aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--docker/services/database/redis.yaml19
-rw-r--r--docker/services/nova-placement.yaml2
-rw-r--r--puppet/services/aodh-api.yaml12
-rw-r--r--puppet/services/aodh-base.yaml2
-rw-r--r--puppet/services/apache.yaml4
-rw-r--r--puppet/services/barbican-api.yaml32
-rw-r--r--puppet/services/ceilometer-api.yaml12
-rw-r--r--puppet/services/cinder-api.yaml50
-rw-r--r--puppet/services/gnocchi-api.yaml12
-rw-r--r--puppet/services/keystone.yaml15
-rw-r--r--puppet/services/pacemaker/rabbitmq.yaml29
-rw-r--r--puppet/services/panko-api.yaml42
-rw-r--r--puppet/services/rabbitmq.yaml8
-rw-r--r--puppet/services/releasenotes/notes/mod_ssl-e7fd4db71189242e.yaml5
-rw-r--r--puppet/services/zaqar.yaml62
-rw-r--r--releasenotes/notes/change-rabbitmq-ha-mode-policy-default-6c6cd7f02181f0e0.yaml11
-rw-r--r--releasenotes/notes/disable_default_apache_vhost-f41d11fe07605f7f.yaml6
17 files changed, 191 insertions, 132 deletions
diff --git a/docker/services/database/redis.yaml b/docker/services/database/redis.yaml
index ca7b86ab..aa615919 100644
--- a/docker/services/database/redis.yaml
+++ b/docker/services/database/redis.yaml
@@ -41,14 +41,20 @@ outputs:
description: Role data for the Redis API role.
value:
service_name: {get_attr: [RedisBase, role_data, service_name]}
- config_settings: {get_attr: [RedisBase, role_data, config_settings]}
+ config_settings:
+ map_merge:
+ - {get_attr: [RedisBase, role_data, config_settings]}
+ - redis::daemonize: false
step_config: &step_config
get_attr: [RedisBase, role_data, step_config]
service_config_settings: {get_attr: [RedisBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: 'redis'
- puppet_tags: 'file'
+ # NOTE: we need the exec tag to copy /etc/redis.conf.puppet to
+ # /etc/redis.conf
+ # https://github.com/arioch/puppet-redis/commit/1c004143223e660cbd433422ff8194508aab9763
+ puppet_tags: 'exec'
step_config: *step_config
config_image: &redis_image
list_join:
@@ -57,6 +63,10 @@ outputs:
kolla_config:
/var/lib/kolla/config_files/redis.json:
command: /usr/bin/redis-server /etc/redis.conf
+ permissions:
+ - path: /var/run/redis
+ owner: redis:redis
+ recurse: true
docker_config:
step_1:
redis:
@@ -72,6 +82,11 @@ outputs:
- logs:/var/log/kolla
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ host_prep_tasks:
+ - name: create /var/run/redis
+ file:
+ path: /var/run/redis
+ state: directory
upgrade_tasks:
- name: Stop and disable redis service
tags: step2
diff --git a/docker/services/nova-placement.yaml b/docker/services/nova-placement.yaml
index 53460a83..e579e158 100644
--- a/docker/services/nova-placement.yaml
+++ b/docker/services/nova-placement.yaml
@@ -10,7 +10,7 @@ parameters:
type: string
DockerNovaPlacementImage:
description: image
- default: 'centos-binary-nova-placement-api'
+ default: 'centos-binary-nova-placement-api:latest'
type: string
EndpointMap:
default: {}
diff --git a/puppet/services/aodh-api.yaml b/puppet/services/aodh-api.yaml
index 7cc6e4c6..e2bf0155 100644
--- a/puppet/services/aodh-api.yaml
+++ b/puppet/services/aodh-api.yaml
@@ -93,6 +93,12 @@ outputs:
metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks:
- - name: Stop aodh_api service (running under httpd)
- tags: step1
- service: name=httpd state=stopped
+ yaql:
+ expression: $.data.apache_upgrade + $.data.aodh_api_upgrade
+ data:
+ apache_upgrade:
+ get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
+ aodh_api_upgrade:
+ - name: Stop aodh_api service (running under httpd)
+ tags: step1
+ service: name=httpd state=stopped
diff --git a/puppet/services/aodh-base.yaml b/puppet/services/aodh-base.yaml
index 48a2aecd..5b78e28b 100644
--- a/puppet/services/aodh-base.yaml
+++ b/puppet/services/aodh-base.yaml
@@ -83,7 +83,7 @@ outputs:
aodh::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
aodh::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
