path: root/extraconfig
diff options
Diffstat (limited to 'extraconfig')
-rw-r--r--extraconfig/tasks/post_puppet_pacemaker.j2.yaml (renamed from extraconfig/tasks/post_puppet_pacemaker.yaml)21
10 files changed, 218 insertions, 35 deletions
diff --git a/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml b/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml
index e8316c53..30a83550 100644
--- a/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml
+++ b/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml
@@ -53,6 +53,12 @@ parameters:
type: string
type: string
+ UpdateOnRHELRegistration:
+ type: boolean
+ default: false
+ description: |
+ When enabled, the system will perform a yum update after performing the
+ RHEL Registration process.
@@ -134,6 +140,37 @@ resources:
REG_METHOD: {get_param: rhel_reg_method}
+ YumUpdateConfigurationAfterRHELRegistration:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: script
+ config: |
+ #!/bin/bash
+ set -x
+ num_updates=$(yum list -q updates | wc -l)
+ if [ "$num_updates" -eq "0" ]; then
+ echo "No packages require updating"
+ exit 0
+ fi
+ full_command="yum -q -y update"
+ echo "Running: $full_command"
+ result=$($full_command)
+ return_code=$?
+ echo "$result"
+ echo "yum return code: $return_code"
+ exit $return_code
+ UpdateDeploymentAfterRHELRegistration:
+ type: OS::Heat::SoftwareDeployment
+ depends_on: RHELRegistrationDeployment
+ conditions:
+ update_requested: {get_param: UpdateOnRHELRegistration}
+ properties:
+ name: UpdateDeploymentAfterRHELRegistration
+ config: {get_resource: YumUpdateConfigurationAfterRHELRegistration}
+ server: {get_param: server}
+ actions: ['CREATE'] # Only do this on CREATE
description: Deployment reference, used to trigger puppet apply on changes
diff --git a/extraconfig/tasks/pacemaker_common_functions.sh b/extraconfig/tasks/pacemaker_common_functions.sh
index 4480f74d..f17a073a 100755
--- a/extraconfig/tasks/pacemaker_common_functions.sh
+++ b/extraconfig/tasks/pacemaker_common_functions.sh
@@ -322,3 +322,52 @@ function special_case_ovs_upgrade_if_needed {
+# This code is meant to fix https://bugs.launchpad.net/tripleo/+bug/1686357 on
+# existing setups via a minor update workflow and be idempotent. We need to
+# run this before the yum update because we fix this up even when there are no
+# packages to update on the system (in which case the script exits).
+# This code must be called with set +eu (due to the ocf scripts being sourced)
+function fixup_wrong_ipv6_vip {
+ # This XPath query identifies of all the VIPs in pacemaker with netmask /64. Those are IPv6 only resources that have the wrong netmask
+ # This gives the address of the resource in the CIB, one address per line. For example:
+ # /cib/configuration/resources/primitive[@id='ip-2001.db8.ca2.4..10']/instance_attributes[@id='ip-2001.db8.ca2.4..10-instance_attributes']\
+ # /nvpair[@id='ip-2001.db8.ca2.4..10-instance_attributes-cidr_netmask']
+ vip_xpath_query="//resources/primitive[@type='IPaddr2']/instance_attributes/nvpair[@name='cidr_netmask' and @value='64']"
+ vip_xpath_xml_addresses=$(cibadmin --query --xpath "$vip_xpath_query" -e 2>/dev/null)
+ # The following extracts the @id value of the resource
+ vip_resources_to_fix=$(echo -e "$vip_xpath_xml_addresses" | sed -n "s/.*primitive\[@id='\([^']*\)'.*/\1/p")
+ # Runnning this in a subshell so that sourcing files cannot possibly affect the running script
+ (
+ OCF_PATH="/usr/lib/ocf/lib/heartbeat"
+ if [ -n "$vip_resources_to_fix" -a -f $OCF_PATH/ocf-shellfuncs -a -f $OCF_PATH/findif.sh ]; then
+ source $OCF_PATH/ocf-shellfuncs
+ source $OCF_PATH/findif.sh
+ for resource in $vip_resources_to_fix; do
+ echo "Updating IPv6 VIP $resource with a /128 and a correct addrlabel"
+ # The following will give us something like:
+ # <nvpair id="ip-2001.db8.ca2.4..10-instance_attributes-ip" name="ip" value="2001:db8:ca2:4::10"/>
+ ip_cib_nvpair=$(cibadmin --query --xpath "//resources/primitive[@type='IPaddr2' and @id='$resource']/instance_attributes/nvpair[@name='ip']")
+ # Let's filter out the value of the nvpair to get the ip address
+ ip_address=$(echo $ip_cib_nvpair | xmllint --xpath 'string(//nvpair/@value)' -)
+ OCF_RESKEY_cidr_netmask="64"
+ OCF_RESKEY_ip="$ip_address"
+ # Unfortunately due to https://bugzilla.redhat.com/show_bug.cgi?id=1445628
+ # we need to find out the appropiate nic given the ip address.
