summaryrefslogtreecommitdiffstats
path: root/puppet/services
diff options
context:
space:
mode:
Diffstat (limited to 'puppet/services')
-rw-r--r--puppet/services/aodh-api.yaml12
-rw-r--r--puppet/services/aodh-base.yaml2
-rw-r--r--puppet/services/apache.yaml4
-rw-r--r--puppet/services/barbican-api.yaml32
-rw-r--r--puppet/services/ceilometer-api.yaml12
-rw-r--r--puppet/services/ceilometer-base.yaml33
-rw-r--r--puppet/services/ceilometer-collector.yaml42
-rw-r--r--puppet/services/cinder-api.yaml50
-rw-r--r--puppet/services/cinder-backend-pure.yaml68
-rw-r--r--puppet/services/disabled/ceilometer-collector.yaml30
-rw-r--r--puppet/services/gnocchi-api.yaml12
-rw-r--r--puppet/services/haproxy.yaml10
-rw-r--r--puppet/services/ironic-conductor.yaml8
-rw-r--r--puppet/services/keystone.yaml15
-rw-r--r--puppet/services/octavia-api.yaml3
-rw-r--r--puppet/services/pacemaker/rabbitmq.yaml29
-rw-r--r--puppet/services/panko-api.yaml42
-rw-r--r--puppet/services/rabbitmq.yaml8
-rw-r--r--puppet/services/releasenotes/notes/mod_ssl-e7fd4db71189242e.yaml5
-rw-r--r--puppet/services/zaqar.yaml63
20 files changed, 311 insertions, 169 deletions
diff --git a/puppet/services/aodh-api.yaml b/puppet/services/aodh-api.yaml
index 7cc6e4c6..e2bf0155 100644
--- a/puppet/services/aodh-api.yaml
+++ b/puppet/services/aodh-api.yaml
@@ -93,6 +93,12 @@ outputs:
metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks:
- - name: Stop aodh_api service (running under httpd)
- tags: step1
- service: name=httpd state=stopped
+ yaql:
+ expression: $.data.apache_upgrade + $.data.aodh_api_upgrade
+ data:
+ apache_upgrade:
+ get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
+ aodh_api_upgrade:
+ - name: Stop aodh_api service (running under httpd)
+ tags: step1
+ service: name=httpd state=stopped
diff --git a/puppet/services/aodh-base.yaml b/puppet/services/aodh-base.yaml
index 48a2aecd..5b78e28b 100644
--- a/puppet/services/aodh-base.yaml
+++ b/puppet/services/aodh-base.yaml
@@ -83,7 +83,7 @@ outputs:
aodh::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
aodh::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
aodh::auth::auth_password: {get_param: AodhPassword}
- aodh::auth::auth_region: 'regionOne'
+ aodh::auth::auth_region: {get_param: KeystoneRegion}
aodh::auth::auth_tenant_name: 'service'
service_config_settings:
keystone:
diff --git a/puppet/services/apache.yaml b/puppet/services/apache.yaml
index 6e53b1f7..a2c3c7af 100644
--- a/puppet/services/apache.yaml
+++ b/puppet/services/apache.yaml
@@ -64,6 +64,7 @@ outputs:
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
apache::ip: {get_param: [ServiceNetMap, ApacheNetwork]}
+ apache::default_vhost: false
apache::server_signature: 'Off'
apache::server_tokens: 'Prod'
apache_remote_proxy_ips_network:
@@ -112,3 +113,6 @@ outputs:
shell: /usr/bin/systemctl show 'httpd' --property ActiveState | grep '\bactive\b'
when: httpd_enabled.rc == 0
tags: step0,validation
+ - name: Ensure mod_ssl package is installed
+ tags: step3
+ yum: name=mod_ssl state=latest
diff --git a/puppet/services/barbican-api.yaml b/puppet/services/barbican-api.yaml
index 91a5b01c..ad59e701 100644
--- a/puppet/services/barbican-api.yaml
+++ b/puppet/services/barbican-api.yaml
