Age | Commit message (Collapse) | Author | Files | Lines |
|
We don't currently offer any parameter interface to enable
PKI certs, and these have all been deprecated by keystone, so
remove them.
Change-Id: I8232262b928c91dcde7bea2f23fa2a7c2660719e
|
|
In the Next Generation HA architecture a number of active/active services
will be run via systemd. In order for this to work we need to make sure that
the sync_db operation only takes place on the bootstrap node, just like it is
done today for the pacemaker profiles.
We do this by removing sync_db as a parameter and instead set it to true
or false depending if the hostname matches the bootstrap_node as it is done
today in the pacemaker role.
Note that we call hiera('bootstrap_nodeid', undef) because if a profile
is included on a non controller node that variable will be undefined.
The following testing was done:
- HA puppet-pacemaker.yaml scenario with three computes
- NonHA with one controller
- NonHA with three controllers
Fixes-Bug: 1600149
Co-Author: cmsj@tenshu.net
Change-Id: I04a7b9e3c18627ea512000a34357acb7f27d6e0e
Implements: blueprint ha-lightweight-architecture
|
|
Before, we had bootstrap_master set to 'undef' by default that was
used to whether or not run keystone bootstrap exec during deployment.
Setting the value to undef was a mistake, because enable_bootstrap in
puppet-keystone is set to true by default, so bootstrap was running
on all controllers at step 4 for HA scenario, while we want it to run on
a single controller (pacemaker_master) at step 4, like we do for
db-sync.
This patch:
* removes bootstrap_master.
* re-use sync_db to whether or not run keystone bootstrap.
so it will only run on a single node when database is ready and
db-sync done (orchestration dones by anchors in puppet-keystone).
Change-Id: I1042862f7c346d1c358b908c33eae0f33afd5e9f
|
|
|
|
Since keystone is being run under apache, the signing keys should notify
apache and not the keystone service. The keystone service is actually
disabled, so if the keys get updated nothing happens.
Change-Id: Idfebeabf03d010956569c32b24437245e2b93c2a
Related-Bug: #1581591
|
|
These can be controlled via the specific Pacemaker role template.
Depends-On: I91a4267f0fc230f63df3333747d28463c7ae55fe
Change-Id: I8ef7bb94e048b998712b3534ceb51a7d10d016e9
|
|
Before the roles we could make the create db operation depend on a
'galera-ready' resource [1]. We can't do it anymore from the role so
we need to do create in step 3, when we do sync as well.
1. https://github.com/openstack/tripleo-heat-templates/blob/master/puppet/manifests/overcloud_controller_pacemaker.pp#L382
Change-Id: Id065a9180f1f1a41ab225ec5f755498ec7d9a827
|
|
This change moves the database creation and sync with the role
profile, so that it's only executed when the role is enabled and
by the role itself.
It also calls the non-pacemaker profiles out of the 'step'
conditional because the non-pacemaker profiles know how to deal with
'step' already.
Change-Id: I6c752cb53090e7ef8e0319bade462f2453ed7660
Related-Bug: 1572952
|
|
Implements: blueprint refactor-puppet-manifests
Add keystone profiles for both pacemaker and non-ha.
Add db sync profiles for pacemaker and non-ha.
HA profiles are designed such that they include the base
profiles, disabling features as needed, while the base
profile can be used independently.
Change-Id: I2faf5a78db802549053ec41678bf83bf28108189
|