diff options
| -rw-r--r-- | deployed-server/deployed-server-roles-data.yaml | 5 | ||||
| -rw-r--r-- | docker/services/keystone.yaml | 2 | ||||
| -rw-r--r-- | docker/services/rabbitmq.yaml | 9 | ||||
| -rw-r--r-- | docker/services/swift-proxy.yaml | 7 | ||||
| -rw-r--r-- | docker/services/swift-storage.yaml | 35 | ||||
| -rw-r--r-- | environments/contrail/roles_data_contrail.yaml | 9 | ||||
| -rw-r--r-- | environments/enable-internal-tls.yaml | 2 | ||||
| -rw-r--r-- | environments/hyperconverged-ceph.yaml | 1 | ||||
| -rw-r--r-- | extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration | 48 | ||||
| -rwxr-xr-x | extraconfig/tasks/yum_update.sh | 11 | ||||
| -rw-r--r-- | overcloud-resource-registry-puppet.j2.yaml | 1 | ||||
| -rw-r--r-- | puppet/puppet-steps.j2 | 2 | ||||
| -rw-r--r-- | puppet/services/certmonger-user.yaml | 28 | ||||
| -rw-r--r-- | puppet/services/database/redis-base.yaml | 1 | ||||
| -rw-r--r-- | roles_data.yaml | 5 |
15 files changed, 119 insertions, 47 deletions
diff --git a/deployed-server/deployed-server-roles-data.yaml b/deployed-server/deployed-server-roles-data.yaml index 04da5565..084c2f8f 100644 --- a/deployed-server/deployed-server-roles-data.yaml +++ b/deployed-server/deployed-server-roles-data.yaml @@ -26,6 +26,7 @@ disable_constraints: True ServicesDefault: - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::CephMon - OS::TripleO::Services::CephExternal - OS::TripleO::Services::CephRgw @@ -109,6 +110,7 @@ disable_constraints: True ServicesDefault: - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::CephClient - OS::TripleO::Services::CephExternal - OS::TripleO::Services::Timezone @@ -133,6 +135,7 @@ disable_constraints: True ServicesDefault: - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::BlockStorageCinderVolume - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp @@ -147,6 +150,7 @@ disable_constraints: True ServicesDefault: - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp - OS::TripleO::Services::SwiftStorage @@ -162,6 +166,7 @@ disable_constraints: True ServicesDefault: - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::CephOSD - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp diff --git a/docker/services/keystone.yaml b/docker/services/keystone.yaml index 3f8baef7..656f3348 100644 --- a/docker/services/keystone.yaml +++ b/docker/services/keystone.yaml @@ -176,3 +176,5 @@ outputs: - name: Stop and disable keystone service (running under httpd) tags: step2 service: name=httpd state=stopped enabled=no + metadata_settings: + get_attr: [KeystoneBase, role_data, metadata_settings] diff --git a/docker/services/rabbitmq.yaml b/docker/services/rabbitmq.yaml index 573ec178..341ec3de 100644 --- a/docker/services/rabbitmq.yaml +++ b/docker/services/rabbitmq.yaml @@ -90,7 +90,7 @@ outputs: - /var/lib/config-data/rabbitmq/:/var/lib/kolla/config_files/src:ro - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - - rabbitmq:/var/lib/rabbitmq/ + - /var/lib/rabbitmq:/var/lib/rabbitmq environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - KOLLA_BOOTSTRAP=True @@ -116,9 +116,14 @@ outputs: - /var/lib/config-data/rabbitmq/:/var/lib/kolla/config_files/src:ro - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - - rabbitmq:/var/lib/rabbitmq/ + - /var/lib/rabbitmq:/var/lib/rabbitmq environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create /var/lib/rabbitmq + file: + path: /var/lib/rabbitmq + state: directory upgrade_tasks: - name: Stop and disable rabbitmq service tags: step2 diff --git a/docker/services/swift-proxy.yaml b/docker/services/swift-proxy.yaml index 93e21c81..0d7cd7b9 100644 --- a/docker/services/swift-proxy.yaml +++ b/docker/services/swift-proxy.yaml @@ -72,10 +72,15 @@ outputs: - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - /run:/run - - swift-srv:/srv + - /srv/node:/srv/node - /dev:/dev environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create /srv/node + file: + path: /srv/node + state: directory upgrade_tasks: - name: Stop and disable swift_proxy service tags: step2 diff --git a/docker/services/swift-storage.yaml b/docker/services/swift-storage.yaml index 8e76504c..9c8d84e2 100644 --- a/docker/services/swift-storage.yaml +++ b/docker/services/swift-storage.yaml @@ -104,9 +104,9 @@ outputs: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerSwiftAccountImage} ] user: root - command: ['/bin/bash', '-c', 'mkdir /srv/node && chown swift:swift /srv/node'] + command: ['chown', '-R', 'swift:', '/srv/node'] volumes: - - swift-srv:/srv + - /srv/node:/srv/node step_4: swift_account_auditor: image: @@ -123,7 +123,7 @@ outputs: - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - /run:/run - - swift-srv:/srv + - /srv/node:/srv/node - /dev:/dev environment: &kolla_env - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS @@ -142,7 +142,7 @@ outputs: - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - /run:/run - - swift-srv:/srv + - /srv/node:/srv/node - /dev:/dev environment: *kolla_env swift_account_replicator: @@ -160,7 +160,7 @@ outputs: - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - /run:/run - - swift-srv:/srv + - /srv/node:/srv/node - /dev:/dev environment: *kolla_env swift_account_server: @@ -178,7 +178,7 @@ outputs: - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - /run:/run - - swift-srv:/srv + - /srv/node:/srv/node - /dev:/dev environment: *kolla_env swift_container_auditor: @@ -196,7 +196,7 @@ outputs: - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - /run:/run - - swift-srv:/srv + - /srv/node:/srv/node - /dev:/dev environment: *kolla_env swift_container_replicator: @@ -214,7 +214,7 @@ outputs: - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - /run:/run - - swift-srv:/srv + - /srv/node:/srv/node - /dev:/dev environment: *kolla_env swift_container_updater: @@ -232,7 +232,7 @@ outputs: - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - /run:/run - - swift-srv:/srv + - /srv/node:/srv/node - /dev:/dev environment: *kolla_env swift_container_server: @@ -250,7 +250,7 @@ outputs: - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - /run:/run - - swift-srv:/srv + - /srv/node:/srv/node - /dev:/dev environment: *kolla_env swift_object_auditor: @@ -268,7 +268,7 @@ outputs: - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - /run:/run - - swift-srv:/srv + - /srv/node:/srv/node - /dev:/dev environment: *kolla_env swift_object_expirer: @@ -286,7 +286,7 @@ outputs: - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - /run:/run - - swift-srv:/srv + - /srv/node:/srv/node - /dev:/dev environment: *kolla_env swift_object_replicator: @@ -304,7 +304,7 @@ outputs: - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - /run:/run - - swift-srv:/srv + - /srv/node:/srv/node - /dev:/dev environment: *kolla_env swift_object_updater: @@ -322,7 +322,7 @@ outputs: - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - /run:/run - - swift-srv:/srv + - /srv/node:/srv/node - /dev:/dev environment: *kolla_env swift_object_server: @@ -340,9 +340,14 @@ outputs: - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - /run:/run - - swift-srv:/srv + - /srv/node:/srv/node - /dev:/dev environment: *kolla_env + host_prep_tasks: + - name: create /srv/node + file: + path: /srv/node + state: directory upgrade_tasks: - name: Stop and disable swift storage services tags: step2 diff --git a/environments/contrail/roles_data_contrail.yaml b/environments/contrail/roles_data_contrail.yaml index 5f6c4691..d6d6f291 100644 --- a/environments/contrail/roles_data_contrail.yaml +++ b/environments/contrail/roles_data_contrail.yaml @@ -29,6 +29,7 @@ CountDefault: 1 ServicesDefault: - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::CephMds - OS::TripleO::Services::CephMon - OS::TripleO::Services::CephExternal @@ -115,6 +116,7 @@ disable_upgrade_deployment: True ServicesDefault: - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::CephClient - OS::TripleO::Services::CephExternal - OS::TripleO::Services::Timezone @@ -140,6 +142,7 @@ - name: BlockStorage ServicesDefault: - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::BlockStorageCinderVolume - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp @@ -156,6 +159,7 @@ disable_upgrade_deployment: True ServicesDefault: - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp - OS::TripleO::Services::SwiftStorage @@ -173,6 +177,7 @@ disable_upgrade_deployment: True ServicesDefault: - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::CephOSD - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp @@ -188,6 +193,7 @@ - name: ContrailController ServicesDefault: - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::ContrailConfig - OS::TripleO::Services::ContrailControl - OS::TripleO::Services::ContrailDatabase @@ -203,6 +209,7 @@ - name: ContrailAnalytics ServicesDefault: - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::ContrailAnalytics - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp @@ -215,6 +222,7 @@ - name: ContrailAnalyticsDatabase ServicesDefault: - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::ContrailAnalyticsDatabase - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp @@ -227,6 +235,7 @@ - name: ContrailTsn ServicesDefault: - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::ContrailTsn - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp diff --git a/environments/enable-internal-tls.yaml b/environments/enable-internal-tls.yaml index f485e4a5..e245a6af 100644 --- a/environments/enable-internal-tls.yaml +++ b/environments/enable-internal-tls.yaml @@ -9,6 +9,8 @@ parameter_defaults: ipa_enroll: True resource_registry: + OS::TripleO::Services::CertmongerUser: ../puppet/services/certmonger-user.yaml + OS::TripleO::Services::HAProxyInternalTLS: ../puppet/services/haproxy-internal-tls-certmonger.yaml OS::TripleO::Services::ApacheTLS: ../puppet/services/apache-internal-tls-certmonger.yaml OS::TripleO::Services::MySQLTLS: ../puppet/services/database/mysql-internal-tls-certmonger.yaml diff --git a/environments/hyperconverged-ceph.yaml b/environments/hyperconverged-ceph.yaml index f59b0414..8f74ec35 100644 --- a/environments/hyperconverged-ceph.yaml +++ b/environments/hyperconverged-ceph.yaml @@ -6,6 +6,7 @@ resource_registry: parameter_defaults: ComputeServices: - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::CephClient - OS::TripleO::Services::CephExternal - OS::TripleO::Services::Timezone diff --git a/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration b/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration index 6f83cc4b..0d0fa3f1 100644 --- a/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration +++ b/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration @@ -11,7 +11,7 @@ if [ -e $OK ] ; then exit 0 fi -retryCount=0 +retry_max_count=10 opts= config_opts= attach_opts= @@ -157,27 +157,41 @@ else fi function retry() { - if [[ $retryCount < 3 ]]; then - $@ - if ! [[ $? == 0 ]]; then - retryCount=$(echo $retryCount + 1 | bc) - echo "WARN: Failed to connect when running '$@', retrying..." - retry $@ - else - retryCount=0 + # Inhibit -e since we want to retry without exiting.. + set +e + # Retry delay (seconds) + retry_delay=2.0 + retry_count=0 + mycli="$@" + while [ $retry_count -lt ${retry_max_count} ] + do + echo "INFO: Sleeping ${retry_delay} ..." + sleep ${retry_delay} + echo "INFO: Executing '${mycli}' ..." + ${mycli} + if [ $? -eq 0 ]; then + echo "INFO: Ran '${mycli}' successfully, not retrying..." + break + else + echo "WARN: Failed to connect when running '${mycli}', retrying (attempt #$retry_count )..." + retry_count=$(echo $retry_count + 1 | bc) + fi + done + + if [ $retry_count -ge ${retry_max_count} ]; then + echo "ERROR: Failed to connect after ${retry_max_count} attempts when running '${mycli}'" + exit 1 fi - else - echo "ERROR: Failed to connect after 3 attempts when running '$@'" - exit 1 - fi + # Re-enable -e when exiting retry() + set -e } function detect_satellite_version { ping_api=$REG_SAT_URL/katello/api/ping - if curl --retry 3 --retry-delay 10 --max-time 30 -L -k -s -D - -o /dev/null $ping_api | grep "200 OK"; then + if curl --retry ${retry_max_count} --retry-delay 10 --max-time 30 -L -k -s -D - -o /dev/null $ping_api | grep "200 OK"; then echo Satellite 6 detected at $REG_SAT_URL satellite_version=6 - elif curl --retry 3 --retry-delay 10 --max-time 30 -L -k -s -D - -o /dev/null $REG_SAT_URL/rhn/Login.do | grep "200 OK"; then + elif curl --retry ${retry_max_count} --retry-delay 10 --max-time 30 -L -k -s -D - -o /dev/null $REG_SAT_URL/rhn/Login.do | grep "200 OK"; then echo Satellite 5 detected at $REG_SAT_URL satellite_version=5 else @@ -220,7 +234,7 @@ case "${REG_METHOD:-}" in detect_satellite_version if [ "$satellite_version" = "6" ]; then repos="$repos --enable ${satellite_repo}" - curl --retry 3 --retry-delay 10 --max-time 30 -L -k -O "$REG_SAT_URL/pub/katello-ca-consumer-latest.noarch.rpm" + curl --retry ${retry_max_count} --retry-delay 10 --max-time 30 -L -k -O "$REG_SAT_URL/pub/katello-ca-consumer-latest.noarch.rpm" rpm -Uvh