This repository has been archived by the owner on Feb 29, 2024. It is now read-only.
/
deploy-steps.j2
555 lines (531 loc) · 19.1 KB
/
deploy-steps.j2
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
# certain initialization steps (run in a container) will occur
# on the role marked as primary controller or the first role listed
{%- if enabled_roles is not defined or enabled_roles == [] -%}
# On upgrade certain roles can be disabled for operator driven upgrades
# See major_upgrade_steps.j2.yaml and post-upgrade.j2.yaml
{%- set enabled_roles = roles -%}
{%- set is_upgrade = false -%}
{%- else %}
{%- set is_upgrade = true -%}
{%- endif -%}
{%- set primary_role = [enabled_roles[0]] -%}
{%- for role in enabled_roles -%}
{%- if 'primary' in role.tags and 'controller' in role.tags -%}
{%- set _ = primary_role.pop() -%}
{%- set _ = primary_role.append(role) -%}
{%- endif -%}
{%- endfor -%}
{%- set primary_role_name = primary_role[0].name -%}
# primary role is: {{primary_role_name}}
{% set deploy_steps_max = 6 -%}
{% set update_steps_max = 6 -%}
{% set upgrade_steps_max = 6 -%}
{% set post_upgrade_steps_max = 4 -%}
heat_template_version: queens
description: >
Post-deploy configuration steps via puppet for all roles,
as defined in ../roles_data.yaml
parameters:
servers:
type: json
description: Mapping of Role name e.g Controller to a list of servers
stack_name:
type: string
description: Name of the topmost stack
role_data:
type: json
description: Mapping of Role name e.g Controller to the per-role data
DeployIdentifier:
default: ''
type: string
description: >
Setting this to a unique value will re-run any deployment tasks which
perform configuration on a Heat stack-update.
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ConfigDebug:
default: false
description: Whether to run config management (e.g. Puppet) in debug mode.
type: boolean
DockerPuppetDebug:
type: string
default: ''
description: Set to True to enable debug logging with docker-puppet.py
DockerPuppetProcessCount:
type: number
default: 3
description: Number of concurrent processes to use when running docker-puppet to generate config files.
ctlplane_service_ips:
type: json
blacklisted_ip_addresses:
description: List of IP addresses belong to blacklisted servers
type: comma_delimited_list
default: []
blacklisted_hostnames:
description: List of hostnames belong to blacklisted servers
type: comma_delimited_list
default: []
conditions:
{% for step in range(1, deploy_steps_max) %}
WorkflowTasks_Step{{step}}_Enabled:
or:
{%- for role in enabled_roles %}
- not:
equals:
- get_param: [role_data, {{role.name}}, workflow_tasks, step{{step}}]
- ''
- False
{%- endfor %}
{% endfor %}
resources:
RoleConfig:
type: OS::Heat::SoftwareConfig
properties:
group: ansible
options:
modulepath: /usr/share/ansible-modules
inputs:
- name: step
- name: role_name
- name: update_identifier
- name: bootstrap_server_id
- name: enable_debug
- name: docker_puppet_debug
- name: docker_puppet_process_count
- name: role_data_step_config
- name: role_data_puppet_config
type: Json
- name: role_data_docker_config_scripts
type: Json
- name: role_data_docker_puppet_tasks
type: Json
- name: role_data_docker_config
type: Json
- name: role_data_kolla_config
type: Json
config:
str_replace:
template: |
- hosts: localhost
connection: local
tasks:
_TASKS
params:
_TASKS: {get_file: deploy-steps-tasks.yaml}
ExternalDeployTasks:
type: OS::Heat::Value
properties:
type: comma_delimited_list
value:
yaql:
# processing from per-role unique tasks into globally unique tasks
expression: coalesce($.data, []).flatten().distinct()
