aboutsummaryrefslogtreecommitdiffstats
path: root/manifests
diff options
context:
space:
mode:
Diffstat (limited to 'manifests')
-rw-r--r--manifests/packages.pp36
-rw-r--r--manifests/packages/upgrades.pp43
-rw-r--r--manifests/profile/base/heat.pp16
-rw-r--r--manifests/profile/base/keystone.pp23
-rw-r--r--manifests/profile/pacemaker/database/redis.pp1
-rw-r--r--manifests/profile/pacemaker/rabbitmq.pp1
6 files changed, 78 insertions, 42 deletions
diff --git a/manifests/packages.pp b/manifests/packages.pp
index 5e111fa..ec2635a 100644
--- a/manifests/packages.pp
+++ b/manifests/packages.pp
@@ -32,6 +32,9 @@ class tripleo::packages (
$enable_upgrade = false,
) {
+ # required for stages
+ include ::stdlib
+
if !$enable_install and !$enable_upgrade {
case $::osfamily {
'RedHat': {
@@ -45,33 +48,12 @@ class tripleo::packages (
if $enable_upgrade {
Package <| |> { ensure => 'latest' }
-
- case $::osfamily {
- 'RedHat': {
- $pkg_upgrade_cmd = 'yum -y update'
- }
- default: {
- warning('Please specify a package upgrade command for distribution.')
- }
- }
-
- exec { 'package-upgrade':
- command => $pkg_upgrade_cmd,
- path => '/usr/bin',
- timeout => 0,
- }
- # A resource chain to ensure the upgrade ordering we want:
- # 1) Upgrade all packages via exec.
- # Note: The Package Puppet resources can be managed after or before package-upgrade,
- # it does not matter. what we need to make sure is that they'll notify their
- # respective services (if they have ~> in their manifests or here with the ->)
- # for the other packages, they'll be upgraded before any Service notify.
- # This approach prevents from Puppet dependencies cycle.
- # 2) This upgrade will be run before any Service notified & managed by Puppet.
- # Note: For example, during the Puppet catalog, configuration will change for most of
- # the services so the Services will be likely restarted after the package upgrade.
- Exec['package-upgrade'] -> Service <| |>
-
+ # Running the package upgrade before managing Services in the main stage.
+ # So we're sure that services will be able to restart with the new version
+ # of the package.
+ ensure_resource('class', 'tripleo::packages::upgrades', {
+ 'stage' => 'setup',
+ })
}
}
diff --git a/manifests/packages/upgrades.pp b/manifests/packages/upgrades.pp
new file mode 100644
index 0000000..a6ca1c8
--- /dev/null
+++ b/manifests/packages/upgrades.pp
@@ -0,0 +1,43 @@
+# Copyright 2016 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+# == Class: tripleo::packages::upgrades
+#
+# Upgrade packages using yum.
+#
+class tripleo::packages::upgrades {
+
+ # required for stages
+ include ::stdlib
+
+ case $::osfamily {
+ 'RedHat': {
+ $pkg_upgrade_cmd = 'yum -y update'
+ }
+ default: {
+ fail('Please specify a package upgrade command for distribution.')
+ }
+ }
+
+ # Running the package upgrade before managing Services in the main stage.
+ # So we're sure that services will be able to restart with the new version
+ # of the package.
+ ensure_resource('exec', 'package-upgrade', {
+ 'command' => $pkg_upgrade_cmd,
+ 'path' => '/usr/bin',
+ 'timeout' => 0,
+ })
+
+}
diff --git a/manifests/profile/base/heat.pp b/manifests/profile/base/heat.pp
index 027ab7e..2035a4f 100644
--- a/manifests/profile/base/heat.pp
+++ b/manifests/profile/base/heat.pp
@@ -46,7 +46,7 @@ class tripleo::profile::base::heat (
$step = hiera('step'),
$rabbit_hosts = hiera('rabbitmq_node_ips', undef),
) {
- # Domain resources will be created at step5 on the bootstrap_node so we
+ # Domain resources will be created at step5 on the node running keystone.pp
# configure heat.conf at step3 and 4 but actually create the domain later.
if $step == 3 or $step == 4 {
class { '::heat::keystone::domain':
@@ -69,20 +69,6 @@ class tripleo::profile::base::heat (
if $manage_db_purge {
include ::heat::cron::purge_deleted
}
- if $bootstrap_node == $::hostname {
- # Class ::heat::keystone::domain has to run on bootstrap node
- # because it creates DB entities via API calls.
