summaryrefslogtreecommitdiffstats
path: root/docker
diff options
context:
space:
mode:
Diffstat (limited to 'docker')
-rw-r--r--docker/services/ceilometer-agent-compute.yaml17
-rw-r--r--docker/services/ceph-ansible/ceph-base.yaml28
-rw-r--r--docker/services/gnocchi-statsd.yaml9
-rw-r--r--docker/services/horizon.yaml17
-rw-r--r--docker/services/logrotate-crond.yaml84
-rw-r--r--docker/services/nova-libvirt.yaml2
-rw-r--r--docker/services/pacemaker/cinder-backup.yaml35
-rw-r--r--docker/services/pacemaker/cinder-volume.yaml35
-rw-r--r--docker/services/pacemaker/database/mysql.yaml36
-rw-r--r--docker/services/pacemaker/database/redis.yaml31
-rw-r--r--docker/services/pacemaker/haproxy.yaml33
-rw-r--r--docker/services/pacemaker/manila-share.yaml35
-rw-r--r--docker/services/pacemaker/rabbitmq.yaml34
-rw-r--r--docker/services/rabbitmq.yaml51
-rw-r--r--docker/services/zaqar.yaml2
15 files changed, 426 insertions, 23 deletions
diff --git a/docker/services/ceilometer-agent-compute.yaml b/docker/services/ceilometer-agent-compute.yaml
index 09677c64..535b1693 100644
--- a/docker/services/ceilometer-agent-compute.yaml
+++ b/docker/services/ceilometer-agent-compute.yaml
@@ -92,6 +92,21 @@ outputs:
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
upgrade_tasks:
- - name: Stop and disable ceilometer-agent-compute service
+ - name: Check if openstack-ceilometer-compute is deployed
+ command: systemctl is-enabled openstack-ceilometer-compute
+ tags: step2
+ ignore_errors: True
+ register: openstack_ceilometer_compute_enabled
+ - name: Check if openstack-ceilometer-polling is deployed
+ command: systemctl is-enabled openstack-ceilometer-polling
+ tags: step2
+ ignore_errors: True
+ register: openstack_ceilometer_polling_enabled
+ - name: Stop and disable ceilometer compute agent
tags: step2
service: name=openstack-ceilometer-compute state=stopped enabled=no
+ when: openstack_ceilometer_compute_enabled.rc == 0
+ - name: Stop and disable ceilometer polling agent
+ tags: step2
+ service: name=openstack-ceilometer-polling state=stopped enabled=no
+ when: openstack_ceilometer_polling_enabled.rc == 0
diff --git a/docker/services/ceph-ansible/ceph-base.yaml b/docker/services/ceph-ansible/ceph-base.yaml
index d0bc2669..d78ff7fd 100644
--- a/docker/services/ceph-ansible/ceph-base.yaml
+++ b/docker/services/ceph-ansible/ceph-base.yaml
@@ -30,6 +30,14 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ StackUpdateType:
+ type: string
+ description: >
+ Type of update, to differentiate between UPGRADE and UPDATE cases
+ when StackAction is UPDATE (both are the same stack action).
+ constraints:
+ - allowed_values: ['', 'UPGRADE']
+ default: ''
CephAnsibleWorkflowName:
type: string
description: Name of the Mistral workflow to execute
@@ -38,10 +46,18 @@ parameters:
type: string
description: Path to the ceph-ansible playbook to execute
default: /usr/share/ceph-ansible/site-docker.yml.sample
+ CephAnsibleUpgradePlaybook:
+ type: string
+ description: Path to the ceph-ansible playbook to execute on upgrade
+ default: /usr/share/ceph-ansible/infrastructure-playbooks/take-over-existing-cluster.yml
CephAnsibleExtraConfig:
type: json
description: Extra vars for the ceph-ansible playbook
default: {}
+ CephAnsibleSkipTags:
+ type: string
+ description: List of ceph-ansible tags to skip
+ default: 'package-install,with_pkg'
CephClusterFSID:
type: string
description: The Ceph cluster FSID. Must be a UUID.
@@ -78,7 +94,7 @@ parameters:
default: vms
type: string
CephClientKey:
- description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring.