@@ -153,16 +153,22 @@ outputs:
metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks:
- - name: Check if barbican_api is deployed
- command: systemctl is-enabled openstack-barbican-api
- tags: common
- ignore_errors: True
- register: barbican_api_enabled
- - name: "PreUpgrade step0,validation: Check service openstack-barbican-api is running"
- shell: /usr/bin/systemctl show 'openstack-barbican-api' --property ActiveState | grep '\bactive\b'
- when: barbican_api_enabled.rc == 0
- tags: step0,validation
- - name: Install openstack-barbican-api package if it was disabled
- tags: step3
- yum: name=openstack-barbican-api state=latest
- when: barbican_api_enabled.rc != 0
+ yaql:
+ expression: $.data.apache_upgrade + $.data.barbican_api_upgrade
+ data:
+ apache_upgrade:
+ get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
+ barbican_api_upgrade:
+ - name: Check if barbican_api is deployed
+ command: systemctl is-enabled openstack-barbican-api
+ tags: common
+ ignore_errors: True
+ register: barbican_api_enabled
+ - name: "PreUpgrade step0,validation: Check service openstack-barbican-api is running"
+ shell: /usr/bin/systemctl show 'openstack-barbican-api' --property ActiveState | grep '\bactive\b'
+ when: barbican_api_enabled.rc == 0
+ tags: step0,validation
+ - name: Install openstack-barbican-api package if it was disabled
+ tags: step3
+ yum: name=openstack-barbican-api state=latest
+ when: barbican_api_enabled.rc != 0
diff --git a/puppet/services/ceilometer-api.yaml b/puppet/services/ceilometer-api.yaml
index ba94b451..91bee507 100644
--- a/puppet/services/ceilometer-api.yaml
+++ b/puppet/services/ceilometer-api.yaml
@@ -100,6 +100,12 @@ outputs:
metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks:
- - name: Stop ceilometer_api service (running under httpd)
- tags: step1
- service: name=httpd state=stopped
+ yaql:
+ expression: $.data.apache_upgrade + $.data.ceilometer_api_upgrade
+ data:
+ apache_upgrade:
+ get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
+ ceilometer_api_upgrade:
+ - name: Stop ceilometer_api service (running under httpd)
+ tags: step1
+ service: name=httpd state=stopped
diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml
index d524e612..761e6bd6 100644
--- a/puppet/services/ceilometer-base.yaml
+++ b/puppet/services/ceilometer-base.yaml
@@ -18,10 +18,6 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
- CeilometerBackend:
- default: 'mongodb'
- description: The ceilometer backend type.
- type: string
CeilometerMeteringSecret:
description: Secret shared by the ceilometer services.
type: string
@@ -30,18 +26,6 @@ parameters:
description: The password for the ceilometer service account.
type: string
hidden: true
- CeilometerMeterDispatcher:
- default: ['gnocchi']
- description: Comma-seperated list of Dispatcher to process meter data
- type: comma_delimited_list
- constraints:
- - allowed_values: ['gnocchi', 'database']
- CeilometerEventDispatcher:
- default: ['panko', 'gnocchi']
- description: Comma-separated list of Dispatchers to process events data
- type: comma_delimited_list
- constraints:
- - allowed_values: ['panko', 'gnocchi', 'database']
CeilometerWorkers:
default: 0
description: Number of workers for Ceilometer service.
@@ -89,19 +73,6 @@ outputs:
service_name: ceilometer_base
config_settings:
ceilometer::debug: {get_param: Debug}
- ceilometer::db::database_connection:
- list_join:
- - ''
- - - {get_param: [EndpointMap, MysqlInternal, protocol]}
- - - '://ceilometer:'
- - {get_param: CeilometerPassword}
- - '@'
- - {get_param: [EndpointMap, MysqlInternal, host]}
- - '/ceilometer'
- - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
- ceilometer_backend: {get_param: CeilometerBackend}
- # we include db_sync class in puppet-tripleo
- ceilometer::db::sync_db: false
ceilometer::keystone::authtoken::project_name: 'service'
ceilometer::keystone::authtoken::user_domain_name: 'Default'
ceilometer::keystone::authtoken::project_domain_name: 'Default'
@@ -116,8 +87,6 @@ outputs:
ceilometer::agent::auth::auth_user_domain_name: 'Default'
ceilometer::agent::auth::auth_project_domain_name: 'Default'
ceilometer::agent::auth::auth_endpoint_type: 'internalURL'
- ceilometer::collector::meter_dispatcher: {get_param: CeilometerMeterDispatcher}
- ceilometer::collector::event_dispatcher: {get_param: CeilometerEventDispatcher}
ceilometer::dispatcher::gnocchi::url: {get_param: [EndpointMap, GnocchiInternal, uri]}
ceilometer::dispatcher::gnocchi::filter_project: 'service'
ceilometer::dispatcher::gnocchi::archive_policy: 'low'
@@ -127,8 +96,6 @@ outputs:
ceilometer::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
ceilometer::rabbit_port: {get_param: RabbitClientPort}
ceilometer::rabbit_heartbeat_timeout_threshold: 60
- ceilometer::db::database_db_max_retries: -1
- ceilometer::db::database_max_retries: -1
ceilometer::telemetry_secret: {get_param: CeilometerMeteringSecret}
service_config_settings:
keystone:
diff --git a/puppet/services/ceilometer-collector.yaml b/puppet/services/ceilometer-collector.yaml
index b0ec971f..dfc844be 100644
--- a/puppet/services/ceilometer-collector.yaml
+++ b/puppet/services/ceilometer-collector.yaml
@@ -2,6 +2,7 @@ heat_template_version: ocata
description: >
OpenStack Ceilometer Collector service configured with Puppet
+ This service is deprecated and will be removed in future releases.
parameters:
ServiceNetMap:
@@ -18,6 +19,14 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ CeilometerBackend:
+ default: 'mongodb'
+ description: The ceilometer backend type.
+ type: string
+ CeilometerPassword:
+ description: The password for the ceilometer service account.
+ type: string
+ hidden: true
MonitoringSubscriptionCeilometerCollector:
default: 'overcloud-ceilometer-collector'
type: string
@@ -26,6 +35,22 @@ parameters:
default:
tag: openstack.ceilometer.collector
path: /var/log/ceilometer/collector.log
+ CeilometerMeterDispatcher:
+ default: ['gnocchi']
+ description: Comma-seperated list of Dispatcher to process meter data
+ Note that database option is deprecated and will not be
+ supported in future.
+ type: comma_delimited_list
+ constraints:
+ - allowed_values: ['gnocchi', 'database']
+ CeilometerEventDispatcher:
+ default: ['panko', 'gnocchi']
+ description: Comma-separated list of Dispatchers to process events data
+ Note that database option is deprecated and will not be
+ supported in future.
+ type: comma_delimited_list
+ constraints:
+ - allowed_values: ['panko', 'gnocchi', 'database']
resources:
CeilometerServiceBase:
@@ -55,6 +80,23 @@ outputs:
map_merge:
- get_attr: [MongoDbBase, role_data, config_settings]
- get_attr: [CeilometerServiceBase, role_data, config_settings]
+ - ceilometer::db::database_connection:
+ list_join:
+ - ''
+ - - {get_param: [EndpointMap, MysqlInternal, protocol]}
+ - - '://ceilometer:'
+ - {get_param: CeilometerPassword}
+ - '@'
+ - {get_param: [EndpointMap, MysqlInternal, host]}
+ - '/ceilometer'
+ - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
+ ceilometer_backend: {get_param: CeilometerBackend}
+ # we include db_sync class in puppet-tripleo
+ ceilometer::db::sync_db: false
+ ceilometer::db::database_db_max_retries: -1
+ ceilometer::db::database_max_retries: -1
+ ceilometer::collector::meter_dispatcher: {get_param: CeilometerMeterDispatcher}
+ ceilometer::collector::event_dispatcher: {get_param: CeilometerEventDispatcher}
service_config_settings:
get_attr: [CeilometerServiceBase, role_data, service_config_settings]
step_config: |
diff --git a/puppet/services/cinder-api.yaml b/puppet/services/cinder-api.yaml
index c1e6b0b0..0e3ceccb 100644
--- a/puppet/services/cinder-api.yaml
+++ b/puppet/services/cinder-api.yaml
@@ -159,25 +159,31 @@ outputs:
metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks:
- - name: Check if cinder_api is deployed
- command: systemctl is-enabled openstack-cinder-api
- tags: common
- ignore_errors: True
- register: cinder_api_enabled
- - name: "PreUpgrade step0,validation: Check service openstack-cinder-api is running"
- shell: /usr/bin/systemctl show 'openstack-cinder-api' --property ActiveState | grep '\bactive\b'
- when: cinder_api_enabled.rc == 0
- tags: step0,validation
- - name: check for cinder running under apache (post upgrade)
- tags: step1
- shell: "httpd -t -D DUMP_VHOSTS | grep -q cinder"
- register: cinder_apache
- ignore_errors: true
- - name: Stop cinder_api service (running under httpd)
- tags: step1
- service: name=httpd state=stopped
- when: cinder_apache.rc == 0
- - name: Stop and disable cinder_api service (pre-upgrade not under httpd)
- tags: step1
- when: cinder_api_enabled.rc == 0
- service: name=openstack-cinder-api state=stopped enabled=no
+ yaql:
+ expression: $.data.apache_upgrade + $.data.cinder_api_upgrade
+ data:
+ apache_upgrade:
+ get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
+ cinder_api_upgrade:
+ - name: Check if cinder_api is deployed
+ command: systemctl is-enabled openstack-cinder-api
+ tags: common
+ ignore_errors: True
+ register: cinder_api_enabled
+ - name: "PreUpgrade step0,validation: Check service openstack-cinder-api is running"
+ shell: /usr/bin/systemctl show 'openstack-cinder-api' --property ActiveState | grep '\bactive\b'
+ when: cinder_api_enabled.rc == 0
+ tags: step0,validation
+ - name: check for cinder running under apache (post upgrade)
+ tags: step1
+ shell: "httpd -t -D DUMP_VHOSTS | grep -q cinder"
+ register: cinder_apache
+ ignore_errors: true
+ - name: Stop cinder_api service (running under httpd)
+ tags: step1
+ service: name=httpd state=stopped
+ when: cinder_apache.rc == 0
+ - name: Stop and disable cinder_api service (pre-upgrade not under httpd)
+ tags: step1
+ when: cinder_api_enabled.rc == 0
+ service: name=openstack-cinder-api state=stopped enabled=no
diff --git a/puppet/services/cinder-backend-pure.yaml b/puppet/services/cinder-backend-pure.yaml
new file mode 100644
index 00000000..9b4d3ba3
--- /dev/null
+++ b/puppet/services/cinder-backend-pure.yaml
@@ -0,0 +1,68 @@
+# Copyright (c) 2017 Pure Storage Inc, or its subsidiaries.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+heat_template_version: ocata
+
+description: >
+ Openstack Cinder Pure Storage FlashArray backend
+
+parameters:
+ CinderEnablePureBackend:
+ type: boolean
+ default: true
+ CinderPureBackendName:
+ type: string
+ default: 'tripleo_pure'
+ CinderPureStorageProtocol:
+ type: string
+ default: 'iSCSI'
+ CinderPureSanIp:
+ type: string
+ CinderPureAPIToken:
+ type: string
+ CinderPureUseChap:
+ type: boolean
+ default: false
+ CinderPureMultipathXfer:
+ type: boolean
+ default: true
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ type: json
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+
+outputs:
+ role_data:
+ description: Role data for the Cinder Pure Storage FlashArray backend.
+ value:
+ service_name: cinder_backend_pure
+ config_settings:
+ tripleo::profile::base::cinder::volume::cinder_enable_pure_backend: {get_param: CinderEnablePureBackend}
+ cinder::backend::pure::volume_backend_name: {get_param: CinderPureBackendName}
+ cinder::backend::pure::pure_storage_protocol: {get_param: CinderPureStorageProtocol}
+ cinder::backend::pure::san_ip: {get_param: CinderPureSanIp}
+ cinder::backend::pure::pure_api_token: {get_input: PureAPIToken}
+ cinder::backend::pure::use_chap_auth: {get_input: PureUseChap}
+ cinder::backend::pure::use_multipath_for_image_xfer: {get_input: PureMultipathXfer}
+ step_config: |
+ include ::tripleo::profile::base::cinder::volume
diff --git a/puppet/services/disabled/ceilometer-collector.yaml b/puppet/services/disabled/ceilometer-collector.yaml
new file mode 100644
index 00000000..25c79209
--- /dev/null
+++ b/puppet/services/disabled/ceilometer-collector.yaml
@@ -0,0 +1,30 @@
+heat_template_version: pike
+
+description: >
+ OpenStack Ceilometer Collector service, disabled since pike
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+outputs:
+ role_data:
+ description: Role data for the disabled Ceilometer Collector role.