aodh::auth::auth_password: {get_param: AodhPassword}
- aodh::auth::auth_region: 'regionOne'
+ aodh::auth::auth_region: {get_param: KeystoneRegion}
aodh::auth::auth_tenant_name: 'service'
service_config_settings:
keystone:
diff --git a/puppet/services/apache.yaml b/puppet/services/apache.yaml
index 6e53b1f7..a2c3c7af 100644
--- a/puppet/services/apache.yaml
+++ b/puppet/services/apache.yaml
@@ -64,6 +64,7 @@ outputs:
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
apache::ip: {get_param: [ServiceNetMap, ApacheNetwork]}
+ apache::default_vhost: false
apache::server_signature: 'Off'
apache::server_tokens: 'Prod'
apache_remote_proxy_ips_network:
@@ -112,3 +113,6 @@ outputs:
shell: /usr/bin/systemctl show 'httpd' --property ActiveState | grep '\bactive\b'
when: httpd_enabled.rc == 0
tags: step0,validation
+ - name: Ensure mod_ssl package is installed
+ tags: step3
+ yum: name=mod_ssl state=latest
diff --git a/puppet/services/barbican-api.yaml b/puppet/services/barbican-api.yaml
index 91a5b01c..ad59e701 100644
--- a/puppet/services/barbican-api.yaml
+++ b/puppet/services/barbican-api.yaml
@@ -153,16 +153,22 @@ outputs:
metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks:
- - name: Check if barbican_api is deployed
- command: systemctl is-enabled openstack-barbican-api
- tags: common
- ignore_errors: True
- register: barbican_api_enabled
- - name: "PreUpgrade step0,validation: Check service openstack-barbican-api is running"
- shell: /usr/bin/systemctl show 'openstack-barbican-api' --property ActiveState | grep '\bactive\b'
- when: barbican_api_enabled.rc == 0
- tags: step0,validation
- - name: Install openstack-barbican-api package if it was disabled
- tags: step3
- yum: name=openstack-barbican-api state=latest
- when: barbican_api_enabled.rc != 0
+ yaql:
+ expression: $.data.apache_upgrade + $.data.barbican_api_upgrade
+ data:
+ apache_upgrade:
+ get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
+ barbican_api_upgrade:
+ - name: Check if barbican_api is deployed
+ command: systemctl is-enabled openstack-barbican-api
+ tags: common
+ ignore_errors: True
+ register: barbican_api_enabled
+ - name: "PreUpgrade step0,validation: Check service openstack-barbican-api is running"
+ shell: /usr/bin/systemctl show 'openstack-barbican-api' --property ActiveState | grep '\bactive\b'
+ when: barbican_api_enabled.rc == 0
+ tags: step0,validation
+ - name: Install openstack-barbican-api package if it was disabled
+ tags: step3
+ yum: name=openstack-barbican-api state=latest
+ when: barbican_api_enabled.rc != 0
diff --git a/puppet/services/ceilometer-api.yaml b/puppet/services/ceilometer-api.yaml
index ba94b451..91bee507 100644
--- a/puppet/services/ceilometer-api.yaml
+++ b/puppet/services/ceilometer-api.yaml
@@ -100,6 +100,12 @@ outputs:
metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks:
- - name: Stop ceilometer_api service (running under httpd)
- tags: step1
- service: name=httpd state=stopped
+ yaql:
+ expression: $.data.apache_upgrade + $.data.ceilometer_api_upgrade
+ data:
+ apache_upgrade:
+ get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
+ ceilometer_api_upgrade:
+ - name: Stop ceilometer_api service (running under httpd)
+ tags: step1
+ service: name=httpd state=stopped
diff --git a/puppet/services/cinder-api.yaml b/puppet/services/cinder-api.yaml
index c1e6b0b0..0e3ceccb 100644
--- a/puppet/services/cinder-api.yaml
+++ b/puppet/services/cinder-api.yaml
@@ -159,25 +159,31 @@ outputs:
metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks:
- - name: Check if cinder_api is deployed
- command: systemctl is-enabled openstack-cinder-api
- tags: common
- ignore_errors: True
- register: cinder_api_enabled
- - name: "PreUpgrade step0,validation: Check service openstack-cinder-api is running"