+ description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
type: string
hidden: true
CephClientUserName:
@@ -109,6 +125,8 @@ conditions:
yaql:
data: {get_param: DockerCephDaemonImage}
expression: $.data.split('/')[0].matches('(\.|:)')
+ perform_upgrade:
+ equals: [{get_param: StackUpdateType}, 'UPGRADE']
resources:
DockerImageUrlParts:
@@ -154,10 +172,16 @@ outputs:
- name: ceph_base_ansible_workflow
workflow: { get_param: CephAnsibleWorkflowName }
input:
+ ansible_skip_tags: {get_param: CephAnsibleSkipTags}
ceph_ansible_extra_vars: {get_param: CephAnsibleExtraConfig}
- ceph_ansible_playbook: {get_param: CephAnsiblePlaybook}
+ ceph_ansible_playbook:
+ if:
+ - perform_upgrade
+ - {get_param: CephAnsibleUpgradePlaybook}
+ - {get_param: CephAnsiblePlaybook}
config_settings:
ceph_common_ansible_vars:
+ ireallymeanit: 'yes'
fsid: { get_param: CephClusterFSID }
docker: true
ceph_docker_registry: {get_attr: [DockerImageUrlParts, value, host]}
diff --git a/docker/services/gnocchi-statsd.yaml b/docker/services/gnocchi-statsd.yaml
index 19e658cd..2957312b 100644
--- a/docker/services/gnocchi-statsd.yaml
+++ b/docker/services/gnocchi-statsd.yaml
@@ -81,6 +81,10 @@ outputs:
dest: "/"
merge: true
preserve_properties: true
+ - source: "/var/lib/kolla/config_files/src-ceph/"
+ dest: "/etc/ceph/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/gnocchi
owner: gnocchi:gnocchi
@@ -99,6 +103,7 @@ outputs:
- /var/lib/kolla/config_files/gnocchi_statsd.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/gnocchi/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/gnocchi:/var/log/gnocchi
+ - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
@@ -106,6 +111,10 @@ outputs:
file:
path: /var/log/containers/gnocchi
state: directory
+ - name: ensure ceph configurations exist
+ file:
+ path: /etc/ceph
+ state: directory
upgrade_tasks:
- name: Stop and disable openstack-gnocchi-statsd service
tags: step2
diff --git a/docker/services/horizon.yaml b/docker/services/horizon.yaml
index 3d3bc7c3..f2f2b8dc 100644
--- a/docker/services/horizon.yaml
+++ b/docker/services/horizon.yaml
@@ -36,6 +36,13 @@ parameters:
default: {}
description: Parameters specific to the role
type: json
+ EnableInternalTLS:
+ type: boolean
+ default: false
+
+conditions:
+
+ internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
@@ -117,6 +124,16 @@ outputs:
- /var/lib/kolla/config_files/horizon.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/horizon/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/horizon:/var/log/horizon
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
+ - ''
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
+ - ''
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
diff --git a/docker/services/logrotate-crond.yaml b/docker/services/logrotate-crond.yaml
new file mode 100644
index 00000000..22ee5b56
--- /dev/null
+++ b/docker/services/logrotate-crond.yaml
@@ -0,0 +1,84 @@
+heat_template_version: pike
+
+description: >
+ Containerized logrotate with crond for containerized service logs rotation
+
+parameters:
+ DockerCrondImage:
+ description: image
+ type: string
+ DockerCrondConfigImage:
+ description: The container image to use for the crond config_volume
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+outputs:
+ role_data:
+ description: Role data for the crond role.
+ value:
+ service_name: logrotate_crond
+ config_settings: {}
+ step_config: &step_config |
+ include ::tripleo::profile::base::logging::logrotate
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ config_volume: crond
+ step_config: *step_config
+ config_image: {get_param: DockerCrondConfigImage}
+ kolla_config:
+ /var/lib/kolla/config_files/logrotate-crond.json:
+ command: /usr/sbin/crond -s -n
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
+ docker_config:
+ step_4:
+ logrotate_crond:
+ image: {get_param: DockerCrondImage}
+ net: none
+ pid: host
+ privileged: true
+ user: root
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/logrotate-crond.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/puppet-generated/crond/:/var/lib/kolla/config_files/src:ro
+ - /var/log/containers:/var/log/containers
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml
index 62c25bb2..47414083 100644
--- a/docker/services/nova-libvirt.yaml
+++ b/docker/services/nova-libvirt.yaml
@@ -61,7 +61,7 @@ parameters:
description: Whether to enable or not the Rbd backend for Cinder
type: boolean
CephClientKey:
- description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring.
