tripleo-heat-templates/puppet/services
Peng Liu d7c00f01b5 Add l2gw neutron service plugin support
L2 Gateway (L2GW) is an API framework for OpenStack that offers bridging
two or more networks together to make them look at a single broadcast
domain. This patch implements the l2gw neutron service plugin support part
in t-h-t.

Change-Id: I1b52dc2c11a15698e43b6deeac6cadeeba1802d5
Depends-On: I01a8afdc51b2a077be1bbc7855892f68756e1fd3
Partially-Implements: blueprint l2gw-service-integration
Signed-off-by: Peng Liu <pliu@redhat.com>
2017-03-30 14:42:10 +00:00
..
database MySQL: Use conditional instead of nested stack for TLS-specific bits 2017-03-27 14:00:46 +03:00
disabled Put service stop at step1 and quiesce at step2. 2017-02-28 19:20:13 +01:00
logging upgrades/validation: only run validation when services exist 2017-03-01 19:49:00 +00:00
metrics upgrades/validation: only run validation when services exist 2017-03-01 19:49:00 +00:00
monitoring Improve SSL support for Sensu 2017-03-09 14:50:49 +00:00
network Re-organizes Contrail services to the correct roles 2017-02-08 20:25:41 +01:00
pacemaker Pass hieradata for internal TLS for RabbitMQ 2017-03-09 11:08:41 +00:00
time Configuring a default ntp server. 2017-02-14 14:13:02 +01:00
aodh-api.yaml Allow to configure policy.json for OpenStack projects 2017-03-28 22:21:28 +00:00
aodh-base.yaml telemetry: switch auth_uri to uri_no_suffix 2017-03-13 08:14:31 -04:00
aodh-evaluator.yaml upgrades/validation: only run validation when services exist 2017-03-01 19:49:00 +00:00
aodh-listener.yaml upgrades/validation: only run validation when services exist 2017-03-01 19:49:00 +00:00
aodh-notifier.yaml upgrades/validation: only run validation when services exist 2017-03-01 19:49:00 +00:00
apache.yaml Apache: Use conditional instead of nested stack for TLS-specific bits 2017-03-27 13:33:17 +03:00
auditd.yaml upgrades/validation: only run validation when services exist 2017-03-01 19:49:00 +00:00
barbican-api.yaml Allow to configure policy.json for OpenStack projects 2017-03-28 22:21:28 +00:00
ca-certs.yaml Bump template version for all templates to "ocata" 2016-12-23 11:43:39 +00:00
ceilometer-agent-central.yaml upgrades/validation: only run validation when services exist 2017-03-01 19:49:00 +00:00
ceilometer-agent-compute.yaml upgrades/validation: only run validation when services exist 2017-03-01 19:49:00 +00:00
ceilometer-agent-notification.yaml upgrades/validation: only run validation when services exist 2017-03-01 19:49:00 +00:00
ceilometer-api.yaml Allow to configure policy.json for OpenStack projects 2017-03-28 22:21:28 +00:00
ceilometer-base.yaml Include panko in the default dispatcher 2017-03-28 19:48:59 +00:00
ceilometer-collector.yaml upgrades/validation: only run validation when services exist 2017-03-01 19:49:00 +00:00
ceilometer-expirer.yaml Remove openstack-ceilometer-expirer check 2017-02-03 13:12:27 +01:00
ceph-base.yaml Bump template version for all templates to "ocata" 2016-12-23 11:43:39 +00:00
ceph-client.yaml Bump template version for all templates to "ocata" 2016-12-23 11:43:39 +00:00
ceph-external.yaml Conform CephExternal template to the new hiera hook 2017-01-25 19:54:11 +00:00
ceph-mds.yaml Add support for the deployment of Ceph MDS 2017-01-10 17:30:16 +01:00
ceph-mon.yaml Add checks in ansible upgrade tasks for CephMon and CephOSD 2017-02-21 20:53:01 +00:00
ceph-osd.yaml Add checks in ansible upgrade tasks for CephMon and CephOSD 2017-02-21 20:53:01 +00:00
ceph-rgw.yaml upgrades/validation: only run validation when services exist 2017-03-01 19:49:00 +00:00