- shell: /usr/bin/systemctl show 'openstack-cinder-api' --property ActiveState | grep '\bactive\b'
- when: cinder_api_enabled.rc == 0
- tags: step0,validation
- - name: check for cinder running under apache (post upgrade)
- tags: step1
- shell: "httpd -t -D DUMP_VHOSTS | grep -q cinder"
- register: cinder_apache
- ignore_errors: true
- - name: Stop cinder_api service (running under httpd)
- tags: step1
- service: name=httpd state=stopped
- when: cinder_apache.rc == 0
- - name: Stop and disable cinder_api service (pre-upgrade not under httpd)
- tags: step1
- when: cinder_api_enabled.rc == 0
- service: name=openstack-cinder-api state=stopped enabled=no
+ yaql:
+ expression: $.data.apache_upgrade + $.data.cinder_api_upgrade
+ data:
+ apache_upgrade:
+ get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
+ cinder_api_upgrade:
+ - name: Check if cinder_api is deployed
+ command: systemctl is-enabled openstack-cinder-api
+ tags: common
+ ignore_errors: True
+ register: cinder_api_enabled
+ - name: "PreUpgrade step0,validation: Check service openstack-cinder-api is running"
+ shell: /usr/bin/systemctl show 'openstack-cinder-api' --property ActiveState | grep '\bactive\b'
+ when: cinder_api_enabled.rc == 0
+ tags: step0,validation
+ - name: check for cinder running under apache (post upgrade)
+ tags: step1
+ shell: "httpd -t -D DUMP_VHOSTS | grep -q cinder"
+ register: cinder_apache
+ ignore_errors: true
+ - name: Stop cinder_api service (running under httpd)
+ tags: step1
+ service: name=httpd state=stopped
+ when: cinder_apache.rc == 0
+ - name: Stop and disable cinder_api service (pre-upgrade not under httpd)
+ tags: step1
+ when: cinder_api_enabled.rc == 0
+ service: name=openstack-cinder-api state=stopped enabled=no
diff --git a/puppet/services/gnocchi-api.yaml b/puppet/services/gnocchi-api.yaml
index cd323703..5310b282 100644
--- a/puppet/services/gnocchi-api.yaml
+++ b/puppet/services/gnocchi-api.yaml
@@ -133,6 +133,12 @@ outputs:
metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks:
- - name: Stop gnocchi_api service (running under httpd)
- tags: step1
- service: name=httpd state=stopped
+ yaql:
+ expression: $.data.apache_upgrade + $.data.gnocchi_api_upgrade
+ data:
+ apache_upgrade:
+ get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
+ gnocchi_api_upgrade:
+ - name: Stop gnocchi_api service (running under httpd)
+ tags: step1
+ service: name=httpd state=stopped
diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml
index 8a0e750d..b25b2e84 100644
--- a/puppet/services/keystone.yaml
+++ b/puppet/services/keystone.yaml
@@ -339,10 +339,15 @@ outputs:
horizon::keystone_multidomain_support: true
horizon::keystone_default_domain: 'Default'
- {}
- # Ansible tasks to handle upgrade
- upgrade_tasks:
- - name: Stop keystone service (running under httpd)
- tags: step1
- service: name=httpd state=stopped
metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings]
+ upgrade_tasks:
+ yaql:
+ expression: $.data.apache_upgrade + $.data.keystone_upgrade
+ data:
+ apache_upgrade:
+ get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
+ keystone_upgrade:
+ - name: Stop keystone service (running under httpd)
+ tags: step1
+ service: name=httpd state=stopped
diff --git a/puppet/services/pacemaker/rabbitmq.yaml b/puppet/services/pacemaker/rabbitmq.yaml
index caada950..30ea6d6c 100644
--- a/puppet/services/pacemaker/rabbitmq.yaml
+++ b/puppet/services/pacemaker/rabbitmq.yaml
@@ -39,34 +39,5 @@ outputs:
- rabbitmq::service_manage: false
step_config: |
include ::tripleo::profile::pacemaker::rabbitmq
- upgrade_tasks:
- - name: get bootstrap nodeid
- tags: common
- command: hiera bootstrap_nodeid
- register: bootstrap_node
- - name: set is_bootstrap_node fact
- tags: common
- set_fact: is_bootstrap_node={{bootstrap_node.stdout == ansible_hostname}}
- - name: get rabbitmq policy
- tags: common
