diff options
Diffstat (limited to 'puppet/services')
| -rw-r--r-- | puppet/services/disabled/ceilometer-expirer-disabled.yaml | 22 | ||||
| -rw-r--r-- | puppet/services/gnocchi-base.yaml | 2 | ||||
| -rw-r--r-- | puppet/services/kernel.yaml | 2 | ||||
| -rw-r--r-- | puppet/services/mistral-api.yaml | 44 | ||||
| -rw-r--r-- | puppet/services/nova-compute.yaml | 2 | ||||
| -rw-r--r-- | puppet/services/pacemaker/cinder-volume.yaml | 15 | ||||
| -rw-r--r-- | puppet/services/swift-proxy.yaml | 8 |
7 files changed, 82 insertions, 13 deletions
diff --git a/puppet/services/disabled/ceilometer-expirer-disabled.yaml b/puppet/services/disabled/ceilometer-expirer-disabled.yaml index e6d8ee6e..9b7b47ef 100644 --- a/puppet/services/disabled/ceilometer-expirer-disabled.yaml +++ b/puppet/services/disabled/ceilometer-expirer-disabled.yaml @@ -27,12 +27,24 @@ parameters: via parameter_defaults in the resource registry. type: json +resources: + CeilometerServiceBase: + type: ../ceilometer-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + outputs: role_data: - description: Role data for the disabled Ceilometer Expirer role. + description: Role data for the disabling Ceilometer Expirer role. value: service_name: ceilometer_expirer_disabled - upgrade_tasks: - - name: Stop and disable ceilometer_expirer service on upgrade - tags: step1 - service: name=openstack-ceilometer-expirer state=stopped enabled=no + config_settings: + map_merge: + - get_attr: [CeilometerServiceBase, role_data, config_settings] + - ceilometer::expirer::enable_cron: false + step_config: | + include ::tripleo::profile::base::ceilometer::expirer diff --git a/puppet/services/gnocchi-base.yaml b/puppet/services/gnocchi-base.yaml index d62c349e..012bd727 100644 --- a/puppet/services/gnocchi-base.yaml +++ b/puppet/services/gnocchi-base.yaml @@ -76,7 +76,7 @@ outputs: query: read_default_file: /etc/my.cnf.d/tripleo.cnf read_default_group: tripleo - gnocchi::db::sync::extra_opts: '--skip-storage' + gnocchi::db::sync::extra_opts: '' gnocchi::storage::metric_processing_delay: {get_param: MetricProcessingDelay} gnocchi::storage::swift::swift_user: 'service:gnocchi' gnocchi::storage::swift::swift_auth_version: 3 diff --git a/puppet/services/kernel.yaml b/puppet/services/kernel.yaml index 3f9b0b7e..c142b475 100644 --- a/puppet/services/kernel.yaml +++ b/puppet/services/kernel.yaml @@ -77,6 +77,8 @@ outputs: value: 0 net.ipv4.conf.all.send_redirects: value: 0 + net.ipv4.conf.all.arp_accept: + value: 1 net.ipv4.conf.default.accept_redirects: value: 0 net.ipv4.conf.default.secure_redirects: diff --git a/puppet/services/mistral-api.yaml b/puppet/services/mistral-api.yaml index 00406736..b865ec1f 100644 --- a/puppet/services/mistral-api.yaml +++ b/puppet/services/mistral-api.yaml @@ -36,8 +36,21 @@ parameters: e.g. { mistral-context_is_admin: { key: context_is_admin, value: 'role:admin' } } default: {} type: json + EnableInternalTLS: + type: boolean + default: false + +conditions: + mistral_workers_zero: {equals : [{get_param: MistralWorkers}, 0]} resources: + ApacheServiceBase: + type: ./apache.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + EnableInternalTLS: {get_param: EnableInternalTLS} MistralBase: type: ./mistral-base.yaml properties: @@ -57,12 +70,25 @@ outputs: - get_attr: [MistralBase, role_data, config_settings] - mistral::api::api_workers: {get_param: MistralWorkers} mistral::api::bind_host: {get_param: [ServiceNetMap, MistralApiNetwork]} + mistral::wsgi::apache::ssl: {get_param: EnableInternalTLS} mistral::policy::policies: {get_param: MistralApiPolicies} tripleo.mistral_api.firewall_rules: '133 mistral': dport: - 8989 - 13989 + mistral::api::service_name: 