From e55823480ef42e164998d812b5dd8fe219d09092 Mon Sep 17 00:00:00 2001 From: Michel Jouvin Date: Mon, 4 Nov 2024 14:24:02 +0100 Subject: [PATCH] Test commit for checking scripts --- defaults/openstack/config.pan | 5 +- features/barbican/config.pan | 4 + features/ceilometer/config.pan | 4 + features/cinder/config.pan | 4 + features/designate/config.pan | 2 + features/glance/config.pan | 4 + features/heat/config.pan | 4 + features/keystone/client/config-minimal.pan | 7 ++ features/keystone/config.pan | 4 + features/magnum/config.pan | 15 ++++ features/neutron/base.pan | 3 +- features/neutron/compute/config.pan | 3 + features/neutron/controller/config.pan | 33 ++++++++- features/neutron/mechanism/linuxbridge.pan | 9 ++- features/neutron/rpms/config.pan | 11 +-- features/nova/common/config.pan | 46 ++++++++++++ features/nova/compute/config.pan | 73 +++++++++---------- features/nova/controller/config.pan | 60 +++++++++------ features/octavia/config.pan | 4 + features/openstack/policy/json2yaml.pan | 28 +++++++ features/openstack/policy/json2yaml.tt | 26 +++++++ .../openstack/policy/json2yaml_schema.pan | 18 +++++ features/placement/config.pan | 4 + types/openstack/magnum.pan | 8 ++ types/openstack/nova.pan | 17 +++++ 25 files changed, 322 insertions(+), 74 deletions(-) create mode 100644 features/keystone/client/config-minimal.pan create mode 100644 features/nova/common/config.pan create mode 100644 features/openstack/policy/json2yaml.pan create mode 100755 features/openstack/policy/json2yaml.tt create mode 100644 features/openstack/policy/json2yaml_schema.pan diff --git a/defaults/openstack/config.pan b/defaults/openstack/config.pan index 2161b5a..3976d5c 100644 --- a/defaults/openstack/config.pan +++ b/defaults/openstack/config.pan @@ -33,6 +33,7 @@ variable OS_METADATA_SECRET ?= error('OS_METADATA_SECRET must be declared'); variable OS_LOGGING_TYPE ?= 'file'; variable OS_AUTH_CLIENT_CONFIG ?= 'features/keystone/client/config'; +variable OS_AUTH_CLIENT_MINIMAL_CONFIG ?= 'features/keystone/client/config-minimal'; # Define the following variable with the service project ID # Used by some services like Octavia to do some filtering @@ -146,7 +147,9 @@ variable OS_NOVA_CONTROLLER_HOST ?= error('OS_NOVA_CONTROLLER_HOST must be decla variable OS_NOVA_VNC_HOST ?= OS_NOVA_CONTROLLER_HOST; variable OS_NOVA_CONTROLLER_PROTOCOL ?= 'http'; variable OS_NOVA_VNC_PROTOCOL ?= OS_NOVA_CONTROLLER_PROTOCOL; -variable OS_NOVA_OVERWRITE_DEFAULT_POLICY ?= false; +# OS_NOVA_COMPUTE_POLICY muste be a policy file if a non-default policy is rquired +# Policy file extension must be json or yaml +variable OS_NOVA_COMPUTE_POLICY ?= undef; variable OS_NOVA_RESUME_VM_ON_BOOT ?= false; variable OS_NOVA_CPU_RATIO ?= 1.0; variable OS_NOVA_CPU_WEIGHT_MULTIPLIER ?= 1.0; diff --git a/features/barbican/config.pan b/features/barbican/config.pan index 449889e..cf9c4e4 100644 --- a/features/barbican/config.pan +++ b/features/barbican/config.pan @@ -1,5 +1,7 @@ unique template features/barbican/config; +variable OS_NODE_SERVICES = append('barbican'); + # Load some useful functions include 'defaults/openstack/functions'; @@ -25,6 +27,8 @@ prefix '/software/components/metaconfig/services/{/etc/barbican/barbican.conf}'; 'convert/joincomma' = true; 'convert/truefalse' = true; 'daemons/httpd' = 'restart'; +# Restart memcached to ensure considtency with service configuration changes +'daemons/memcached' = 'restart'; bind '/software/components/metaconfig/services/{/etc/barbican/barbican.conf}/contents' = openstack_barbican_config; diff --git a/features/ceilometer/config.pan b/features/ceilometer/config.pan index f61c15f..6fd93c7 100644 --- a/features/ceilometer/config.pan +++ b/features/ceilometer/config.pan @@ -1,5 +1,7 @@ unique template features/ceilometer/config; +variable OS_NODE_SERVICES = append('ceilometer'); + # Load some useful functions include 'defaults/openstack/functions'; @@ -28,6 +30,8 @@ prefix '/software/components/metaconfig/services/{/etc/ceilometer/ceilometer.con 