summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--extraconfig/tasks/major_upgrade_compute.sh4
-rwxr-xr-xextraconfig/tasks/pacemaker_resource_restart.sh15
-rw-r--r--overcloud-resource-registry-puppet.j2.yaml3
-rw-r--r--puppet/post.j2.yaml21
-rw-r--r--puppet/services/kernel.yaml6
-rw-r--r--puppet/services/manila-api.yaml5
-rw-r--r--puppet/services/nova-api.yaml17
-rw-r--r--puppet/services/swift-proxy.yaml1
8 files changed, 65 insertions, 7 deletions
diff --git a/extraconfig/tasks/major_upgrade_compute.sh b/extraconfig/tasks/major_upgrade_compute.sh
index f5105a1a..b0d42806 100644
--- a/extraconfig/tasks/major_upgrade_compute.sh
+++ b/extraconfig/tasks/major_upgrade_compute.sh
@@ -35,6 +35,10 @@ fi
yum -y install python-zaqarclient # needed for os-collect-config
yum -y update
+# Due to bug#1640177 we need to restart compute agent
+echo "Restarting openstack ceilometer agent compute"
+systemctl restart openstack-ceilometer-compute
+
ENDOFCAT
# ensure the permissions are OK
diff --git a/extraconfig/tasks/pacemaker_resource_restart.sh b/extraconfig/tasks/pacemaker_resource_restart.sh
index 3da7efec..8500bcef 100755
--- a/extraconfig/tasks/pacemaker_resource_restart.sh
+++ b/extraconfig/tasks/pacemaker_resource_restart.sh
@@ -4,11 +4,14 @@ set -eux
# Run if pacemaker is running, we're the bootstrap node,
# and we're updating the deployment (not creating).
-if [[ -n $(pcmk_running) && -n $(is_bootstrap_node) ]]; then
+
+RESTART_FOLDER="/var/lib/tripleo/pacemaker-restarts"
+
+if [[ -d "$RESTART_FOLDER" && -n $(pcmk_running) && -n $(is_bootstrap_node) ]]; then
TIMEOUT=600
- SERVICES_TO_RESTART="$(ls /var/lib/tripleo/pacemaker-restarts)"
PCS_STATUS_OUTPUT="$(pcs status)"
+ SERVICES_TO_RESTART="$(ls $RESTART_FOLDER)"
for service in $SERVICES_TO_RESTART; do
if ! echo "$PCS_STATUS_OUTPUT" | grep $service; then
@@ -20,6 +23,12 @@ if [[ -n $(pcmk_running) && -n $(is_bootstrap_node) ]]; then
for service in $SERVICES_TO_RESTART; do
echo "Restarting $service..."
pcs resource restart --wait=$TIMEOUT $service
- rm -f /var/lib/tripleo/pacemaker-restarts/$service
+ rm -f "$RESTART_FOLDER"/$service
done
+
+fi
+
+haproxy_status=$(systemctl is-active haproxy)
+if [ "$haproxy_status" = "active" ]; then
+ systemctl reload haproxy
fi
diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml
index f06f51e0..d6f1ff7d 100644
--- a/overcloud-resource-registry-puppet.j2.yaml
+++ b/overcloud-resource-registry-puppet.j2.yaml
@@ -57,6 +57,9 @@ resource_registry:
OS::TripleO::NodeExtraConfig: puppet/extraconfig/pre_deploy/default.yaml
OS::TripleO::NodeExtraConfigPost: extraconfig/post_deploy/default.yaml
+ OS::TripleO::Tasks::ControllerPrePuppet: OS::Heat::None
+ OS::TripleO::Tasks::ControllerPostPuppet: OS::Heat::None
+
# "AllNodes" Extra cluster config, runs on all nodes prior to the post_deploy
# phase, e.g when puppet is applied, but after the pre_deploy phase. Useful when
# configuration with knowledge of all nodes in the cluster is required vs single
diff --git a/puppet/post.j2.yaml b/puppet/post.j2.yaml
index 65c96ac2..8218f41a 100644
--- a/puppet/post.j2.yaml
+++ b/puppet/post.j2.yaml
@@ -47,6 +47,15 @@ resources:
properties:
StepConfig: {get_param: [role_data, {{role.name}}, step_config]}
+ {% if role.name == 'Controller' %}
+ ControllerPrePuppet:
+ type: OS::TripleO::Tasks::ControllerPrePuppet
+ properties:
+ servers: {get_param: [servers, Controller]}
+ input_values:
+ update_identifier: {get_param: DeployIdentifier}
+ {% endif %}
+
# Step through a series of configuration steps
{{role.name}}Deployment_Step1:
type: OS::Heat::StructuredDeploymentGroup
@@ -136,4 +145,16 @@ resources:
type: OS::TripleO::NodeExtraConfigPost
properties:
servers: {get_param: [servers, {{role.name}}]}
+
+ {% if role.name == 'Controller' %}
+ ControllerPostPuppet:
+ depends_on:
+ - ControllerExtraConfigPost
+ type: OS::TripleO::Tasks::ControllerPostPuppet
+ properties:
+ servers: {get_param: [servers, Controller]}
+ input_values:
+ update_identifier: {get_param: DeployIdentifier}
+ {% endif %}
+
{% endfor %}
diff --git a/puppet/services/kernel.yaml b/puppet/services/kernel.yaml
index 1fc88bf1..69898718 100644
--- a/puppet/services/kernel.yaml
+++ b/puppet/services/kernel.yaml
@@ -18,6 +18,10 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ KernelPidMax:
+ default: 1048576
+ description: Configures sysctl kernel.pid_max key
+ type: number
outputs:
role_data:
@@ -49,5 +53,7 @@ outputs:
value: 0
net.core.netdev_max_backlog:
value: 10000
+ kernel.pid_max:
+ value: {get_param: KernelPidMax}
step_config: |
include ::tripleo::profile::base::kernel
diff --git a/puppet/services/manila-api.yaml b/puppet/services/manila-api.yaml
index 5f4ab6ba..b4b3d480 100644
--- a/puppet/services/manila-api.yaml
+++ b/puppet/services/manila-api.yaml
@@ -51,6 +51,11 @@ outputs:
manila::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
manila::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
manila::keystone::authtoken::project_name: 'service'
+ tripleo.manila_api.firewall_rules:
+ '150 manila':
+ dport:
+ - 8786
+ - 13786
# NOTE: bind IP is found in Heat replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml
index 3cc238c1..49bd84bc 100644
--- a/puppet/services/nova-api.yaml
+++ b/puppet/services/nova-api.yaml
@@ -51,6 +51,9 @@ parameters:
default:
tag: openstack.nova.api
path: /var/log/nova/nova-api.log
+ EnableInternalTLS:
+ type: boolean
+ default: false
conditions:
nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]}
@@ -62,6 +65,7 @@ resources:
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
+ EnableInternalTLS: {get_param: EnableInternalTLS}
NovaBase:
type: ./nova-base.yaml
@@ -101,21 +105,26 @@ outputs:
nova::api::default_floating_pool: 'public'
nova::api::sync_db_api: true
nova::api::enable_proxy_headers_parsing: true
+ nova::api::api_bind_address:
+ str_replace:
+ template:
+ '"%{::fqdn_$NETWORK}"'
+ params:
+ $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
+ nova::api::service_name: 'httpd'
+ nova::wsgi::apache::ssl: {get_param: EnableInternalTLS}
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
- nova::api::api_bind_address: {get_param: [ServiceNetMap, NovaApiNetwork]}
- nova::api::service_name: 'httpd'
- nova::wsgi::apache::ssl: false
nova::wsgi::apache::bind_host: {get_param: [ServiceNetMap, NovaApiNetwork]}
nova::wsgi::apache::servername:
str_replace:
template:
'"%{::fqdn_$NETWORK}"'
params:
- $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
+ $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
nova::api::neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
nova::api::instance_name_template: {get_param: InstanceNameTemplate}
nova_enable_db_purge: {get_param: NovaEnableDBPurge}
diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml
index ae265448..ba1d99f1 100644
--- a/puppet/services/swift-proxy.yaml
+++ b/puppet/services/swift-proxy.yaml
@@ -76,6 +76,7 @@ outputs:
swift::proxy::workers: {get_param: SwiftWorkers}
swift::proxy::ceilometer::rabbit_user: {get_param: RabbitUserName}
swift::proxy::ceilometer::rabbit_password: {get_param: RabbitPassword}
+ swift::proxy::staticweb::url_base: {get_param: [EndpointMap, SwiftPublic, uri_no_suffix]}
tripleo.swift_proxy.firewall_rules:
'122 swift proxy':
dport: