summaryrefslogtreecommitdiffstats
path: root/docker/services/pacemaker
diff options
context:
space:
mode:
Diffstat (limited to 'docker/services/pacemaker')
-rw-r--r--docker/services/pacemaker/cinder-backup.yaml35
-rw-r--r--docker/services/pacemaker/cinder-volume.yaml35
-rw-r--r--docker/services/pacemaker/database/mysql.yaml77
-rw-r--r--docker/services/pacemaker/database/redis.yaml31
-rw-r--r--docker/services/pacemaker/haproxy.yaml90
-rw-r--r--docker/services/pacemaker/manila-share.yaml171
-rw-r--r--docker/services/pacemaker/rabbitmq.yaml49
7 files changed, 468 insertions, 20 deletions
diff --git a/docker/services/pacemaker/cinder-backup.yaml b/docker/services/pacemaker/cinder-backup.yaml
index c6a80efa..c2117c04 100644
--- a/docker/services/pacemaker/cinder-backup.yaml
+++ b/docker/services/pacemaker/cinder-backup.yaml
@@ -76,7 +76,13 @@ outputs:
config_settings:
map_merge:
- get_attr: [CinderBackupBase, role_data, config_settings]
- - tripleo::profile::pacemaker::cinder::backup_bundle::cinder_backup_docker_image: &cinder_backup_image {get_param: DockerCinderBackupImage}
+ - tripleo::profile::pacemaker::cinder::backup_bundle::cinder_backup_docker_image: &cinder_backup_image_pcmklatest
+ list_join:
+ - ':'
+ - - yaql:
+ data: {get_param: DockerCinderBackupImage}
+ expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0]
+ - 'pcmklatest'
cinder::backup::manage_service: false
cinder::backup::enabled: false
step_config: ""
@@ -102,10 +108,33 @@ outputs:
owner: cinder:cinder
recurse: true
docker_config:
+ step_1:
+ cinder_backup_image_tag:
+ start_order: 1
+ detach: false
+ net: host
+ user: root
+ command:
+ - '/bin/bash'
+ - '-c'
+ - str_replace:
+ template:
+ "/usr/bin/docker tag 'CINDERBACKUP_IMAGE' 'CINDERBACKUP_IMAGE_PCMKLATEST'"
+ params:
+ CINDERBACKUP_IMAGE: {get_param: DockerCinderBackupImage}
+ CINDERBACKUP_IMAGE_PCMKLATEST: *cinder_backup_image_pcmklatest
+ image: {get_param: DockerCinderBackupImage}
+ volumes:
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /dev/shm:/dev/shm:rw
+ - /etc/sysconfig/docker:/etc/sysconfig/docker:ro
+ - /usr/bin:/usr/bin:ro
+ - /var/run/docker.sock:/var/run/docker.sock:rw
step_3:
cinder_backup_init_logs:
start_order: 0
- image: *cinder_backup_image
+ image: {get_param: DockerCinderBackupImage}
privileged: false
user: root
volumes:
@@ -129,7 +158,7 @@ outputs:
params:
TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::constraint::location'
CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::cinder::backup_bundle'
- image: *cinder_backup_image
+ image: {get_param: DockerCinderBackupImage}
volumes:
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
diff --git a/docker/services/pacemaker/cinder-volume.yaml b/docker/services/pacemaker/cinder-volume.yaml
index 3c1b7a74..a4f69517 100644
--- a/docker/services/pacemaker/cinder-volume.yaml
+++ b/docker/services/pacemaker/cinder-volume.yaml
@@ -69,7 +69,13 @@ outputs:
config_settings:
map_merge:
- get_attr: [CinderBase, role_data, config_settings]
- - tripleo::profile::pacemaker::cinder::volume_bundle::cinder_volume_docker_image: &cinder_volume_image {get_param: DockerCinderVolumeImage}
+ - tripleo::profile::pacemaker::cinder::volume_bundle::cinder_volume_docker_image: &cinder_volume_image_pcmklatest
+ list_join:
+ - ':'
+ - - yaql:
+ data: {get_param: DockerCinderVolumeImage}
+ expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0]
+ - 'pcmklatest'
cinder::volume::manage_service: false
cinder::volume::enabled: false
cinder::host: hostgroup
@@ -93,10 +99,33 @@ outputs:
owner: cinder:cinder
recurse: true
docker_config:
+ step_1:
+ cinder_volume_image_tag:
+ start_order: 1