data:
{%- for role in enabled_roles %}
- get_param: [role_data, {{role.name}}, external_deploy_tasks]
{%- endfor %}
ExternalPostDeployTasks:
type: OS::Heat::Value
properties:
type: comma_delimited_list
value:
yaql:
# processing from per-role unique tasks into globally unique tasks
expression: coalesce($.data, []).flatten().distinct()
data:
{%- for role in enabled_roles %}
- get_param: [role_data, {{role.name}}, external_post_deploy_tasks]
{%- endfor %}
{%- for step in range(1, deploy_steps_max) %}
# BEGIN workflow_tasks handling
WorkflowTasks_Step{{step}}:
type: OS::Mistral::Workflow
condition: WorkflowTasks_Step{{step}}_Enabled
depends_on:
{%- if step == 1 %}
{%- for dep in enabled_roles %}
- {{dep.name}}PreConfig
- {{dep.name}}ArtifactsDeploy
{%- endfor %}
{%- else %}
{%- for dep in enabled_roles %}
- {{dep.name}}Deployment_Step{{step -1}}
{%- endfor %}
{%- endif %}
properties:
name: {list_join: [".", ["tripleo", {get_param: stack_name}, "workflow_tasks", "step{{step}}"]]}
type: direct
tags:
- tripleo-heat-templates-managed
- {get_param: stack_name}
tasks:
yaql:
expression: $.data.where($ != '').select($.get('step{{step}}')).where($ != null).flatten()
data:
{%- for role in enabled_roles %}
- get_param: [role_data, {{role.name}}, workflow_tasks]
{%- endfor %}
WorkflowTasks_Step{{step}}_Execution:
type: OS::Mistral::ExternalResource
condition: WorkflowTasks_Step{{step}}_Enabled
depends_on: WorkflowTasks_Step{{step}}
properties:
actions:
CREATE:
workflow: { get_resource: WorkflowTasks_Step{{step}} }
params:
env:
service_ips: { get_param: ctlplane_service_ips }
role_merged_configs:
{%- for r in roles %}
{{r.name}}: {get_param: [role_data, {{r.name}}, merged_config_settings]}
{%- endfor %}
blacklisted_ip_addresses: {get_param: blacklisted_ip_addresses}
blacklisted_hostnames: {get_param: blacklisted_hostnames}
evaluate_env: false
UPDATE:
workflow: { get_resource: WorkflowTasks_Step{{step}} }
params:
env:
service_ips: { get_param: ctlplane_service_ips }
role_merged_configs:
{%- for r in roles %}
{{r.name}}: {get_param: [role_data, {{r.name}}, merged_config_settings]}
{%- endfor %}
blacklisted_ip_addresses: {get_param: blacklisted_ip_addresses}
blacklisted_hostnames: {get_param: blacklisted_hostnames}
evaluate_env: false
always_update: true
# END workflow_tasks handling
{% endfor %}
BootstrapServerId:
type: OS::Heat::Value
properties:
value:
yaql:
expression: $.data.items().orderBy($[0]).first()[1]
data: {get_param: [servers, {{primary_role_name}}]}
# Artifacts config and HostPrepConfig is done on all roles, not only
# enabled_roles, because on upgrade we need to write the json files
# for the operator driven upgrade scripts (the ansible steps consume them)
{% for role in roles %}
# Prepare host tasks for {{role.name}}
{{role.name}}ArtifactsConfig:
type: ../puppet/deploy-artifacts.yaml
{{role.name}}ArtifactsDeploy:
type: OS::Heat::StructuredDeploymentGroup
properties:
name: {{role.name}}ArtifactsDeploy
servers: {get_param: [servers, {{role.name}}]}
config: {get_resource: {{role.name}}ArtifactsConfig}
{{role.name}}HostPrepConfig:
type: OS::Heat::SoftwareConfig
properties:
group: ansible
options:
modulepath: /usr/share/ansible-modules
config:
str_replace:
template: _PLAYBOOK
params:
_PLAYBOOK:
- hosts: localhost
connection: local
vars:
docker_puppet_script: {get_file: ../docker/docker-puppet.py}
bootstrap_server_id: {get_attr: [BootstrapServerId, value]}
tasks:
# Join host_prep_tasks with the other per-host configuration
list_concat:
{%- if is_upgrade|default(false) and role.disable_upgrade_deployment|default(false) %}
- []
