tripleo-heat-templates/puppet/major_upgrade_steps.j2.yaml

{% set enabled_roles = roles|rejectattr('disable_upgrade_deployment')|list -%}
{% set batch_upgrade_steps_max = 3 -%}
{% set upgrade_steps_max = 6 -%}
{% set deliver_script = {'deliver': False} -%}
heat_template_version: ocata
description: 'Upgrade steps for all roles'

parameters:
  servers:
    type: json

  role_data:
    type: json
    description: Mapping of Role name e.g Controller to the per-role data

  UpdateIdentifier:
    type: string
    description: >
      Setting to a previously unused value during stack-update will trigger
      the Upgrade resources to re-run on all roles.      
  EndpointMap:
    default: {}
    description: Mapping of service endpoint -> protocol. Typically set
                 via parameter_defaults in the resource registry.
    type: json
  KeystoneRegion:
    type: string
    default: 'regionOne'
    description: Keystone region for endpoint
  NovaPassword:
    description: The password for the nova service and db account, used by nova-api.
    type: string
    hidden: true

conditions:
  # Conditions to disable any steps where the task list is empty
{%- for role in roles %}
  {{role.name}}UpgradeBatchConfigEnabled:
    not:
      equals:
        - {get_param: [role_data, {{role.name}}, upgrade_batch_tasks]}
        - []
{%- endfor %}

resources:

{% for role in roles if role.disable_upgrade_deployment|default(false) %}
  {{role.name}}DeliverUpgradeScriptConfig:
    type: OS::Heat::SoftwareConfig
    properties:
      group: script
      config:
        list_join:
        - ''
        - - "#!/bin/bash\n\n"
          - "set -eu\n\n"
          - "if hiera -c /etc/puppet/hiera.yaml service_names | grep nova_compute ; then\n\n"
          - "  crudini --set /etc/nova/nova.conf placement auth_type password\n\n"
          - "  crudini --set /etc/nova/nova.conf placement username placement\n\n"
          - "  crudini --set /etc/nova/nova.conf placement project_domain_name Default\n\n"
          - "  crudini --set /etc/nova/nova.conf placement user_domain_name Default\n\n"
          - "  crudini --set /etc/nova/nova.conf placement project_name service\n\n"
          - str_replace:
              template: |
                crudini --set /etc/nova/nova.conf placement password 'SERVICE_PASSWORD'
                crudini --set /etc/nova/nova.conf placement region_name 'REGION_NAME'
                crudini --set /etc/nova/nova.conf placement auth_url 'AUTH_URL'                
              params:
                SERVICE_PASSWORD: { get_param: NovaPassword }
                REGION_NAME: { get_param: KeystoneRegion }
                AUTH_URL: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
          - "  systemctl restart openstack-nova-compute\n\n"
          - "fi\n\n"
          - str_replace:
              template: |
                ROLE='ROLE_NAME'                
              params:
                ROLE_NAME: {{role.name}}
          - get_file: ../extraconfig/tasks/pacemaker_common_functions.sh
          - get_file: ../extraconfig/tasks/run_puppet.sh
          - get_file: ../extraconfig/tasks/tripleo_upgrade_node.sh

  {{role.name}}DeliverUpgradeScriptDeployment:
    type: OS::Heat::SoftwareDeploymentGroup
    properties:
      servers:  {get_param: [servers, {{role.name}}]}
      config: {get_resource: {{role.name}}DeliverUpgradeScriptConfig}
{% endfor %}

# Upgrade Steps for all roles, batched updates
# The UpgradeConfig resources could actually be created without
# serialization, but the event output is easier to follow if we
# do, and there should be minimal performance hit (creating the
# config is cheap compared to the time to apply the deployment).
{% for step in range(0, batch_upgrade_steps_max) %}
  # Batch config resources step {{step}}
  {%- for role in roles %}
  {{role.name}}UpgradeBatchConfig_Step{{step}}:
    type: OS::TripleO::UpgradeConfig
  {%- if step > 0 %}
    condition: {{role.name}}UpgradeBatchConfigEnabled
    {% if role.name in enabled_roles %}
    depends_on:
      - {{role.name}}UpgradeBatch_Step{{step -1}}
    {%- endif %}
  {% else %}
    {% for role in roles if role.disable_upgrade_deployment|default(false) %}
      {% if deliver_script.update({'deliver': True}) %} {% endif %}
    {% endfor %}
    {% if deliver_script.deliver %}
    depends_on:
    {% endif %}
      {% for dep in roles if dep.disable_upgrade_deployment|default(false) %}
      - {{dep.name}}DeliverUpgradeScriptDeployment
      {% endfor %}
  {% endif %}
    properties:
      UpgradeStepConfig: {get_param: [role_data, {{role.name}}, upgrade_batch_tasks]}
      step: {{step}}
  {%- endfor %}