+ nic=$(findif $ip_address | awk '{ print $1 }')
+ ret=$?
+ if [ -z "$nic" -o $ret -ne 0 ]; then
+ echo "NIC autodetection failed for VIP $ip_address, not updating VIPs"
+ # Only exits the subshell
+ exit 1
+ fi
+ ocf_run -info pcs resource update --wait "$resource" ip="$ip_address" cidr_netmask=128 nic="$nic" lvs_ipv6_addrlabel=true lvs_ipv6_addrlabel_value=99
+ ret=$?
+ if [ $ret -ne 0 ]; then
+ echo "pcs resource update for VIP $resource failed, not updating VIPs"
+ # Only exits the subshell
+ exit 1
+ fi
+ done
+ fi
+ )
diff --git a/extraconfig/tasks/post_puppet_pacemaker.yaml b/extraconfig/tasks/post_puppet_pacemaker.j2.yaml
index a63868c9..0db0bc12 100644
--- a/extraconfig/tasks/post_puppet_pacemaker.yaml
+++ b/extraconfig/tasks/post_puppet_pacemaker.j2.yaml
@@ -10,7 +10,9 @@ parameters:
- ControllerPostPuppetMaintenanceModeConfig:
+{%- for role in roles -%}
+{% if "controller" in role.tags %}
+ {{role.name}}PostPuppetMaintenanceModeConfig:
type: OS::Heat::SoftwareConfig
group: script
@@ -22,16 +24,19 @@ resources:
pcs property set maintenance-mode=false
- ControllerPostPuppetMaintenanceModeDeployment:
+ {{role.name}}PostPuppetMaintenanceModeDeployment:
type: OS::Heat::SoftwareDeployments
- servers: {get_param: servers}
- config: {get_resource: ControllerPostPuppetMaintenanceModeConfig}
+ servers: {get_param: [servers, {{role.name}}]}
+ config: {get_resource: {{role.name}}PostPuppetMaintenanceModeConfig}
input_values: {get_param: input_values}
- ControllerPostPuppetRestart:
- type: OS::TripleO::Tasks::ControllerPostPuppetRestart
- depends_on: ControllerPostPuppetMaintenanceModeDeployment
+ {{role.name}}PostPuppetRestart:
+ type: OS::TripleO::Tasks::{{role.name}}PostPuppetRestart
+ depends_on: {{role.name}}PostPuppetMaintenanceModeDeployment
- servers: {get_param: servers}
+ servers: {get_param: [servers, {{role.name}}]}
input_values: {get_param: input_values}
+{%- endif -%}
+{% endfor %}
diff --git a/extraconfig/tasks/post_puppet_pacemaker_restart.yaml b/extraconfig/tasks/post_puppet_pacemaker_restart.yaml
index 475a6688..07f3d00d 100644
--- a/extraconfig/tasks/post_puppet_pacemaker_restart.yaml
+++ b/extraconfig/tasks/post_puppet_pacemaker_restart.yaml
@@ -23,6 +23,6 @@ resources:
type: OS::Heat::SoftwareDeployments
- servers: {get_param: servers}
+ servers: {get_param: servers}
config: {get_resource: ControllerPostPuppetRestartConfig}
input_values: {get_param: input_values}
diff --git a/extraconfig/tasks/pre_puppet_pacemaker.yaml b/extraconfig/tasks/pre_puppet_pacemaker.yaml
index aa7514f9..a4244633 100644
--- a/extraconfig/tasks/pre_puppet_pacemaker.yaml
+++ b/extraconfig/tasks/pre_puppet_pacemaker.yaml
@@ -20,6 +20,6 @@ resources:
type: OS::Heat::SoftwareDeployments
- servers: {get_param: servers}
+ servers: {get_param: servers}
config: {get_resource: ControllerPrePuppetMaintenanceModeConfig}
input_values: {get_param: input_values}
