diff options
Diffstat (limited to 'extraconfig/tasks')
-rwxr-xr-x | extraconfig/tasks/pacemaker_common_functions.sh | 49 | ||||
-rw-r--r-- | extraconfig/tasks/post_puppet_pacemaker.j2.yaml (renamed from extraconfig/tasks/post_puppet_pacemaker.yaml) | 21 | ||||
-rw-r--r-- | extraconfig/tasks/post_puppet_pacemaker_restart.yaml | 2 | ||||
-rw-r--r-- | extraconfig/tasks/pre_puppet_pacemaker.yaml | 2 | ||||
-rwxr-xr-x | extraconfig/tasks/run_puppet.sh | 5 | ||||
-rw-r--r-- | extraconfig/tasks/ssh/host_public_key.yaml | 42 | ||||
-rw-r--r-- | extraconfig/tasks/ssh/known_hosts_config.yaml | 36 | ||||
-rw-r--r-- | extraconfig/tasks/tripleo_upgrade_node.sh | 1 | ||||
-rwxr-xr-x | extraconfig/tasks/yum_update.sh | 58 |
9 files changed, 181 insertions, 35 deletions
diff --git a/extraconfig/tasks/pacemaker_common_functions.sh b/extraconfig/tasks/pacemaker_common_functions.sh index 4480f74d..f17a073a 100755 --- a/extraconfig/tasks/pacemaker_common_functions.sh +++ b/extraconfig/tasks/pacemaker_common_functions.sh @@ -322,3 +322,52 @@ function special_case_ovs_upgrade_if_needed { } +# This code is meant to fix https://bugs.launchpad.net/tripleo/+bug/1686357 on +# existing setups via a minor update workflow and be idempotent. We need to +# run this before the yum update because we fix this up even when there are no +# packages to update on the system (in which case the script exits). +# This code must be called with set +eu (due to the ocf scripts being sourced) +function fixup_wrong_ipv6_vip { + # This XPath query identifies of all the VIPs in pacemaker with netmask /64. Those are IPv6 only resources that have the wrong netmask + # This gives the address of the resource in the CIB, one address per line. For example: + # /cib/configuration/resources/primitive[@id='ip-2001.db8.ca2.4..10']/instance_attributes[@id='ip-2001.db8.ca2.4..10-instance_attributes']\ + # /nvpair[@id='ip-2001.db8.ca2.4..10-instance_attributes-cidr_netmask'] + vip_xpath_query="//resources/primitive[@type='IPaddr2']/instance_attributes/nvpair[@name='cidr_netmask' and @value='64']" + vip_xpath_xml_addresses=$(cibadmin --query --xpath "$vip_xpath_query" -e 2>/dev/null) + # The following extracts the @id value of the resource + vip_resources_to_fix=$(echo -e "$vip_xpath_xml_addresses" | sed -n "s/.*primitive\[@id='\([^']*\)'.*/\1/p") + # Runnning this in a subshell so that sourcing files cannot possibly affect the running script + ( + OCF_PATH="/usr/lib/ocf/lib/heartbeat" + if [ -n "$vip_resources_to_fix" -a -f $OCF_PATH/ocf-shellfuncs -a -f $OCF_PATH/findif.sh ]; then + source $OCF_PATH/ocf-shellfuncs + source $OCF_PATH/findif.sh + for resource in $vip_resources_to_fix; do + echo "Updating IPv6 VIP $resource with a /128 and a correct addrlabel" + # The following will give us something like: + # <nvpair id="ip-2001.db8.ca2.4..10-instance_attributes-ip" name="ip" value="2001:db8:ca2:4::10"/> + ip_cib_nvpair=$(cibadmin --query --xpath "//resources/primitive[@type='IPaddr2' and @id='$resource']/instance_attributes/nvpair[@name='ip']") + # Let's filter out the value of the nvpair to get the ip address + ip_address=$(echo $ip_cib_nvpair | xmllint --xpath 