+ description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
type: string
hidden: true
CephClusterFSID:
diff --git a/docker/services/pacemaker/cinder-backup.yaml b/docker/services/pacemaker/cinder-backup.yaml
index c6a80efa..c2117c04 100644
--- a/docker/services/pacemaker/cinder-backup.yaml
+++ b/docker/services/pacemaker/cinder-backup.yaml
@@ -76,7 +76,13 @@ outputs:
config_settings:
map_merge:
- get_attr: [CinderBackupBase, role_data, config_settings]
- - tripleo::profile::pacemaker::cinder::backup_bundle::cinder_backup_docker_image: &cinder_backup_image {get_param: DockerCinderBackupImage}
+ - tripleo::profile::pacemaker::cinder::backup_bundle::cinder_backup_docker_image: &cinder_backup_image_pcmklatest
+ list_join:
+ - ':'
+ - - yaql:
+ data: {get_param: DockerCinderBackupImage}
+ expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0]
+ - 'pcmklatest'
cinder::backup::manage_service: false
cinder::backup::enabled: false
step_config: ""
@@ -102,10 +108,33 @@ outputs:
owner: cinder:cinder
recurse: true
docker_config:
+ step_1:
+ cinder_backup_image_tag:
+ start_order: 1
+ detach: false
+ net: host
+ user: root
+ command:
+ - '/bin/bash'
+ - '-c'
+ - str_replace:
+ template:
+ "/usr/bin/docker tag 'CINDERBACKUP_IMAGE' 'CINDERBACKUP_IMAGE_PCMKLATEST'"
+ params:
+ CINDERBACKUP_IMAGE: {get_param: DockerCinderBackupImage}
+ CINDERBACKUP_IMAGE_PCMKLATEST: *cinder_backup_image_pcmklatest
+ image: {get_param: DockerCinderBackupImage}
+ volumes:
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /dev/shm:/dev/shm:rw
+ - /etc/sysconfig/docker:/etc/sysconfig/docker:ro
+ - /usr/bin:/usr/bin:ro
+ - /var/run/docker.sock:/var/run/docker.sock:rw
step_3:
cinder_backup_init_logs:
start_order: 0
- image: *cinder_backup_image
+ image: {get_param: DockerCinderBackupImage}
privileged: false
user: root
volumes:
@@ -129,7 +158,7 @@ outputs:
params:
TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::constraint::location'
CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::cinder::backup_bundle'
- image: *cinder_backup_image
+ image: {get_param: DockerCinderBackupImage}
volumes:
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
diff --git a/docker/services/pacemaker/cinder-volume.yaml b/docker/services/pacemaker/cinder-volume.yaml
index 3c1b7a74..a4f69517 100644
--- a/docker/services/pacemaker/cinder-volume.yaml
+++ b/docker/services/pacemaker/cinder-volume.yaml
@@ -69,7 +69,13 @@ outputs:
config_settings:
map_merge:
- get_attr: [CinderBase, role_data, config_settings]
- - tripleo::profile::pacemaker::cinder::volume_bundle::cinder_volume_docker_image: &cinder_volume_image {get_param: DockerCinderVolumeImage}
+ - tripleo::profile::pacemaker::cinder::volume_bundle::cinder_volume_docker_image: &cinder_volume_image_pcmklatest
+ list_join:
+ - ':'
+ - - yaql:
+ data: {get_param: DockerCinderVolumeImage}
+ expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0]
+ - 'pcmklatest'
cinder::volume::manage_service: false
cinder::volume::enabled: false
cinder::host: hostgroup
@@ -93,10 +99,33 @@ outputs:
owner: cinder:cinder
recurse: true
docker_config:
+ step_1:
+ cinder_volume_image_tag:
+ start_order: 1
+ detach: false
+ net: host
+ user: root
+ command:
+ - '/bin/bash'
+ - '-c'
+ - str_replace:
+ template:
+ "/usr/bin/docker tag 'CINDERVOLUME_IMAGE' 'CINDERVOLUME_IMAGE_PCMKLATEST'"
+ params:
+ CINDERVOLUME_IMAGE: {get_param: DockerCinderVolumeImage}
+ CINDERVOLUME_IMAGE_PCMKLATEST: *cinder_volume_image_pcmklatest
+ image: {get_param: DockerCinderVolumeImage}
+ volumes:
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /dev/shm:/dev/shm:rw
+ - /etc/sysconfig/docker:/etc/sysconfig/docker:ro