certmonger-user.yaml Add certmonger-user profile 2017-03-13 17:10:13 +02:00
cinder-api.yaml Allow to configure policy.json for OpenStack projects 2017-03-28 22:21:28 +00:00
cinder-backend-dellps.yaml Composable services support for Cinder Dell EMC PS Series 2017-02-07 11:54:24 +00:00
cinder-backend-dellsc.yaml Composable service support for Cinder Dell EMC Storage Center 2017-02-03 12:07:33 -06:00
cinder-backend-scaleio.yaml Fix bogus parameters in get_param 2017-03-06 18:31:24 +01:00
cinder-backup.yaml Bump template version for all templates to "ocata" 2016-12-23 11:43:39 +00:00
cinder-base.yaml Make the DB URIs host-independent for all services 2017-02-17 17:22:42 +01:00
cinder-hpelefthand-iscsi.yaml Check that all templates are using the release alias 2017-01-18 12:30:15 +01:00
cinder-scheduler.yaml upgrades/validation: only run validation when services exist 2017-03-01 19:49:00 +00:00
cinder-volume.yaml Fix usage of CinderNfsServers 2017-03-23 12:08:49 +00:00
congress.yaml Allow to configure policy.json for OpenStack projects 2017-03-28 22:21:28 +00:00
docker.yaml Add docker composable service template 2017-03-06 15:51:42 +01:00
ec2-api.yaml Allow to configure policy.json for OpenStack projects 2017-03-28 22:21:28 +00:00
etcd.yaml etcd: secure EtcdInitialClusterToken parameter 2017-03-15 17:58:27 -04:00
glance-api.yaml Allow to configure policy.json for OpenStack projects 2017-03-28 22:21:28 +00:00
gnocchi-api.yaml Allow to configure policy.json for OpenStack projects 2017-03-28 22:21:28 +00:00
gnocchi-base.yaml Swift auth url should use a suffix 2017-03-27 13:00:02 +00:00
gnocchi-metricd.yaml upgrades/validation: only run validation when services exist 2017-03-01 19:49:00 +00:00
gnocchi-statsd.yaml upgrades/validation: only run validation when services exist 2017-03-01 19:49:00 +00:00
haproxy-internal-tls-certmonger.yaml Add metadata settings for needed kerberos principals 2017-01-25 00:33:11 +02:00
haproxy-public-tls-certmonger.yaml Add metadata settings for needed kerberos principals 2017-01-25 00:33:11 +02:00
haproxy.yaml upgrades/validation: only run validation when services exist 2017-03-01 19:49:00 +00:00
heat-api-cfn.yaml Remove double quotes in the "when" Ansible conditional. 2017-03-11 11:02:27 +01:00
heat-api-cloudwatch.yaml Remove double quotes in the "when" Ansible conditional. 2017-03-11 11:02:27 +01:00
heat-api.yaml Allow to configure policy.json for OpenStack projects 2017-03-28 22:21:28 +00:00
heat-base.yaml heat: switch auth_uri to use uri_no_suffix 2017-03-13 08:09:16 -04:00
heat-engine.yaml upgrades/validation: only run validation when services exist 2017-03-01 19:49:00 +00:00
horizon.yaml horizon: switch keystone_url to use uri_no_suffix 2017-03-10 12:25:40 -05:00
ironic-api.yaml Allow to configure policy.json for OpenStack projects 2017-03-28 22:21:28 +00:00
ironic-base.yaml Make the DB URIs host-independent for all services 2017-02-17 17:22:42 +01:00
ironic-conductor.yaml Explicitly configure credentials used by ironic to access other services 2017-03-16 20:51:49 +01:00
keepalived.yaml Bump template version for all templates to "ocata" 2016-12-23 11:43:39 +00:00
kernel.yaml Restrict Access to Kernel Message Buffer 2017-03-22 07:20:32 +08:00
keystone.yaml Allow to configure policy.json for OpenStack projects 2017-03-28 22:21:28 +00:00
manila-api.yaml manila: switch auth_uri to use uri_no_suffix 2017-03-13 08:06:21 -04:00
manila-backend-cephfs.yaml Merge "Set manila cephfs backend if ceph is deployed" 2017-01-18 10:20:55 +00:00