{%- else %}
- {get_param: [role_data, {{role.name}}, host_prep_tasks]}
{%- endif %}
-
# FIXME: can we move docker-puppet somewhere so it's installed via a package?
- name: Create /var/lib/docker-puppet
file: path=/var/lib/docker-puppet state=directory setype=svirt_sandbox_file_t selevel=s0 recurse=true
- name: Write docker-puppet.py
copy: content="{{ '{{' }}docker_puppet_script{{ '}}' }}" dest=/var/lib/docker-puppet/docker-puppet.py force=yes mode=0600
{{role.name}}HostPrepDeployment:
type: OS::Heat::SoftwareDeploymentGroup
properties:
name: {{role.name}}HostPrepDeployment
servers: {get_param: [servers, {{role.name}}]}
config: {get_resource: {{role.name}}HostPrepConfig}
{% endfor %}
# BEGIN CONFIG STEPS, only on enabled_roles
{%- for role in enabled_roles %}
{{role.name}}PreConfig:
type: OS::TripleO::Tasks::{{role.name}}PreConfig
depends_on: {{role.name}}HostPrepDeployment
properties:
servers: {get_param: [servers, {{role.name}}]}
input_values:
update_identifier: {get_param: DeployIdentifier}
# Deployment steps for {{role.name}}
# A single config is re-applied with an incrementing step number
{% for step in range(1, deploy_steps_max) %}
{{role.name}}Deployment_Step{{step}}:
type: OS::TripleO::DeploymentSteps
depends_on:
- WorkflowTasks_Step{{step}}_Execution
# TODO(gfidente): the following if/else condition
# replicates what is already defined for the
# WorkflowTasks_StepX resource and can be remove
# if https://bugs.launchpad.net/heat/+bug/1700569
# is fixed.
{%- if step == 1 %}
{%- for dep in enabled_roles %}
- {{dep.name}}PreConfig
- {{dep.name}}ArtifactsDeploy
{%- endfor %}
{%- else %}
{%- for dep in enabled_roles %}
- {{dep.name}}Deployment_Step{{step -1}}
{%- endfor %}
{%- endif %}
properties:
name: {{role.name}}Deployment_Step{{step}}
servers: {get_param: [servers, {{role.name}}]}
config: {get_resource: RoleConfig}
input_values:
step: {{step}}
role_name: {{role.name}}
update_identifier: {get_param: DeployIdentifier}
bootstrap_server_id: {get_attr: [BootstrapServerId, value]}
enable_debug: {get_param: ConfigDebug}
docker_puppet_debug: {get_param: DockerPuppetDebug}
docker_puppet_process_count: {get_param: DockerPuppetProcessCount}
role_data_step_config: {get_param: [role_data, {{role.name}}, step_config]}
role_data_puppet_config: {get_param: [role_data, {{role.name}}, puppet_config]}
role_data_docker_config_scripts: {get_param: [role_data, {{role.name}}, docker_config_scripts]}
role_data_docker_puppet_tasks: {get_param: [role_data, {{role.name}}, docker_puppet_tasks]}
role_data_docker_config: {get_param: [role_data, {{role.name}}, docker_config]}
role_data_kolla_config: {get_param: [role_data, {{role.name}}, kolla_config]}
deploy_steps_max: {{deploy_steps_max}}
{% endfor %}
# END CONFIG STEPS
# Note, this should be the last step to execute configuration changes.
# Ensure that all {{role.name}}ExtraConfigPost steps are executed
# after all the previous deployment steps.
{{role.name}}ExtraConfigPost:
depends_on:
{%- for dep in enabled_roles %}
- {{dep.name}}Deployment_Step5
{%- endfor %}
type: OS::TripleO::NodeExtraConfigPost
properties:
servers: {get_param: [servers, {{role.name}}]}
# The {{role.name}}PostConfig steps are in charge of
# quiescing all services, i.e. in the Controller case,
# we should run a full service reload.
{{role.name}}PostConfig:
type: OS::TripleO::Tasks::{{role.name}}PostConfig
depends_on:
{%- for dep in enabled_roles %}
- {{dep.name}}ExtraConfigPost
{%- endfor %}
properties:
servers: {get_param: servers}
input_values:
update_identifier: {get_param: DeployIdentifier}
{% endfor %}
outputs:
RoleConfig:
description: Mapping of config data for all roles
value:
global_vars:
deploy_steps_max: {{deploy_steps_max}}
common_deploy_steps_tasks: {get_file: deploy-steps-tasks.yaml}
deploy_steps_playbook:
str_replace:
params:
BOOTSTRAP_SERVER_ID: {get_attr: [BootstrapServerId, value]}
template: |
- hosts: undercloud
name: Gather facts undercloud
gather_facts: yes
become: false
tags:
- facts
- hosts: overcloud
name: Gather facts overcloud
