diff options
Diffstat (limited to 'docker')
-rw-r--r-- | docker/services/aodh-api.yaml | 4 | ||||
-rw-r--r-- | docker/services/aodh-evaluator.yaml | 4 | ||||
-rw-r--r-- | docker/services/aodh-listener.yaml | 4 | ||||
-rw-r--r-- | docker/services/aodh-notifier.yaml | 4 | ||||
-rw-r--r-- | docker/services/keystone.yaml | 19 |
5 files changed, 35 insertions, 0 deletions
diff --git a/docker/services/aodh-api.yaml b/docker/services/aodh-api.yaml index c88a0616..ca410d6d 100644 --- a/docker/services/aodh-api.yaml +++ b/docker/services/aodh-api.yaml @@ -117,3 +117,7 @@ outputs: - logs:/var/log environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + upgrade_tasks: + - name: Stop and disable aodh service (running under httpd) + tags: step2 + service: name=httpd state=stopped enabled=no diff --git a/docker/services/aodh-evaluator.yaml b/docker/services/aodh-evaluator.yaml index abb44de8..d3c8c595 100644 --- a/docker/services/aodh-evaluator.yaml +++ b/docker/services/aodh-evaluator.yaml @@ -78,3 +78,7 @@ outputs: - /etc/localtime:/etc/localtime:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + upgrade_tasks: + - name: Stop and disable openstack-aodh-evaluator service + tags: step2 + service: name=openstack-aodh-evaluator.service state=stopped enabled=no diff --git a/docker/services/aodh-listener.yaml b/docker/services/aodh-listener.yaml index 5a37763d..7aa9618d 100644 --- a/docker/services/aodh-listener.yaml +++ b/docker/services/aodh-listener.yaml @@ -78,3 +78,7 @@ outputs: - /etc/localtime:/etc/localtime:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + upgrade_tasks: + - name: Stop and disable openstack-aodh-listener service + tags: step2 + service: name=openstack-aodh-listener.service state=stopped enabled=no diff --git a/docker/services/aodh-notifier.yaml b/docker/services/aodh-notifier.yaml index 084e7652..f525d6bd 100644 --- a/docker/services/aodh-notifier.yaml +++ b/docker/services/aodh-notifier.yaml @@ -78,3 +78,7 @@ outputs: - /etc/localtime:/etc/localtime:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + upgrade_tasks: + - name: Stop and disable openstack-aodh-notifier service + tags: step2 + service: name=openstack-aodh-notifier.service state=stopped enabled=no diff --git a/docker/services/keystone.yaml b/docker/services/keystone.yaml index bd3a010e..3f8baef7 100644 --- a/docker/services/keystone.yaml +++ b/docker/services/keystone.yaml @@ -30,6 +30,12 @@ parameters: description: The password for the keystone admin account, used for monitoring, querying neutron etc. type: string hidden: true + KeystoneTokenProvider: + description: The keystone token format + type: string + default: 'uuid' + constraints: + - allowed_values: ['uuid', 'fernet'] resources: @@ -40,6 +46,9 @@ resources: ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} +conditions: + keystone_fernet_tokens: {equals: [{get_param: KeystoneTokenProvider}, "fernet"]} + outputs: role_data: description: Role data for the Keystone API role. @@ -80,6 +89,16 @@ outputs: owner: keystone perm: '0600' source: /var/lib/kolla/config_files/src/etc/keystone/credential-keys/1 + - dest: /etc/keystone/fernet-keys/0 + owner: keystone + perm: '0600' + source: /var/lib/kolla/config_files/src/etc/keystone/fernet-keys/0 + optional: {if: [keystone_fernet_tokens, false, true]} + - dest: /etc/keystone/fernet-keys/1 + owner: keystone + perm: '0600' + source: /var/lib/kolla/config_files/src/etc/keystone/fernet-keys/1 + optional: {if: [keystone_fernet_tokens, false, true]} - dest: /etc/httpd/conf.d/10-keystone_wsgi_admin.conf owner: root perm: '0644' |