summaryrefslogtreecommitdiffstats
path: root/docker
diff options
context:
space:
mode:
Diffstat (limited to 'docker')
-rwxr-xr-xdocker/docker-puppet.py11
-rw-r--r--docker/docker-steps.j213
-rw-r--r--docker/services/gnocchi-api.yaml4
-rw-r--r--docker/services/gnocchi-metricd.yaml4
-rw-r--r--docker/services/gnocchi-statsd.yaml4
-rw-r--r--docker/services/keystone.yaml17
-rw-r--r--docker/services/nova-compute.yaml2
-rw-r--r--docker/services/nova-ironic.yaml2
8 files changed, 51 insertions, 6 deletions
diff --git a/docker/docker-puppet.py b/docker/docker-puppet.py
index c364d039..909a2c8a 100755
--- a/docker/docker-puppet.py
+++ b/docker/docker-puppet.py
@@ -61,7 +61,10 @@ def rm_container(name):
stderr=subprocess.PIPE)
cmd_stdout, cmd_stderr = subproc.communicate()
print(cmd_stdout)
- print(cmd_stderr)
+ if cmd_stderr and \
+ cmd_stderr != 'Error response from daemon: ' \
+ 'No such container: {}\n'.format(name):
+ print(cmd_stderr)
process_count = int(os.environ.get('PROCESS_COUNT',
multiprocessing.cpu_count()))
@@ -202,6 +205,12 @@ def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volume
'--volume', '/usr/share/openstack-puppet/modules/:/usr/share/openstack-puppet/modules/:ro',
'--volume', '/var/lib/config-data/:/var/lib/config-data/:rw',
'--volume', 'tripleo_logs:/var/log/tripleo/',
+ # OpenSSL trusted CA injection
+ '--volume', '/etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:ro',
+ '--volume', '/etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro',
+ '--volume', '/etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro',
+ '--volume', '/etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro',
+ # script injection
'--volume', '%s:%s:rw' % (sh_script, sh_script) ]
for volume in volumes:
diff --git a/docker/docker-steps.j2 b/docker/docker-steps.j2
index 301d838f..f0af8e25 100644
--- a/docker/docker-steps.j2
+++ b/docker/docker-steps.j2
@@ -1,7 +1,14 @@
# certain initialization steps (run in a container) will occur
-# on the first role listed in the roles file
-{% set primary_role_name = roles[0].name -%}
-
+# on the role marked as primary controller or the first role listed
+{%- set primary_role = [roles[0]] -%}
+{%- for role in roles -%}
+ {%- if 'primary' in role.tags and 'controller' in role.tags -%}
+ {%- set _ = primary_role.pop() -%}
+ {%- set _ = primary_role.append(role) -%}
+ {%- endif -%}
+{%- endfor -%}
+{%- set primary_role_name = primary_role[0].name -%}
+# primary role is: {{primary_role_name}}
heat_template_version: ocata
description: >
diff --git a/docker/services/gnocchi-api.yaml b/docker/services/gnocchi-api.yaml
index 08f4b56b..659785aa 100644
--- a/docker/services/gnocchi-api.yaml
+++ b/docker/services/gnocchi-api.yaml
@@ -96,3 +96,7 @@ outputs:
- /etc/localtime:/etc/localtime:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ upgrade_tasks:
+ - name: Stop and disable httpd service
+ tags: step2
+ service: name=httpd state=stopped enabled=no
diff --git a/docker/services/gnocchi-metricd.yaml b/docker/services/gnocchi-metricd.yaml
index 6b41eaa3..78494d66 100644
--- a/docker/services/gnocchi-metricd.yaml
+++ b/docker/services/gnocchi-metricd.yaml
@@ -71,3 +71,7 @@ outputs:
- /etc/localtime:/etc/localtime:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ upgrade_tasks:
+ - name: Stop and disable openstack-gnocchi-metricd service
+ tags: step2
+ service: name=openstack-gnocchi-metricd.service state=stopped enabled=no
diff --git a/docker/services/gnocchi-statsd.yaml b/docker/services/gnocchi-statsd.yaml
index 93b616c4..7f439846 100644
--- a/docker/services/gnocchi-statsd.yaml
+++ b/docker/services/gnocchi-statsd.yaml
@@ -71,3 +71,7 @@ outputs:
- /etc/localtime:/etc/localtime:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ upgrade_tasks:
+ - name: Stop and disable openstack-gnocchi-statsd service
+ tags: step2
+ service: name=openstack-gnocchi-statsd.service state=stopped enabled=no
diff --git a/docker/services/keystone.yaml b/docker/services/keystone.yaml
index 90ddeb9f..526a357b 100644
--- a/docker/services/keystone.yaml
+++ b/docker/services/keystone.yaml
@@ -36,6 +36,9 @@ parameters:
default: 'fernet'
constraints:
- allowed_values: ['uuid', 'fernet']
+ EnableInternalTLS:
+ type: boolean
+ default: false
resources:
@@ -46,6 +49,10 @@ resources:
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
+conditions:
+
+ internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
+
outputs:
role_data:
description: Role data for the Keystone API role.
@@ -96,6 +103,16 @@ outputs:
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
- logs:/var/log
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
+ - ''
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
+ - ''
environment:
- KOLLA_BOOTSTRAP=True
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/nova-compute.yaml b/docker/services/nova-compute.yaml
index eefcb367..fb286ca5 100644
--- a/docker/services/nova-compute.yaml
+++ b/docker/services/nova-compute.yaml
@@ -85,4 +85,4 @@ outputs:
upgrade_tasks:
- name: Stop and disable nova-compute service
tags: step2
- service: name=nova-compute state=stopped enabled=no
+ service: name=openstack-nova-compute state=stopped enabled=no
diff --git a/docker/services/nova-ironic.yaml b/docker/services/nova-ironic.yaml
index 9941abda..d6270424 100644
--- a/docker/services/nova-ironic.yaml
+++ b/docker/services/nova-ironic.yaml
@@ -82,4 +82,4 @@ outputs:
upgrade_tasks:
- name: Stop and disable nova-compute service
tags: step2
- service: name=nova-compute state=stopped enabled=no
+ service: name=openstack-nova-compute state=stopped enabled=no