+ - /usr/bin:/usr/bin:ro
+ - /var/run/docker.sock:/var/run/docker.sock:rw
step_3:
cinder_volume_init_logs:
start_order: 0
- image: *cinder_volume_image
+ image: {get_param: DockerCinderVolumeImage}
privileged: false
user: root
volumes:
@@ -120,7 +149,7 @@ outputs:
params:
TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::constraint::location'
CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::cinder::volume_bundle'
- image: *cinder_volume_image
+ image: {get_param: DockerCinderVolumeImage}
volumes:
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
diff --git a/docker/services/pacemaker/database/mysql.yaml b/docker/services/pacemaker/database/mysql.yaml
index 8ba7d723..3de1696d 100644
--- a/docker/services/pacemaker/database/mysql.yaml
+++ b/docker/services/pacemaker/database/mysql.yaml
@@ -79,7 +79,13 @@ outputs:
config_settings:
map_merge:
- {get_attr: [MysqlPuppetBase, role_data, config_settings]}
- - tripleo::profile::pacemaker::database::mysql_bundle::mysql_docker_image: &mysql_image {get_param: DockerMysqlImage}
+ - tripleo::profile::pacemaker::database::mysql_bundle::mysql_docker_image: &mysql_image_pcmklatest
+ list_join:
+ - ':'
+ - - yaql:
+ data: {get_param: DockerMysqlImage}
+ expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0]
+ - 'pcmklatest'
tripleo::profile::pacemaker::database::mysql_bundle::control_port: 3123
tripleo.mysql.firewall_rules:
'104 mysql galera-bundle':
@@ -141,7 +147,7 @@ outputs:
mysql_data_ownership:
start_order: 0
detach: false
- image: *mysql_image
+ image: {get_param: DockerMysqlImage}
net: host
user: root
# Kolla does only non-recursive chown
@@ -151,7 +157,7 @@ outputs:
mysql_bootstrap:
start_order: 1
detach: false
- image: *mysql_image
+ image: {get_param: DockerMysqlImage}
net: host
# Kolla bootstraps aren't idempotent, explicitly checking if bootstrap was done
command:
@@ -196,6 +202,28 @@ outputs:
passwords:
- {get_param: MysqlRootPassword}
- {get_param: [DefaultPasswords, mysql_root_password]}
+ mysql_image_tag:
+ start_order: 2
+ detach: false
+ net: host
+ user: root
+ command:
+ - '/bin/bash'
+ - '-c'
+ - str_replace:
+ template:
+ "/usr/bin/docker tag 'MYSQL_IMAGE' 'MYSQL_IMAGE_PCMKLATEST'"
+ params:
+ MYSQL_IMAGE: {get_param: DockerMysqlImage}
+ MYSQL_IMAGE_PCMKLATEST: *mysql_image_pcmklatest
+ image: {get_param: DockerMysqlImage}
+ volumes:
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /dev/shm:/dev/shm:rw
+ - /etc/sysconfig/docker:/etc/sysconfig/docker:ro
+ - /usr/bin:/usr/bin:ro
+ - /var/run/docker.sock:/var/run/docker.sock:rw
step_2:
mysql_init_bundle:
start_order: 1
@@ -214,7 +242,7 @@ outputs:
params:
TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation,galera_ready,mysql_database,mysql_grant,mysql_user'
CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::database::mysql_bundle'
- image: *mysql_image
+ image: {get_param: DockerMysqlImage}
volumes:
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
diff --git a/docker/services/pacemaker/database/redis.yaml b/docker/services/pacemaker/database/redis.yaml
index 75b6d650..0b8aa046 100644
--- a/docker/services/pacemaker/database/redis.yaml
+++ b/docker/services/pacemaker/database/redis.yaml
@@ -60,7 +60,13 @@ outputs:
- redis::service_manage: false
redis::notify_service: false
redis::managed_by_cluster_manager: true
- tripleo::profile::pacemaker::database::redis_bundle::redis_docker_image: &redis_image {get_param: DockerRedisImage}
+ tripleo::profile::pacemaker::database::redis_bundle::redis_docker_image: &redis_image_pcmklatest
+ list_join:
+ - ':'
+ - - yaql:
+ data: {get_param: DockerRedisImage}
+ expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0]
+ - 'pcmklatest'
tripleo::profile::pacemaker::database::redis_bundle::control_port: 3124
tripleo.redis.firewall_rules:
'108 redis-bundle':
@@ -104,6 +110,29 @@ outputs:
owner: redis:redis
recurse: true
docker_config:
+ step_1:
+ redis_image_tag:
+ start_order: 1
+ detach: false
+ net: host
+ user: root
+ command:
+ - '/bin/bash'
+ - '-c'
+ - str_replace:
+ template:
+ "/usr/bin/docker tag 'REDIS_IMAGE' 'REDIS_IMAGE_PCMKLATEST'"
+ params:
+ REDIS_IMAGE: {get_param: DockerRedisImage}
+ REDIS_IMAGE_PCMKLATEST: *redis_image_pcmklatest
+ image: {get_param: DockerRedisImage}
+ volumes:
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /dev/shm:/dev/shm:rw
+ - /etc/sysconfig/docker:/etc/sysconfig/docker:ro
+ - /usr/bin:/usr/bin:ro
+ - /var/run/docker.sock:/var/run/docker.sock:rw
step_2:
redis_init_bundle:
start_order: 2
diff --git a/docker/services/pacemaker/haproxy.yaml b/docker/services/pacemaker/haproxy.yaml
index 5ba54f85..2e5c7424 100644
--- a/docker/services/pacemaker/haproxy.yaml
+++ b/docker/services/pacemaker/haproxy.yaml
@@ -92,6 +92,13 @@ outputs:
tripleo::profile::pacemaker::haproxy_bundle::internal_keys_directory: {get_param: HAProxyInternalTLSKeysDirectory}
# disable the use CRL file until we can restart the container when the file expires
tripleo::haproxy::crl_file: null
+ tripleo::profile::pacemaker::haproxy_bundle::haproxy_docker_image: &haproxy_image_pcmklatest
+ list_join:
+ - ':'
+ - - yaql:
+ data: {get_param: DockerHAProxyImage}
+ expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0]
+ - 'pcmklatest'
step_config: ""
service_config_settings: {get_attr: [HAProxyBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
@@ -142,6 +149,30 @@ outputs:
perm: '0600'
optional: true
docker_config:
+ step_1:
+ haproxy_image_tag:
+ start_order: 1
+ detach: false
+ net: host
+ user: root
+ command:
+ - '/bin/bash'
+ - '-c'
+ - str_replace:
+ template:
+ "/usr/bin/docker tag 'HAPROXY_IMAGE' 'HAPROXY_IMAGE_PCMKLATEST'"
+ params:
+ HAPROXY_IMAGE: {get_param: DockerHAProxyImage}
+ HAPROXY_IMAGE_PCMKLATEST: *haproxy_image_pcmklatest
+ image: {get_param: DockerHAProxyImage}
+ volumes:
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /dev/shm:/dev/shm:rw
+ - /etc/sysconfig/docker:/etc/sysconfig/docker:ro
+ - /usr/bin:/usr/bin:ro
+ - /var/run/docker.sock:/var/run/docker.sock:rw
+ image: {get_param: DockerHAProxyImage}
step_2:
haproxy_init_bundle:
start_order: 3
@@ -165,7 +196,7 @@ outputs:
- ';'
- - 'include ::tripleo::profile::base::pacemaker'
- 'include ::tripleo::profile::pacemaker::haproxy_bundle'
- image: *haproxy_image
+ image: {get_param: DockerHAProxyImage}
volumes:
list_concat:
- *deployed_cert_mount
diff --git a/docker/services/pacemaker/manila-share.yaml b/docker/services/pacemaker/manila-share.yaml
index 7103ba8b..c88737aa 100644
--- a/docker/services/pacemaker/manila-share.yaml
+++ b/docker/services/pacemaker/manila-share.yaml
@@ -59,7 +59,13 @@ outputs:
config_settings:
map_merge:
- get_attr: [ManilaBase, role_data, config_settings]
- - tripleo::profile::pacemaker::manila::share_bundle::manila_share_docker_image: &manila_share_image {get_param: DockerManilaShareImage}
+ - tripleo::profile::pacemaker::manila::share_bundle::manila_share_docker_image: &manila_share_image_pcmklatest
+ list_join:
+ - ':'
+ - - yaql:
+ data: {get_param: DockerManilaShareImage}
+ expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0]
+ - 'pcmklatest'
manila::share::manage_service: false
manila::share::enabled: false
manila::host: hostgroup
@@ -93,10 +99,33 @@ outputs:
owner: manila:manila
recurse: true
docker_config:
+ step_1:
+ manila_share_image_tag:
+ start_order: 1
+ detach: false
+ net: host
+ user: root
+ command:
+ - '/bin/bash'
+ - '-c'
+ - str_replace:
+ template:
+ "/usr/bin/docker tag 'MANILASHARE_IMAGE' 'MANILASHARE_IMAGE_PCMKLATEST'"
+ params:
+ MANILASHARE_IMAGE: {get_param: DockerManilaShareImage}
+ MANILASHARE_IMAGE_PCMKLATEST: *manila_share_image_pcmklatest
+ image: {get_param: DockerManilaShareImage}
+ volumes:
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /dev/shm:/dev/shm:rw
+ - /etc/sysconfig/docker:/etc/sysconfig/docker:ro
+ - /usr/bin:/usr/bin:ro
+ - /var/run/docker.sock:/var/run/docker.sock:rw
step_3:
manila_share_init_logs:
start_order: 0
- image: *manila_share_image
+ image: {get_param: DockerManilaShareImage}
privileged: false
user: root
volumes:
@@ -120,7 +149,7 @@ outputs:
params:
TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::constraint::location'
CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::manila::share_bundle'
- image: *manila_share_image
+ image: {get_param: DockerManilaShareImage}
volumes:
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
diff --git a/docker/services/pacemaker/rabbitmq.yaml b/docker/services/pacemaker/rabbitmq.yaml
index d8e50afd..ba1abaf9 100644
--- a/docker/services/pacemaker/rabbitmq.yaml
+++ b/docker/services/pacemaker/rabbitmq.yaml
@@ -62,7 +62,13 @@ outputs:
map_merge:
- {get_attr: [RabbitmqBase, role_data, config_settings]}
- rabbitmq::service_manage: false
- tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image: &rabbitmq_image {get_param: DockerRabbitmqImage}
+ tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image: &rabbitmq_image_pcmklatest
+ list_join:
+ - ':'
+ - - yaql:
+ data: {get_param: DockerRabbitmqImage}
+ expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0]
+ - 'pcmklatest'
tripleo::profile::pacemaker::rabbitmq_bundle::control_port: 3122
tripleo.rabbitmq.firewall_rules:
'109 rabbitmq-bundle':
@@ -118,7 +124,7 @@ outputs:
step_1:
rabbitmq_bootstrap:
start_order: 0
- image: *rabbitmq_image
+ image: {get_param: DockerRabbitmqImage}
net: host
privileged: false
volumes:
@@ -141,6 +147,28 @@ outputs:
passwords:
- {get_param: RabbitCookie}
- {get_param: [DefaultPasswords, rabbit_cookie]}
+ rabbitmq_image_tag:
+ start_order: 1
+ detach: false
+ net: host
+ user: root
+ command:
+ - '/bin/bash'
+ - '-c'
+ - str_replace:
+ template:
+ "/usr/bin/docker tag 'RABBITMQ_IMAGE' 'RABBITMQ_IMAGE_PCMKLATEST'"
+ params:
+ RABBITMQ_IMAGE: {get_param: DockerRabbitmqImage}
+ RABBITMQ_IMAGE_PCMKLATEST: *rabbitmq_image_pcmklatest
+ image: {get_param: DockerRabbitmqImage}
+ volumes:
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /dev/shm:/dev/shm:rw
+ - /etc/sysconfig/docker:/etc/sysconfig/docker:ro
+ - /usr/bin:/usr/bin:ro
+ - /var/run/docker.sock:/var/run/docker.sock:rw
step_2:
rabbitmq_init_bundle:
start_order: 0
@@ -159,7 +187,7 @@ outputs:
params:
TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation'
CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::rabbitmq_bundle'
- image: *rabbitmq_image
+ image: {get_param: DockerRabbitmqImage}
volumes:
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
diff --git a/docker/services/rabbitmq.yaml b/docker/services/rabbitmq.yaml
index 418c60d2..add78879 100644
--- a/docker/services/rabbitmq.yaml
+++ b/docker/services/rabbitmq.yaml
@@ -40,6 +40,18 @@ parameters:
type: string
default: ''
hidden: true
+ EnableInternalTLS:
+ type: boolean
+ default: false
+ InternalTLSCAFile:
+ default: '/etc/ipa/ca.crt'
+ type: string
+ description: Specifies the default CA cert to use if TLS is used for
+ services in the internal network.