+ detach: false
+ net: host
+ user: root
+ command:
+ - '/bin/bash'
+ - '-c'
+ - str_replace:
+ template:
+ "/usr/bin/docker tag 'CINDERVOLUME_IMAGE' 'CINDERVOLUME_IMAGE_PCMKLATEST'"
+ params:
+ CINDERVOLUME_IMAGE: {get_param: DockerCinderVolumeImage}
+ CINDERVOLUME_IMAGE_PCMKLATEST: *cinder_volume_image_pcmklatest
+ image: {get_param: DockerCinderVolumeImage}
+ volumes:
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /dev/shm:/dev/shm:rw
+ - /etc/sysconfig/docker:/etc/sysconfig/docker:ro
+ - /usr/bin:/usr/bin:ro
+ - /var/run/docker.sock:/var/run/docker.sock:rw
step_3:
cinder_volume_init_logs:
start_order: 0
- image: *cinder_volume_image
+ image: {get_param: DockerCinderVolumeImage}
privileged: false
user: root
volumes:
@@ -120,7 +149,7 @@ outputs:
params:
TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::constraint::location'
CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::cinder::volume_bundle'
- image: *cinder_volume_image
+ image: {get_param: DockerCinderVolumeImage}
volumes:
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
diff --git a/docker/services/pacemaker/database/mysql.yaml b/docker/services/pacemaker/database/mysql.yaml
index 3fb38349..3de1696d 100644
--- a/docker/services/pacemaker/database/mysql.yaml
+++ b/docker/services/pacemaker/database/mysql.yaml
@@ -43,6 +43,14 @@ parameters:
default: {}
description: Parameters specific to the role
type: json
+ EnableInternalTLS:
+ type: boolean
+ default: false
+ InternalTLSCAFile:
+ default: '/etc/ipa/ca.crt'
+ type: string
+ description: Specifies the default CA cert to use if TLS is used for
+ services in the internal network.
resources:
@@ -59,6 +67,10 @@ resources:
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
+conditions:
+
+ internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
+
outputs:
role_data:
description: Containerized service MySQL using composable services.
@@ -67,7 +79,13 @@ outputs:
config_settings:
map_merge:
- {get_attr: [MysqlPuppetBase, role_data, config_settings]}
- - tripleo::profile::pacemaker::database::mysql_bundle::mysql_docker_image: &mysql_image {get_param: DockerMysqlImage}
+ - tripleo::profile::pacemaker::database::mysql_bundle::mysql_docker_image: &mysql_image_pcmklatest
+ list_join:
+ - ':'
+ - - yaql:
+ data: {get_param: DockerMysqlImage}
+ expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0]
+ - 'pcmklatest'
tripleo::profile::pacemaker::database::mysql_bundle::control_port: 3123
tripleo.mysql.firewall_rules:
'104 mysql galera-bundle':
@@ -79,6 +97,13 @@ outputs:
- 4567
- 4568
- 9200
+ -
+ if:
+ - internal_tls_enabled
+ -
+ tripleo::profile::pacemaker::database::mysql_bundle::ca_file:
+ get_param: InternalTLSCAFile
+ - {}
step_config: ""
# BEGIN DOCKER SETTINGS #
puppet_config:
@@ -103,12 +128,26 @@ outputs:
dest: "/"
merge: true
preserve_properties: true
+ - source: "/var/lib/kolla/config_files/src-tls/*"
+ dest: "/"
+ merge: true
+ optional: true
+ preserve_properties: true
+ permissions:
+ - path: /etc/pki/tls/certs/mysql.crt
+ owner: mysql:mysql
+ perm: '0600'
+ optional: true
+ - path: /etc/pki/tls/private/mysql.key
+ owner: mysql:mysql
+ perm: '0600'
+ optional: true
docker_config:
step_1:
mysql_data_ownership:
start_order: 0
detach: false
- image: *mysql_image
+ image: {get_param: DockerMysqlImage}
net: host
user: root
# Kolla does only non-recursive chown
@@ -118,7 +157,7 @@ outputs:
mysql_bootstrap:
start_order: 1
detach: false
- image: *mysql_image
+ image: {get_param: DockerMysqlImage}
net: host
# Kolla bootstraps aren't idempotent, explicitly checking if bootstrap was done
command:
@@ -163,6 +202,28 @@ outputs:
passwords:
- {get_param: MysqlRootPassword}
- {get_param: [DefaultPasswords, mysql_root_password]}
+ mysql_image_tag:
+ start_order: 2
+ detach: false
+ net: host
+ user: root
+ command:
+ - '/bin/bash'
+ - '-c'
+ - str_replace:
+ template:
+ "/usr/bin/docker tag 'MYSQL_IMAGE' 'MYSQL_IMAGE_PCMKLATEST'"
+ params:
+ MYSQL_IMAGE: {get_param: DockerMysqlImage}
+ MYSQL_IMAGE_PCMKLATEST: *mysql_image_pcmklatest
+ image: {get_param: DockerMysqlImage}
+ volumes:
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /dev/shm:/dev/shm:rw
+ - /etc/sysconfig/docker:/etc/sysconfig/docker:ro
+ - /usr/bin:/usr/bin:ro
+ - /var/run/docker.sock:/var/run/docker.sock:rw
step_2:
mysql_init_bundle:
start_order: 1
@@ -181,7 +242,7 @@ outputs:
params:
TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation,galera_ready,mysql_database,mysql_grant,mysql_user'
CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::database::mysql_bundle'
- image: *mysql_image
+ image: {get_param: DockerMysqlImage}
volumes:
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
@@ -195,6 +256,8 @@ outputs:
file:
path: /var/lib/mysql
state: directory
+ metadata_settings:
+ get_attr: [MysqlPuppetBase, role_data, metadata_settings]
upgrade_tasks:
- name: get bootstrap nodeid
tags: common
@@ -220,3 +283,9 @@ outputs:
- name: Disable mysql service
tags: step2
service: name=mariadb enabled=no
+ - name: Remove clustercheck service from xinetd
+ tags: step2
+ file: state=absent path=/etc/xinetd.d/galera-monitor
+ - name: Restart xinetd service after clustercheck removal
+ tags: step2
+ service: name=xinetd state=restarted
diff --git a/docker/services/pacemaker/database/redis.yaml b/docker/services/pacemaker/database/redis.yaml
index 75b6d650..0b8aa046 100644
--- a/docker/services/pacemaker/database/redis.yaml
+++ b/docker/services/pacemaker/database/redis.yaml
@@ -60,7 +60,13 @@ outputs:
- redis::service_manage: false
redis::notify_service: false
redis::managed_by_cluster_manager: true
- tripleo::profile::pacemaker::database::redis_bundle::redis_docker_image: &redis_image {get_param: DockerRedisImage}
+ tripleo::profile::pacemaker::database::redis_bundle::redis_docker_image: &redis_image_pcmklatest
+ list_join:
+ - ':'
+ - - yaql:
+ data: {get_param: DockerRedisImage}
+ expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0]
+ - 'pcmklatest'
tripleo::profile::pacemaker::database::redis_bundle::control_port: 3124
tripleo.redis.firewall_rules:
'108 redis-bundle':
@@ -104,6 +110,29 @@ outputs:
owner: redis:redis
recurse: true
docker_config:
+ step_1:
+ redis_image_tag:
+ start_order: 1
+ detach: false
+ net: host
+ user: root
+ command:
+ - '/bin/bash'
+ - '-c'
+ - str_replace:
+ template:
+ "/usr/bin/docker tag 'REDIS_IMAGE' 'REDIS_IMAGE_PCMKLATEST'"
+ params:
+ REDIS_IMAGE: {get_param: DockerRedisImage}
+ REDIS_IMAGE_PCMKLATEST: *redis_image_pcmklatest
+ image: {get_param: DockerRedisImage}
+ volumes:
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /dev/shm:/dev/shm:rw
+ - /etc/sysconfig/docker:/etc/sysconfig/docker:ro
+ - /usr/bin:/usr/bin:ro
+ - /var/run/docker.sock:/var/run/docker.sock:rw
step_2:
redis_init_bundle:
start_order: 2
diff --git a/docker/services/pacemaker/haproxy.yaml b/docker/services/pacemaker/haproxy.yaml
index 24155912..2e5c7424 100644
--- a/docker/services/pacemaker/haproxy.yaml
+++ b/docker/services/pacemaker/haproxy.yaml
@@ -41,6 +41,22 @@ parameters:
default: {}
description: Parameters specific to the role
type: json
+ InternalTLSCAFile:
+ default: '/etc/ipa/ca.crt'
+ type: string
+ description: Specifies the default CA cert to use if TLS is used for
+ services in the internal network.