'daemons/openstack-ceilometer-notification'='restart'; 'daemons/openstack-ceilometer-central'='restart'; 'daemons/openstack-ceilometer-collector'='restart'; +# Restart memcached to ensure considtency with service configuration changes +'daemons/memcached' = 'restart'; bind '/software/components/metaconfig/services/{/etc/ceilometer/ceilometer.conf}/contents' = openstack_ceilometer_config; # [DEFAULT] section diff --git a/features/cinder/config.pan b/features/cinder/config.pan index 90d1112..ab357d0 100644 --- a/features/cinder/config.pan +++ b/features/cinder/config.pan @@ -1,5 +1,7 @@ unique template features/cinder/config; +variable OS_NODE_SERVICES = append('cinder'); + # Load some useful functions include 'defaults/openstack/functions'; @@ -28,6 +30,8 @@ prefix '/software/components/metaconfig/services/{/etc/cinder/cinder.conf}'; 'daemons/openstack-cinder-api' = 'restart'; 'daemons/openstack-cinder-scheduler' = 'restart'; 'daemons/openstack-cinder-volume' = 'restart'; +# Restart memcached to ensure considtency with service configuration changes +'daemons/memcached' = 'restart'; bind '/software/components/metaconfig/services/{/etc/cinder/cinder.conf}/contents' = openstack_cinder_config; # [DEFAULT] section diff --git a/features/designate/config.pan b/features/designate/config.pan index a6e834a..116b179 100644 --- a/features/designate/config.pan +++ b/features/designate/config.pan @@ -1,3 +1,5 @@ unique template features/designate/config; +variable OS_NODE_SERVICES = append('designate'); + include 'features/designate/rpms'; diff --git a/features/glance/config.pan b/features/glance/config.pan index fd903f8..92cd9fe 100644 --- a/features/glance/config.pan +++ b/features/glance/config.pan @@ -9,6 +9,8 @@ required = no variable OS_GLANCE_WORKERS_NUM ?= length(value('/hardware/cpu')) * value('/hardware/cpu/0/cores'); +variable OS_NODE_SERVICES = append('glance'); + # Load some useful functions include 'defaults/openstack/functions'; @@ -46,6 +48,8 @@ prefix '/software/components/metaconfig/services/{/etc/glance/glance-api.conf}'; 'convert/joincomma' = true; 'convert/truefalse' = true; 'daemons/openstack-glance-api' = 'restart'; +# Restart memcached to ensure considtency with service configuration changes +'daemons/memcached' = 'restart'; bind '/software/components/metaconfig/services/{/etc/glance/glance-api.conf}/contents' = openstack_glance_api_config; # [DEFAULT] section diff --git a/features/heat/config.pan b/features/heat/config.pan index 204739e..c43125a 100644 --- a/features/heat/config.pan +++ b/features/heat/config.pan @@ -1,5 +1,7 @@ unique template features/heat/config; +variable OS_NODE_SERVICES = append('heat'); + # Load some useful functions include 'defaults/openstack/functions'; @@ -26,6 +28,8 @@ prefix '/software/components/metaconfig/services/{/etc/heat/heat.conf}'; 'daemons/openstack-heat-api' = 'restart'; 'daemons/openstack-heat-api-cfn' = 'restart'; 'daemons/openstack-heat-engine' = 'restart'; +# Restart memcached to ensure considtency with service configuration changes +'daemons/memcached' = 'restart'; bind '/software/components/metaconfig/services/{/etc/heat/heat.conf}/contents' = openstack_heat_config; # DEFAULT section diff --git a/features/keystone/client/config-minimal.pan b/features/keystone/client/config-minimal.pan new file mode 100644 index 0000000..4e8ea35 --- /dev/null +++ b/features/keystone/client/config-minimal.pan @@ -0,0 +1,7 @@ +structure template features/keystone/client/config-minimal; + +'auth_url' = format('%s://%s:35357', OS_KEYSTONE_CONTROLLER_PROTOCOL, OS_KEYSTONE_CONTROLLER_HOST); +'auth_type' = OS_KEYSTONE_TOKEN_AUTH_TYPE; +'project_domain_id' = 'default'; +'user_domain_id' = 'default'; +'project_name' = 'service'; diff --git a/features/keystone/config.pan b/features/keystone/config.pan index 466e26a..ae7123e 100644 --- a/features/keystone/config.pan +++ b/features/keystone/config.pan @@ -1,5 +1,7 @@ unique template features/keystone/config; +variable OS_NODE_SERVICES = append('keystone'); + # Load some useful functions include 'defaults/openstack/functions'; @@ -61,6 +63,8 @@ prefix '/software/components/metaconfig/services/{/etc/keystone/keystone.conf}'; 'convert/joincomma' = true; 'convert/truefalse' = true; 'daemons/httpd' = 'restart'; +# Restart memcached to ensure considtency with service configuration changes +'daemons/memcached' = 'restart'; bind '/software/components/metaconfig/services/{/etc/keystone/keystone.conf}/contents' = openstack_keystone_config; # [DEFAULT] section diff --git a/features/magnum/config.pan b/features/magnum/config.pan index f8fb670..16defca 100644 --- a/features/magnum/config.pan +++ b/features/magnum/config.pan @@ -1,5 +1,15 @@ unique template features/magnum/config; +@desc{ +desc = defines the cluster creation timeout (max time) +values = long +default = 60 +required = no +} +variable OS_MAGNUM_CLUSTER_CREATION_TIMEOUT ?= 60; + +variable OS_NODE_SERVICES = append('magnum'); + # Load some useful functions include 'defaults/openstack/functions'; @@ -24,6 +34,8 @@ prefix '/software/components/metaconfig/services/{/etc/magnum/magnum.conf}'; 'convert/truefalse' = true; 'daemons/openstack-magnum-api' = 'restart'; 'daemons/openstack-magnum-conductor' = 'restart'; +# Restart memcached to ensure considtency with service configuration changes +'daemons/memcached' = 'restart'; bind '/software/components/metaconfig/services/{/etc/magnum/magnum.conf}/contents' = openstack_magnum_config; # [DEFAULT] section @@ -49,6 +61,9 @@ bind '/software/components/metaconfig/services/{/etc/magnum/magnum.conf}/content # [cinder_client] section 'contents/cinder_client/region_name' = OS_REGION_NAME; +# [cluster_heat] section +'contents/cluster_heat/create_timeout' = OS_MAGNUM_CLUSTER_CREATION_TIMEOUT; + # [database] section 'contents/database/connection' = format('mysql+pymysql://%s:%s@%s/magnum', OS_MAGNUM_DB_USERNAME, OS_MAGNUM_DB_PASSWORD, OS_MAGNUM_DB_HOST); diff --git a/features/neutron/base.pan b/features/neutron/base.pan index 2c5505d..7018254 100644 --- a/features/neutron/base.pan +++ b/features/neutron/base.pan @@ -10,7 +10,8 @@ include 'types/openstack/neutron'; include 'defaults/openstack/config'; # Install RPMs for compute part of neutron -include 'features/neutron/rpms/config'; +variable OS_NEUTRON_CONFIG_ONLY ?= false; +include if ( ! OS_NEUTRON_CONFIG_ONLY ) 'features/neutron/rpms/config'; # Include variables needed to configure neutron include 'features/neutron/variables/' + OS_NEUTRON_NETWORK_TYPE; diff --git a/features/neutron/compute/config.pan b/features/neutron/compute/config.pan index 53647f4..0cf1c20 100644 --- a/features/neutron/compute/config.pan +++ b/features/neutron/compute/config.pan @@ -1,5 +1,7 @@ unique template features/neutron/compute/config; +variable OS_NODE_SERVICES = append('neutron'); + # Load some useful functions include 'defaults/openstack/functions'; @@ -10,6 +12,7 @@ include 'defaults/openstack/config'; include 'features/neutron/variables/' + OS_NEUTRON_NETWORK_TYPE; # Include some common configuration +variable OS_NEUTRON_CONFIG_ONLY = true; include 'features/neutron/base'; diff --git a/features/neutron/controller/config.pan b/features/neutron/controller/config.pan index 57ed5aa..d671dfa 100644 --- a/features/neutron/controller/config.pan +++ b/features/neutron/controller/config.pan @@ -9,14 +9,41 @@ required = no variable OS_NEUTRON_RESTART_ON_CONFIG_CHANGE ?= true; +variable OS_NODE_SERVICES = append('neutron'); + # Load Neutron base configuration include 'features/neutron/base'; # Include common server configuration include 'features/neutron/server'; -# Load Neutron server policy -include 'features/neutron/controller/policy/config'; +# Include policy file if OS_NEUTRON_POLICY is defined +@{ +desc = file to load as the policy file. File extension is used to determine the policy file extension +values = path relative to include paths +default = undef +requied = no +} +variable OS_NEUTRON_POLICY ?= undef; +include 'components/filecopy/config'; +'/software/components/filecopy/services' = { + if ( is_defined(OS_NEUTRON_POLICY) ) { + toks = matches(OS_NEUTRON_POLICY, '.*\.(json|yaml)$'); + if ( length(toks) < 2 ) { + error('OS_NEUTRON_POLICY must be a file name with the extension .json or .yaml'); + }; + policy_file = format('/etc/neutron/policy.%s', toks[1]); + SELF[escape(policy_file)] = dict( + 'config', file_contents(OS_NEUTRON_POLICY), + 'owner', 'root', + 'perms', '0644', + 'backup', true, + ); + }; + + SELF; +}; + # neutron.conf include 'components/metaconfig/config'; @@ -26,6 +53,8 @@ prefix '/software/components/metaconfig/services/{/etc/neutron/neutron.conf}'; } else { null }; +# Restart memcached to ensure considtency with service configuration changes +'daemons/memcached' = 'restart'; bind '/software/components/metaconfig/services/{/etc/neutron/neutron.conf}/contents' = openstack_neutron_server_config; # [DEFAULT] diff --git a/features/neutron/mechanism/linuxbridge.pan b/features/neutron/mechanism/linuxbridge.pan index 3480321..06c933e 100644 --- a/features/neutron/mechanism/linuxbridge.pan +++ b/features/neutron/mechanism/linuxbridge.pan @@ -1,6 +1,13 @@ template features/neutron/mechanism/linuxbridge; -'/software/packages' = pkg_repl('openstack-neutron-linuxbridge'); +'/software/packages' = { + pkg_repl('openstack-neutron-linuxbridge'); + # contrack-tools is an undeclared openstack-neutron-linuxbridge dependency, + # declared as required by openstack-neutron + pkg_repl('conntrack-tools'); + + SELF; +}; include 'features/neutron/agents/linuxbridge_agent'; diff --git a/features/neutron/rpms/config.pan b/features/neutron/rpms/config.pan index 276ce96..c942b0e 100644 --- a/features/neutron/rpms/config.pan +++ b/features/neutron/rpms/config.pan @@ -1,7 +1,8 @@ unique template features/neutron/rpms/config; -prefix '/software/packages'; -'{openstack-neutron}' ?= dict(); -'{python3-neutronclient}' ?= dict(); -'{ebtables}' ?= dict(); -'{ipset}' ?= dict(); +'/software/packages' = { + pkg_repl('openstack-neutron'); + pkg_repl('python3-neutronclient'); + + SELF; +}; diff --git a/features/nova/common/config.pan b/features/nova/common/config.pan new file mode 100644 index 0000000..837e54d --- /dev/null +++ b/features/nova/common/config.pan @@ -0,0 +1,46 @@ +unique template features/nova/common/config; + +prefix '/software/components/metaconfig/services/{/etc/nova/nova.conf}'; + +# [DEFAULT] section +'contents/DEFAULT' = openstack_load_config('features/openstack/base'); +'contents/DEFAULT' = openstack_load_config('features/openstack/logging/' + OS_LOGGING_TYPE); + +# [keystone_authtoken] section +'contents/keystone_authtoken' = openstack_load_config(OS_AUTH_CLIENT_CONFIG); +'contents/keystone_authtoken/username' = OS_NOVA_USERNAME; +'contents/keystone_authtoken/password' = OS_NOVA_PASSWORD; + +# [neutron] section +'contents/neutron' = openstack_load_config(OS_AUTH_CLIENT_MINIMAL_CONFIG); +'contents/neutron/password' = OS_NEUTRON_PASSWORD; +'contents/neutron/region_name' = OS_REGION_NAME; +'contents/neutron/username' = OS_NEUTRON_USERNAME; + +# [oslo_concurrency] +'contents/oslo_concurrency/lock_path' = '/var/lib/nova/tmp'; + +#[oslo_messaging_rabbit] section +'contents/oslo_messaging_rabbit' = openstack_load_config('features/rabbitmq/openstack/client/base'); + +# |service_user] section +'contents/service_user' = openstack_load_config(OS_AUTH_CLIENT_MINIMAL_CONFIG); +'contents/service_user/send_service_user_token' = true; +'contents/service_user/username' = OS_NOVA_USERNAME; +'contents/service_user/password' = OS_NOVA_PASSWORD; + +# [upgrade_levels] section +# Require OS_NOVA_UPGRADE_LEVELS to be <= to current server version +'contents/upgrade_levels' = if ( is_defined(OS_NOVA_UPGRADE_LEVELS) ) { + if ( OS_NOVA_UPGRADE_LEVELS <= OPENSTACK_VERSION_NAME ) { + dict('compute', OS_NOVA_UPGRADE_LEVELS); + } else { + error( + "OS_NOVA_UPGRADE_LEVELS (%s) must be less or equal to current OpenStack version (%s)", + OS_NOVA_UPGRADE_LEVELS, + OPENSTACK_VERSION_NAME, + ); + }; +} else { + null; +}; diff --git a/features/nova/compute/config.pan b/features/nova/compute/config.pan index 510bb19..4c9706c 100644 --- a/features/nova/compute/config.pan +++ b/features/nova/compute/config.pan @@ -9,6 +9,8 @@ required = no variable OS_NOVA_LIVE_MIGRATION_SITE_CONFIG ?