'string(//nvpair/@value)' -) + OCF_RESKEY_cidr_netmask="64" + OCF_RESKEY_ip="$ip_address" + # Unfortunately due to https://bugzilla.redhat.com/show_bug.cgi?id=1445628 + # we need to find out the appropiate nic given the ip address. + nic=$(findif $ip_address | awk '{ print $1 }') + ret=$? + if [ -z "$nic" -o $ret -ne 0 ]; then + echo "NIC autodetection failed for VIP $ip_address, not updating VIPs" + # Only exits the subshell + exit 1 + fi + ocf_run -info pcs resource update --wait "$resource" ip="$ip_address" cidr_netmask=128 nic="$nic" lvs_ipv6_addrlabel=true lvs_ipv6_addrlabel_value=99 + ret=$? + if [ $ret -ne 0 ]; then + echo "pcs resource update for VIP $resource failed, not updating VIPs" + # Only exits the subshell + exit 1 + fi + done + fi + ) +} diff --git a/extraconfig/tasks/post_puppet_pacemaker.yaml b/extraconfig/tasks/post_puppet_pacemaker.j2.yaml index a63868c9..0db0bc12 100644 --- a/extraconfig/tasks/post_puppet_pacemaker.yaml +++ b/extraconfig/tasks/post_puppet_pacemaker.j2.yaml @@ -10,7 +10,9 @@ parameters: resources: - ControllerPostPuppetMaintenanceModeConfig: +{%- for role in roles -%} +{% if "controller" in role.tags %} + {{role.name}}PostPuppetMaintenanceModeConfig: type: OS::Heat::SoftwareConfig properties: group: script @@ -22,16 +24,19 @@ resources: pcs property set maintenance-mode=false fi - ControllerPostPuppetMaintenanceModeDeployment: + {{role.name}}PostPuppetMaintenanceModeDeployment: type: OS::Heat::SoftwareDeployments properties: - servers: {get_param: servers} - config: {get_resource: ControllerPostPuppetMaintenanceModeConfig} + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: {{role.name}}PostPuppetMaintenanceModeConfig} input_values: {get_param: input_values} - ControllerPostPuppetRestart: - type: OS::TripleO::Tasks::ControllerPostPuppetRestart - depends_on: ControllerPostPuppetMaintenanceModeDeployment + {{role.name}}PostPuppetRestart: + type: OS::TripleO::Tasks::{{role.name}}PostPuppetRestart + depends_on: {{role.name}}PostPuppetMaintenanceModeDeployment properties: - servers: {get_param: servers} + servers: {get_param: [servers, {{role.name}}]} input_values: {get_param: input_values} +{%- endif -%} +{% endfor %} + diff --git a/extraconfig/tasks/post_puppet_pacemaker_restart.yaml b/extraconfig/tasks/post_puppet_pacemaker_restart.yaml index 475a6688..07f3d00d 100644 --- a/extraconfig/tasks/post_puppet_pacemaker_restart.yaml +++ b/extraconfig/tasks/post_puppet_pacemaker_restart.yaml @@ -23,6 +23,6 @@ resources: ControllerPostPuppetRestartDeployment: type: OS::Heat::SoftwareDeployments properties: - servers: {get_param: servers} + servers: {get_param: servers} config: {get_resource: ControllerPostPuppetRestartConfig} input_values: {get_param: input_values} diff --git a/extraconfig/tasks/pre_puppet_pacemaker.yaml b/extraconfig/tasks/pre_puppet_pacemaker.yaml index aa7514f9..a4244633 100644 --- a/extraconfig/tasks/pre_puppet_pacemaker.yaml +++ b/extraconfig/tasks/pre_puppet_pacemaker.yaml @@ -20,6 +20,6 @@ resources: ControllerPrePuppetMaintenanceModeDeployment: type: OS::Heat::SoftwareDeployments properties: - servers: {get_param: servers} + servers: {get_param: servers} config: {get_resource: ControllerPrePuppetMaintenanceModeConfig} input_values: {get_param: input_values} diff --git a/extraconfig/tasks/run_puppet.sh b/extraconfig/tasks/run_puppet.sh index b7771e33..e3f6c493 100755 --- a/extraconfig/tasks/run_puppet.sh +++ b/extraconfig/tasks/run_puppet.sh @@ -10,7 +10,10 @@ function run_puppet { export FACTER_deploy_config_name="${role}Deployment_Step${step}" if [ -e "/etc/puppet/hieradata/heat_config_${FACTER_deploy_config_name}.json" ]; then set +e - puppet apply --detailed-exitcodes "${manifest}" + puppet apply --detailed-exitcodes \ + --modulepath \ + /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules \ + "${manifest}" rc=$? echo "puppet apply exited with exit code $rc" else diff --git a/extraconfig/tasks/ssh/host_public_key.yaml b/extraconfig/tasks/ssh/host_public_key.yaml new file mode 100644 index 00000000..847c8772 --- /dev/null +++ b/extraconfig/tasks/ssh/host_public_key.yaml @@ -0,0 +1,42 @@ +heat_template_version: ocata + +description: > + This is a template which will fetch the ssh host public key. + +parameters: + server: + description: ID of the node to apply this config to + type: string + +resources: + SshHostPubKeyConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + outputs: + - name: rsa + - name: ecdsa + - name: ed25519 + config: | + #!/bin/sh -x + test -e '/etc/ssh/ssh_host_rsa_key.pub' && cat /etc/ssh/ssh_host_rsa_key.pub > $heat_outputs_path.rsa + test -e '/etc/ssh/ssh_host_ecdsa_key.pub' && cat /etc/ssh/ssh_host_ecdsa_key.pub > $heat_outputs_path.ecdsa + test -e '/etc/ssh/ssh_host_ed25519_key.pub' && cat /etc/ssh/ssh_host_ed25519_key.pub > $heat_outputs_path.ed25519 + + SshHostPubKeyDeployment: + type: OS::Heat::SoftwareDeployment + properties: + config: {get_resource: SshHostPubKeyConfig} + server: {get_param: server} + + +outputs: + ecdsa: + description: Host ssh public key (ecdsa) + value: {get_attr: [SshHostPubKeyDeployment, ecdsa]} + rsa: + description: Host ssh public key (rsa) + value: {get_attr: [SshHostPubKeyDeployment, rsa]} + ed25519: + description: Host ssh public key (ed25519) + value: {get_attr: [SshHostPubKeyDeployment, ed25519]} diff --git a/extraconfig/tasks/ssh/known_hosts_config.yaml b/extraconfig/tasks/ssh/known_hosts_config.yaml new file mode 100644 index 00000000..2ebcb63c --- /dev/null +++ b/extraconfig/tasks/ssh/known_hosts_config.yaml @@ -0,0 +1,36 @@ +heat_template_version: ocata +description: 'SSH Known Hosts Config' + +parameters: + known_hosts: + type: string + +resources: + + SSHKnownHostsConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + inputs: + - name: known_hosts + default: {get_param: known_hosts} + config: | + #!/bin/bash + set -eux + set -o pipefail + + echo "Creating ssh known hosts file" + + if [ ! -z "${known_hosts}" ]; then + echo "${known_hosts}" + echo -ne "${known_hosts}" > /etc/ssh/ssh_known_hosts + chmod 0644 /etc/ssh/ssh_known_hosts + else + rm -f /etc/ssh/ssh_known_hosts + echo "No ssh known hosts" + fi + +outputs: + OS::stack_id: + description: The SSHKnownHostsConfig resource. + value: {get_resource: SSHKnownHostsConfig}