+ value:
+ service_name: ceilometer_collector
+ upgrade_tasks:
+ - name: Stop and disable ceilometer_collector service on upgrade
+ tags: step1
+ service: name=openstack-ceilometer-collector state=stopped enabled=no
diff --git a/puppet/services/gnocchi-api.yaml b/puppet/services/gnocchi-api.yaml
index cd323703..5310b282 100644
--- a/puppet/services/gnocchi-api.yaml
+++ b/puppet/services/gnocchi-api.yaml
@@ -133,6 +133,12 @@ outputs:
metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks:
- - name: Stop gnocchi_api service (running under httpd)
- tags: step1
- service: name=httpd state=stopped
+ yaql:
+ expression: $.data.apache_upgrade + $.data.gnocchi_api_upgrade
+ data:
+ apache_upgrade:
+ get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
+ gnocchi_api_upgrade:
+ - name: Stop gnocchi_api service (running under httpd)
+ tags: step1
+ service: name=httpd state=stopped
diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml
index bd5b9ef6..c651bbe5 100644
--- a/puppet/services/haproxy.yaml
+++ b/puppet/services/haproxy.yaml
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
description: >
HAproxy service configured with Puppet
@@ -96,8 +96,6 @@ outputs:
when: haproxy_enabled.rc == 0
service: name=haproxy state=started
metadata_settings:
- yaql:
- expression: '[].concat(coalesce($.data.internal, []), coalesce($.data.public, []))'
- data:
- public: {get_attr: [HAProxyPublicTLS, role_data, metadata_settings]}
- internal: {get_attr: [HAProxyInternalTLS, role_data, metadata_settings]}
+ list_concat:
+ - {get_attr: [HAProxyPublicTLS, role_data, metadata_settings]}
+ - {get_attr: [HAProxyInternalTLS, role_data, metadata_settings]}
diff --git a/puppet/services/ironic-conductor.yaml b/puppet/services/ironic-conductor.yaml
index 666967b9..83e2b850 100644
--- a/puppet/services/ironic-conductor.yaml
+++ b/puppet/services/ironic-conductor.yaml
@@ -32,6 +32,13 @@ parameters:
created yet) and should be changed to an actual UUID in
a post-deployment stack update.
type: string
+ IronicDefaultBootOption:
+ default: 'local'
+ description: How to boot the bare metal instances. Set to 'local' (the
+ default) to use local bootloader (requires grub2 for partition
+ images). Set to 'netboot' to make the instances boot from
+ controllers using PXE/iPXE.
+ type: string
IronicDefaultNetworkInterface:
default: 'flat'
description: Network interface implementation to use by default.
@@ -95,6 +102,7 @@ outputs:
ironic::conductor::cleaning_disk_erase: {get_param: IronicCleaningDiskErase}
ironic::conductor::cleaning_network: {get_param: IronicCleaningNetwork}
ironic::conductor::provisioning_network: {get_param: IronicProvisioningNetwork}
+ ironic::conductor::default_boot_option: {get_param: IronicDefaultBootOption}
ironic::conductor::enabled_drivers: {get_param: IronicEnabledDrivers}
ironic::conductor::enabled_hardware_types: {get_param: IronicEnabledHardwareTypes}
# We need an endpoint containing a real IP, not a VIP here
diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml
index 8a0e750d..b25b2e84 100644
--- a/puppet/services/keystone.yaml
+++ b/puppet/services/keystone.yaml
@@ -339,10 +339,15 @@ outputs:
horizon::keystone_multidomain_support: true
horizon::keystone_default_domain: 'Default'
- {}
- # Ansible tasks to handle upgrade
- upgrade_tasks:
- - name: Stop keystone service (running under httpd)
- tags: step1
- service: name=httpd state=stopped
metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings]
+ upgrade_tasks:
+ yaql:
+ expression: $.data.apache_upgrade + $.data.keystone_upgrade
+ data:
+ apache_upgrade:
+ get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