+
+conditions:
+
+ internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
@@ -66,6 +78,10 @@ outputs:
map_merge:
- {get_attr: [RabbitmqBase, role_data, config_settings]}
- rabbitmq::admin_enable: false
+ - if:
+ - internal_tls_enabled
+ - tripleo::certmonger::rabbitmq::postsave_cmd: "true" # TODO: restart the rabbitmq container here
+ - {}
step_config: &step_config
list_join:
- "\n"
@@ -85,10 +101,21 @@ outputs:
dest: "/"
merge: true
preserve_properties: true
+ - source: "/var/lib/kolla/config_files/src-tls/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
+ optional: true
permissions:
- path: /var/lib/rabbitmq
owner: rabbitmq:rabbitmq
recurse: true
+ - path: /etc/pki/tls/certs/rabbitmq.crt
+ owner: rabbitmq:rabbitmq
+ optional: true
+ - path: /etc/pki/tls/private/rabbitmq.key
+ owner: rabbitmq:rabbitmq
+ optional: true
docker_config:
# Kolla_bootstrap runs before permissions set by kolla_config
step_1:
@@ -115,6 +142,17 @@ outputs:
- /var/lib/config-data/puppet-generated/rabbitmq/:/var/lib/kolla/config_files/src:ro
- /var/lib/rabbitmq:/var/lib/rabbitmq
- /var/log/containers/rabbitmq:/var/log/rabbitmq
+ - if:
+ - internal_tls_enabled
+ -
+ - list_join:
+ - ':'
+ - - {get_param: InternalTLSCAFile}
+ - {get_param: InternalTLSCAFile}
+ - 'ro'
+ - /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro
+ - /etc/pki/tls/private/rabbitmq.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/rabbitmq.key:ro
+ - null
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
- KOLLA_BOOTSTRAP=True
@@ -143,6 +181,17 @@ outputs:
- /var/lib/config-data/puppet-generated/rabbitmq/:/var/lib/kolla/config_files/src:ro
- /var/lib/rabbitmq:/var/lib/rabbitmq
- /var/log/containers/rabbitmq:/var/log/rabbitmq
+ - if:
+ - internal_tls_enabled
+ -
+ - list_join:
+ - ':'
+ - - {get_param: InternalTLSCAFile}
+ - {get_param: InternalTLSCAFile}
+ - 'ro'
+ - /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro
+ - /etc/pki/tls/private/rabbitmq.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/rabbitmq.key:ro
+ - null
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
docker_puppet_tasks:
@@ -155,6 +204,8 @@ outputs:
volumes:
- /var/lib/config-data/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/:ro
- /var/lib/rabbitmq:/var/lib/rabbitmq:ro
+ metadata_settings:
+ get_attr: [RabbitmqBase, role_data, metadata_settings]
host_prep_tasks:
- name: create persistent directories
file:
diff --git a/docker/services/zaqar.yaml b/docker/services/zaqar.yaml
index 072c6759..b6fb4001 100644
--- a/docker/services/zaqar.yaml
+++ b/docker/services/zaqar.yaml
@@ -57,7 +57,7 @@ resources:
type: ../../puppet/services/database/mysql-client.yaml
ZaqarBase:
- type: ../../puppet/services/zaqar.yaml
+ type: ../../puppet/services/zaqar-api.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}