aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--extraconfig/tasks/major_upgrade_pacemaker_migrations.sh36
-rw-r--r--puppet/extraconfig/tls/tls-cert-inject.yaml8
-rw-r--r--puppet/manifests/overcloud_controller_pacemaker.pp38
3 files changed, 72 insertions, 10 deletions
diff --git a/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh b/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh
index 1f420b32..b63198db 100644
--- a/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh
+++ b/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh
@@ -13,6 +13,42 @@
# been already applied, it should be possible to call the function
# again without damaging the deployment or failing the upgrade.
+function add_missing_openstack_core_constraints {
+ # The CIBs are saved under /root as they might contain sensitive data
+ CIB="/root/migration.cib"
+ CIB_BACKUP="/root/backup.cib"
+ CIB_PUSH_NEEDED=n
+
+ rm -f "$CIB" "$CIB_BACKUP" || /bin/true
+ pcs cluster cib "$CIB"
+ cp "$CIB" "$CIB_BACKUP"
+
+ if ! pcs -f "$CIB" constraint --full | grep 'start openstack-sahara-api-clone then start openstack-sahara-engine-clone'; then
+ pcs -f "$CIB" constraint order start openstack-sahara-api-clone then start openstack-sahara-engine-clone
+ CIB_PUSH_NEEDED=y
+ fi
+
+ if ! pcs -f "$CIB" constraint --full | grep 'start openstack-core-clone then start openstack-ceilometer-notification-clone'; then
+ pcs -f "$CIB" constraint order start openstack-core-clone then start openstack-ceilometer-notification-clone
+ CIB_PUSH_NEEDED=y
+ fi
+
+ if ! pcs -f "$CIB" constraint --full | grep 'start openstack-aodh-evaluator-clone then start openstack-aodh-listener-clone'; then
+ pcs -f "$CIB" constraint order start openstack-aodh-evaluator-clone then start openstack-aodh-listener-clone
+ CIB_PUSH_NEEDED=y
+ fi
+
+ if pcs -f "$CIB" constraint --full | grep 'start openstack-core-clone then start openstack-heat-api-clone'; then
+ CID=$(pcs -f "$CIB" constraint --full | grep 'start openstack-core-clone then start openstack-heat-api-clone' | sed -e 's/.*id\://g' -e 's/)//g')
+ pcs -f "$CIB" constraint remove $CID
+ CIB_PUSH_NEEDED=y
+ fi
+
+ if [ "$CIB_PUSH_NEEDED" = 'y' ]; then
+ pcs cluster cib-push "$CIB"
+ fi
+}
+
function remove_ceilometer_alarm {
if pcs status | grep openstack-ceilometer-alarm; then
# Disable pacemaker resources for ceilometer-alarms
diff --git a/puppet/extraconfig/tls/tls-cert-inject.yaml b/puppet/extraconfig/tls/tls-cert-inject.yaml
index 77b11378..e281ef51 100644
--- a/puppet/extraconfig/tls/tls-cert-inject.yaml
+++ b/puppet/extraconfig/tls/tls-cert-inject.yaml
@@ -63,6 +63,14 @@ resources:
openssl rsa -noout -modulus -in ${cert_path} \
| openssl md5 | cut -c 10- \
> ${heat_outputs_path}.key_modulus
+ # We need to reload haproxy in case the certificate changed because
+ # puppet doesn't know the contents of the cert file. The pacemaker
+ # case is handled separately in a pacemaker-specific resource.
