diff options
-rw-r--r-- | docker/services/database/redis.yaml | 19 | ||||
-rw-r--r-- | docker/services/nova-placement.yaml | 2 | ||||
-rw-r--r-- | puppet/services/aodh-api.yaml | 12 | ||||
-rw-r--r-- | puppet/services/aodh-base.yaml | 2 | ||||
-rw-r--r-- | puppet/services/apache.yaml | 4 | ||||
-rw-r--r-- | puppet/services/barbican-api.yaml | 32 | ||||
-rw-r--r-- | puppet/services/ceilometer-api.yaml | 12 | ||||
-rw-r--r-- | puppet/services/cinder-api.yaml | 50 | ||||
-rw-r--r-- | puppet/services/gnocchi-api.yaml | 12 | ||||
-rw-r--r-- | puppet/services/keystone.yaml | 15 | ||||
-rw-r--r-- | puppet/services/pacemaker/rabbitmq.yaml | 29 | ||||
-rw-r--r-- | puppet/services/panko-api.yaml | 42 | ||||
-rw-r--r-- | puppet/services/rabbitmq.yaml | 8 | ||||
-rw-r--r-- | puppet/services/releasenotes/notes/mod_ssl-e7fd4db71189242e.yaml | 5 | ||||
-rw-r--r-- | puppet/services/zaqar.yaml | 62 | ||||
-rw-r--r-- | releasenotes/notes/change-rabbitmq-ha-mode-policy-default-6c6cd7f02181f0e0.yaml | 11 | ||||
-rw-r--r-- | releasenotes/notes/disable_default_apache_vhost-f41d11fe07605f7f.yaml | 6 |
17 files changed, 191 insertions, 132 deletions
diff --git a/docker/services/database/redis.yaml b/docker/services/database/redis.yaml index ca7b86ab..aa615919 100644 --- a/docker/services/database/redis.yaml +++ b/docker/services/database/redis.yaml @@ -41,14 +41,20 @@ outputs: description: Role data for the Redis API role. value: service_name: {get_attr: [RedisBase, role_data, service_name]} - config_settings: {get_attr: [RedisBase, role_data, config_settings]} + config_settings: + map_merge: + - {get_attr: [RedisBase, role_data, config_settings]} + - redis::daemonize: false step_config: &step_config get_attr: [RedisBase, role_data, step_config] service_config_settings: {get_attr: [RedisBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: config_volume: 'redis' - puppet_tags: 'file' + # NOTE: we need the exec tag to copy /etc/redis.conf.puppet to + # /etc/redis.conf + # https://github.com/arioch/puppet-redis/commit/1c004143223e660cbd433422ff8194508aab9763 + puppet_tags: 'exec' step_config: *step_config config_image: &redis_image list_join: @@ -57,6 +63,10 @@ outputs: kolla_config: /var/lib/kolla/config_files/redis.json: command: /usr/bin/redis-server /etc/redis.conf + permissions: + - path: /var/run/redis + owner: redis:redis + recurse: true docker_config: step_1: redis: @@ -72,6 +82,11 @@ outputs: - logs:/var/log/kolla environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create /var/run/redis + file: + path: /var/run/redis + state: directory upgrade_tasks: - name: Stop and disable redis service tags: step2 diff --git a/docker/services/nova-placement.yaml b/docker/services/nova-placement.yaml index 53460a83..e579e158 100644 --- a/docker/services/nova-placement.yaml +++ b/docker/services/nova-placement.yaml @@ -10,7 +10,7 @@ parameters: type: string DockerNovaPlacementImage: description: image - default: 'centos-binary-nova-placement-api' + default: 'centos-binary-nova-placement-api:latest' type: string EndpointMap: default: {} diff --git a/puppet/services/aodh-api.yaml b/puppet/services/aodh-api.yaml index 7cc6e4c6..e2bf0155 100644 --- a/puppet/services/aodh-api.yaml +++ b/puppet/services/aodh-api.yaml @@ -93,6 +93,12 @@ outputs: metadata_settings: get_attr: [ApacheServiceBase, role_data, metadata_settings] upgrade_tasks: - - name: Stop aodh_api service (running under httpd) - tags: step1 - service: name=httpd state=stopped + yaql: + expression: $.data.apache_upgrade + $.data.aodh_api_upgrade + data: + apache_upgrade: + get_attr: [ApacheServiceBase, role_data, upgrade_tasks] + aodh_api_upgrade: + - name: Stop aodh_api service (running under httpd) + tags: step1 + service: name=httpd state=stopped diff --git a/puppet/services/aodh-base.yaml b/puppet/services/aodh-base.yaml index 48a2aecd..5b78e28b 100644 --- a/puppet/services/aodh-base.yaml +++ b/puppet/services/aodh-base.yaml @@ -83,7 +83,7 @@ outputs: aodh::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } aodh::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } aodh::auth::auth_password: {get_param: AodhPassword} - aodh::auth::auth_region: 'regionOne' + aodh::auth::auth_region: {get_param: KeystoneRegion} aodh::auth::auth_tenant_name: 'service' service_config_settings: keystone: diff --git a/puppet/services/apache.yaml b/puppet/services/apache.yaml index 6e53b1f7..a2c3c7af 100644 --- a/puppet/services/apache.yaml +++ b/puppet/services/apache.yaml @@ -64,6 +64,7 @@ outputs: # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR apache::ip: {get_param: [ServiceNetMap, ApacheNetwork]} + apache::default_vhost: false apache::server_signature: 'Off' apache::server_tokens: 'Prod' apache_remote_proxy_ips_network: @@ -112,3 +113,6 @@ outputs: shell: /usr/bin/systemctl show 'httpd' --property ActiveState | grep '\bactive\b' when: httpd_enabled.rc == 0 tags: step0,validation + - name: Ensure mod_ssl package is installed + tags: step3 + yum: name=mod_ssl state=latest diff --git a/puppet/services/barbican-api.yaml b/puppet/services/barbican-api.yaml index 91a5b01c..ad59e701 100644 --- a/puppet/services/barbican-api.yaml +++ b/puppet/services/barbican-api.yaml @@ -153,16 +153,22 @@ outputs: metadata_settings: get_attr: [ApacheServiceBase, role_data, metadata_settings] upgrade_tasks: - - name: Check if barbican_api is deployed - command: systemctl is-enabled openstack-barbican-api - tags: common - ignore_errors: True - register: barbican_api_enabled - - name: "PreUpgrade step0,validation: Check service openstack-barbican-api is running" - shell: /usr/bin/systemctl show 'openstack-barbican-api' --property ActiveState | grep '\bactive\b' - when: barbican_api_enabled.rc == 0 - tags: step0,validation - - name: Install openstack-barbican-api package if it was disabled - tags: step3 - yum: name=openstack-barbican-api state=latest - when: barbican_api_enabled.rc != 0 + yaql: + expression: $.data.apache_upgrade + $.data.barbican_api_upgrade + data: + apache_upgrade: + get_attr: [ApacheServiceBase, role_data, upgrade_tasks] + barbican_api_upgrade: + - name: Check if barbican_api is deployed + command: systemctl is-enabled openstack-barbican-api + tags: common + ignore_errors: True + register: barbican_api_enabled + - name: "PreUpgrade step0,validation: Check service openstack-barbican-api is running" + shell: /usr/bin/systemctl show 'openstack-barbican-api' --property ActiveState | grep '\bactive\b' + when: barbican_api_enabled.rc == 0 + tags: step0,validation + - name: Install openstack-barbican-api package if it was disabled + tags: step3 + yum: name=openstack-barbican-api state=latest + when: barbican_api_enabled.rc != 0 diff --git a/puppet/services/ceilometer-api.yaml b/puppet/services/ceilometer-api.yaml index ba94b451..91bee507 100644 --- a/puppet/services/ceilometer-api.yaml +++ b/puppet/services/ceilometer-api.yaml @@ -100,6 +100,12 @@ outputs: metadata_settings: get_attr: [ApacheServiceBase, role_data, metadata_settings] upgrade_tasks: - - name: Stop ceilometer_api service (running under httpd) - tags: step1 - service: name=httpd state=stopped + yaql: + expression: $.data.apache_upgrade + $.data.ceilometer_api_upgrade + data: + apache_upgrade: + get_attr: [ApacheServiceBase, role_data, upgrade_tasks] + ceilometer_api_upgrade: + - name: Stop ceilometer_api service (running under httpd) + tags: step1 + service: name=httpd state=stopped diff --git a/puppet/services/cinder-api.yaml b/puppet/services/cinder-api.yaml index c1e6b0b0..0e3ceccb 100644 --- a/puppet/services/cinder-api.yaml +++ b/puppet/services/cinder-api.yaml @@ -159,25 +159,31 @@ outputs: metadata_settings: get_attr: [ApacheServiceBase, role_data, metadata_settings] upgrade_tasks: - - name: Check if cinder_api is deployed - command: systemctl