aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xextraconfig/tasks/pacemaker_resource_restart.sh24
-rw-r--r--puppet/services/apache.yaml2
-rw-r--r--puppet/services/cinder-volume.yaml6
-rw-r--r--puppet/services/glance-api.yaml8
-rw-r--r--puppet/services/glance-registry.yaml8
-rw-r--r--puppet/services/ironic-api.yaml6
-rw-r--r--puppet/services/neutron-api.yaml8
-rw-r--r--puppet/services/neutron-sriov-agent.yaml2
-rw-r--r--puppet/services/swift-proxy.yaml6
-rwxr-xr-xtools/yaml-validate.py5
10 files changed, 42 insertions, 33 deletions
diff --git a/extraconfig/tasks/pacemaker_resource_restart.sh b/extraconfig/tasks/pacemaker_resource_restart.sh
index 1637cee2..fd1fd0dc 100755
--- a/extraconfig/tasks/pacemaker_resource_restart.sh
+++ b/extraconfig/tasks/pacemaker_resource_restart.sh
@@ -7,15 +7,23 @@ pacemaker_status=$(systemctl is-active pacemaker)
# Run if pacemaker is running, we're the bootstrap node,
# and we're updating the deployment (not creating).
if [ "$pacemaker_status" = "active" -a \
- "$(hiera bootstrap_nodeid)" = "$(facter hostname)" -a \
- "$(hiera stack_action)" = "UPDATE" ]; then
+ "$(hiera bootstrap_nodeid)" = "$(facter hostname)" ]; then
- PCMK_RESOURCES="haproxy-clone redis-master rabbitmq-clone galera-master openstack-cinder-volume openstack-cinder-backup"
- # Ten minutes of timeout to restart each resource, given there are no constraints should be enough
TIMEOUT=600
- for resource in $PCMK_RESOURCES; do
- if pcs status | grep $resource; then
- pcs resource restart --wait=$TIMEOUT $resource
- fi
+ SERVICES_TO_RESTART="$(ls /var/lib/tripleo/pacemaker-restarts)"
+ PCS_STATUS_OUTPUT="$(pcs status)"
+
+ for service in $SERVICES_TO_RESTART; do
+ if ! echo "$PCS_STATUS_OUTPUT" | grep $service; then
+ echo "Service $service not found as a pacemaker resource, cannot restart it."
+ exit 1
+ fi
+ done
+
+ for service in $SERVICES_TO_RESTART; do
+ echo "Restarting $service..."
+ pcs resource restart --wait=$TIMEOUT $service
+ rm -f /var/lib/tripleo/pacemaker-restarts/$service
done
+
fi
diff --git a/puppet/services/apache.yaml b/puppet/services/apache.yaml
index 758d9510..7595e4c3 100644
--- a/puppet/services/apache.yaml
+++ b/puppet/services/apache.yaml
@@ -31,6 +31,8 @@ outputs:
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
apache::ip: {get_param: [ServiceNetMap, ApacheNetwork]}
+ apache::server_signature: 'Off'
+ apache::server_tokens: 'Prod'
apache_remote_proxy_ips_network:
str_replace:
template: "NETWORK_subnet"
diff --git a/puppet/services/cinder-volume.yaml b/puppet/services/cinder-volume.yaml
index 5b63da4d..c84c784e 100644
--- a/puppet/services/cinder-volume.yaml
+++ b/puppet/services/cinder-volume.yaml
@@ -99,10 +99,6 @@ outputs:
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
- tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address:
- str_replace:
- template: "NETWORK_uri"
- params:
- NETWORK: {get_param: [ServiceNetMap, CinderIscsiNetwork]}
+ tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address: {get_param: [ServiceNetMap, CinderIscsiNetwork]}
step_config: |
include ::tripleo::profile::base::cinder::volume
diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml
index 23689e2a..adc1b4cb 100644
--- a/puppet/services/glance-api.yaml
+++ b/puppet/services/glance-api.yaml
@@ -94,14 +94,14 @@ outputs:
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/glance'
glance::api::bind_port: {get_param: [EndpointMap, GlanceInternal, port]}
- glance::api::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
- glance::api::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ glance::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ glance::api::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
glance::api::registry_host:
str_replace:
template: "'REGISTRY_HOST'"
params:
REGISTRY_HOST: {get_param: [EndpointMap, GlanceRegistryInternal, host]}
- glance::api::keystone_password: {get_param: GlancePassword}
+ glance::api::authtoken::password: {get_param: GlancePassword}
glance::api::enable_proxy_headers_parsing: true
glance::api::debug: {get_param: Debug}
glance::api::workers: {get_param: GlanceWorkers}
@@ -132,7 +132,7 @@ outputs:
- 9292
- 13292
glance::keystone::auth::tenant: 'service'
- glance::api::keystone_tenant: 'service'
+ glance::api::authtoken::project_name: 'service'
glance::api::pipeline: 'keystone'
glance::api::show_image_direct_url: true
# NOTE: bind IP is found in Heat replacing the network name with the
diff --git a/puppet/services/glance-registry.yaml b/puppet/services/glance-registry.yaml
index f633567e..d5f01d46 100644
--- a/puppet/services/glance-registry.yaml
+++ b/puppet/services/glance-registry.yaml
@@ -50,11 +50,11 @@ outputs:
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/glance'
- glance::registry::keystone_password: {get_param: GlancePassword}
- glance::registry::keystone_tenant: 'service'
+ glance::registry::authtoken::password: {get_param: GlancePassword}
+ glance::registry::authtoken::project_name: 'service'
glance::registry::pipeline: 'keystone'
- glance::registry::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
- glance::registry::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ glance::registry::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ glance::registry::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