\ No newline at end of file diff --git a/extraconfig/tasks/tripleo_upgrade_node.sh b/extraconfig/tasks/tripleo_upgrade_node.sh index a5a312dc..1114897f 100644 --- a/extraconfig/tasks/tripleo_upgrade_node.sh +++ b/extraconfig/tasks/tripleo_upgrade_node.sh @@ -50,6 +50,7 @@ fi if [[ -n \$NOVA_COMPUTE ]]; then log_debug "Restarting openstack ceilometer agent compute" systemctl restart openstack-ceilometer-compute + yum install -y openstack-nova-migration fi # Apply puppet manifest to converge just right after the ${ROLE} upgrade diff --git a/extraconfig/tasks/yum_update.sh b/extraconfig/tasks/yum_update.sh index ad368278..83d6d8d6 100755 --- a/extraconfig/tasks/yum_update.sh +++ b/extraconfig/tasks/yum_update.sh @@ -38,38 +38,47 @@ if [[ -a "$timestamp_file" ]]; then fi touch "$timestamp_file" -command_arguments=${command_arguments:-} - -list_updates=$(yum list updates) - -if [[ "$list_updates" == "" ]]; then - echo "No packages require updating" - exit 0 -fi - pacemaker_status="" if hiera -c /etc/puppet/hiera.yaml service_names | grep -q pacemaker; then pacemaker_status=$(systemctl is-active pacemaker) fi -# Fix the redis/rabbit resource start/stop timeouts. See https://bugs.launchpad.net/tripleo/+bug/1633455 -# and https://bugs.launchpad.net/tripleo/+bug/1634851 +# (NB: when backporting this s/pacemaker_short_bootstrap_node_name/bootstrap_nodeid) +# This runs before the yum_update so we are guaranteed to run it even in the absence +# of packages to update (the check for -z "$update_identifier" guarantees that this +# is run only on overcloud stack update -i) if [[ "$pacemaker_status" == "active" && \ - "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname)" ]] ; then - if pcs resource show rabbitmq | grep -E "start.*timeout=100"; then - pcs resource update rabbitmq op start timeout=200s - fi - if pcs resource show rabbitmq | grep -E "stop.*timeout=90"; then - pcs resource update rabbitmq op stop timeout=200s - fi - if pcs resource show redis | grep -E "start.*timeout=120"; then - pcs resource update redis op start timeout=200s - fi - if pcs resource show redis | grep -E "stop.*timeout=120"; then - pcs resource update redis op stop timeout=200s + "$(hiera -c /etc/puppet/hiera.yaml pacemaker_short_bootstrap_node_name)" == "$(facter hostname)" ]] ; then \ + # OCF scripts don't cope with -eu + echo "Verifying if we need to fix up any IPv6 VIPs" + set +eu + fixup_wrong_ipv6_vip + ret=$? + set -eu + if [ $ret -ne 0 ]; then + echo "Fixing up IPv6 VIPs failed. Stopping here. (See https://bugs.launchpad.net/tripleo/+bug/1686357 for more info)" + exit 1 fi fi +command_arguments=${command_arguments:-} + +# yum check-update exits 100 if updates are available +set +e +check_update=$(yum check-update 2>&1) +check_update_exit=$? +set -e + +if [[ "$check_update_exit" == "1" ]]; then + echo "Failed to check for package updates" + echo "$check_update" + exit 1 +elif [[ "$check_update_exit" != "100" ]]; then + echo "No packages require updating" + exit 0 +fi + + # special case https://bugs.launchpad.net/tripleo/+bug/1635205 +bug/1669714 special_case_ovs_upgrade_if_needed @@ -139,6 +148,7 @@ if [[ "$pacemaker_status" == "active" ]] ; then pcs status fi -echo "Finished yum_update.sh on server $deploy_server_id at `date`" + +echo "Finished yum_update.sh on server $deploy_server_id at `date` with return code: $return_code" exit $return_code |