diff options
Diffstat (limited to 'docker/services')
-rw-r--r-- | docker/services/cinder-api.yaml | 1 | ||||
-rw-r--r-- | docker/services/glance-api.yaml | 16 | ||||
-rw-r--r-- | docker/services/heat-api.yaml | 1 | ||||
-rw-r--r-- | docker/services/horizon.yaml | 6 | ||||
-rw-r--r-- | docker/services/keystone.yaml | 1 | ||||
-rw-r--r-- | docker/services/nova-api.yaml | 1 | ||||
-rw-r--r-- | docker/services/pacemaker/clustercheck.yaml | 5 |
7 files changed, 29 insertions, 2 deletions
diff --git a/docker/services/cinder-api.yaml b/docker/services/cinder-api.yaml index 25390c63..336b4540 100644 --- a/docker/services/cinder-api.yaml +++ b/docker/services/cinder-api.yaml @@ -200,6 +200,7 @@ outputs: tags: step2 service: name=httpd state=stopped enabled=no - name: remove old cinder cron jobs + tags: step2 file: path: /var/spool/cron/cinder state: absent diff --git a/docker/services/glance-api.yaml b/docker/services/glance-api.yaml index 1a6f5c77..b4336bea 100644 --- a/docker/services/glance-api.yaml +++ b/docker/services/glance-api.yaml @@ -39,6 +39,13 @@ parameters: EnableInternalTLS: type: boolean default: false + GlanceBackend: + default: swift + description: The short name of the Glance backend to use. Should be one + of swift, rbd, cinder, or file + type: string + constraints: + - allowed_values: ['swift', 'file', 'rbd', 'cinder'] GlanceNfsEnabled: default: false description: > @@ -63,6 +70,7 @@ conditions: internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} nfs_backend_enabled: {equals: [{get_param: GlanceNfsEnabled}, true]} + cinder_backend_enabled: {equals: [{get_param: GlanceBackend}, cinder]} resources: @@ -161,6 +169,12 @@ outputs: - nfs_backend_enabled - /var/lib/glance:/var/lib/glance - '' + - + if: + - cinder_backend_enabled + - - /dev:/dev + - /etc/iscsi:/etc/iscsi + - [] environment: - KOLLA_BOOTSTRAP=True - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS @@ -171,7 +185,7 @@ outputs: start_order: 2 image: *glance_api_image net: host - privileged: false + privileged: {if: [cinder_backend_enabled, true, false]} restart: always volumes: *glance_volumes environment: diff --git a/docker/services/heat-api.yaml b/docker/services/heat-api.yaml index 75d0b8c1..dcba519f 100644 --- a/docker/services/heat-api.yaml +++ b/docker/services/heat-api.yaml @@ -166,6 +166,7 @@ outputs: ignore_errors: True register: heat_api_enabled - name: remove old heat cron jobs + tags: step2 file: path: /var/spool/cron/heat state: absent diff --git a/docker/services/horizon.yaml b/docker/services/horizon.yaml index 2c7d7a74..94fd9eef 100644 --- a/docker/services/horizon.yaml +++ b/docker/services/horizon.yaml @@ -95,6 +95,12 @@ outputs: - path: /var/log/horizon/ owner: apache:apache recurse: true + # NOTE The upstream Kolla Dockerfile sets /etc/openstack-dashboard/ ownership to + # horizon:horizon - the policy.json files need read permissions for the apache user + # FIXME We should consider whether this should be fixed in the Kolla Dockerfile instead + - path: /etc/openstack-dashboard/ + owner: apache:apache + recurse: true # FIXME Apache tries to write a .lock file there - path: /usr/share/openstack-dashboard/openstack_dashboard/local/ owner: apache:apache diff --git a/docker/services/keystone.yaml b/docker/services/keystone.yaml index 26cef614..a8ba5bf1 100644 --- a/docker/services/keystone.yaml +++ b/docker/services/keystone.yaml @@ -211,6 +211,7 @@ outputs: tags: step2 service: name=httpd state=stopped enabled=no - name: remove old keystone cron jobs + tags: step2 file: path: /var/spool/cron/keystone state: absent diff --git a/docker/services/nova-api.yaml b/docker/services/nova-api.yaml index f262bcb1..7f1b7a54 100644 --- a/docker/services/nova-api.yaml +++ b/docker/services/nova-api.yaml @@ -246,6 +246,7 @@ outputs: ignore_errors: True when: {get_param: UpgradeRemoveUnusedPackages} - name: remove old nova cron jobs + tags: step2 file: path: /var/spool/cron/nova state: absent diff --git a/docker/services/pacemaker/clustercheck.yaml b/docker/services/pacemaker/clustercheck.yaml index b5d128d4..6db8a212 100644 --- a/docker/services/pacemaker/clustercheck.yaml +++ b/docker/services/pacemaker/clustercheck.yaml @@ -44,8 +44,11 @@ resources: ContainersCommon: type: ../containers-common.yaml +# We import from the corresponding docker service because otherwise we risk +# rewriting the tripleo.mysql.firewall_rules key with the baremetal firewall +# rules (see LP#1728918) MysqlPuppetBase: - type: ../../../puppet/services/pacemaker/database/mysql.yaml + type: ../../../docker/services/pacemaker/database/mysql.yaml properties: EndpointMap: {get_param: EndpointMap} ServiceData: {get_param: ServiceData} |