is-enabled openstack-cinder-api - tags: common - ignore_errors: True - register: cinder_api_enabled - - name: "PreUpgrade step0,validation: Check service openstack-cinder-api is running" - shell: /usr/bin/systemctl show 'openstack-cinder-api' --property ActiveState | grep '\bactive\b' - when: cinder_api_enabled.rc == 0 - tags: step0,validation - - name: check for cinder running under apache (post upgrade) - tags: step1 - shell: "httpd -t -D DUMP_VHOSTS | grep -q cinder" - register: cinder_apache - ignore_errors: true - - name: Stop cinder_api service (running under httpd) - tags: step1 - service: name=httpd state=stopped - when: cinder_apache.rc == 0 - - name: Stop and disable cinder_api service (pre-upgrade not under httpd) - tags: step1 - when: cinder_api_enabled.rc == 0 - service: name=openstack-cinder-api state=stopped enabled=no + yaql: + expression: $.data.apache_upgrade + $.data.cinder_api_upgrade + data: + apache_upgrade: + get_attr: [ApacheServiceBase, role_data, upgrade_tasks] + cinder_api_upgrade: + - name: Check if cinder_api is deployed + command: systemctl is-enabled openstack-cinder-api + tags: common + ignore_errors: True + register: cinder_api_enabled + - name: "PreUpgrade step0,validation: Check service openstack-cinder-api is running" + shell: /usr/bin/systemctl show 'openstack-cinder-api' --property ActiveState | grep '\bactive\b' + when: cinder_api_enabled.rc == 0 + tags: step0,validation + - name: check for cinder running under apache (post upgrade) + tags: step1 + shell: "httpd -t -D DUMP_VHOSTS | grep -q cinder" + register: cinder_apache + ignore_errors: true + - name: Stop cinder_api service (running under httpd) + tags: step1 + service: name=httpd state=stopped + when: cinder_apache.rc == 0 + - name: Stop and disable cinder_api service (pre-upgrade not under httpd) + tags: step1 + when: cinder_api_enabled.rc == 0 + service: name=openstack-cinder-api state=stopped enabled=no diff --git a/puppet/services/gnocchi-api.yaml b/puppet/services/gnocchi-api.yaml index cd323703..5310b282 100644 --- a/puppet/services/gnocchi-api.yaml +++ b/puppet/services/gnocchi-api.yaml @@ -133,6 +133,12 @@ outputs: metadata_settings: get_attr: [ApacheServiceBase, role_data, metadata_settings] upgrade_tasks: - - name: Stop gnocchi_api service (running under httpd) - tags: step1 - service: name=httpd state=stopped + yaql: + expression: $.data.apache_upgrade + $.data.gnocchi_api_upgrade + data: + apache_upgrade: + get_attr: [ApacheServiceBase, role_data, upgrade_tasks] + gnocchi_api_upgrade: + - name: Stop gnocchi_api service (running under httpd) + tags: step1 + service: name=httpd state=stopped diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index 8a0e750d..b25b2e84 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -339,10 +339,15 @@ outputs: horizon::keystone_multidomain_support: true horizon::keystone_default_domain: 'Default' - {} - # Ansible tasks to handle upgrade - upgrade_tasks: - - name: Stop keystone service (running under httpd) - tags: step1 - service: name=httpd state=stopped metadata_settings: get_attr: [ApacheServiceBase, role_data, metadata_settings] + upgrade_tasks: + yaql: + expression: $.data.apache_upgrade + $.data.keystone_upgrade + data: + apache_upgrade: + get_attr: [ApacheServiceBase, role_data, upgrade_tasks] + keystone_upgrade: + - name: Stop keystone service (running under httpd) + tags: step1 + service: name=httpd state=stopped diff --git a/puppet/services/pacemaker/rabbitmq.yaml b/puppet/services/pacemaker/rabbitmq.yaml index caada950..30ea6d6c 100644 --- a/puppet/services/pacemaker/rabbitmq.yaml +++ b/puppet/services/pacemaker/rabbitmq.yaml @@ -39,34 +39,5 @@ outputs: - rabbitmq::service_manage: false step_config: | include ::tripleo::profile::pacemaker::rabbitmq - upgrade_tasks: - - name: get bootstrap nodeid - tags: common - command: hiera bootstrap_nodeid - register: bootstrap_node - - name: set is_bootstrap_node fact - tags: common - set_fact: is_bootstrap_node={{bootstrap_node.stdout == ansible_hostname}} - - name: get rabbitmq policy - tags: common - shell: pcs resource show rabbitmq | grep -q -E "Attributes:.