aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDamien Ciabrini <dciabrin@redhat.com>2017-06-14 07:52:33 -0400
committerEmilien Macchi <emilien@redhat.com>2017-07-26 03:58:14 +0000
commit4645d9ce833197c42a563773cbf026d8853a4426 (patch)
tree4e4e15ce0a2bbfd8ab23c6146b71fda748fffbcc
parent8071beda51cdb71009ed071b36843b57a06d895b (diff)
Fix creation of iptables rules for non-HA containerized HAproxy
The introduction of I90253412a5e2cd8e56e74cce3548064c06d022b1 broke the HAproxy service due to some HAproxy-specific iptables rules being executed during the puppet config step. Ensure that no iptables call is performed during the generation of configuration files. Move those calls to step 1, as implemented in the pacemaker-based HAproxy service (Ib5a083ba3299a82645f1a0f9da0d482c6b89ee23). Depends-On: I2d6274d061039a9793ad162ed8e750bd87bf71e9 Closes-Bug: #1697921 Change-Id: Ica3a432ff4a9e7a46df22cddba9ad96e1390b665
Diffstat
-rw-r--r--docker/services/haproxy.yaml40
-rw-r--r--environments/docker.yaml1
2 files changed, 39 insertions, 2 deletions
diff --git a/docker/services/haproxy.yaml b/docker/services/haproxy.yaml
index 21baf5c6..42a8902e 100644
--- a/docker/services/haproxy.yaml
+++ b/docker/services/haproxy.yaml
@@ -85,6 +85,7 @@ outputs:
map_merge:
- get_attr: [HAProxyBase, role_data, config_settings]
- tripleo::haproxy::haproxy_daemon: false
+ tripleo::haproxy::haproxy_service_manage: false
step_config: &step_config
get_attr: [HAProxyBase, role_data, step_config]
service_config_settings: {get_attr: [HAProxyBase, role_data, service_config_settings]}
@@ -92,7 +93,8 @@ outputs:
puppet_config:
config_volume: haproxy
puppet_tags: haproxy_config
- step_config: *step_config
+ step_config:
+ "class {'::tripleo::profile::base::haproxy': manage_firewall => false}"
config_image: {get_param: DockerHAProxyConfigImage}
volumes: &deployed_cert_mount
- list_join:
@@ -110,10 +112,44 @@ outputs:
preserve_properties: true
docker_config:
step_1:
+ haproxy_firewall:
+ detach: false
+ image: {get_param: DockerHAProxyImage}
+ net: host
+ user: root
+ privileged: true
+ command:
+ - '/bin/bash'
+ - '-c'
+ - str_replace:
+ template:
+ list_join:
+ - '; '
+ - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 1}' > /etc/puppet/hieradata/docker.json"
+ - "FACTER_uuid=docker puppet apply --tags TAGS -v -e 'CONFIG'"
+ params:
+ TAGS: 'tripleo::firewall::rule'
+ CONFIG: *step_config
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ - *deployed_cert_mount
+ -
+ - /var/lib/kolla/config_files/haproxy.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/puppet-generated/haproxy/:/var/lib/kolla/config_files/src:ro
+ # puppet saves iptables rules in /etc/sysconfig
+ - /etc/sysconfig:/etc/sysconfig:rw
+ # saving rules require accessing /usr/libexec/iptables/iptables.init, just bind-mount
+ # the necessary bit and prevent systemd to try to reload the service in the container
+ - /usr/libexec/iptables:/usr/libexec/iptables:ro
+ - /usr/libexec/initscripts/legacy-actions:/usr/libexec/initscripts/legacy-actions:ro
+ - /etc/puppet:/tmp/puppet-etc:ro
+ - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
haproxy:
image: {get_param: DockerHAProxyImage}
net: host
- privileged: false
restart: always
volumes:
list_concat:
diff --git a/environments/docker.yaml b/environments/docker.yaml
index a7504611..2c09483a 100644
--- a/environments/docker.yaml
+++ b/environments/docker.yaml
@@ -32,6 +32,7 @@ resource_registry:
OS::TripleO::Services::NeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml
OS::TripleO::Services::NeutronDhcpAgent: ../docker/services/neutron-dhcp.yaml
OS::TripleO::Services::NeutronL3Agent: ../docker/services/neutron-l3.yaml
+ OS::TripleO::Services::HAproxy: ../docker/services/haproxy.yaml
OS::TripleO::Services::MySQL: ../docker/services/database/mysql.yaml
OS::TripleO::Services::MySQLClient: ../docker/services/database/mysql-client.yaml
OS::TripleO::Services::RabbitMQ: ../docker/services/rabbitmq.yaml