= undef; +variable OS_NODE_SERVICES = append('nova'); + # Load some useful functions include 'defaults/openstack/functions'; @@ -24,8 +26,32 @@ include 'features/nova/compute/rpms'; # Include Placement configuration for compute servers include 'features/nova/compute/placement'; -# Include policy.json file -include if ( OS_NOVA_OVERWRITE_DEFAULT_POLICY ) 'features/nova/compute/policy/config'; +# Include policy file if OS_NOVA_COMPUTE_POLICY is defined +@{ +desc = file to load as the policy file. File extension is used to determine the policy file extension +values = path relative to include paths +default = undef +requied = no +} +variable OS_NOVA_COMPUTE_POLICY ?= undef; +include 'components/filecopy/config'; +'/software/components/filecopy/services' = { + if ( is_defined(OS_NOVA_COMPUTE_POLICY) ) { + toks = matches(OS_NOVA_COMPUTE_POLICY, '.*\.(json|yaml)$'); + if ( length(toks) < 2 ) { + error('OS_NOVA_COMPUTE_POLICY must be a file name with the extension .json or .yaml'); + }; + policy_file = format('/etc/nova/policy.%s', toks[1]); + SELF[escape(policy_file)] = dict( + 'config', file_contents(OS_NOVA_COMPUTE_POLICY), + 'owner', 'root', + 'perms', '0644', + 'backup', true, + ); + }; + + SELF; +}; # Enable nested virtualization if needed include if ( is_defined(OS_NOVA_COMPUTE_NESTED) && OS_NOVA_COMPUTE_NESTED ) 'features/nova/compute/nested'; @@ -50,11 +76,14 @@ prefix '/software/components/metaconfig/services/{/etc/nova/nova.conf}'; 'convert/truefalse' = true; 'daemons/libvirtd' = 'restart'; 'daemons/openstack-nova-compute' = 'restart'; +# Restart memcached to ensure considtency with service configuration changes +'daemons/memcached' = 'restart'; bind '/software/components/metaconfig/services/{/etc/nova/nova.conf}/contents' = openstack_nova_compute_config; +# Include nova.conf configuration common to all services +include 'features/nova/common/config'; + # [DEFAULT] section -'contents/DEFAULT' = openstack_load_config('features/openstack/base'); -'contents/DEFAULT' = openstack_load_config('features/openstack/logging/' + OS_LOGGING_TYPE); 'contents/DEFAULT/cpu_allocation_ratio' = OS_NOVA_CPU_RATIO; 'contents/DEFAULT/initial_cpu_allocation_ratio' = OS_NOVA_INITIAL_CPU_RATIO; 'contents/DEFAULT/disk_allocation_ratio' = OS_NOVA_DISK_RATIO; @@ -77,45 +106,9 @@ bind '/software/components/metaconfig/services/{/etc/nova/nova.conf}/contents' = }; }; -# [keystone_authtoken] section -'contents/keystone_authtoken' = openstack_load_config(OS_AUTH_CLIENT_CONFIG); -'contents/keystone_authtoken/username' = OS_NOVA_USERNAME; -'contents/keystone_authtoken/password' = OS_NOVA_PASSWORD; - # [libvirtd] section 'contents/libvirt/virt_type' = OS_NOVA_VIRT_TYPE; -# [neutron] section -'contents/neutron/auth_type' = 'password'; -'contents/neutron/auth_url' = OS_KEYSTONE_CONTROLLER_PROTOCOL + '://' + OS_KEYSTONE_CONTROLLER_HOST + ':35357'; -'contents/neutron/password' = OS_NEUTRON_PASSWORD; -'contents/neutron/project_name' = 'service'; -'contents/neutron/project_domain_id' = 'default'; -'contents/neutron/region_name' = OS_REGION_NAME; -'contents/neutron/user_domain_id' = 'default'; -'contents/neutron/username' = OS_NEUTRON_USERNAME; - -# [oslo_concurrency] -'contents/oslo_concurrency/lock_path' = '/var/lib/nova/tmp'; - -#[oslo_messaging_rabbit] section -'contents/oslo_messaging_rabbit' = openstack_load_config('features/rabbitmq/openstack/client/base'); - -# [upgrade_levels] section -# Require OS_NOVA_UPGRADE_LEVELS to be <= to current server version -'contents/upgrade_levels' = if ( is_defined(OS_NOVA_UPGRADE_LEVELS) ) { - if ( OS_NOVA_UPGRADE_LEVELS <= OPENSTACK_VERSION_NAME ) { - dict('compute', OS_NOVA_UPGRADE_LEVELS); - } else { - error("OS_NOVA_UPGRADE_LEVELS (%s) must be less or equal to current OpenStack version (%s)", - OS_NOVA_UPGRADE_LEVELS, - OPENSTACK_VERSION_NAME, - ); - }; -} else { - null; -}; - # [vnc] section 'contents/vnc/enabled' = true; 'contents/vnc/server_listen' = '0.0.0.0'; diff --git a/features/nova/controller/config.pan b/features/nova/controller/config.pan index 9dd1288..2b49161 100644 --- a/features/nova/controller/config.pan +++ b/features/nova/controller/config.pan @@ -1,5 +1,7 @@ unique template features/nova/controller/config; +variable OS_NODE_SERVICES = append('nova'); + # Load some useful functions include 'defaults/openstack/functions'; @@ -28,6 +30,34 @@ variable OS_NOVA_DEFAULT_SCHEDULE_ZONE ?= null; # Install RPMs for compute part of neutron include 'features/nova/controller/rpms'; +# Include policy file if OS_NOVA_CONTROLLER_POLICY is defined +@{ +desc = file to load as the policy file. File extension is used to determine the policy file extension +values = path relative to include paths +default = undef +requied = no +} +variable OS_NOVA_CONTROLLER_POLICY ?= undef; +include 'components/filecopy/config'; +'/software/components/filecopy/services' = { + if ( is_defined(OS_NOVA_CONTROLLER_POLICY) ) { + toks = matches(OS_NOVA_CONTROLLER_POLICY, '.*\.(json|yaml)$'); + if ( length(toks) < 2 ) { + error('OS_NOVA_CONTROLLER_POLICY must be a file name with the extension .json or .yaml'); + }; + policy_file = format('/etc/nova/policy.%s', toks[1]); + SELF[escape(policy_file)] = dict( + 'config', file_contents(OS_NOVA_CONTROLLER_POLICY), + 'owner', 'root', + 'perms', '0644', + 'backup', true, + ); + }; + + SELF; +}; + + include 'components/systemd/config'; prefix '/software/components/systemd/unit'; 'openstack-nova-api/startstop' = true; @@ -44,11 +74,15 @@ prefix '/software/components/metaconfig/services/{/etc/nova/nova.conf}'; 'daemons/openstack-nova-scheduler'='restart'; 'daemons/openstack-nova-conductor'='restart'; 'daemons/openstack-nova-novncproxy'='restart'; +# Restart memcached to ensure considtency with service configuration changes +'daemons/memcached' = 'restart'; bind '/software/components/metaconfig/services/{/etc/nova/nova.conf}/contents' = openstack_nova_server_config; + +# Include nova.conf configuration common to all services +include 'features/nova/common/config'; + # [DEFAULT] section -'contents/DEFAULT' = openstack_load_config('features/openstack/base'); -'contents/DEFAULT' = openstack_load_config('features/openstack/logging/' + OS_LOGGING_TYPE); 'contents/DEFAULT' = openstack_load_ssl_config( OS_NOVA_CONTROLLER_PROTOCOL == 'https' ); 'contents/DEFAULT/default_schedule_zone' = OS_NOVA_DEFAULT_SCHEDULE_ZONE; 'contents/DEFAULT/cpu_allocation_ratio' = OS_NOVA_CPU_RATIO; @@ -89,18 +123,9 @@ bind '/software/components/metaconfig/services/{/etc/nova/nova.conf}/contents' = 'contents/filter_scheduler/enabled_filters' = OS_NOVA_SCHEDULER_ENABLED_FILTERS; 'contents/filter_scheduler/ram_weight_multiplier' = OS_NOVA_RAM_WEIGHT_MULTIPLIER; -# [keystone_authtoken] section -'contents/keystone_authtoken' = openstack_load_config(OS_AUTH_CLIENT_CONFIG); -'contents/keystone_authtoken/username' = OS_NOVA_USERNAME; -'contents/keystone_authtoken/password' = OS_NOVA_PASSWORD; - # [neutron] section -'contents/neutron' = openstack_load_config(OS_AUTH_CLIENT_CONFIG); 'contents/neutron/metadata_proxy_shared_secret' = OS_METADATA_SECRET; -'contents/neutron/password' = OS_NEUTRON_PASSWORD; 'contents/neutron/service_metadata_proxy' = true; -'contents/neutron/username' = OS_NEUTRON_USERNAME; -'contents/neutron/memcached_servers' = null; # Remove options not valid in the [neutron] section 'contents/neutron/auth_version' = null; @@ -108,15 +133,9 @@ bind '/software/components/metaconfig/services/{/etc/nova/nova.conf}/contents' = 'contents/neutron/service_token_roles_required' = null; 'contents/neutron/www_authenticate_uri' = null; -# [oslo_concurrency] -'contents/oslo_concurrency/lock_path' = '/var/lib/nova/tmp'; - #[oslo_messaging_notifications] section 