  # Batch deployment resources for step {{step}} (only for enabled roles)
  {%- for role in enabled_roles %}
  {{role.name}}UpgradeBatch_Step{{step}}:
    type: OS::Heat::SoftwareDeploymentGroup
    condition: {{role.name}}UpgradeBatchConfigEnabled
    {%- if step > 0 %}
    depends_on:
      - {{role.name}}UpgradeBatch_Step{{step -1}}
    {% else %}
    depends_on:
      - {{role.name}}UpgradeBatchConfig_Step{{step}}
    {%- endif %}
    update_policy:
      batch_create:
        max_batch_size: {{role.upgrade_batch_size|default(1)}}
      rolling_update:
        max_batch_size: {{role.upgrade_batch_size|default(1)}}
    properties:
      name: {{role.name}}UpgradeBatch_Step{{step}}
      servers: {get_param: [servers, {{role.name}}]}
      config: {get_resource: {{role.name}}UpgradeBatchConfig_Step{{step}}}
      input_values:
        role: {{role.name}}
        update_identifier: {get_param: UpdateIdentifier}
  {%- endfor %}
{%- endfor %}

# Dump the puppet manifests to be apply later when disable_upgrade_deployment
# is to true
{% for role in roles  if role.disable_upgrade_deployment|default(false) %}
  {{role.name}}DeliverPuppetConfig:
    type: OS::Heat::SoftwareConfig
    properties:
      group: script
      config:
        list_join:
        - ''
        - - str_replace:
              template: |
                #!/bin/bash
                cat > /root/{{role.name}}_puppet_config.pp << ENDOFCAT
                PUPPET_CLASSES
                ENDOFCAT                
              params:
                PUPPET_CLASSES: {get_param: [role_data, {{role.name}}, step_config]}

  {{role.name}}DeliverPuppetDeployment:
    type: OS::Heat::SoftwareDeploymentGroup
    properties:
      servers:  {get_param: [servers, {{role.name}}]}
      config: {get_resource: {{role.name}}DeliverPuppetConfig}
{% endfor %}

# Upgrade Steps for all roles
{%- for step in range(0, upgrade_steps_max) %}
  # Config resources for step {{step}}
  {%- for role in roles %}
  {{role.name}}UpgradeConfig_Step{{step}}:
    type: OS::TripleO::UpgradeConfig
  # The UpgradeConfig resources could actually be created without
  # serialization, but the event output is easier to follow if we
  # do, and there should be minimal performance hit (creating the
  # config is cheap compared to the time to apply the deployment).
  {%- if step > 0 %}
    {% if role.name in enabled_roles %}
    depends_on:
      - {{role.name}}Upgrade_Step{{step -1}}
    {% endif %}
  {%- endif %}
    properties:
      UpgradeStepConfig: {get_param: [role_data, {{role.name}}, upgrade_tasks]}
      step: {{step}}
  {%- endfor %}

  # Deployment resources for step {{step}} (only for enabled roles)
  {%- for role in enabled_roles %}
  {{role.name}}Upgrade_Step{{step}}:
    type: OS::Heat::SoftwareDeploymentGroup
    {%- if step > 0 %}
    # Make sure we wait that all roles have finished their own
    # previous step before going to the next, so we can guarantee
    # state for each steps.
    depends_on:
      {%- for role_inside in enabled_roles %}
      - {{role_inside.name}}Upgrade_Step{{step -1}}
      {%- endfor %}
    {%- endif %}
    properties:
      name: {{role.name}}Upgrade_Step{{step}}
      servers: {get_param: [servers, {{role.name}}]}
      config: {get_resource: {{role.name}}UpgradeConfig_Step{{step}}}
      input_values:
        role: {{role.name}}
        update_identifier: {get_param: UpdateIdentifier}
  {%- endfor %}
{%- endfor %}

  # Post upgrade deployment steps for all roles
  # This runs the normal configuration (e.g puppet) steps unless upgrade
  # is disabled for the role
  AllNodesPostUpgradeSteps:
    type: OS::TripleO::PostUpgradeSteps
    depends_on:
{%- for dep in enabled_roles %}
      - {{dep.name}}Upgrade_Step{{upgrade_steps_max - 1}}
{%- endfor %}
    properties:
      servers: {get_param: servers}
      role_data: {get_param: role_data}

outputs:
  # Output the config for each role, just use Step1 as the config should be
  # the same for all steps (only the tag provided differs)
  upgrade_configs:
    description: The per-role upgrade configuration used
    value:
{% for role in roles %}
      {{role.name.lower()}}: {get_attr: [{{role.name}}UpgradeConfig_Step1, upgrade_config]}
{% endfor %}