gather_facts: yes
tags:
- facts
- hosts: all
name: Load global variables
gather_facts: no
tasks:
- include_vars: global_vars.yaml
tags:
- always
- hosts: overcloud
name: Bootstrap TripleO servers
gather_facts: no
any_errors_fatal: yes
roles:
- tripleo-bootstrap
tags:
- bootstrap
- hosts: overcloud
name: Server deployments
gather_facts: no
any_errors_fatal: yes
tasks:
{%- for role in roles %}
- include: {{role.name}}/deployments.yaml
vars:
force: false
when: role_name == '{{role.name}}'
with_items: "{{ '{{' }} {{role.name}}_pre_deployments|default([]) {{ '}}' }}"
{%- endfor %}
tags:
- overcloud
- pre_deploy_steps
- hosts: overcloud
name: Host prep steps
gather_facts: no
any_errors_fatal: yes
vars:
bootstrap_server_id: BOOTSTRAP_SERVER_ID
become: true
tasks:
{%- for role in roles %}
- include: {{role.name}}/host_prep_tasks.yaml
when: role_name == '{{role.name}}'
{%- endfor %}
tags:
- overcloud
- host_prep_steps
{%- for step in range(1,deploy_steps_max) %}
- hosts: undercloud
name: External deployment step {{step}}
gather_facts: no
any_errors_fatal: yes
become: false
vars:
step: '{{step}}'
tasks:
- include: external_deploy_steps_tasks.yaml
tags:
- external
- external_deploy_steps
- hosts: overcloud
name: Overcloud deploy step tasks for {{step}}
gather_facts: no
any_errors_fatal: yes
# FIXME(shardy) - it would be nice to use strategy: free to
# allow the tasks per-step to run in parallel on each role,
# but that doesn't work with any_errors_fatal: yes
vars:
bootstrap_server_id: BOOTSTRAP_SERVER_ID
step: '{{step}}'
tasks:
{%- for role in roles %}
- include: {{role.name}}/deploy_steps_tasks.yaml
when: role_name == '{{role.name}}'
{%- endfor %}
tags:
- overcloud
- deploy_steps
- hosts: overcloud
name: Overcloud common deploy step tasks {{step}}
gather_facts: no
any_errors_fatal: yes
vars:
bootstrap_server_id: BOOTSTRAP_SERVER_ID
step: '{{step}}'
tasks:
- include: common_deploy_steps_tasks.yaml
tags:
- overcloud
- deploy_steps
{%- endfor %}
- hosts: overcloud
name: Server Post Deployments
gather_facts: no
any_errors_fatal: yes
tasks:
{%- for role in roles %}
- include: {{role.name}}/deployments.yaml
vars:
force: false
when: role_name == '{{role.name}}'
with_items: "{{ '{{' }} {{role.name}}_post_deployments|default([]) {{ '}}' }}"
{%- endfor %}
tags:
- overcloud
- post_deploy_steps
- hosts: undercloud
name: External deployment Post Deploy tasks
gather_facts: no
any_errors_fatal: yes
become: false
tasks:
- include: external_post_deploy_steps_tasks.yaml
tags:
- external
- external_deploy_steps
external_deploy_steps_tasks: {get_attr: [ExternalDeployTasks, value]}
external_post_deploy_steps_tasks: {get_attr: [ExternalPostDeployTasks, value]}
update_steps_tasks: |
{%- for role in roles %}
- include: {{role.name}}/update_tasks.yaml
when: role_name == '{{role.name}}'
{%- endfor %}
update_steps_playbook: |
- hosts: undercloud
name: Gather facts undercloud
gather_facts: yes
become: false
- hosts: overcloud
name: Gather facts overcloud
gather_facts: yes
- hosts: all
name: Load global variables
gather_facts: no
tasks:
- include_vars: global_vars.yaml
- hosts: overcloud
name: Run update
serial: 1
gather_facts: no
tasks:
- include: update_steps_tasks.yaml
with_sequence: start=0 end={{update_steps_max-1}}
loop_control:
loop_var: step
- include: common_deploy_steps_tasks.yaml
with_sequence: start=1 end={{deploy_steps_max-1}}
loop_control:
loop_var: step
upgrade_steps_tasks: |
{%- for role in roles %}
- include: {{role.name}}/upgrade_tasks.yaml
when: role_name == '{{role.name}}'
{%- endfor %}
upgrade_steps_playbook: |
- hosts: overcloud
tasks:
- include: upgrade_steps_tasks.yaml
with_sequence: start=0 end={{upgrade_steps_max-1}}
loop_control:
loop_var: step
post_upgrade_steps_tasks: |
{%- for role in roles %}
- include: {{role.name}}/post_upgrade_tasks.yaml
when: role_name == '{{role.name}}'
{%- endfor %}
post_upgrade_steps_playbook: |
- hosts: overcloud
tasks:
- include: post_upgrade_steps_tasks.yaml
with_sequence: start=0 end={{post_upgrade_steps_max-1}}
loop_control:
loop_var: step