diff options
| -rw-r--r-- | docker/services/pacemaker/clustercheck.yaml | 5 | ||||
| -rw-r--r-- | environments/network-isolation-v6.j2.yaml | 2 | ||||
| -rw-r--r-- | extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration | 38 | ||||
| -rw-r--r-- | puppet/services/cinder-base.yaml | 2 | ||||
| -rw-r--r-- | puppet/services/database/mysql.yaml | 6 | ||||
| -rw-r--r-- | releasenotes/notes/rhsm_proxy_verify-548f104c97cf5f90.yaml | 5 |
6 files changed, 50 insertions, 8 deletions
diff --git a/docker/services/pacemaker/clustercheck.yaml b/docker/services/pacemaker/clustercheck.yaml index b5d128d4..6db8a212 100644 --- a/docker/services/pacemaker/clustercheck.yaml +++ b/docker/services/pacemaker/clustercheck.yaml @@ -44,8 +44,11 @@ resources: ContainersCommon: type: ../containers-common.yaml +# We import from the corresponding docker service because otherwise we risk +# rewriting the tripleo.mysql.firewall_rules key with the baremetal firewall +# rules (see LP#1728918) MysqlPuppetBase: - type: ../../../puppet/services/pacemaker/database/mysql.yaml + type: ../../../docker/services/pacemaker/database/mysql.yaml properties: EndpointMap: {get_param: EndpointMap} ServiceData: {get_param: ServiceData} diff --git a/environments/network-isolation-v6.j2.yaml b/environments/network-isolation-v6.j2.yaml index 617dfa61..fefa20ce 100644 --- a/environments/network-isolation-v6.j2.yaml +++ b/environments/network-isolation-v6.j2.yaml @@ -55,3 +55,5 @@ parameter_defaults: RabbitIPv6: True # Enable IPv6 environment for Memcached. MemcachedIPv6: True + # Enable IPv6 environment for MySQL. + MysqlIPv6: True diff --git a/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration b/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration index c7d0b231..4592473f 100644 --- a/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration +++ b/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration @@ -23,6 +23,8 @@ proxy_port= proxy_url= proxy_username= proxy_password= +curl_opts="--retry-delay 10 --max-time 30 --retry ${retry_max_count} --cacert /etc/rhsm/ca/redhat-uep.pem" +portal_test_url="https://$(crudini --get /etc/rhsm/rhsm.conf server hostname)/subscription/" # process variables.. if [ -n "${REG_AUTO_ATTACH:-}" ]; then @@ -129,12 +131,14 @@ if [ -n "${REG_HTTP_PROXY_HOST:-}" ]; then # Good both values are not empty proxy_url="http://${proxy_host}:${proxy_port}" config_opts="--server.proxy_hostname=${proxy_host} --server.proxy_port=${proxy_port}" - sat5_opts="${sat5_opts} --proxy_hostname=${proxy_url}" + sat5_opts="${sat5_opts} --proxy=${proxy_url}" + curl_opts="${curl_opts} -x http://${proxy_host}:${proxy_port}" echo "RHSM Proxy set to: ${proxy_url}" if [ -n "${REG_HTTP_PROXY_USERNAME:-}" ]; then if [ -n "${REG_HTTP_PROXY_PASSWORD:-}" ]; then config_opts="${config_opts} --server.proxy_user=${proxy_username} --server.proxy_password=${proxy_password}" sat5_opts="${sat5_opts} --proxyUser=${proxy_username} --proxyPassword=${proxy_password}" + curl_opts="${curl_opts} --proxy-user ${proxy_username}:${proxy_password}" else echo "Warning: REG_HTTP_PROXY_PASSWORD cannot be null with non-empty REG_HTTP_PROXY_USERNAME! Skipping..." proxy_username= ; proxy_password= @@ -187,10 +191,10 @@ function retry() { } function detect_satellite_server { - if curl --retry ${retry_max_count} --retry-delay 10 --max-time 30 -L -k -s -D - -o /dev/null $REG_SAT_URL/pub/katello-ca-consumer-latest.noarch.rpm | grep "200 OK"; then + if curl ${curl_opts} -L -k -s -D - -o /dev/null $REG_SAT_URL/pub/katello-ca-consumer-latest.noarch.rpm | grep "200 OK"; then echo Satellite 6 or beyond with Katello API detected at $REG_SAT_URL katello_api_enabled=1 - elif curl --retry ${retry_max_count} --retry-delay 10 --max-time 30 -L -k -s -D - -o /dev/null $REG_SAT_URL/rhn/Login.do | grep "200 OK"; then + elif curl ${curl_opts} -L -k -s -D - -o /dev/null $REG_SAT_URL/rhn/Login.do | grep "200 OK"; then echo Satellite 5 with RHN detected at $REG_SAT_URL katello_api_enabled=0 else @@ -199,7 +203,13 @@ function detect_satellite_server { fi } -if [ "x${proxy_url}" != "x" ];then +if [ "x${proxy_url}" != "x" ]; then + # Before everything, we want to make sure the proxy can be reached + # Note: no need to manage retries, already done by retry() function. + echo "Testing proxy connectivity..." + retry bash -c "</dev/tcp/${proxy_host}/${proxy_port}" + echo "Proxy ${proxy_url} is reachable!" + # Config subscription-manager for proxy subscription-manager config ${config_opts} @@ -222,6 +232,22 @@ fi case "${REG_METHOD:-}" in portal) + # First test curl to RHSM through the specified proxy + + if curl ${curl_opts} -L -s -D - -o /dev/null ${portal_test_url}|grep '200 OK'; then + if [ "x${proxy_url}" = "x" ]; then + echo "Access to RHSM portal OK, continuing..." + else + echo "Access to RHSM portal through proxy ${proxy_url} OK, continuing..." + fi + else + if [ "x${proxy_url}" = "x" ]; then + echo "Unable to access RHSM portal! Please check your parameters." + else + echo "Unable to access RHSM portal through configured HTTP proxy (${proxy_url}) ! Please check your parameters." + fi + exit 1 + fi retry subscription-manager register $opts if [ -z "${REG_AUTO_ATTACH:-}" -a -z "${REG_ACTIVATION_KEY:-}" ]; then retry subscription-manager attach $attach_opts @@ -233,7 +259,7 @@ case "${REG_METHOD:-}" in detect_satellite_server if [ "$katello_api_enabled" = "1" ]; then repos="$repos --enable ${satellite_repo}" - curl --retry ${retry_max_count} --retry-delay 10 --max-time 30 -L -k -O "$REG_SAT_URL/pub/katello-ca-consumer-latest.noarch.rpm" + curl ${curl_opts} -L -k -O "$REG_SAT_URL/pub/katello-ca-consumer-latest.noarch.rpm" # https://bugs.launchpad.net/tripleo/+bug/1711435 # Delete the /etc/rhsm/facts directory entirely so that the @@ -255,7 +281,7 @@ case "${REG_METHOD:-}" in mkdir -p /etc/rhsm/facts else pushd /usr/share/rhn/ - curl --retry ${retry_max_count} --retry-delay 10 --max-time 30 -k -O $REG_SAT_URL/pub/RHN-ORG-TRUSTED-SSL-CERT + curl ${curl_opts} -k -O $REG_SAT_URL/pub/RHN-ORG-TRUSTED-SSL-CERT popd retry rhnreg_ks --serverUrl=$REG_SAT_URL/XMLRPC $sat5_opts fi diff --git a/puppet/services/cinder-base.yaml b/puppet/services/cinder-base.yaml index 5b2a2582..2a8026da 100644 --- a/puppet/services/cinder-base.yaml +++ b/puppet/services/cinder-base.yaml @@ -89,7 +89,7 @@ parameters: type: string description: > Cron to move deleted instances to another table - User - default: 'keystone' + default: 'cinder' CinderCronDbPurgeAge: type: string description: > diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml index 02c51fe6..c1f54bb6 100644 --- a/puppet/services/database/mysql.yaml +++ b/puppet/services/database/mysql.yaml @@ -57,6 +57,11 @@ parameters: EnableInternalTLS: type: boolean default: false + MysqlIPv6: + default: false + description: Enable IPv6 in MySQL + type: boolean + conditions: @@ -77,6 +82,7 @@ outputs: # in tripleo-puppet-elements. mysql::server::package_name: 'mariadb-galera-server' mysql::server::manage_config_file: true + mysql_ipv6: {get_param: MysqlIPv6} tripleo.mysql.firewall_rules: '104 mysql galera': dport: diff --git a/releasenotes/notes/rhsm_proxy_verify-548f104c97cf5f90.yaml b/releasenotes/notes/rhsm_proxy_verify-548f104c97cf5f90.yaml new file mode 100644 index 00000000..626ecbaf --- /dev/null +++ b/releasenotes/notes/rhsm_proxy_verify-548f104c97cf5f90.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + When using RHSM proxy, TripleO will now verify that the proxy can be reached + otherwise we'll stop early and not try to subscribe nodes. |