manila-backend-generic.yaml Bump template version for all templates to "ocata" 2016-12-23 11:43:39 +00:00
manila-backend-netapp.yaml Bump template version for all templates to "ocata" 2016-12-23 11:43:39 +00:00
manila-base.yaml Make the DB URIs host-independent for all services 2017-02-17 17:22:42 +01:00
manila-scheduler.yaml Bump template version for all templates to "ocata" 2016-12-23 11:43:39 +00:00
manila-share.yaml Use Keystone internal endpoint instead of admin for services 2017-02-14 02:41:13 +00:00
memcached.yaml Reduce memcached memory configuration 2017-02-12 14:39:37 -07:00
mistral-api.yaml Allow to configure policy.json for OpenStack projects 2017-03-28 22:21:28 +00:00
mistral-base.yaml Make the DB URIs host-independent for all services 2017-02-17 17:22:42 +01:00
mistral-engine.yaml Add mistral service support for composable upgrades 2017-03-01 19:53:12 +00:00
mistral-executor.yaml Add mistral service support for composable upgrades 2017-03-01 19:53:12 +00:00
neutron-api.yaml Allow to configure policy.json for OpenStack projects 2017-03-28 22:21:28 +00:00
neutron-base.yaml Only set EnableConfigPurge on major upgrades 2017-03-22 09:20:37 +00:00
neutron-bgpvpn-api.yaml Add BGPVPN composable service 2017-03-10 11:35:48 +01:00
neutron-compute-plugin-midonet.yaml Bump template version for all templates to "ocata" 2016-12-23 11:43:39 +00:00
neutron-compute-plugin-nuage.yaml Bump template version for all templates to "ocata" 2016-12-23 11:43:39 +00:00
neutron-compute-plugin-ovn.yaml OVN bridge mappings for tripleo 2017-02-14 21:56:41 +05:30
neutron-compute-plugin-plumgrid.yaml Bump template version for all templates to "ocata" 2016-12-23 11:43:39 +00:00
neutron-dhcp.yaml upgrades/validation: only run validation when services exist 2017-03-01 19:49:00 +00:00
neutron-l2gw-api.yaml Add l2gw neutron service plugin support 2017-03-30 14:42:10 +00:00
neutron-l3-compute-dvr.yaml Merge "neutron: don't set external_network_bridge option by default" 2017-02-23 00:06:28 +00:00
neutron-l3.yaml upgrades/validation: only run validation when services exist 2017-03-01 19:49:00 +00:00
neutron-metadata.yaml upgrades/validation: only run validation when services exist 2017-03-01 19:49:00 +00:00
neutron-midonet.yaml Bump template version for all templates to "ocata" 2016-12-23 11:43:39 +00:00
neutron-ovs-agent.yaml upgrades/validation: only run validation when services exist 2017-03-01 19:49:00 +00:00
neutron-ovs-dpdk-agent.yaml Fixes missing firewall rules for neutron_ovs_dpdk_agent service 2017-03-22 10:52:03 -04:00
neutron-plugin-ml2-fujitsu-cfab.yaml Bump missing template names to ocata 2017-01-17 17:04:49 +01:00
neutron-plugin-ml2-fujitsu-fossw.yaml Add THT for fossw ML2 plugin in networking-fujitsu 2017-01-19 12:55:47 -05:00
neutron-plugin-ml2-ovn.yaml OVN plugin configuration fixes 2017-02-02 21:30:38 +05:30
neutron-plugin-ml2.yaml Remove unused SR-IOV parameter NeutronSupportedPCIVendorDevs 2017-02-02 11:18:07 +05:30
neutron-plugin-nuage.yaml Bump template version for all templates to "ocata" 2016-12-23 11:43:39 +00:00
neutron-plugin-plumgrid.yaml Make the DB URIs host-independent for all services 2017-02-17 17:22:42 +01:00
neutron-sriov-agent.yaml Bump template version for all templates to "ocata" 2016-12-23 11:43:39 +00:00
nova-api.yaml Merge "[N->O] Fix wrong database connection for cell0 during upgrade." 2017-03-30 11:51:22 +00:00
nova-base.yaml Merge "[N->O] Fix wrong database connection for cell0 during upgrade." 2017-03-30 11:51:22 +00:00
nova-compute.yaml Modify pci_passthrough hiera value as string 2017-03-28 14:03:20 +05:30
nova-conductor.yaml Put service stop at step1 and quiesce at step2. 2017-02-28 19:20:13 +01:00
nova-consoleauth.yaml Put service stop at step1 and quiesce at step2. 2017-02-28 19:20:13 +01:00
nova-ironic.yaml Stop openstack-nova-compute during nova-ironic upgrade 2017-03-24 16:30:04 +01:00
nova-libvirt.yaml Configure VNC Server listen address through t-h-t 2017-02-01 22:35:42 +02:00
nova-metadata.yaml Bump template version for all templates to "ocata" 2016-12-23 11:43:39 +00:00
nova-placement.yaml Put service stop at step1 and quiesce at step2. 2017-02-28 19:20:13 +01:00
nova-scheduler.yaml Put service stop at step1 and quiesce at step2. 2017-02-28 19:20:13 +01:00
nova-vnc-proxy.yaml Put service stop at step1 and quiesce at step2. 2017-02-28 19:20:13 +01:00
octavia-api.yaml Allow to configure policy.json for OpenStack projects 2017-03-28 22:21:28 +00:00
octavia-base.yaml Only set EnableConfigPurge on major upgrades 2017-03-22 09:20:37 +00:00
octavia-health-manager.yaml Introduce Octavia implementation services 2017-01-30 17:24:20 -03:30
octavia-housekeeping.yaml Introduce Octavia implementation services 2017-01-30 17:24:20 -03:30
octavia-worker.yaml Introduce Octavia implementation services 2017-01-30 17:24:20 -03:30
opendaylight-api.yaml Merge "Enables OpenDaylight clustering in HA deployments" 2017-03-22 03:55:50 +00:00
opendaylight-ovs.yaml Fixes OpenDaylightProviderMappings hiera parsing 2017-03-23 10:24:38 -04:00
ovn-dbs.yaml Bump missing template names to ocata 2017-01-17 17:04:49 +01:00
pacemaker_remote.yaml pacemaker remote profile support 2017-01-24 12:18:14 +01:00
pacemaker.yaml Upgrades: wait for galera to be settled 2017-03-13 08:28:48 +01:00
panko-api.yaml Allow to configure policy.json for OpenStack projects 2017-03-28 22:21:28 +00:00
panko-base.yaml telemetry: switch auth_uri to uri_no_suffix 2017-03-13 08:14:31 -04:00
rabbitmq.yaml Rabbitmq: Use conditional instead of nested stack for TLS-specific bits 2017-03-27 13:33:12 +03:00
README.rst Put service stop at step1 and quiesce at step2. 2017-02-28 19:20:13 +01:00
sahara-api.yaml Allow to configure policy.json for OpenStack projects 2017-03-28 22:21:28 +00:00
sahara-base.yaml sahara: configure keystone_authtoken parameters 2017-03-08 12:08:57 +00:00
sahara-engine.yaml Put service stop at step1 and quiesce at step2. 2017-02-28 19:20:13 +01:00
services.yaml docker: new hybrid deployment architecture and configuration 2017-02-15 12:56:44 -05:00
snmp.yaml Put service stop at step1 and quiesce at step2. 2017-02-28 19:20:13 +01:00
sshd.yaml sshd template, rename hiera key 2017-03-07 11:43:00 +00:00
swift-base.yaml Bump template version for all templates to "ocata" 2016-12-23 11:43:39 +00:00
swift-proxy.yaml Merge "Set number of Swift proxy server workers to auto" 2017-03-09 11:28:55 +00:00
swift-ringbuilder.yaml Auto-set SwiftMountCheck and SwiftUseLocalDir settings 2017-01-06 08:32:18 +01:00
swift-storage.yaml Put service stop at step1 and quiesce at step2. 2017-02-28 19:20:13 +01:00
tacker.yaml Allow to configure policy.json for OpenStack projects 2017-03-28 22:21:28 +00:00
tripleo-firewall.yaml N->O upgrade, blanks ipv6 rules before activating it. 2017-03-27 11:38:32 +02:00
tripleo-packages.yaml Adds a step0 for pre upgrade-init checks 2017-01-13 12:34:57 +00:00
vpp.yaml Add validation for VPP upgrade tasks 2017-03-06 08:43:27 -05:00
zaqar.yaml Allow to configure policy.json for OpenStack projects 2017-03-28 22:21:28 +00:00

services

A TripleO nested stack Heat template that encapsulates generic configuration data to configure a specific service. This generally includes everything needed to configure the service excluding the local bind ports which are still managed in the per-node role templates directly (controller.yaml, compute.yaml, etc.). All other (global) service settings go into the puppet/service templates.

Input Parameters

Each service may define its own input parameters and defaults. Operators will use the parameter_defaults section of any Heat environment to set per service parameters.

Config Settings

Each service may define three ways in which to output variables to configure Hiera settings on the nodes.

  • config_settings: the hiera keys will be pushed on all roles of which the service is a part of.
  • global_config_settings: the hiera keys will be distributed to all roles
  • service_config_settings: Takes an extra key to wire in values that are defined for a service that need to be consumed by some other service. For example: service_config_settings: haproxy: foo: bar This will set the hiera key 'foo' on all roles where haproxy is included.

Deployment Steps

Each service may define an output variable which returns a puppet manifest snippet that will run at each of the following steps. Earlier manifests are re-asserted when applying latter ones.

  • config_settings: Custom hiera settings for this service.

  • global_config_settings: Additional hiera settings distributed to all roles.

  • step_config: A puppet manifest that is used to step through the deployment sequence. Each sequence is given a "step" (via hiera('step') that provides information for when puppet classes should activate themselves.

    Steps correlate to the following:

    1. Load Balancer configuration
    2. Core Services (Database/Rabbit/NTP/etc.)
    3. Early Openstack Service setup (Ringbuilder, etc.)
    4. General OpenStack Services
    5. Service activation (Pacemaker)

Batch Upgrade Steps

Each service template may optionally define a upgrade_batch_tasks key, which is a list of ansible tasks to be performed during the upgrade process.

Similar to the step_config, we allow a series of steps for the per-service upgrade sequence, defined as ansible tasks with a tag e.g "step1" for the first step, "step2" for the second, etc (currently only two steps are supported, but more may be added when required as additional services get converted to batched upgrades).

Note that each step is performed in batches, then we move on to the next step which is also performed in batches (we don't perform all steps on one node, then move on to the next one which means you can sequence rolling upgrades of dependent services via the step value).

The tasks performed at each step is service specific, but note that all batch upgrade steps are performed before the upgrade_tasks described below. This means that all services that support rolling upgrades can be upgraded without downtime during upgrade_batch_tasks, then any remaining services are stopped and upgraded during upgrade_tasks

The default batch size is 1, but this can be overridden for each role via the upgrade_batch_size option in roles_data.yaml

Upgrade Steps

Each service template may optionally define a upgrade_tasks key, which is a list of ansible tasks to be performed during the upgrade process.

Similar to the step_config, we allow a series of steps for the per-service upgrade sequence, defined as ansible tasks with a tag e.g "step1" for the first step, "step2" for the second, etc.

Steps/tages correlate to the following:

  1. Stop all control-plane services.

  2. Quiesce the control-plane, e.g disable LoadBalancer, stop pacemaker cluster: this will stop the following resource:

    • ocata:
      • galera
      • rabbit
      • redis
      • haproxy
      • vips
      • cinder-volumes
      • cinder-backup
      • manilla-share
      • rbd-mirror

    The exact order is controlled by the cluster constraints.

  3. Perform a package update and install new packages: A general upgrade is done, and only new package should go into service ansible tasks.

  4. Start services needed for migration tasks (e.g DB)

  5. Perform any migration tasks, e.g DB sync commands

Note that the services are not started in the upgrade tasks - we instead re-run puppet which does any reconfiguration required for the new version, then starts the services.

Nova Server Metadata Settings

One can use the hook of type OS::TripleO::ServiceServerMetadataHook to pass entries to the nova instances' metadata. It is, however, disabled by default. In order to overwrite it one needs to define it in the resource registry. An implementation of this hook needs to conform to the following:

  • It needs to define an input called RoleData of json type. This gets as input the contents of the role_data for each role's ServiceChain.
  • This needs to define an output called metadata which will be given to the Nova Server resource as the instance's metadata.