From 67e74a676cdffdc82ae655f110acdf8f94921d03 Mon Sep 17 00:00:00 2001 From: David J Peacock Date: Tue, 18 Dec 2018 12:52:42 -0500 Subject: [PATCH] flatten sshd service configuration This change realigns the sshd baremetal puppet service yaml config files into a common hierachy as with the rest of this blueprint. This change also removes container functionality, since this was a temporary measure to proxy live-migration connections from non-containerized to containerized compute nodes during upgrade. Change-Id: I87e112a0f1973fa3b0e959777e00071c2bbf7c9c Related-Blueprint: services-yaml-flattening --- .../sshd/sshd-baremetal-puppet.yaml | 0 docker/services/nova-migration-target.yaml | 2 +- docker/services/sshd.yaml | 72 ------------------- environments/baremetal-services.yaml | 2 +- overcloud-resource-registry-puppet.j2.yaml | 2 +- tools/yaml-validate.py | 4 -- 6 files changed, 3 insertions(+), 79 deletions(-) rename puppet/services/sshd.yaml => deployment/sshd/sshd-baremetal-puppet.yaml (100%) delete mode 100644 docker/services/sshd.yaml diff --git a/puppet/services/sshd.yaml b/deployment/sshd/sshd-baremetal-puppet.yaml similarity index 100% rename from puppet/services/sshd.yaml rename to deployment/sshd/sshd-baremetal-puppet.yaml diff --git a/docker/services/nova-migration-target.yaml b/docker/services/nova-migration-target.yaml index 6b36823068..c49f96fb27 100644 --- a/docker/services/nova-migration-target.yaml +++ b/docker/services/nova-migration-target.yaml @@ -71,7 +71,7 @@ resources: type: ./containers-common.yaml SshdBase: - type: ../../puppet/services/sshd.yaml + type: ../../deployment/sshd/sshd-baremetal-puppet.yaml properties: EndpointMap: {get_param: EndpointMap} ServiceNetMap: {get_param: ServiceNetMap} diff --git a/docker/services/sshd.yaml b/docker/services/sshd.yaml deleted file mode 100644 index bd78ef7659..0000000000 --- a/docker/services/sshd.yaml +++ /dev/null @@ -1,72 +0,0 @@ -heat_template_version: rocky - -description: > - Configure sshd_config - -parameters: - ServiceData: - default: {} - description: Dictionary packing service data - type: json - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - RoleName: - default: '' - description: Role name on which the service is applied - type: string - RoleParameters: - default: {} - description: Parameters specific to the role - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - MigrationSshPort: - default: 2022 - description: Target port for migration over ssh - type: number - -conditions: - - # During Ocata->Pike upgrade initially configure the ssh service on port 22 - # to proxy migration commands to the containerized sshd on port 2022. - # When the upgrade converges we can switch migrations over to port 2022. - enable_migration_proxy: - equals: - - {get_param: MigrationSshPort} - - 22 - -resources: - SshdBase: - type: ../../puppet/services/sshd.yaml - properties: - EndpointMap: {get_param: EndpointMap} - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - RoleName: {get_param: RoleName} - RoleParameters: {get_param: RoleParameters} - -outputs: - role_data: - description: Role data for the ssh - value: - service_name: sshd - config_settings: {get_attr: [SshdBase, role_data, config_settings]} - step_config: - list_join: - - "\n" - - - get_attr: [SshdBase, role_data, step_config] - - if: - - enable_migration_proxy - - | - include tripleo::profile::base::nova::migration::proxy - - '' diff --git a/environments/baremetal-services.yaml b/environments/baremetal-services.yaml index cd65cf61d9..7801148e4a 100644 --- a/environments/baremetal-services.yaml +++ b/environments/baremetal-services.yaml @@ -51,7 +51,7 @@ resource_registry: OS::TripleO::Services::Qdr: OS::Heat::None OS::TripleO::Services::RabbitMQ: ../puppet/services/rabbitmq.yaml OS::TripleO::Services::Redis: ../puppet/services/database/redis.yaml - OS::TripleO::Services::Sshd: ../puppet/services/sshd.yaml + OS::TripleO::Services::Sshd: ../deployment/sshd/sshd-baremetal-puppet.yaml OS::TripleO::Services::SwiftDispersion: ../puppet/services/swift-dispersion.yaml OS::TripleO::Services::SwiftProxy: ../puppet/services/swift-proxy.yaml OS::TripleO::Services::SwiftRingBuilder: ../puppet/services/swift-ringbuilder.yaml diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index aae44a8b18..f4b7a5cbde 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -189,7 +189,7 @@ resource_registry: OS::TripleO::Services::Tuned: puppet/services/tuned.yaml OS::TripleO::Services::Securetty: OS::Heat::None OS::TripleO::Services::SELinux: OS::Heat::None - OS::TripleO::Services::Sshd: docker/services/sshd.yaml + OS::TripleO::Services::Sshd: deployment/sshd/sshd-baremetal-puppet.yaml OS::TripleO::Services::Redis: docker/services/database/redis.yaml OS::TripleO::Services::MongoDb: puppet/services/disabled/mongodb-disabled.yaml OS::TripleO::Services::NovaApi: docker/services/nova-api.yaml diff --git a/tools/yaml-validate.py b/tools/yaml-validate.py index d0fbce675a..8ce3b7d591 100755 --- a/tools/yaml-validate.py +++ b/tools/yaml-validate.py @@ -229,8 +229,6 @@ PREFERRED_CAMEL_CASE = { # If a filename is not found in the overrides then the top level directory is # used to determine which validation method to use. VALIDATE_PUPPET_OVERRIDE = { - # docker/service/sshd.yaml is a variation of the puppet sshd service - './docker/services/sshd.yaml': True, # docker/services/messaging/*.yaml provide oslo_messaging services './docker/services/messaging/notify-rabbitmq-shared.yaml': False, './docker/services/messaging/notify-rabbitmq.yaml': False, @@ -249,8 +247,6 @@ VALIDATE_PUPPET_OVERRIDE = { } VALIDATE_DOCKER_OVERRIDE = { - # docker/service/sshd.yaml is a variation of the puppet sshd service - './docker/services/sshd.yaml': False, # docker/services/messaging/notify-rabbitmq-shared.yaml does not # deploy container './docker/services/messaging/notify-rabbitmq-shared.yaml': False,