katello-ca-consumer-latest.noarch.rpm || true retry subscription-manager register $opts retry subscription-manager $repos @@ -229,7 +243,7 @@ case "${REG_METHOD:-}" in retry subscription-manager repos --disable ${satellite_repo} else pushd /usr/share/rhn/ - curl --retry 3 --retry-delay 10 --max-time 30 -k -O $REG_SAT_URL/pub/RHN-ORG-TRUSTED-SSL-CERT + curl --retry ${retry_max_count} --retry-delay 10 --max-time 30 -k -O $REG_SAT_URL/pub/RHN-ORG-TRUSTED-SSL-CERT popd retry rhnreg_ks --serverUrl=$REG_SAT_URL/XMLRPC $sat5_opts fi diff --git a/extraconfig/tasks/yum_update.sh b/extraconfig/tasks/yum_update.sh index 4c87373e..3bf72f14 100755 --- a/extraconfig/tasks/yum_update.sh +++ b/extraconfig/tasks/yum_update.sh @@ -97,17 +97,6 @@ return_code=$? echo "$result" echo "yum return code: $return_code" -# Writes any changes caused by alterations to os-net-config and bounces the -# interfaces *before* restarting the cluster. -os-net-config -c /etc/os-net-config/config.json -v --detailed-exit-codes -RETVAL=$? -if [[ $RETVAL == 2 ]]; then - echo "os-net-config: interface configuration files updated successfully" -elif [[ $RETVAL != 0 ]]; then - echo "ERROR: os-net-config configuration failed" - exit $RETVAL -fi - if [[ "$pacemaker_status" == "active" ]] ; then echo "Starting cluster node" pcs cluster start diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index 212e9379..d9eaf8df 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -252,6 +252,7 @@ resource_registry: OS::TripleO::Services::MySQLClient: puppet/services/database/mysql-client.yaml OS::TripleO::Services::Vpp: OS::Heat::None OS::TripleO::Services::Docker: OS::Heat::None + OS::TripleO::Services::CertmongerUser: OS::Heat::None parameter_defaults: EnablePackageInstall: false diff --git a/puppet/puppet-steps.j2 b/puppet/puppet-steps.j2 index 581c4f0d..86af6114 100644 --- a/puppet/puppet-steps.j2 +++ b/puppet/puppet-steps.j2 @@ -42,7 +42,7 @@ {{role.name}}Deployment_Step{{step}}: type: OS::Heat::StructuredDeploymentGroup {% if step == 1 %} - depends_on: [{{role.name}}PreConfig, {{role.name}}ArtifactsDeploy] + depends_on: [{{role.name}}PrePuppet, {{role.name}}PreConfig, {{role.name}}ArtifactsDeploy] {% else %} depends_on: {% for dep in roles %} diff --git a/puppet/services/certmonger-user.yaml b/puppet/services/certmonger-user.yaml new file mode 100644 index 00000000..af9802b0 --- /dev/null +++ b/puppet/services/certmonger-user.yaml @@ -0,0 +1,28 @@ +heat_template_version: ocata + +description: > + Requests certificates using certmonger through Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +outputs: + role_data: + description: Role data for the certmonger-user service + value: + service_name: certmonger_user + step_config: | + include ::tripleo::profile::base::certmonger_user diff --git a/puppet/services/database/redis-base.yaml b/puppet/services/database/redis-base.yaml index 2b7dd430..af89ffb1 100644 --- a/puppet/services/database/redis-base.yaml +++ b/puppet/services/database/redis-base.yaml @@ -42,3 +42,4 @@ outputs: redis::sentinel::master_name: "%{hiera('bootstrap_nodeid')}" redis::sentinel::redis_host: "%{hiera('bootstrap_nodeid_ip')}" redis::sentinel::notification_script: '/usr/local/bin/redis-notifications.sh' + redis::sentinel::sentinel_bind: {get_param: [ServiceNetMap, RedisNetwork]} diff --git a/roles_data.yaml b/roles_data.yaml index e0c1c42d..130451ff 100644 --- a/roles_data.yaml +++ b/roles_data.yaml @@ -33,6 +33,7 @@ CountDefault: 1 ServicesDefault: - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::CephMds - OS::TripleO::Services::CephMon - OS::TripleO::Services::CephExternal @@ -135,6 +136,7 @@ disable_upgrade_deployment: True ServicesDefault: - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::CephClient - OS::TripleO::Services::CephExternal - OS::TripleO::Services::Timezone @@ -163,6 +165,7 @@ - name: BlockStorage ServicesDefault: - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::BlockStorageCinderVolume - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp @@ -181,6 +184,7 @@ disable_upgrade_deployment: True ServicesDefault: - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp - OS::TripleO::Services::SwiftStorage @@ -199,6 +203,7 @@ - name: CephStorage ServicesDefault: - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::CephOSD - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp |