Workflow execution blacklist support

Workflows triggered from deploy-steps.j2 were not honoring the blacklist, particularly ceph-ansible. This patch starts to address that issue by passing in a list of blacklisted ip addresses to the workflow execution environment that the workflow can make use of to filter against ctlplane_service_ips. Change-Id: Ic158171c629e82892e480f1e6903a67457f86064 Partial-Bug: #1743046
2018-01-12 17:04:12 -05:00 · 2018-01-12 17:04:12 -05:00 · 79570ed2b9
parent 0bc8e03dba
commit 79570ed2b9
4 changed files with 32 additions and 0 deletions
--- a/common/deploy-steps.j2
+++ b/common/deploy-steps.j2
@ -62,6 +62,10 @@ parameters:
    description: Number of concurrent processes to use when running docker-puppet to generate config files.
  ctlplane_service_ips:
    type: json
+  blacklisted_ip_addresses:
+    description: List of IP addresses belong to blacklisted servers
+    type: comma_delimited_list
+    default: []

 conditions:
 {% for step in range(1, deploy_steps_max) %}
@ -173,6 +177,7 @@ resources:
                {%- for r in roles %}
                {{r.name}}: {get_param: [role_data, {{r.name}}, merged_config_settings]}
                {%- endfor %}
+              blacklisted_ip_addresses: {get_param: blacklisted_ip_addresses}
            evaluate_env: false
        UPDATE:
          workflow: { get_resource: WorkflowTasks_Step{{step}} }
@ -183,6 +188,7 @@ resources:
                {%- for r in roles %}
                {{r.name}}: {get_param: [role_data, {{r.name}}, merged_config_settings]}
                {%- endfor %}
+              blacklisted_ip_addresses: {get_param: blacklisted_ip_addresses}
            evaluate_env: false
      always_update: true
 # END workflow_tasks handling
--- a/overcloud.j2.yaml
+++ b/overcloud.j2.yaml
@ -850,6 +850,15 @@ resources:
        {{role.name}}: {get_attr: [{{role.name}}Servers, value]}
 {% endfor %}

+  BlacklistedIpAddresses:
+    type: OS::Heat::Value
+    properties:
+      value:
+        list_concat:
+{% for role in roles %}
+          - {get_attr: [{{role.name}}, blacklist_ip_address]}
+{% endfor %}
+
  # Post deployment steps for all roles
  AllNodesDeploySteps:
    type: OS::TripleO::PostDeploySteps
@ -884,6 +893,7 @@ resources:
          - {get_attr: [{{role.name}}ServiceChainRoleData, value]}
          - {get_attr: [{{role.name}}MergedConfigSettings, value]}
 {% endfor %}
+      blacklisted_ip_addresses: {get_attr: [BlacklistedIpAddresses, value]}

  ServerOsCollectConfigData:
    type: OS::Heat::Value
--- a/puppet/role.role.j2.yaml
+++ b/puppet/role.role.j2.yaml
@ -245,6 +245,10 @@ parameter_groups:
 {%- endif %}

 conditions:
+  server_blacklisted:
+    equals:
+      - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
+      - 1
  server_not_blacklisted:
    not:
      equals:
@ -635,6 +639,13 @@ outputs:
  ip_address:
    description: IP address of the server in the ctlplane network
    value: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
+  blacklist_ip_address:
+    description: IP address of the server if the server is blacklisted, otherwise this output will be an empty string
+    value:
+      if:
+        - server_blacklisted
+        - {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
+        - ""
  hostname:
    description: Hostname of the server
    value: {get_attr: [{{server_resource_name}}, name]}
--- a/releasenotes/notes/ceph-ansible-blacklist-support-164b5726cc4532b7.yaml
+++ b/releasenotes/notes/ceph-ansible-blacklist-support-164b5726cc4532b7.yaml
@ -0,0 +1,5 @@
+---
+fixes:
+  - Deployments with Ceph now honor the DeploymentServerBlacklist
+    parameter. Previously, this meant that changes could still be triggered for
+    servers in the blacklist.