'contents/oslo_messaging_notifications' = openstack_load_config('features/oslo_messaging/notifications'); -#[oslo_messaging_rabbit] section -'contents/oslo_messaging_rabbit' = openstack_load_config('features/rabbitmq/openstack/client/base'); - # [placement] section 'contents/placement/os_region_name' = OS_REGION_NAME; 'contents/placement/project_domain_name' = 'default'; @@ -127,13 +146,6 @@ bind '/software/components/metaconfig/services/{/etc/nova/nova.conf}/contents' = 'contents/placement/auth_url' = OS_KEYSTONE_CONTROLLER_PROTOCOL + '://' + OS_KEYSTONE_CONTROLLER_HOST + ':35357/v3'; 'contents/placement/auth_type' = 'password'; -# [vnc] section -'contents/vnc/server_listen' = PRIMARY_IP; -'contents/vnc/server_proxyclient_address' = PRIMARY_IP; - -# [upgrade_levels] section -'contents/upgrade_levels/compute' = OS_NOVA_UPGRADE_LEVELS; - # [wsgi] section 'contents/wsgi' = openstack_load_ssl_config( OS_NOVA_CONTROLLER_PROTOCOL == 'https' ); 'contents/wsgi/ssl_cert_file' = if ( exists('/software/components/metaconfig/services/{/etc/nova/nova.conf}/contents/wsgi/cert_file') ) { diff --git a/features/octavia/config.pan b/features/octavia/config.pan index 2f57367..2a76bdf 100644 --- a/features/octavia/config.pan +++ b/features/octavia/config.pan @@ -1,5 +1,7 @@ unique template features/octavia/config; +variable OS_NODE_SERVICES = append('octavia'); + # Load some useful functions include 'defaults/openstack/functions'; @@ -110,6 +112,8 @@ prefix '/software/components/metaconfig/services/{/etc/octavia/octavia.conf}'; 'daemons/octavia-health-manager' = 'restart'; 'daemons/octavia-housekeeping' = 'restart'; 'daemons/octavia-worker' = 'restart'; +# Restart memcached to ensure considtency with service configuration changes +'daemons/memcached' = 'restart'; bind '/software/components/metaconfig/services/{/etc/octavia/octavia.conf}/contents' = openstack_octavia_config; diff --git a/features/openstack/policy/json2yaml.pan b/features/openstack/policy/json2yaml.pan new file mode 100644 index 0000000..7ca292d --- /dev/null +++ b/features/openstack/policy/json2yaml.pan @@ -0,0 +1,28 @@ +# Template to create a script to convert JSON-formatted policy files to YAML +# for all services configured on the server. +# It must be included at the very end of the server configuration, typically in the +# template doine the repository configuration. + +unique template features/openstack/policy/json2yaml; + +include 'features/openstack/policy/json2yaml_schema'; + +# Build conversion script based on current node type +'/software/components/metaconfig/commands/json2yaml' = '/var/quattor/script/openstack/policy_json2yaml'; +prefix '/software/components/metaconfig/services/{/var/quattor/script/openstack/policy_json2yaml}'; +'module' = 'openstack/json2yaml'; +# Use post action to run the script every time metaconfig is run +'actions/post' = 'json2yaml'; +'convert/joinspace' = true; +'mode' = 0755; +bind '/software/components/metaconfig/services/{/var/quattor/script/openstack/policy_json2yaml}/contents' = openstack_policy_json2yaml; +'contents/services' = OS_NODE_SERVICES; + + +# Load TT file to create the conversion script for the current node type +# Run metaconfig in case the TT file was modified and configuration must be regenerated +include 'components/filecopy/config'; +'/software/components/filecopy/dependencies/post' = openstack_add_component_dependency('metaconfig'); +prefix '/software/components/filecopy/services/{/usr/share/templates/quattor/metaconfig/openstack/json2yaml.tt}'; +'config' = file_contents('features/openstack/policy/json2yaml.tt'); +'perms' = '0644'; diff --git a/features/openstack/policy/json2yaml.tt b/features/openstack/policy/json2yaml.tt new file mode 100755 index 0000000..c369008 --- /dev/null +++ b/features/openstack/policy/json2yaml.tt @@ -0,0 +1,26 @@ +#!