diff --git a/extraconfig/tasks/run_puppet.sh b/extraconfig/tasks/run_puppet.sh
index b7771e33..e3f6c493 100755
--- a/extraconfig/tasks/run_puppet.sh
+++ b/extraconfig/tasks/run_puppet.sh
@@ -10,7 +10,10 @@ function run_puppet {
export FACTER_deploy_config_name="${role}Deployment_Step${step}"
if [ -e "/etc/puppet/hieradata/heat_config_${FACTER_deploy_config_name}.json" ]; then
set +e
- puppet apply --detailed-exitcodes "${manifest}"
+ puppet apply --detailed-exitcodes \
+ --modulepath \
+ /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules \
+ "${manifest}"
echo "puppet apply exited with exit code $rc"
diff --git a/extraconfig/tasks/ssh/host_public_key.yaml b/extraconfig/tasks/ssh/host_public_key.yaml
new file mode 100644
index 00000000..847c8772
--- /dev/null
+++ b/extraconfig/tasks/ssh/host_public_key.yaml
@@ -0,0 +1,42 @@
+heat_template_version: ocata
+description: >
+ This is a template which will fetch the ssh host public key.
+ server:
+ description: ID of the node to apply this config to
+ type: string
+ SshHostPubKeyConfig:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: script
+ outputs:
+ - name: rsa
+ - name: ecdsa
+ - name: ed25519
+ config: |
+ #!/bin/sh -x
+ test -e '/etc/ssh/ssh_host_rsa_key.pub' && cat /etc/ssh/ssh_host_rsa_key.pub > $heat_outputs_path.rsa
+ test -e '/etc/ssh/ssh_host_ecdsa_key.pub' && cat /etc/ssh/ssh_host_ecdsa_key.pub > $heat_outputs_path.ecdsa
+ test -e '/etc/ssh/ssh_host_ed25519_key.pub' && cat /etc/ssh/ssh_host_ed25519_key.pub > $heat_outputs_path.ed25519
+ SshHostPubKeyDeployment:
+ type: OS::Heat::SoftwareDeployment
+ properties:
+ config: {get_resource: SshHostPubKeyConfig}
+ server: {get_param: server}
+ ecdsa:
+ description: Host ssh public key (ecdsa)
+ value: {get_attr: [SshHostPubKeyDeployment, ecdsa]}
+ rsa:
+ description: Host ssh public key (rsa)
+ value: {get_attr: [SshHostPubKeyDeployment, rsa]}
+ ed25519:
+ description: Host ssh public key (ed25519)
+ value: {get_attr: [SshHostPubKeyDeployment, ed25519]}
diff --git a/extraconfig/tasks/ssh/known_hosts_config.yaml b/extraconfig/tasks/ssh/known_hosts_config.yaml
new file mode 100644
index 00000000..2ebcb63c
--- /dev/null
+++ b/extraconfig/tasks/ssh/known_hosts_config.yaml
@@ -0,0 +1,36 @@
+heat_template_version: ocata
+description: 'SSH Known Hosts Config'
+ known_hosts:
+ type: string
+ SSHKnownHostsConfig:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: script
+ inputs:
+ - name: known_hosts
+ default: {get_param: known_hosts}
+ config: |
+ #!/bin/bash
+ set -eux
+ set -o pipefail
+ echo "Creating ssh known hosts file"
+ if [ ! -z "${known_hosts}" ]; then
+ echo "${known_hosts}"
+ echo -ne "${known_hosts}" > /etc/ssh/ssh_known_hosts
+ chmod 0644 /etc/ssh/ssh_known_hosts
+ else
+ rm -f /etc/ssh/ssh_known_hosts
+ echo "No ssh known hosts"
+ fi
+ OS::stack_id:
+ description: The SSHKnownHostsConfig resource.
