summaryrefslogtreecommitdiffstats
path: root/docker/services
diff options
context:
space:
mode:
Diffstat (limited to 'docker/services')
-rw-r--r--docker/services/cinder-api.yaml1
-rw-r--r--docker/services/glance-api.yaml16
-rw-r--r--docker/services/heat-api.yaml1
-rw-r--r--docker/services/horizon.yaml6
-rw-r--r--docker/services/keystone.yaml1
-rw-r--r--docker/services/nova-api.yaml1
-rw-r--r--docker/services/pacemaker/clustercheck.yaml5
7 files changed, 29 insertions, 2 deletions
diff --git a/docker/services/cinder-api.yaml b/docker/services/cinder-api.yaml
index 25390c63..336b4540 100644
--- a/docker/services/cinder-api.yaml
+++ b/docker/services/cinder-api.yaml
@@ -200,6 +200,7 @@ outputs:
tags: step2
service: name=httpd state=stopped enabled=no
- name: remove old cinder cron jobs
+ tags: step2
file:
path: /var/spool/cron/cinder
state: absent
diff --git a/docker/services/glance-api.yaml b/docker/services/glance-api.yaml
index 1a6f5c77..b4336bea 100644
--- a/docker/services/glance-api.yaml
+++ b/docker/services/glance-api.yaml
@@ -39,6 +39,13 @@ parameters:
EnableInternalTLS:
type: boolean
default: false
+ GlanceBackend:
+ default: swift
+ description: The short name of the Glance backend to use. Should be one
+ of swift, rbd, cinder, or file
+ type: string
+ constraints:
+ - allowed_values: ['swift', 'file', 'rbd', 'cinder']
GlanceNfsEnabled:
default: false
description: >
@@ -63,6 +70,7 @@ conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
nfs_backend_enabled: {equals: [{get_param: GlanceNfsEnabled}, true]}
+ cinder_backend_enabled: {equals: [{get_param: GlanceBackend}, cinder]}
resources:
@@ -161,6 +169,12 @@ outputs:
- nfs_backend_enabled
- /var/lib/glance:/var/lib/glance
- ''
+ -
+ if:
+ - cinder_backend_enabled
+ - - /dev:/dev
+ - /etc/iscsi:/etc/iscsi
+ - []
environment:
- KOLLA_BOOTSTRAP=True
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
@@ -171,7 +185,7 @@ outputs:
start_order: 2
image: *glance_api_image
net: host
- privileged: false
+ privileged: {if: [cinder_backend_enabled, true, false]}
restart: always
volumes: *glance_volumes
environment:
diff --git a/docker/services/heat-api.yaml b/docker/services/heat-api.yaml
index 75d0b8c1..dcba519f 100644
--- a/docker/services/heat-api.yaml
+++ b/docker/services/heat-api.yaml
@@ -166,6 +166,7 @@ outputs:
ignore_errors: True
register: heat_api_enabled
- name: remove old heat cron jobs
+ tags: step2
file:
path: /var/spool/cron/heat
state: absent
diff --git a/docker/services/horizon.yaml b/docker/services/horizon.yaml
index 2c7d7a74..94fd9eef 100644
--- a/docker/services/horizon.yaml
+++ b/docker/services/horizon.yaml
@@ -95,6 +95,12 @@ outputs:
- path: /var/log/horizon/
owner: apache:apache
recurse: true
+ # NOTE The upstream Kolla Dockerfile sets /etc/openstack-dashboard/ ownership to
+ # horizon:horizon - the policy.json files need read permissions for the apache user
+ # FIXME We should consider whether this should be fixed in the Kolla Dockerfile instead
+ - path: /etc/openstack-dashboard/
+ owner: apache:apache
+ recurse: true
# FIXME Apache tries to write a .lock file there
- path: /usr/share/openstack-dashboard/openstack_dashboard/local/
owner: apache:apache
diff --git a/docker/services/keystone.yaml b/docker/services/keystone.yaml
index 26cef614..a8ba5bf1 100644
--- a/docker/services/keystone.yaml
+++ b/docker/services/keystone.yaml
@@ -211,6 +211,7 @@ outputs:
tags: step2
service: name=httpd state=stopped enabled=no
- name: remove old keystone cron jobs
+ tags: step2
file:
path: /var/spool/cron/keystone
state: absent
diff --git a/docker/services/nova-api.yaml b/docker/services/nova-api.yaml
index f262bcb1..7f1b7a54 100644
--- a/docker/services/nova-api.yaml
+++ b/docker/services/nova-api.yaml
@@ -246,6 +246,7 @@ outputs:
ignore_errors: True
when: {get_param: UpgradeRemoveUnusedPackages}
- name: remove old nova cron jobs
+ tags: step2
file:
path: /var/spool/cron/nova
state: absent
diff --git a/docker/services/pacemaker/clustercheck.yaml b/docker/services/pacemaker/clustercheck.yaml
index b5d128d4..6db8a212 100644
--- a/docker/services/pacemaker/clustercheck.yaml
+++ b/docker/services/pacemaker/clustercheck.yaml
@@ -44,8 +44,11 @@ resources:
ContainersCommon:
type: ../containers-common.yaml
+# We import from the corresponding docker service because otherwise we risk
+# rewriting the tripleo.mysql.firewall_rules key with the baremetal firewall
+# rules (see LP#1728918)
MysqlPuppetBase:
- type: ../../../puppet/services/pacemaker/database/mysql.yaml
+ type: ../../../docker/services/pacemaker/database/mysql.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}