- shell: pcs resource show rabbitmq | grep -q -E "Attributes:.*\"ha-mode\":\"all\""
- register: rabbit_ha_mode
- when: is_bootstrap_node
- ignore_errors: true
- - name: set migrate_rabbit_ha_mode fact
- tags: common
- set_fact: migrate_rabbit_ha_mode={{rabbit_ha_mode.rc == 0}}
- when: is_bootstrap_node
- - name: Fixup for rabbitmq ha-queues LP#1668600
- tags: step0,pre-upgrade
- shell: |
- nr_controllers=$(($(hiera controller_node_names | grep -o "," |wc -l) + 1))
- nr_queues=$(($nr_controllers / 2 + ($nr_controllers % 2)))
- if ! [ $nr_queues -gt 0 -a $nr_queues -le $nr_controllers ]; then
- echo "ERROR: The nr. of HA queues during the rabbit upgrade is out of range: $nr_queues"
- exit 1
- fi
- pcs resource update rabbitmq set_policy='ha-all ^(?!amq\\.).* {"ha-mode":"exactly","ha-params":'"$nr_queues}" --wait=600
- when: is_bootstrap_node and migrate_rabbit_ha_mode
metadata_settings:
get_attr: [RabbitMQServiceBase, role_data, metadata_settings]
diff --git a/puppet/services/panko-api.yaml b/puppet/services/panko-api.yaml
index 43e7aa18..63cddb04 100644
--- a/puppet/services/panko-api.yaml
+++ b/puppet/services/panko-api.yaml
@@ -92,21 +92,27 @@ outputs:
metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks:
- - name: Check if httpd is deployed
- command: systemctl is-enabled httpd
- tags: common
- ignore_errors: True
- register: httpd_enabled
- - name: "PreUpgrade step0,validation: Check if httpd is running"
- shell: >
- /usr/bin/systemctl show 'httpd' --property ActiveState |
- grep '\bactive\b'
- when: httpd_enabled.rc == 0
- tags: step0,validation
- - name: Stop panko-api service (running under httpd)
- tags: step1
- service: name=httpd state=stopped
- when: httpd_enabled.rc == 0
- - name: Install openstack-panko-api package if it was not installed
- tags: step3
- yum: name=openstack-panko-api state=latest
+ yaql:
+ expression: $.data.apache_upgrade + $.data.panko_api_upgrade
+ data:
+ apache_upgrade:
+ get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
+ panko_api_upgrade:
+ - name: Check if httpd is deployed
+ command: systemctl is-enabled httpd
+ tags: common
+ ignore_errors: True
+ register: httpd_enabled
+ - name: "PreUpgrade step0,validation: Check if httpd is running"
+ shell: >
+ /usr/bin/systemctl show 'httpd' --property ActiveState |
+ grep '\bactive\b'
+ when: httpd_enabled.rc == 0
+ tags: step0,validation
+ - name: Stop panko-api service (running under httpd)
+ tags: step1
+ service: name=httpd state=stopped
+ when: httpd_enabled.rc == 0
+ - name: Install openstack-panko-api package if it was not installed
+ tags: step3
+ yum: name=openstack-panko-api state=latest
diff --git a/puppet/services/rabbitmq.yaml b/puppet/services/rabbitmq.yaml
index 47479783..d69da3e1 100644
--- a/puppet/services/rabbitmq.yaml
+++ b/puppet/services/rabbitmq.yaml
@@ -40,10 +40,10 @@ parameters:
hidden: true
RabbitHAQueues:
description:
- The number of HA queues to be configured in rabbit. The default is 0 which will
- be automatically overridden to CEIL(N/2) where N is the number of nodes running
- rabbitmq.
- default: 0
+ The number of HA queues to be configured in rabbit. The default is -1 which
+ translates to "ha-mode all". The special value 0 will be automatically
+ overridden to CEIL(N/2) where N is the number of nodes running rabbitmq.
+ default: -1
type: number
MonitoringSubscriptionRabbitmq:
default: 'overcloud-rabbitmq'
diff --git a/puppet/services/releasenotes/notes/mod_ssl-e7fd4db71189242e.yaml b/puppet/services/releasenotes/notes/mod_ssl-e7fd4db71189242e.yaml
new file mode 100644
index 00000000..eb7b513c
--- /dev/null
+++ b/puppet/services/releasenotes/notes/mod_ssl-e7fd4db71189242e.yaml
@@ -0,0 +1,5 @@
+---
+upgrade:
+ - When a service is deployed in WSGI with Apache, make sure mode_ssl
+ package is deployed during the upgrade process, it's now required
+ by default so Apache can start properly.
diff --git a/puppet/services/zaqar.yaml b/puppet/services/zaqar.yaml
index 1ab793f0..2a38e2c0 100644
--- a/puppet/services/zaqar.yaml
+++ b/puppet/services/zaqar.yaml
@@ -106,31 +106,37 @@ outputs:
step_config: |
include ::tripleo::profile::base::zaqar
upgrade_tasks:
- - name: Check if zaqar is deployed
- command: systemctl is-enabled openstack-zaqar
- tags: common
- ignore_errors: True
- register: zaqar_enabled
- - name: "PreUpgrade step0,validation: Check if openstack-zaqar is running"
- shell: >
- /usr/bin/systemctl show 'openstack-zaqar' --property ActiveState |
- grep '\bactive\b'
- when: zaqar_enabled.rc == 0
- tags: step0,validation
- - name: Check for zaqar running under apache (post upgrade)
- tags: step1
- shell: "httpd -t -D DUMP_VHOSTS | grep -q zaqar_wsgi"
- register: zaqar_apache
- ignore_errors: true
- - name: Stop zaqar service (running under httpd)
- tags: step1
- service: name=httpd state=stopped
- when: zaqar_apache.rc == 0
- - name: Stop and disable zaqar service (pre-upgrade not under httpd)
- tags: step1
- when: zaqar_enabled.rc == 0
- service: name=openstack-zaqar state=stopped enabled=no
- - name: Install openstack-zaqar package if it was disabled
- tags: step3
- yum: name=openstack-zaqar state=latest
- when: zaqar_enabled.rc != 0
+ yaql:
+ expression: $.data.apache_upgrade + $.data.zaqar_upgrade
+ data:
+ apache_upgrade:
+ get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
+ zaqar_upgrade:
+ - name: Check if zaqar is deployed
+ command: systemctl is-enabled openstack-zaqar
+ tags: common
+ ignore_errors: True
+ register: zaqar_enabled
+ - name: "PreUpgrade step0,validation: Check if openstack-zaqar is running"
+ shell: >
+ /usr/bin/systemctl show 'openstack-zaqar' --property ActiveState |
+ grep '\bactive\b'
+ when: zaqar_enabled.rc == 0
+ tags: step0,validation
+ - name: Check for zaqar running under apache (post upgrade)
+ tags: step1
+ shell: "httpd -t -D DUMP_VHOSTS | grep -q zaqar_wsgi"
+ register: zaqar_apache
+ ignore_errors: true
+ - name: Stop zaqar service (running under httpd)
+ tags: step1
+ service: name=httpd state=stopped
+ when: zaqar_apache.rc == 0
+ - name: Stop and disable zaqar service (pre-upgrade not under httpd)
+ tags: step1
+ when: zaqar_enabled.rc == 0
+ service: name=openstack-zaqar state=stopped enabled=no
+ - name: Install openstack-zaqar package if it was disabled
+ tags: step3
+ yum: name=openstack-zaqar state=latest
+ when: zaqar_enabled.rc != 0
diff --git a/releasenotes/notes/change-rabbitmq-ha-mode-policy-default-6c6cd7f02181f0e0.yaml b/releasenotes/notes/change-rabbitmq-ha-mode-policy-default-6c6cd7f02181f0e0.yaml
new file mode 100644
index 00000000..d6f74eff
--- /dev/null
+++ b/releasenotes/notes/change-rabbitmq-ha-mode-policy-default-6c6cd7f02181f0e0.yaml
@@ -0,0 +1,11 @@
+---
+upgrade:
+ - |
+ We are not changing the rabbitmq ha-mode policy during upgrades any longer.
+ The policy chosen at deploy time will remain the same but can be changed
+ manually.
+fixes:
+ - |
+ Due to https://bugs.launchpad.net/tripleo/+bug/1686337 we switch the
+ default of rabbitmq back ha-mode "all". This is to make the installation
+ more robust in the face of network issues.
diff --git a/releasenotes/notes/disable_default_apache_vhost-f41d11fe07605f7f.yaml b/releasenotes/notes/disable_default_apache_vhost-f41d11fe07605f7f.yaml
new file mode 100644
index 00000000..279e25cc
--- /dev/null
+++ b/releasenotes/notes/disable_default_apache_vhost-f41d11fe07605f7f.yaml
@@ -0,0 +1,6 @@
+---
+upgrade:
+ - |
+ Disable default vhost for apache. It is required for a hybrid deployments
+ when WSGI based services running both at host and in containers, without
+ conflicting default ports.