Updating tripleo-heat-templates

This section will describe the changes needed for tripleo-heat-templates.

Folder structure convention for tripleo-heat-templates

Services should be defined in the services folder, depending on the service purpose.

puppet
  services          ---> To host all services.
    <service type>             ---> Folder to store a specific type services (If time, will store time based services like: NTP, timezone, Chrony among others).
      <service name>.yaml      ---> Heat template defining per-service configuration.
      <service name>-base.yaml ---> Heat template defining common service configuration.

Note

No puppet manifests may be defined in the THT repository, they should go to the puppet-tripleo repository instead.

Note

The use of a base heat template (<service>-base.yaml) is necessary in cases where a given ‘service’ (e.g. “heat”) is comprised of a number of individual component services (e.g. heat-api, heat-engine) which need to share some of the base configuration (such as rabbit credentials). Using a base template in those cases means we don’t need to duplicate that configuration. Refer to: https://review.opendev.org/#/c/313577/ for further details. Also, refer to Duplicated parameters for an use-case description.

Changes list

The list of changes in THT are:

  • If there is any configuration of the given feature/service in any of the tripleo-heat-templates/puppet/manifests/*.pp files, then this will need to be removed and migrated to the puppet-tripleo repository.

  • Create a service type specific folder in the root services folder (deployment/time).

  • Create a heat template for the service inside the deployment/time folder (deployment/time/ntp-baremetal-puppet.yaml).

  • Optionally, create a common heat template to reuse common configuration data, which is referenced from each per-service heat template.

Step 1 - Updating puppet references

Remove all puppet references for the composable service from the current manifests (*.pp). All the puppet logic will live in the puppet-tripleo repository based on a configuration step, so it is mandatory to remove all the puppet references from tripleo-heat-templates.

The updated .pp files for the NTP example were:

  • puppet/manifests/overcloud_cephstorage.pp

  • puppet/manifests/overcloud_compute.pp

  • puppet/manifests/overcloud_controller.pp

  • puppet/manifests/overcloud_controller_pacemaker.pp

  • puppet/manifests/overcloud_object.pp

  • puppet/manifests/overcloud_volume.pp

Step 2 - overcloud-resource-registry-puppet.j2.yaml resource registry changes

The resource OS::TripleO::Services::Timesync must be defined in the resource registry (overcloud-resource-registry-puppet.j2.yaml)

Create a new resource type alias which references the per-service heat template file, as described above.

By updating the resource registry we are forcing to use a nested template to configure our resources. In the example case the created resource (OS::TripleO::Services::Timesync), will point to the corresponding service yaml file (deployment/time/ntp-baremetal-puppet.yaml).

Step 3 - roles_data.yaml initial changes

The default roles are defined here. They are then iterated and the respective values of each section are rendered into the overcloud.j2.yaml.

Mandatory services should be added to the roles’ ServicesDefault value, which defines all the services enabled by default in the role(s).

From roles_data.yaml find:

- name: Controller
  CountDefault: 1
  ServicesDefault:
    - OS::TripleO::Services::CACerts
    - OS::TripleO::Services::CertmongerUser
    - OS::TripleO::Services::CephMds
    - OS::TripleO::Services::Keystone
    - OS::TripleO::Services::GlanceApi
    - OS::TripleO::Services::GlanceRegistry
    ...
    - OS::TripleO::Services::Timesync              ---> New service deployed in the controller overcloud

Update this section with your new service to be deployed to the controllers in the overcloud.

These values will be used by the controller roles’ ServiceChain resource as follows:

{% for role in roles %}
  # Resources generated for {{role.name}} Role
  {{role.name}}ServiceChain:
    type: OS::TripleO::Services
    properties:
      Services:
        get_param: {{role.name}}Services
      ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]}
      EndpointMap: {get_attr: [EndpointMap, endpoint_map]}

...
{% endfor %}

THT changes for all the different roles are covered in:

Note

In the case of the controller services, they are defined as part of the roles’ ServiceChain resource. If it is needed to add optional services, they need to be appended to the current services list defined by the default value of the role’s ServicesDefault parameter.

Step 4 - Create the services yaml files

Create: deployment/time/ntp-baremetal-puppet.yaml

This file will have all the configuration details for the service to be configured.

heat_template_version: rocky
description: >
  NTP service deployment using puppet, this YAML file
  creates the interface between the HOT template
  and the puppet manifest that actually installs
  and configure NTP.
parameters:
  EndpointMap:
    default: {}
    description: Mapping of service endpoint -> protocol. Typically set
                 via parameter_defaults in the resource registry.
    type: json
  NtpServers:
    default: ['0.pool.ntp.org', '1.pool.ntp.org']
    description: NTP servers
    type: comma_delimited_list
  NtpInterfaces:
    default: ['0.0.0.0']
    description: Listening interfaces
    type: comma_delimited_list
outputs:
  role_data:
    description: Role ntp using composable services.
    value:
      config_settings:
        ntp::ntpservers: {get_param: NtpServers}
        ntp::ntpinterfaces: {get_param: NtpInterfaces}
      step_config: |
        include ::tripleo::profile::base::time::ntp

Note

All role-specific parameters have to be tagged:

ExampleParameter:
  description: This is an example.
  type: json
  default: {}
  tags:
    - role_specific

Note

It is required for all service templates to accept the EndpointMap parameter, all other parameters are optional and may be defined per-service. Care should be taken to avoid naming collisions between service parameters, e.g via using the service name as a prefix, “Ntp” in this example.

Service templates should output a role_data value, which is a mapping containing “config_settings” which is a mapping of hiera key/value pairs required to configure the service, and “step_config”, which is a puppet manifest fragment that references the puppet-tripleo profile that configures the service.

If it is needed, the templates can be decomposed to remove duplicated parameters among different deployment environments (i.e. using pacemaker). To do this see section Duplicated parameters.

If your service has configuration that affects another service and should only be run on nodes (roles) that contain that service, you can use “service_config_settings”. You then have to specify the hieradata inside this section by using the name of the service as the key. So, if you want to output hieradata related to your service, on nodes that deploy keystone, you would do this:

role_data:
  ...
step_config:
  ...
...
service_config_settings:
  keystone:
    # Here goes the hieradata

This is useful for things such as creating the keystone endpoints for your service, since one usually wants these commands to only be run on the keystone node.