- include ::heat::keystone::domain
-
- Class['::keystone::roles::admin'] -> Class['::heat::keystone::domain']
- } else {
- # On non-bootstrap node we don't need to create Keystone resources again
- class { '::heat::keystone::domain':
- manage_domain => false,
- manage_user => false,
- manage_role => false,
- }
- }
}
}
diff --git a/manifests/profile/base/keystone.pp b/manifests/profile/base/keystone.pp
index d515f8f..846296e 100644
--- a/manifests/profile/base/keystone.pp
+++ b/manifests/profile/base/keystone.pp
@@ -45,10 +45,12 @@ class tripleo::profile::base::keystone (
$sync_db = true
$manage_roles = true
$manage_endpoint = true
+ $manage_domain = true
} else {
$sync_db = false
$manage_roles = false
$manage_endpoint = false
+ $manage_domain = false
}
if $step >= 4 or ( $step >= 3 and $sync_db ) {
@@ -76,6 +78,27 @@ class tripleo::profile::base::keystone (
include ::keystone::cron::token_flush
}
+ if $step >= 5 and $manage_domain {
+ if hiera('heat_engine_enabled', false) {
+ # if Heat and Keystone are collocated, so we want to
+ # both configure heat.conf and create Keystone resources.
+ # note: domain_password is given via Hiera.
+ if defined(Class['::tripleo::profile::base::heat']) {
+ include ::heat::keystone::domain
+ } else {
+ # if Heat and Keystone are not collocated, we want Puppet
+ # to only create Keystone resources on the Keystone node
+ # but not try to configure Heat, to avoid leaking the password.
+ class { '::heat::keystone::domain':
+ domain_name => $::os_service_default,
+ domain_admin => $::os_service_default,
+ domain_password => $::os_service_default,
+ }
+ }
+ Class['::keystone::roles::admin'] -> Class['::heat::keystone::domain']
+ }
+ }
+
if $step >= 5 and $manage_endpoint{
if hiera('aodh_api_enabled', false) {
include ::aodh::keystone::auth
diff --git a/manifests/profile/pacemaker/database/redis.pp b/manifests/profile/pacemaker/database/redis.pp
index e081516..261df30 100644
--- a/manifests/profile/pacemaker/database/redis.pp
+++ b/manifests/profile/pacemaker/database/redis.pp
@@ -60,6 +60,7 @@ class tripleo::profile::pacemaker::database::redis (
master_params => '',
meta_params => 'notify=true ordered=true interleave=true',
resource_params => 'wait_last_known_master=true',
+ op_params => 'start timeout=200s stop timeout=200s',
require => Class['::redis'],
}
}
diff --git a/manifests/profile/pacemaker/rabbitmq.pp b/manifests/profile/pacemaker/rabbitmq.pp
index 8d5f9d0..dba01e3 100644
--- a/manifests/profile/pacemaker/rabbitmq.pp
+++ b/manifests/profile/pacemaker/rabbitmq.pp
@@ -86,6 +86,7 @@ class tripleo::profile::pacemaker::rabbitmq (
resource_params => "set_policy='ha-all ^(?!amq\\.).* {\"ha-mode\":\"exactly\",\"ha-params\":${nr_ha_queues}}'",
clone_params => 'ordered=true interleave=true',
meta_params => 'notify=true',
+ op_params => 'start timeout=200s stop timeout=200s',
require => Class['::rabbitmq'],
}
}