+ InternalTLSCRLPEMFile:
+ default: '/etc/pki/CA/crl/overcloud-crl.pem'
+ type: string
+ description: Specifies the default CRL PEM file to use for revocation if
+ TLS is used for services in the internal network.
+ HAProxyInternalTLSCertsDirectory:
+ default: '/etc/pki/tls/certs/haproxy'
+ type: string
+ HAProxyInternalTLSKeysDirectory:
+ default: '/etc/pki/tls/private/haproxy'
+ type: string
resources:
@@ -65,6 +81,24 @@ outputs:
- tripleo::haproxy::haproxy_daemon: false
haproxy_docker: true
tripleo::profile::pacemaker::haproxy_bundle::haproxy_docker_image: &haproxy_image {get_param: DockerHAProxyImage}
+ # the list of directories that contain the certs to bind mount in the countainer
+ # bind-mounting the directories rather than all the cert, key and pem files ensures
+ # that docker won't create directories on the host when then pem files do not exist
+ tripleo::profile::pacemaker::haproxy_bundle::tls_mapping: &tls_mapping
+ - get_param: InternalTLSCAFile
+ - get_param: HAProxyInternalTLSKeysDirectory
+ - get_param: HAProxyInternalTLSCertsDirectory
+ tripleo::profile::pacemaker::haproxy_bundle::internal_certs_directory: {get_param: HAProxyInternalTLSCertsDirectory}
+ tripleo::profile::pacemaker::haproxy_bundle::internal_keys_directory: {get_param: HAProxyInternalTLSKeysDirectory}
+ # disable the use CRL file until we can restart the container when the file expires
+ tripleo::haproxy::crl_file: null
+ tripleo::profile::pacemaker::haproxy_bundle::haproxy_docker_image: &haproxy_image_pcmklatest
+ list_join:
+ - ':'
+ - - yaql:
+ data: {get_param: DockerHAProxyImage}
+ expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0]
+ - 'pcmklatest'
step_config: ""
service_config_settings: {get_attr: [HAProxyBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
@@ -80,11 +114,9 @@ outputs:
- 'include ::tripleo::profile::pacemaker::haproxy_bundle'
config_image: {get_param: DockerHAProxyConfigImage}
volumes: &deployed_cert_mount
- - list_join:
- - ':'
- - - {get_param: DeployedSSLCertificatePath}
- - {get_param: DeployedSSLCertificatePath}
- - 'ro'
+ yaql:
+ expression: $.data.select($+":"+$+":ro")
+ data: *tls_mapping
kolla_config:
/var/lib/kolla/config_files/haproxy.json:
command: haproxy -f /etc/haproxy/haproxy.cfg
@@ -94,7 +126,53 @@ outputs:
merge: true
preserve_properties: true
optional: true
+ - source: "/var/lib/kolla/config_files/src-tls/*"
+ dest: "/"
+ merge: true
+ optional: true
+ preserve_properties: true
+ permissions:
+ - path:
+ list_join:
+ - ''
+ - - {get_param: HAProxyInternalTLSCertsDirectory}
+ - '/*'
+ owner: haproxy:haproxy
+ perm: '0600'
+ optional: true
+ - path:
+ list_join:
+ - ''
+ - - {get_param: HAProxyInternalTLSKeysDirectory}
+ - '/*'
+ owner: haproxy:haproxy
+ perm: '0600'
+ optional: true
docker_config:
+ step_1:
+ haproxy_image_tag:
+ start_order: 1
+ detach: false
+ net: host
+ user: root
+ command:
+ - '/bin/bash'
+ - '-c'
+ - str_replace:
+ template:
+ "/usr/bin/docker tag 'HAPROXY_IMAGE' 'HAPROXY_IMAGE_PCMKLATEST'"
+ params:
+ HAPROXY_IMAGE: {get_param: DockerHAProxyImage}
+ HAPROXY_IMAGE_PCMKLATEST: *haproxy_image_pcmklatest
+ image: {get_param: DockerHAProxyImage}
+ volumes:
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /dev/shm:/dev/shm:rw
+ - /etc/sysconfig/docker:/etc/sysconfig/docker:ro
+ - /usr/bin:/usr/bin:ro
+ - /var/run/docker.sock:/var/run/docker.sock:rw
+ image: {get_param: DockerHAProxyImage}
step_2:
haproxy_init_bundle:
start_order: 3
@@ -118,7 +196,7 @@ outputs:
- ';'
- - 'include ::tripleo::profile::base::pacemaker'
- 'include ::tripleo::profile::pacemaker::haproxy_bundle'
- image: *haproxy_image
+ image: {get_param: DockerHAProxyImage}
volumes:
list_concat:
- *deployed_cert_mount
diff --git a/docker/services/pacemaker/manila-share.yaml b/docker/services/pacemaker/manila-share.yaml
new file mode 100644
index 00000000..c88737aa
--- /dev/null
+++ b/docker/services/pacemaker/manila-share.yaml
@@ -0,0 +1,171 @@
+heat_template_version: pike
+
+description: >
+ OpenStack containerized Manila Share service
+
+parameters:
+ DockerManilaShareImage:
+ description: image
+ type: string
+ DockerManilaConfigImage:
+ description: image
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+resources:
+
+ MySQLClient:
+ type: ../../../puppet/services/database/mysql-client.yaml
+
+ ManilaBase:
+ type: ../../../puppet/services/pacemaker/manila-share.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Manila Share role.
+ value:
+ service_name: {get_attr: [ManilaBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [ManilaBase, role_data, config_settings]
+ - tripleo::profile::pacemaker::manila::share_bundle::manila_share_docker_image: &manila_share_image_pcmklatest
+ list_join:
+ - ':'
+ - - yaql:
+ data: {get_param: DockerManilaShareImage}
+ expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0]
+ - 'pcmklatest'
+ manila::share::manage_service: false
+ manila::share::enabled: false
+ manila::host: hostgroup
+ step_config: ""
+ service_config_settings: {get_attr: [ManilaBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ config_volume: manila
+ puppet_tags: manila_config,file,concat,file_line
+ step_config:
+ list_join:
+ - "\n"
+ - - {get_attr: [ManilaBase, role_data, step_config]}
+ - - {get_attr: [MySQLClient, role_data, step_config]}
+ config_image: {get_param: DockerManilaConfigImage}
+ kolla_config:
+ /var/lib/kolla/config_files/manila_share.json:
+ command: /usr/bin/manila-share --config-file /usr/share/manila/manila-dist.conf --config-file /etc/manila/manila.conf
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
+ # NOTE(gfidente): ceph ansible generated
+ - source: "/var/lib/kolla/config_files/src-ceph/"
+ dest: "/etc/ceph"
+ merge: true
+ preserve_properties: true
+ permissions:
+ - path: /var/log/manila
+ owner: manila:manila
+ recurse: true
+ docker_config:
+ step_1:
+ manila_share_image_tag:
+ start_order: 1
+ detach: false
+ net: host
+ user: root
+ command:
+ - '/bin/bash'
+ - '-c'
+ - str_replace:
+ template:
+ "/usr/bin/docker tag 'MANILASHARE_IMAGE' 'MANILASHARE_IMAGE_PCMKLATEST'"
+ params:
+ MANILASHARE_IMAGE: {get_param: DockerManilaShareImage}
+ MANILASHARE_IMAGE_PCMKLATEST: *manila_share_image_pcmklatest
+ image: {get_param: DockerManilaShareImage}
+ volumes:
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /dev/shm:/dev/shm:rw
+ - /etc/sysconfig/docker:/etc/sysconfig/docker:ro
+ - /usr/bin:/usr/bin:ro
+ - /var/run/docker.sock:/var/run/docker.sock:rw
+ step_3:
+ manila_share_init_logs:
+ start_order: 0
+ image: {get_param: DockerManilaShareImage}
+ privileged: false
+ user: root
+ volumes:
+ - /var/log/containers/manila:/var/log/manila
+ command: ['/bin/bash', '-c', 'chown -R manila:manila /var/log/manila']
+ step_5:
+ manila_share_init_bundle:
+ start_order: 0
+ detach: false
+ net: host
+ user: root
+ command:
+ - '/bin/bash'
+ - '-c'
+ - str_replace:
+ template:
+ list_join:
+ - '; '
+ - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 5}' > /etc/puppet/hieradata/docker.json"
+ - "FACTER_uuid=docker puppet apply --tags file_line,concat,augeas,TAGS --debug -v -e 'CONFIG'"
+ params:
+ TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::constraint::location'
+ CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::manila::share_bundle'
+ image: {get_param: DockerManilaShareImage}
+ volumes:
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /etc/puppet:/tmp/puppet-etc:ro
+ - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
+ - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro
+ - /dev/shm:/dev/shm:rw
+ host_prep_tasks:
+ - name: create persistent directories
+ file:
+ path: "{{ item }}"
+ state: directory
+ with_items:
+ - /var/log/containers/manila
+ - /var/lib/manila