/usr/bin/env bash +# +# Script to convert JSON-formatted policy files to YAML for all the OpenStack services configured on the server. +# It is harmless to run this script multiple times: it converts the JSON file only if a YAML file is not already present. +# It is typically run by ncm-metaconfig as a post or changed action. + +for service in [% services %] +do + etc_dir=/etc/${service} + + if [ -f "${etc_dir}/policy.json" ] + then + if [ ! -f "${etc_dir}/policy.yaml" ] + then + echo "Converting ${etc_dir}/policy.json to YAML (${etc_dir}/policy.yaml)" + oslopolicy-convert-json-to-yaml --config-file "${etc_dir}/${service}.conf" --namespace "${service}" --policy-file "${etc_dir}/policy.json" --output-file "${etc_dir}/policy.yaml" + else + echo "Policy already in YAML format for $service: nothing done" + fi + + #mv ${etc_dir}/policy.json ${etc_dir}/policy.json.to_delete + + else + echo "No JSON policy file found for ${service}: nothing done" + fi +done diff --git a/features/openstack/policy/json2yaml_schema.pan b/features/openstack/policy/json2yaml_schema.pan new file mode 100644 index 0000000..ec8b39e --- /dev/null +++ b/features/openstack/policy/json2yaml_schema.pan @@ -0,0 +1,18 @@ +unique template features/openstack/policy/json2yaml_schema; + +type openstack_policy_json2yaml = { + 'services' : choice( + 'barbican', + 'ceilometer', + 'cinder', + 'compute', + 'glance', + 'heat', + 'keystone', + 'magnum', + 'nova', + 'neutron', + 'octavia', + 'placement' + )[] +}; diff --git a/features/placement/config.pan b/features/placement/config.pan index 899de18..554d326 100644 --- a/features/placement/config.pan +++ b/features/placement/config.pan @@ -1,5 +1,7 @@ unique template features/placement/config; +variable OS_NODE_SERVICES = append('placement'); + # Load some useful functions include 'defaults/openstack/functions'; @@ -23,6 +25,8 @@ prefix '/software/components/metaconfig/services/{/etc/placement/placement.conf} 'daemons/httpd' = 'restart'; 'convert/joincomma' = true; 'convert/truefalse' = true; +# Restart memcached to ensure considtency with service configuration changes +'daemons/memcached' = 'restart'; bind '/software/components/metaconfig/services/{/etc/placement/placement.conf}/contents' = openstack_placement_config; # [api] section diff --git a/types/openstack/magnum.pan b/types/openstack/magnum.pan index 15a469d..3a8f41b 100644 --- a/types/openstack/magnum.pan +++ b/types/openstack/magnum.pan @@ -41,6 +41,13 @@ type openstack_magnum_cinder_client = { 'region_name' : string }; +@documentation { + cluster_heat section for Magnum +} +type openstack_magnum_cluster_heat = { + 'create_timeout' : long = 60 +}; + @documentation { heat_client section for Magnum } @@ -84,6 +91,7 @@ type openstack_magnum_config = { 'certificates' : openstack_magnum_certificates 'cinder' : openstack_magnum_cinder 'cinder_client' : openstack_magnum_cinder_client + 'cluster_heat' : openstack_magnum_cluster_heat 'database' : openstack_database 'heat_client' : openstack_magnum_heat_client 'keystone_auth' : openstack_keystone_authtoken diff --git a/types/openstack/nova.pan b/types/openstack/nova.pan index 1b0611b..7f61249 100644 --- a/types/openstack/nova.pan +++ b/types/openstack/nova.pan @@ -162,6 +162,22 @@ type openstack_nova_placement = { 'username' : string }; +@documentation { + The configuration options in the service_user section +} +type openstack_nova_service_user = { + 'auth_url' : type_hostURI + 'auth_type' : string + 'password' : string + 'project_domain_id' ? string + 'project_domain_name' ? string + 'project_name' : string + 'send_service_user_token' : boolean + 'username' : string + 'user_domain_id' ? string + 'user_domain_name' ? string +} with openstack_project_name_or_id(SELF); + @documentation { parameters for nova configuration [upgrade_levels] section } @@ -199,6 +215,7 @@ type openstack_nova_common_config = { 'oslo_messaging_notifications' ? openstack_oslo_messaging_notifications 'oslo_messaging_rabbit' ? openstack_oslo_messaging_rabbit 'placement' ? openstack_nova_placement + 'service_user' : openstack_nova_service_user 'upgrade_levels' ? openstack_nova_upgrade_levels 'vnc' ? openstack_nova_vnc };