'httpd' + mistral::wsgi::apache::bind_host: {get_param: [ServiceNetMap, MistralApiNetwork]} + mistral::wsgi::apache::servername: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, MistralApiNetwork]} + - if: + - mistral_workers_zero + - {} + - mistral::wsgi::apache::workers: {get_param: MistralWorkers} service_config_settings: get_attr: [MistralBase, role_data, service_config_settings] step_config: | @@ -79,10 +105,16 @@ outputs: grep '\bactive\b' when: mistral_api_enabled.rc == 0 tags: step0,validation - - name: Stop mistral_api service + - name: check for mistral_api running under apache (post upgrade) + tags: step1 + shell: "httpd -t -D DUMP_VHOSTS | grep -q mistral_api_wsgi" + register: mistral_api_apache + ignore_errors: true + - name: Stop mistral_api service (running under httpd) tags: step1 - service: name=openstack-mistral-api state=stopped - - name: Install openstack-mistral-api package if it was disabled - tags: step3 - yum: name=openstack-mistral-api state=latest - when: mistral_api_enabled.rc != 0 + service: name=httpd state=stopped + when: mistral_api_apache.rc == 0 + - name: Stop and disable mistral_api service (pre-upgrade not under httpd) + tags: step1 + when: mistral_api_enabled.rc == 0 + service: name=openstack-mistral-api state=stopped enabled=no diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml index 16ccb9e0..e39e997a 100644 --- a/puppet/services/nova-compute.yaml +++ b/puppet/services/nova-compute.yaml @@ -72,7 +72,7 @@ parameters: description: > Reserved RAM for host processes. type: number - default: 2048 + default: 4096 constraints: - range: { min: 512 } MonitoringSubscriptionNovaCompute: diff --git a/puppet/services/pacemaker/cinder-volume.yaml b/puppet/services/pacemaker/cinder-volume.yaml index 659368a4..39914db5 100644 --- a/puppet/services/pacemaker/cinder-volume.yaml +++ b/puppet/services/pacemaker/cinder-volume.yaml @@ -54,3 +54,18 @@ outputs: cinder::host: hostgroup step_config: include ::tripleo::profile::pacemaker::cinder::volume + upgrade_tasks: + - name: Stop cinder_volume service (pacemaker) + tags: step1 + pacemaker_resource: + resource: openstack-cinder-volume + state: disable + wait_for_resource: true + - name: Sync cinder DB + tags: step5 + command: cinder-manage db sync + - name: Start cinder_volume service (pacemaker) + tags: step5 + pacemaker_resource: + resource: openstack-cinder-volume + state: enable diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml index f3b7ee4a..9a304edb 100644 --- a/puppet/services/swift-proxy.yaml +++ b/puppet/services/swift-proxy.yaml @@ -61,6 +61,10 @@ parameters: description: Set to False to disable the swift proxy ceilometer pipeline. default: True type: boolean + SwiftCeilometerIgnoreProjects: + default: ['services'] + description: Comma-seperated list of project names to ignore. + type: comma_delimited_list RabbitClientPort: default: 5672 description: Set rabbit subscriber port, change this if using SSL @@ -116,6 +120,10 @@ outputs: swift::proxy::workers: {get_param: SwiftWorkers} swift::proxy::ceilometer::rabbit_user: {get_param: RabbitUserName} swift::proxy::ceilometer::rabbit_password: {get_param: RabbitPassword} + swift::proxy::ceilometer::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} + swift::proxy::ceilometer::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} + swift::proxy::ceilometer::password: {get_param: SwiftPassword} + swift::proxy::ceilometer::ignore_projects: {get_param: SwiftCeilometerIgnoreProjects} swift::proxy::staticweb::url_base: {get_param: [EndpointMap, SwiftPublic, uri_no_suffix]} swift::proxy::ceilometer::nonblocking_notify: true tripleo::profile::base::swift::proxy::rabbit_port: {get_param: RabbitClientPort} |