8febc6e6f4
This uses a puppet-tripleo profile to configure and start docker in step1 of the deployment, which is before we attempt to deploy any containers (see docker/services/README.rst#docker-steps) This enables existing environments on upgrade to configure things correctly, without using the docker/firstboot/setup_docker_host.sh - the firstboot approach may still be needed for atomic, but for environments where we can run puppet on the host this integrates more cleanly with our existing architecture I think. Depends-On: Id8add1e8a0ecaedb7d8a7dc9ba3747c1ac3b8eea Change-Id: If4ffe21579bcb2770f4e5a96be7960b52927a27b |
||
---|---|---|
.. | ||
database | ||
disabled | ||
logging | ||
metrics | ||
monitoring | ||
network | ||
pacemaker | ||
time | ||
aodh-api.yaml | ||
aodh-base.yaml | ||
aodh-evaluator.yaml | ||
aodh-listener.yaml | ||
aodh-notifier.yaml | ||
apache-internal-tls-certmonger.yaml | ||
apache.yaml | ||
auditd.yaml | ||
barbican-api.yaml | ||
ca-certs.yaml | ||
ceilometer-agent-central.yaml | ||
ceilometer-agent-compute.yaml | ||
ceilometer-agent-notification.yaml | ||
ceilometer-api.yaml | ||
ceilometer-base.yaml | ||
ceilometer-collector.yaml | ||
ceilometer-expirer.yaml | ||
ceph-base.yaml | ||
ceph-client.yaml | ||
ceph-external.yaml | ||
ceph-mds.yaml | ||
ceph-mon.yaml | ||
ceph-osd.yaml | ||
ceph-rgw.yaml | ||
cinder-api.yaml | ||
cinder-backend-dellps.yaml | ||
cinder-backend-dellsc.yaml | ||
cinder-backend-scaleio.yaml | ||
cinder-backup.yaml | ||
cinder-base.yaml | ||
cinder-hpelefthand-iscsi.yaml | ||
cinder-scheduler.yaml | ||
cinder-volume.yaml | ||
congress.yaml | ||
docker.yaml | ||
ec2-api.yaml | ||
etcd.yaml | ||
glance-api.yaml | ||
glance-base.yaml | ||
gnocchi-api.yaml | ||
gnocchi-base.yaml | ||
gnocchi-metricd.yaml | ||
gnocchi-statsd.yaml | ||
haproxy-internal-tls-certmonger.yaml | ||
haproxy-public-tls-certmonger.yaml | ||
haproxy.yaml | ||
heat-api-cfn.yaml | ||
heat-api-cloudwatch.yaml | ||
heat-api.yaml | ||
heat-base.yaml | ||
heat-engine.yaml | ||
horizon.yaml | ||
ironic-api.yaml | ||
ironic-base.yaml | ||
ironic-conductor.yaml | ||
keepalived.yaml | ||
kernel.yaml | ||
keystone.yaml | ||
manila-api.yaml | ||
manila-backend-cephfs.yaml | ||
manila-backend-generic.yaml | ||
manila-backend-netapp.yaml | ||
manila-base.yaml | ||
manila-scheduler.yaml | ||
manila-share.yaml | ||
memcached.yaml | ||
mistral-api.yaml | ||
mistral-base.yaml | ||
mistral-engine.yaml | ||
mistral-executor.yaml | ||
neutron-api.yaml | ||
neutron-base.yaml | ||
neutron-compute-plugin-midonet.yaml | ||
neutron-compute-plugin-nuage.yaml | ||
neutron-compute-plugin-ovn.yaml | ||
neutron-compute-plugin-plumgrid.yaml | ||
neutron-dhcp.yaml | ||
neutron-l3-compute-dvr.yaml | ||
neutron-l3.yaml | ||
neutron-metadata.yaml | ||
neutron-midonet.yaml | ||
neutron-ovs-agent.yaml | ||
neutron-ovs-dpdk-agent.yaml | ||
neutron-plugin-ml2-fujitsu-cfab.yaml | ||
neutron-plugin-ml2-fujitsu-fossw.yaml | ||
neutron-plugin-ml2-ovn.yaml | ||
neutron-plugin-ml2.yaml | ||
neutron-plugin-nuage.yaml | ||
neutron-plugin-plumgrid.yaml | ||
neutron-sriov-agent.yaml | ||
nova-api.yaml | ||
nova-base.yaml | ||
nova-compute.yaml | ||
nova-conductor.yaml | ||
nova-consoleauth.yaml | ||
nova-ironic.yaml | ||
nova-libvirt.yaml | ||
nova-metadata.yaml | ||
nova-placement.yaml | ||
nova-scheduler.yaml | ||
nova-vnc-proxy.yaml | ||
octavia-api.yaml | ||
octavia-base.yaml | ||
octavia-health-manager.yaml | ||
octavia-housekeeping.yaml | ||
octavia-worker.yaml | ||
opendaylight-api.yaml | ||
opendaylight-ovs.yaml | ||
ovn-dbs.yaml | ||
pacemaker_remote.yaml | ||
pacemaker.yaml | ||
panko-api.yaml | ||
panko-base.yaml | ||
rabbitmq.yaml | ||
README.rst | ||
sahara-api.yaml | ||
sahara-base.yaml | ||
sahara-engine.yaml | ||
services.yaml | ||
snmp.yaml | ||
sshd.yaml | ||
swift-base.yaml | ||
swift-proxy.yaml | ||
swift-ringbuilder.yaml | ||
swift-storage.yaml | ||
tacker.yaml | ||
tripleo-firewall.yaml | ||
tripleo-packages.yaml | ||
vpp.yaml | ||
zaqar.yaml |
services
A TripleO nested stack Heat template that encapsulates generic configuration data to configure a specific service. This generally includes everything needed to configure the service excluding the local bind ports which are still managed in the per-node role templates directly (controller.yaml, compute.yaml, etc.). All other (global) service settings go into the puppet/service templates.