*\"ha-mode\":\"all\"" - register: rabbit_ha_mode - when: is_bootstrap_node - ignore_errors: true - - name: set migrate_rabbit_ha_mode fact - tags: common - set_fact: migrate_rabbit_ha_mode={{rabbit_ha_mode.rc == 0}} - when: is_bootstrap_node - - name: Fixup for rabbitmq ha-queues LP#1668600 - tags: step0,pre-upgrade - shell: | - nr_controllers=$(($(hiera controller_node_names | grep -o "," |wc -l) + 1)) - nr_queues=$(($nr_controllers / 2 + ($nr_controllers % 2))) - if ! [ $nr_queues -gt 0 -a $nr_queues -le $nr_controllers ]; then - echo "ERROR: The nr. of HA queues during the rabbit upgrade is out of range: $nr_queues" - exit 1 - fi - pcs resource update rabbitmq set_policy='ha-all ^(?!amq\\.).* {"ha-mode":"exactly","ha-params":'"$nr_queues}" --wait=600 - when: is_bootstrap_node and migrate_rabbit_ha_mode metadata_settings: get_attr: [RabbitMQServiceBase, role_data, metadata_settings] diff --git a/puppet/services/panko-api.yaml b/puppet/services/panko-api.yaml index 43e7aa18..63cddb04 100644 --- a/puppet/services/panko-api.yaml +++ b/puppet/services/panko-api.yaml @@ -92,21 +92,27 @@ outputs: metadata_settings: get_attr: [ApacheServiceBase, role_data, metadata_settings] upgrade_tasks: - - name: Check if httpd is deployed - command: systemctl is-enabled httpd - tags: common - ignore_errors: True - register: httpd_enabled - - name: "PreUpgrade step0,validation: Check if httpd is running" - shell: > - /usr/bin/systemctl show 'httpd' --property ActiveState | - grep '\bactive\b' - when: httpd_enabled.rc == 0 - tags: step0,validation - - name: Stop panko-api service (running under httpd) - tags: step1 - service: name=httpd state=stopped - when: httpd_enabled.rc == 0 - - name: Install openstack-panko-api package if it was not installed - tags: step3 - yum: name=openstack-panko-api state=latest + yaql: + expression: $.data.apache_upgrade + $.data.panko_api_upgrade + data: + apache_upgrade: + get_attr: [ApacheServiceBase, role_data, upgrade_tasks] + panko_api_upgrade: + - name: Check if httpd is deployed + command: systemctl is-enabled httpd + tags: common + ignore_errors: True + register: httpd_enabled + - name: "PreUpgrade step0,validation: Check if httpd is running" + shell: > + /usr/bin/systemctl show 'httpd' --property ActiveState | + grep '\bactive\b' + when: httpd_enabled.rc == 0 + tags: step0,validation + - name: Stop panko-api service (running under httpd) + tags: step1 + service: name=httpd state=stopped + when: httpd_enabled.rc == 0 + - name: Install openstack-panko-api package if it was not installed + tags: step3 + yum: name=openstack-panko-api state=latest diff --git a/puppet/services/rabbitmq.yaml b/puppet/services/rabbitmq.yaml index 47479783..d69da3e1 100644 --- a/puppet/services/rabbitmq.yaml +++ b/puppet/services/rabbitmq.yaml @@ -40,10 +40,10 @@ parameters: hidden: true RabbitHAQueues: description: - The number of HA queues to be configured in rabbit. The default is 0 which will - be automatically overridden to CEIL(N/2) where N is the number of nodes running - rabbitmq. - default: 0 + The number of HA queues to be configured in rabbit. The default is -1 which + translates to "ha-mode all". The special value 0 will be automatically + overridden to CEIL(N/2) where N is the number of nodes running rabbitmq. + default: -1 type: number MonitoringSubscriptionRabbitmq: default: 'overcloud-rabbitmq' diff --git a/puppet/services/releasenotes/notes/mod_ssl-e7fd4db71189242e.yaml b/puppet/services/releasenotes/notes/mod_ssl-e7fd4db71189242e.yaml new file mode 100644 index 00000000..eb7b513c --- /dev/null +++ b/puppet/services/releasenotes/notes/mod_ssl-e7fd4db71189242e.yaml @@ -0,0 +1,5 @@ +--- +upgrade: + - When a service is deployed in WSGI with Apache, make sure mode_ssl + package is deployed during the upgrade process, it's now required + by default so Apache can start properly. diff --git a/puppet/services/zaqar.yaml b/puppet/services/zaqar.yaml index 1ab793f0..2a38e2c0 100644 --- a/puppet/services/zaqar.yaml +++ b/puppet/services/zaqar.yaml @@ -106,31 +106,37 @@ outputs: step_config: | include ::tripleo::profile::base::zaqar upgrade_tasks: - - name: Check if zaqar is deployed - command: systemctl is-enabled openstack-zaqar - tags: common - ignore_errors: True - register: zaqar_enabled - - name: "PreUpgrade step0,validation: Check if openstack-zaqar is running" - shell: > - /usr/bin/systemctl show 'openstack-zaqar' --property ActiveState | - grep '\bactive\b' - when: zaqar_enabled.rc == 0 - tags: step0,validation - - name: Check for zaqar running under apache (post upgrade) - tags: step1 - shell: "httpd -t -D DUMP_VHOSTS | grep -q zaqar_wsgi" - register: zaqar_apache - ignore_errors: true - - name: Stop zaqar service (running under httpd) - tags: step1 - service: name=httpd state=stopped - when: zaqar_apache.rc == 0 - - name: Stop and disable zaqar service (pre-upgrade not under httpd) - tags: step1 - when: zaqar_enabled.rc == 0 - service: name=openstack-zaqar state=stopped enabled=no - - name: Install openstack-zaqar package if it was disabled - tags: step3 - yum: name=openstack-zaqar state=latest - when: zaqar_enabled.rc != 0 + yaql: + expression: $.data.apache_upgrade + $.data.zaqar_upgrade + data: + apache_upgrade: + get_attr: [ApacheServiceBase, role_data, upgrade_tasks] + zaqar_upgrade: + - name: Check if zaqar is deployed + command: systemctl is-enabled openstack-zaqar + tags: common + ignore_errors: True + register: zaqar_enabled + - name: "PreUpgrade step0,validation: Check if openstack-zaqar is running" + shell: > + /usr/bin/systemctl show 'openstack-zaqar' --property ActiveState | + grep '\bactive\b' + when: zaqar_enabled.rc == 0 + tags: step0,validation + - name: Check for zaqar running under apache (post upgrade) + tags: step1 + shell: "httpd -t -D DUMP_VHOSTS | grep -q zaqar_wsgi" + register: zaqar_apache + ignore_errors: true + - name: Stop zaqar service (running under httpd) + tags: step1 + service: name=httpd state=stopped + when: zaqar_apache.rc == 0 + - name: Stop and disable zaqar service (pre-upgrade not under httpd) + tags: step1 + when: zaqar_enabled.rc == 0 + service: name=openstack-zaqar state=stopped enabled=no + - name: Install openstack-zaqar package if it was disabled + tags: step3 + yum: name=openstack-zaqar state=latest + when: zaqar_enabled.rc != 0 diff --git a/releasenotes/notes/change-rabbitmq-ha-mode-policy-default-6c6cd7f02181f0e0.yaml b/releasenotes/notes/change-rabbitmq-ha-mode-policy-default-6c6cd7f02181f0e0.yaml new file mode 100644 index 00000000..d6f74eff --- /dev/null +++ b/releasenotes/notes/change-rabbitmq-ha-mode-policy-default-6c6cd7f02181f0e0.yaml @@ -0,0 +1,11 @@ +--- +upgrade: + - | + We are not changing the rabbitmq ha-mode policy during upgrades any longer. + The policy chosen at deploy time will remain the same but can be changed + manually. +fixes: + - | + Due to https://bugs.launchpad.net/tripleo/+bug/1686337 we switch the + default of rabbitmq back ha-mode "all". This is to make the installation + more robust in the face of network issues. diff --git a/releasenotes/notes/disable_default_apache_vhost-f41d11fe07605f7f.yaml b/releasenotes/notes/disable_default_apache_vhost-f41d11fe07605f7f.yaml new file mode 100644 index 00000000..279e25cc --- /dev/null +++ b/releasenotes/notes/disable_default_apache_vhost-f41d11fe07605f7f.yaml @@ -0,0 +1,6 @@ +--- +upgrade: + - | + Disable default vhost for apache. It is required for a hybrid deployments + when WSGI based services running both at host and in containers, without + conflicting default ports. |