+ value: {get_resource: SSHKnownHostsConfig} \ No newline at end of file
diff --git a/extraconfig/tasks/tripleo_upgrade_node.sh b/extraconfig/tasks/tripleo_upgrade_node.sh
index a5a312dc..1114897f 100644
--- a/extraconfig/tasks/tripleo_upgrade_node.sh
+++ b/extraconfig/tasks/tripleo_upgrade_node.sh
@@ -50,6 +50,7 @@ fi
if [[ -n \$NOVA_COMPUTE ]]; then
log_debug "Restarting openstack ceilometer agent compute"
systemctl restart openstack-ceilometer-compute
+ yum install -y openstack-nova-migration
# Apply puppet manifest to converge just right after the ${ROLE} upgrade
diff --git a/extraconfig/tasks/yum_update.sh b/extraconfig/tasks/yum_update.sh
index ad368278..83d6d8d6 100755
--- a/extraconfig/tasks/yum_update.sh
+++ b/extraconfig/tasks/yum_update.sh
@@ -38,38 +38,47 @@ if [[ -a "$timestamp_file" ]]; then
touch "$timestamp_file"
-list_updates=$(yum list updates)
-if [[ "$list_updates" == "" ]]; then
- echo "No packages require updating"
- exit 0
if hiera -c /etc/puppet/hiera.yaml service_names | grep -q pacemaker; then
pacemaker_status=$(systemctl is-active pacemaker)
-# Fix the redis/rabbit resource start/stop timeouts. See https://bugs.launchpad.net/tripleo/+bug/1633455
-# and https://bugs.launchpad.net/tripleo/+bug/1634851
+# (NB: when backporting this s/pacemaker_short_bootstrap_node_name/bootstrap_nodeid)
+# This runs before the yum_update so we are guaranteed to run it even in the absence
+# of packages to update (the check for -z "$update_identifier" guarantees that this
+# is run only on overcloud stack update -i)
if [[ "$pacemaker_status" == "active" && \
- "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname)" ]] ; then
- if pcs resource show rabbitmq | grep -E "start.*timeout=100"; then
- pcs resource update rabbitmq op start timeout=200s
- fi
- if pcs resource show rabbitmq | grep -E "stop.*timeout=90"; then
- pcs resource update rabbitmq op stop timeout=200s
- fi
- if pcs resource show redis | grep -E "start.*timeout=120"; then
- pcs resource update redis op start timeout=200s
- fi
- if pcs resource show redis | grep -E "stop.*timeout=120"; then
- pcs resource update redis op stop timeout=200s
+ "$(hiera -c /etc/puppet/hiera.yaml pacemaker_short_bootstrap_node_name)" == "$(facter hostname)" ]] ; then \
+ # OCF scripts don't cope with -eu
+ echo "Verifying if we need to fix up any IPv6 VIPs"
+ set +eu
+ fixup_wrong_ipv6_vip
+ ret=$?
+ set -eu
+ if [ $ret -ne 0 ]; then
+ echo "Fixing up IPv6 VIPs failed. Stopping here. (See https://bugs.launchpad.net/tripleo/+bug/1686357 for more info)"
+ exit 1
+# yum check-update exits 100 if updates are available
+set +e
+check_update=$(yum check-update 2>&1)
+set -e
+if [[ "$check_update_exit" == "1" ]]; then
+ echo "Failed to check for package updates"
+ echo "$check_update"
+ exit 1
+elif [[ "$check_update_exit" != "100" ]]; then
+ echo "No packages require updating"
+ exit 0
# special case https://bugs.launchpad.net/tripleo/+bug/1635205 +bug/1669714
@@ -139,6 +148,7 @@ if [[ "$pacemaker_status" == "active" ]] ; then
pcs status
-echo "Finished yum_update.sh on server $deploy_server_id at `date`"
+echo "Finished yum_update.sh on server $deploy_server_id at `date` with return code: $return_code"
exit $return_code