+ pacemaker_status=$(systemctl is-active pacemaker)
+ haproxy_status=$(systemctl is-active haproxy)
+ if [ "$pacemaker_status" != "active" -a "$haproxy_status" = "active"]; then
+ systemctl reload haproxy
+ fi
ControllerTLSDeployment:
type: OS::Heat::SoftwareDeployment
diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp
index f152a141..3a6dbc06 100644
--- a/puppet/manifests/overcloud_controller_pacemaker.pp
+++ b/puppet/manifests/overcloud_controller_pacemaker.pp
@@ -1168,6 +1168,15 @@ if hiera('step') >= 5 {
require => [Pacemaker::Resource::Service[$::sahara::params::api_service_name],
Pacemaker::Resource::Ocf['openstack-core']],
}
+ pacemaker::constraint::base { 'sahara-api-then-sahara-engine-constraint':
+ constraint_type => 'order',
+ first_resource => "${::sahara::params::api_service_name}-clone",
+ second_resource => "${::sahara::params::engine_service_name}-clone",
+ first_action => 'start',
+ second_action => 'start',
+ require => [Pacemaker::Resource::Service[$::sahara::params::api_service_name],
+ Pacemaker::Resource::Service[$::sahara::params::engine_service_name]],
+ }
# Glance
if $glance_backend == 'file' and hiera('glance_file_pcmk_manage', false) {
@@ -1351,7 +1360,7 @@ if hiera('step') >= 5 {
Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service]],
}
}
- if hiera('neutron::enable_dhcp_agent',true) and hiera('l3_agent_service',true) {
+ if hiera('neutron::enable_dhcp_agent',true) and hiera('neutron::enable_l3_agent',true) {
pacemaker::constraint::base { 'neutron-dhcp-agent-to-l3-agent-constraint':
constraint_type => 'order',
first_resource => "${::neutron::params::dhcp_agent_service}-clone",
@@ -1584,6 +1593,15 @@ if hiera('step') >= 5 {
require => [Pacemaker::Resource::Service[$::ceilometer::params::agent_central_service_name],
Pacemaker::Resource::Ocf['openstack-core']],
}
+ pacemaker::constraint::base { 'keystone-then-ceilometer-notification-constraint':
+ constraint_type => 'order',
+ first_resource => 'openstack-core-clone',
+ second_resource => "${::ceilometer::params::agent_notification_service_name}-clone",
+ first_action => 'start',
+ second_action => 'start',
+ require => [Pacemaker::Resource::Service[$::ceilometer::params::agent_central_service_name],
+ Pacemaker::Resource::Ocf['openstack-core']],
+ }
pacemaker::constraint::base { 'ceilometer-central-then-ceilometer-collector-constraint':
constraint_type => 'order',
first_resource => "${::ceilometer::params::agent_central_service_name}-clone",
@@ -1667,6 +1685,15 @@ if hiera('step') >= 5 {
require => [Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name],
Pacemaker::Resource::Service[$::aodh::params::notifier_service_name]],
}
+ pacemaker::constraint::base { 'aodh-evaluator-then-aodh-listener-constraint':
+ constraint_type => 'order',
+ first_resource => "${::aodh::params::evaluator_service_name}-clone",
+ second_resource => "${::aodh::params::listener_service_name}-clone",
+ first_action => 'start',
+ second_action => 'start',
+ require => [Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name],
+ Pacemaker::Resource::Service[$::aodh::params::listener_service_name]],
+ }
pacemaker::constraint::colocation { 'aodh-listener-with-aodh-evaluator-colocation':
source => "${::aodh::params::listener_service_name}-clone",
target => "${::aodh::params::evaluator_service_name}-clone",
@@ -1723,15 +1750,6 @@ if hiera('step') >= 5 {
pacemaker::resource::service { $::heat::params::engine_service_name :
clone_params => 'interleave=true',
}
- pacemaker::constraint::base { 'keystone-then-heat-api-constraint':
- constraint_type => 'order',
- first_resource => 'openstack-core-clone',
- second_resource => "${::heat::params::api_service_name}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::heat::params::api_service_name],
- Pacemaker::Resource::Ocf['openstack-core']],
- }
pacemaker::constraint::base { 'heat-api-then-heat-api-cfn-constraint':
constraint_type => 'order',
first_resource => "${::heat::params::api_service_name}-clone",