glance::registry::debug: {get_param: Debug}
glance::registry::workers: {get_param: GlanceWorkers}
glance::db::mysql::user: glance
diff --git a/puppet/services/ironic-api.yaml b/puppet/services/ironic-api.yaml
index 5b55bd52..5c3f370e 100644
--- a/puppet/services/ironic-api.yaml
+++ b/puppet/services/ironic-api.yaml
@@ -58,9 +58,9 @@ outputs:
ironic::api::port: {get_param: [EndpointMap, IronicInternal, port]}
# This is used to build links in responses
ironic::api::public_endpoint: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]}
- ironic::keystone::auth::admin_url: {get_param: [EndpointMap, IronicAdmin, uri]}
- ironic::keystone::auth::internal_url: {get_param: [EndpointMap, IronicInternal, uri]}
- ironic::keystone::auth::public_url: {get_param: [EndpointMap, IronicPublic, uri]}
+ ironic::keystone::auth::admin_url: {get_param: [EndpointMap, IronicAdmin, uri_no_suffix]}
+ ironic::keystone::auth::internal_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]}
+ ironic::keystone::auth::public_url: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]}
ironic::keystone::auth::auth_name: 'ironic'
ironic::keystone::auth::password: {get_param: IronicPassword }
ironic::keystone::auth::tenant: 'service'
diff --git a/puppet/services/neutron-api.yaml b/puppet/services/neutron-api.yaml
index 023d1364..da4ec26b 100644
--- a/puppet/services/neutron-api.yaml
+++ b/puppet/services/neutron-api.yaml
@@ -83,19 +83,19 @@ outputs:
neutron::keystone::auth::admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] }
neutron::keystone::auth::password: {get_param: NeutronPassword}
neutron::keystone::auth::region: {get_param: KeystoneRegion}
- neutron::server::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
- neutron::server::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ neutron::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ neutron::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
neutron::server::api_workers: {get_param: NeutronWorkers}
neutron::server::allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
neutron::server::l3_ha: {get_param: NeutronL3HA}
- neutron::server::password: {get_param: NeutronPassword}
+ neutron::keystone::authtoken::password: {get_param: NeutronPassword}
neutron::server::notifications::nova_url: { get_param: [ EndpointMap, NovaInternal, uri ] }
neutron::server::notifications::auth_url: { get_param: [ EndpointMap, KeystoneV3Admin, uri ] }
neutron::server::notifications::tenant_name: 'service'
neutron::server::notifications::project_name: 'service'
neutron::server::notifications::password: {get_param: NovaPassword}
- neutron::server::project_name: 'service'
+ neutron::keystone::authtoken::project_name: 'service'
neutron::server::sync_db: true
neutron::db::mysql::password: {get_param: NeutronPassword}
neutron::db::mysql::user: neutron
diff --git a/puppet/services/neutron-sriov-agent.yaml b/puppet/services/neutron-sriov-agent.yaml
index 559500df..b9a93394 100644
--- a/puppet/services/neutron-sriov-agent.yaml
+++ b/puppet/services/neutron-sriov-agent.yaml
@@ -53,6 +53,6 @@ outputs:
config_settings:
neutron::agents::ml2::sriov::physical_device_mappings: {get_param: NeutronPhysicalDevMappings}
neutron::agents::ml2::sriov::exclude_devices: {get_param: NeutronExcludeDevices}
- neutron::agents::ml2::sriov::number_of_vfs: {get_param: NeutronSriovNumVFs}
+ tripleo::host::sriov::number_of_vfs: {get_param: NeutronSriovNumVFs}
step_config: |
include ::tripleo::profile::base::neutron::sriov
diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml
index 10521877..d7b0cd7c 100644
--- a/puppet/services/swift-proxy.yaml
+++ b/puppet/services/swift-proxy.yaml
@@ -61,9 +61,9 @@ outputs:
- get_attr: [SwiftBase, role_data, config_settings]
- swift::proxy::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
- swift::proxy::authtoken::identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
- swift::proxy::authtoken::admin_password: {get_param: SwiftPassword}
- swift::proxy::authtoken::admin_tenant_name: 'service'
+ swift::proxy::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ swift::proxy::authtoken::password: {get_param: SwiftPassword}
+ swift::proxy::authtoken::project_name: 'service'
swift::proxy::node_timeout: {get_param: SwiftProxyNodeTimeout}
swift::proxy::workers: {get_param: SwiftWorkers}
swift::keystone::auth::public_url: {get_param: [EndpointMap, SwiftPublic, uri]}
diff --git a/tools/yaml-validate.py b/tools/yaml-validate.py
index d75aeb4f..7b3d3473 100755
--- a/tools/yaml-validate.py
+++ b/tools/yaml-validate.py
@@ -17,6 +17,8 @@ import traceback
import yaml
+required_params = ['EndpointMap', 'ServiceNetMap', 'DefaultPasswords']
+
def exit_usage():
print('Usage %s <yaml file or directory>' % sys.argv[0])
sys.exit(1)
@@ -40,7 +42,6 @@ def validate_service(filename, tpl):
% filename)
return 1
if 'parameters' in tpl:
- required_params = ['EndpointMap', 'ServiceNetMap', 'DefaultPasswords']
for param in required_params:
if param not in tpl['parameters']:
print('ERROR: parameter %s is required for %s.'
@@ -64,6 +65,8 @@ def validate(filename):
return 1
# yaml is OK, now walk the parameters and output a warning for unused ones
for p in tpl.get('parameters', {}):
+ if p in required_params:
+ continue
str_p = '\'%s\'' % p
in_resources = str_p in str(tpl.get('resources', {}))
in_outputs = str_p in str(tpl.get('outputs', {}))