diff options
Diffstat (limited to 'docker')
-rwxr-xr-x | docker/docker-puppet.py | 11 | ||||
-rw-r--r-- | docker/docker-steps.j2 | 13 | ||||
-rw-r--r-- | docker/services/gnocchi-api.yaml | 4 | ||||
-rw-r--r-- | docker/services/gnocchi-metricd.yaml | 4 | ||||
-rw-r--r-- | docker/services/gnocchi-statsd.yaml | 4 | ||||
-rw-r--r-- | docker/services/keystone.yaml | 17 | ||||
-rw-r--r-- | docker/services/nova-compute.yaml | 2 | ||||
-rw-r--r-- | docker/services/nova-ironic.yaml | 2 |
8 files changed, 51 insertions, 6 deletions
diff --git a/docker/docker-puppet.py b/docker/docker-puppet.py index c364d039..909a2c8a 100755 --- a/docker/docker-puppet.py +++ b/docker/docker-puppet.py @@ -61,7 +61,10 @@ def rm_container(name): stderr=subprocess.PIPE) cmd_stdout, cmd_stderr = subproc.communicate() print(cmd_stdout) - print(cmd_stderr) + if cmd_stderr and \ + cmd_stderr != 'Error response from daemon: ' \ + 'No such container: {}\n'.format(name): + print(cmd_stderr) process_count = int(os.environ.get('PROCESS_COUNT', multiprocessing.cpu_count())) @@ -202,6 +205,12 @@ def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volume '--volume', '/usr/share/openstack-puppet/modules/:/usr/share/openstack-puppet/modules/:ro', '--volume', '/var/lib/config-data/:/var/lib/config-data/:rw', '--volume', 'tripleo_logs:/var/log/tripleo/', + # OpenSSL trusted CA injection + '--volume', '/etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:ro', + '--volume', '/etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro', + '--volume', '/etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro', + '--volume', '/etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro', + # script injection '--volume', '%s:%s:rw' % (sh_script, sh_script) ] for volume in volumes: diff --git a/docker/docker-steps.j2 b/docker/docker-steps.j2 index 301d838f..f0af8e25 100644 --- a/docker/docker-steps.j2 +++ b/docker/docker-steps.j2 @@ -1,7 +1,14 @@ # certain initialization steps (run in a container) will occur -# on the first role listed in the roles file -{% set primary_role_name = roles[0].name -%} - +# on the role marked as primary controller or the first role listed +{%- set primary_role = [roles[0]] -%} +{%- for role in roles -%} + {%- if 'primary' in role.tags and 'controller' in role.tags -%} + {%- set _ = primary_role.pop() -%} + {%- set _ = primary_role.append(role) -%} + {%- endif -%} +{%- endfor -%} +{%- set primary_role_name = primary_role[0].name -%} +# primary role is: {{primary_role_name}} heat_template_version: ocata description: > diff --git a/docker/services/gnocchi-api.yaml b/docker/services/gnocchi-api.yaml index 08f4b56b..659785aa 100644 --- a/docker/services/gnocchi-api.yaml +++ b/docker/services/gnocchi-api.yaml @@ -96,3 +96,7 @@ outputs: - /etc/localtime:/etc/localtime:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + upgrade_tasks: + - name: Stop and disable httpd service + tags: step2 + service: name=httpd state=stopped enabled=no diff --git a/docker/services/gnocchi-metricd.yaml b/docker/services/gnocchi-metricd.yaml index 6b41eaa3..78494d66 100644 --- a/docker/services/gnocchi-metricd.yaml +++ b/docker/services/gnocchi-metricd.yaml @@ -71,3 +71,7 @@ outputs: - /etc/localtime:/etc/localtime:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + upgrade_tasks: + - name: Stop and disable openstack-gnocchi-metricd service + tags: step2 + service: name=openstack-gnocchi-metricd.service state=stopped enabled=no diff --git a/docker/services/gnocchi-statsd.yaml b/docker/services/gnocchi-statsd.yaml index 93b616c4..7f439846 100644 --- a/docker/services/gnocchi-statsd.yaml +++ b/docker/services/gnocchi-statsd.yaml @@ -71,3 +71,7 @@ outputs: - /etc/localtime:/etc/localtime:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + upgrade_tasks: + - name: Stop and disable openstack-gnocchi-statsd service + tags: step2 + service: name=openstack-gnocchi-statsd.service state=stopped enabled=no diff --git a/docker/services/keystone.yaml b/docker/services/keystone.yaml index 90ddeb9f..526a357b 100644 --- a/docker/services/keystone.yaml +++ b/docker/services/keystone.yaml @@ -36,6 +36,9 @@ parameters: default: 'fernet' constraints: - allowed_values: ['uuid', 'fernet'] + EnableInternalTLS: + type: boolean + default: false resources: @@ -46,6 +49,10 @@ resources: ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} + outputs: role_data: description: Role data for the Keystone API role. @@ -96,6 +103,16 @@ outputs: - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - logs:/var/log + - + if: + - internal_tls_enabled + - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro + - '' + - + if: + - internal_tls_enabled + - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro + - '' environment: - KOLLA_BOOTSTRAP=True - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/nova-compute.yaml b/docker/services/nova-compute.yaml index eefcb367..fb286ca5 100644 --- a/docker/services/nova-compute.yaml +++ b/docker/services/nova-compute.yaml @@ -85,4 +85,4 @@ outputs: upgrade_tasks: - name: Stop and disable nova-compute service tags: step2 - service: name=nova-compute state=stopped enabled=no + service: name=openstack-nova-compute state=stopped enabled=no diff --git a/docker/services/nova-ironic.yaml b/docker/services/nova-ironic.yaml index 9941abda..d6270424 100644 --- a/docker/services/nova-ironic.yaml +++ b/docker/services/nova-ironic.yaml @@ -82,4 +82,4 @@ outputs: upgrade_tasks: - name: Stop and disable nova-compute service tags: step2 - service: name=nova-compute state=stopped enabled=no + service: name=openstack-nova-compute state=stopped enabled=no |