Input Parameters
Each service may define its own input parameters and defaults. Operators will use the parameter_defaults section of any Heat environment to set per service parameters.
Config Settings
Each service may define three ways in which to output variables to configure Hiera settings on the nodes.
- config_settings: the hiera keys will be pushed on all roles of which the service is a part of.
- global_config_settings: the hiera keys will be distributed to all roles
- service_config_settings: Takes an extra key to wire in values that are defined for a service that need to be consumed by some other service. For example: service_config_settings: haproxy: foo: bar This will set the hiera key 'foo' on all roles where haproxy is included.
Deployment Steps
Each service may define an output variable which returns a puppet manifest snippet that will run at each of the following steps. Earlier manifests are re-asserted when applying latter ones.
config_settings: Custom hiera settings for this service.
global_config_settings: Additional hiera settings distributed to all roles.
step_config: A puppet manifest that is used to step through the deployment sequence. Each sequence is given a "step" (via hiera('step') that provides information for when puppet classes should activate themselves.
Steps correlate to the following:
- Load Balancer configuration
- Core Services (Database/Rabbit/NTP/etc.)
- Early Openstack Service setup (Ringbuilder, etc.)
- General OpenStack Services
- Service activation (Pacemaker)
Batch Upgrade Steps
Each service template may optionally define a upgrade_batch_tasks key, which is a list of ansible tasks to be performed during the upgrade process.
Similar to the step_config, we allow a series of steps for the per-service upgrade sequence, defined as ansible tasks with a tag e.g "step1" for the first step, "step2" for the second, etc (currently only two steps are supported, but more may be added when required as additional services get converted to batched upgrades).
Note that each step is performed in batches, then we move on to the next step which is also performed in batches (we don't perform all steps on one node, then move on to the next one which means you can sequence rolling upgrades of dependent services via the step value).
The tasks performed at each step is service specific, but note that all batch upgrade steps are performed before the upgrade_tasks described below. This means that all services that support rolling upgrades can be upgraded without downtime during upgrade_batch_tasks, then any remaining services are stopped and upgraded during upgrade_tasks
The default batch size is 1, but this can be overridden for each role via the upgrade_batch_size option in roles_data.yaml
Upgrade Steps
Each service template may optionally define a upgrade_tasks key, which is a list of ansible tasks to be performed during the upgrade process.
Similar to the step_config, we allow a series of steps for the per-service upgrade sequence, defined as ansible tasks with a tag e.g "step1" for the first step, "step2" for the second, etc.
Steps/tages correlate to the following:
Stop all control-plane services.
Quiesce the control-plane, e.g disable LoadBalancer, stop pacemaker cluster: this will stop the following resource:
- ocata:
- galera
- rabbit
- redis
- haproxy
- vips
- cinder-volumes
- cinder-backup
- manilla-share
- rbd-mirror
The exact order is controlled by the cluster constraints.
Perform a package update and install new packages: A general upgrade is done, and only new package should go into service ansible tasks.
Start services needed for migration tasks (e.g DB)
Perform any migration tasks, e.g DB sync commands
Note that the services are not started in the upgrade tasks - we instead re-run puppet which does any reconfiguration required for the new version, then starts the services.
Nova Server Metadata Settings
One can use the hook of type OS::TripleO::ServiceServerMetadataHook to pass entries to the nova instances' metadata. It is, however, disabled by default. In order to overwrite it one needs to define it in the resource registry. An implementation of this hook needs to conform to the following:
- It needs to define an input called RoleData of json type. This gets as input the contents of the role_data for each role's ServiceChain.
- This needs to define an output called metadata which will be given to the Nova Server resource as the instance's metadata.