+ upgrade_tasks:
+ - name: Stop and disable manila_share service
+ tags: step2
+ service: name=openstack-manila-share state=stopped enabled=no
diff --git a/docker/services/pacemaker/rabbitmq.yaml b/docker/services/pacemaker/rabbitmq.yaml
index de53ceee..ba1abaf9 100644
--- a/docker/services/pacemaker/rabbitmq.yaml
+++ b/docker/services/pacemaker/rabbitmq.yaml
@@ -62,7 +62,13 @@ outputs:
map_merge:
- {get_attr: [RabbitmqBase, role_data, config_settings]}
- rabbitmq::service_manage: false
- tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image: &rabbitmq_image {get_param: DockerRabbitmqImage}
+ tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image: &rabbitmq_image_pcmklatest
+ list_join:
+ - ':'
+ - - yaql:
+ data: {get_param: DockerRabbitmqImage}
+ expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0]
+ - 'pcmklatest'
tripleo::profile::pacemaker::rabbitmq_bundle::control_port: 3122
tripleo.rabbitmq.firewall_rules:
'109 rabbitmq-bundle':
@@ -92,6 +98,11 @@ outputs:
dest: "/"
merge: true
preserve_properties: true
+ - source: "/var/lib/kolla/config_files/src-tls/*"
+ dest: "/"
+ merge: true
+ optional: true
+ preserve_properties: true
permissions:
- path: /var/lib/rabbitmq
owner: rabbitmq:rabbitmq
@@ -99,13 +110,21 @@ outputs:
- path: /var/log/rabbitmq
owner: rabbitmq:rabbitmq
recurse: true
+ - path: /etc/pki/tls/certs/rabbitmq.crt
+ owner: rabbitmq:rabbitmq
+ perm: '0600'
+ optional: true
+ - path: /etc/pki/tls/private/rabbitmq.key
+ owner: rabbitmq:rabbitmq
+ perm: '0600'
+ optional: true
# When using pacemaker we don't launch the container, instead that is done by pacemaker
# itself.
docker_config:
step_1:
rabbitmq_bootstrap:
start_order: 0
- image: *rabbitmq_image
+ image: {get_param: DockerRabbitmqImage}
net: host
privileged: false
volumes:
@@ -128,6 +147,28 @@ outputs:
passwords:
- {get_param: RabbitCookie}
- {get_param: [DefaultPasswords, rabbit_cookie]}
+ rabbitmq_image_tag:
+ start_order: 1
+ detach: false
+ net: host
+ user: root
+ command:
+ - '/bin/bash'
+ - '-c'
+ - str_replace:
+ template:
+ "/usr/bin/docker tag 'RABBITMQ_IMAGE' 'RABBITMQ_IMAGE_PCMKLATEST'"
+ params:
+ RABBITMQ_IMAGE: {get_param: DockerRabbitmqImage}
+ RABBITMQ_IMAGE_PCMKLATEST: *rabbitmq_image_pcmklatest
+ image: {get_param: DockerRabbitmqImage}
+ volumes:
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /dev/shm:/dev/shm:rw
+ - /etc/sysconfig/docker:/etc/sysconfig/docker:ro
+ - /usr/bin:/usr/bin:ro
+ - /var/run/docker.sock:/var/run/docker.sock:rw
step_2:
rabbitmq_init_bundle:
start_order: 0
@@ -146,7 +187,7 @@ outputs:
params:
TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation'
CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::rabbitmq_bundle'
- image: *rabbitmq_image
+ image: {get_param: DockerRabbitmqImage}
volumes:
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
@@ -164,6 +205,8 @@ outputs:
echo 'export ERL_EPMD_ADDRESS=127.0.0.1' > /etc/rabbitmq/rabbitmq-env.conf
echo 'export ERL_EPMD_PORT=4370' >> /etc/rabbitmq/rabbitmq-env.conf
for pid in $(pgrep epmd); do if [ "$(lsns -o NS -p $pid)" == "$(lsns -o NS -p 1)" ]; then kill $pid; break; fi; done
+ metadata_settings:
+ get_attr: [RabbitmqBase, role_data, metadata_settings]
upgrade_tasks:
- name: get bootstrap nodeid
tags: common