yaml, etc.). All other (global) service settings go into the puppet/service templates.

Input Parameters

Each service may define its own input parameters and defaults. Operators will use the parameter_defaults section of any Heat environment to set per service parameters.

Apart from sevice specific inputs, there are few default parameters for all the services. Following are the list of default parameters:

  • ServiceData: Mapping of service specific data. It is used to encapsulate all the service specific data. As of now, it contains net_cidr_map, which contains the CIDR map for all the networks. Additional data will be added as and when required.
  • ServiceNetMap: Mapping of service_name -> network name. Default mappings for service to network names are defined in ../network/service_net_map.j2.yaml, which may be overridden via ServiceNetMap values added to a user environment file via parameter_defaults.
  • EndpointMap: Mapping of service endpoint -> protocol. Contains a mapping of endpoint data generated for all services, based on the data included in ../network/endpoints/endpoint_data.yaml.
  • DefaultPasswords: Mapping of service -> default password. Used to pass some passwords from the parent templates, this is a legacy interface and should not be used by new services.
  • RoleName: Name of the role on which this service is deployed. A service can be deployed in multiple roles. This is an internal parameter (should not be set via environment file), which is fetched from the name attribute of the roles_data.yaml template.
  • RoleParameters: Parameter specific to a role on which the service is applied. Using the format "<RoleName>Parameters" in the parameter_defaults of user environment file, parameters can be provided for a specific role. For example, in order to provide a parameter specific to "Compute" role, below is the format:

    parameter_defaults:
      ComputeParameters:
        Param1: value

Config Settings

Each service may define three ways in which to output variables to configure Hiera settings on the nodes.

  • config_settings: the hiera keys will be pushed on all roles of which the service is a part of.
  • global_config_settings: the hiera keys will be distributed to all roles
  • service_config_settings: Takes an extra key to wire in values that are defined for a service that need to be consumed by some other service. For example: service_config_settings: haproxy: foo: bar This will set the hiera key 'foo' on all roles where haproxy is included.

Deployment Steps

Each service may define an output variable which returns a puppet manifest snippet that will run at each of the following steps. Earlier manifests are re-asserted when applying latter ones.

  • config_settings: Custom hiera settings for this service.
  • global_config_settings: Additional hiera settings distributed to all roles.
  • step_config: A puppet manifest that is used to step through the deployment sequence. Each sequence is given a "step" (via hiera('step') that provides information for when puppet classes should activate themselves.

    Steps correlate to the following:

    1. Load Balancer configuration
    2. Core Services (Database/Rabbit/NTP/etc.)
    3. Early Openstack Service setup (Ringbuilder, etc.)
    4. General OpenStack Services
    5. Service activation (Pacemaker)

It is also possible to use Mistral actions or workflows together with a deployment step, these are executed before the main configuration run. To describe actions or workflows from within a service use:

  • workflow_tasks: One or more workflow task properties

which expects a map where the key is the step and the value a list of dictionaries descrbing each a workflow task, for example:

workflow_tasks:
  step2:
    - name: echo
      action: std.echo output=Hello
  step3:
    - name: external
      workflow: my-pre-existing-workflow-name
      input:
        workflow_param1: value
        workflow_param2: value

The Heat guide for the OS::Mistral::Workflow task property has more details about the expected dictionary.

  • external_deploy_tasks: Ansible tasks to be run each step on the undercloud where a variable "step" is provided to enable conditionally running tasks at a given step.
  • external_post_deploy_tasks: Ansible tasks to be run on the undercloud after all other deploy steps have completed.

Batch Upgrade Steps (deprecated)

Note: the upgrade_batch_tasks are no longer used and deprecated for Queens. The information below applies to upgrade_batch_tasks as they were used for the Ocata major upgrade. The upgrade_batch_tasks were used exclusively by the ceph services and for Pike ceph is now configured by ceph-ansible.

Each service template may optionally define a upgrade_batch_tasks key, which is a list of ansible tasks to be performed during the upgrade process.

Similar to the step_config, we allow a series of steps for the per-service upgrade sequence, defined as ansible tasks with a tag e.g "step1" for the first step, "step2" for the second, etc (currently only two steps are supported, but more may be added when required as additional services get converted to batched upgrades).

Note that each step is performed in batches, then we move on to the next step which is also performed in batches (we don't perform all steps on one node, then move on to the next one which means you can sequence rolling upgrades of dependent services via the step value).

The tasks performed at each step is service specific, but note that all batch upgrade steps are performed before the upgrade_tasks described below. This means that all services that support rolling upgrades can be upgraded without downtime during upgrade_batch_tasks, then any remaining services are stopped and upgraded during upgrade_tasks

The default batch size is 1, but this can be overridden for each role via the upgrade_batch_size option in roles_data.yaml

Update Steps

Each service template may optionally define a update_tasks key, which is a list of ansible tasks to be performed during the minor update process. These are executed in a rolling manner node-by-node.

We allow a series of steps for the per-service update sequence via conditionals referencing a step variable e.g when: step|int == 2.

Pre-upgrade Rolling Steps

Each service template may optionally define a pre_upgrade_rolling_tasks key, which is a list of ansible tasks to be performed before the main upgrade phase, and these tasks are executed in a node-by-node rolling manner on the overcloud, similarly as update_tasks.

Upgrade Steps

Each service template may optionally define a upgrade_tasks key, which is a list of ansible tasks to be performed during the upgrade process.

Similar to the update_tasks, we allow a series of steps for the per-service upgrade sequence, defined as ansible tasks with a "when: step|int == 1" for the first step, "== 2" for the second, etc.

Steps correlate to the following:

  1. Perform any pre-upgrade validations.
  2. Stop the control-plane services, e.g disable LoadBalancer, stop pacemaker cluster and stop any managed resources. The exact order is controlled by the cluster constraints.
  3. Perform a package update and install new packages: A general upgrade is done, and only new package should go into service ansible tasks.
  4. Start services needed for migration tasks (e.g DB)
  5. Perform any migration tasks, e.g DB sync commands

Note that the services are not started in the upgrade tasks - we instead re-run puppet which does any reconfiguration required for the new version, then starts the services.

Nova Server Metadata Settings

One can use the hook of type OS::TripleO::ServiceServerMetadataHook to pass entries to the nova instances' metadata. It is, however, disabled by default. In order to overwrite it one needs to define it in the resource registry. An implementation of this hook needs to conform to the following:

  • It needs to define an input called RoleData of json type. This gets as input the contents of the role_data for each role's ServiceChain.
  • This needs to define an output called metadata which will be given to the Nova Server resource as the instance's metadata.