+ keystone_upgrade:
+ - name: Stop keystone service (running under httpd)
+ tags: step1
+ service: name=httpd state=stopped
diff --git a/puppet/services/octavia-api.yaml b/puppet/services/octavia-api.yaml
index 2f898a67..99212857 100644
--- a/puppet/services/octavia-api.yaml
+++ b/puppet/services/octavia-api.yaml
@@ -84,7 +84,6 @@ outputs:
- 9876
- 13876
octavia::api::host: {get_param: [ServiceNetMap, OctaviaApiNetwork]}
- neutron::server::service_providers: ['LOADBALANCERV2:Octavia:neutron_lbaas.drivers.octavia.driver.OctaviaDriver:default']
step_config: |
include tripleo::profile::base::octavia::api
service_config_settings:
@@ -103,3 +102,5 @@ outputs:
octavia::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
+ neutron_api:
+ neutron::server::service_providers: ['LOADBALANCERV2:Octavia:neutron_lbaas.drivers.octavia.driver.OctaviaDriver:default']
diff --git a/puppet/services/pacemaker/rabbitmq.yaml b/puppet/services/pacemaker/rabbitmq.yaml
index caada950..30ea6d6c 100644
--- a/puppet/services/pacemaker/rabbitmq.yaml
+++ b/puppet/services/pacemaker/rabbitmq.yaml
@@ -39,34 +39,5 @@ outputs:
- rabbitmq::service_manage: false
step_config: |
include ::tripleo::profile::pacemaker::rabbitmq
- upgrade_tasks:
- - name: get bootstrap nodeid
- tags: common
- command: hiera bootstrap_nodeid
- register: bootstrap_node
- - name: set is_bootstrap_node fact
- tags: common
- set_fact: is_bootstrap_node={{bootstrap_node.stdout == ansible_hostname}}
- - name: get rabbitmq policy
- tags: common
- shell: pcs resource show rabbitmq | grep -q -E "Attributes:.*\"ha-mode\":\"all\""
- register: rabbit_ha_mode
- when: is_bootstrap_node
- ignore_errors: true
- - name: set migrate_rabbit_ha_mode fact
- tags: common
- set_fact: migrate_rabbit_ha_mode={{rabbit_ha_mode.rc == 0}}
- when: is_bootstrap_node
- - name: Fixup for rabbitmq ha-queues LP#1668600
- tags: step0,pre-upgrade
- shell: |
- nr_controllers=$(($(hiera controller_node_names | grep -o "," |wc -l) + 1))
- nr_queues=$(($nr_controllers / 2 + ($nr_controllers % 2)))
- if ! [ $nr_queues -gt 0 -a $nr_queues -le $nr_controllers ]; then
- echo "ERROR: The nr. of HA queues during the rabbit upgrade is out of range: $nr_queues"
- exit 1
- fi
- pcs resource update rabbitmq set_policy='ha-all ^(?!amq\\.).* {"ha-mode":"exactly","ha-params":'"$nr_queues}" --wait=600
- when: is_bootstrap_node and migrate_rabbit_ha_mode
metadata_settings:
get_attr: [RabbitMQServiceBase, role_data, metadata_settings]
diff --git a/puppet/services/panko-api.yaml b/puppet/services/panko-api.yaml
index 43e7aa18..63cddb04 100644
--- a/puppet/services/panko-api.yaml
+++ b/puppet/services/panko-api.yaml
@@ -92,21 +92,27 @@ outputs:
metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks:
- - name: Check if httpd is deployed
- command: systemctl is-enabled httpd
- tags: common
- ignore_errors: True
- register: httpd_enabled
- - name: "PreUpgrade step0,validation: Check if httpd is running"
- shell: >
- /usr/bin/systemctl show 'httpd' --property ActiveState |
- grep '\bactive\b'
- when: httpd_enabled.rc == 0
- tags: step0,validation
- - name: Stop panko-api service (running under httpd)
- tags: step1
- service: name=httpd state=stopped
- when: httpd_enabled.rc == 0
- - name: Install openstack-panko-api package if it was not installed
- tags: step3
- yum: name=openstack-panko-api state=latest
+ yaql:
+ expression: $.data.apache_upgrade + $.data.panko_api_upgrade
+ data:
+ apache_upgrade:
+ get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
+ panko_api_upgrade:
+ - name: Check if httpd is deployed
+ command: systemctl is-enabled httpd
+ tags: common
+ ignore_errors: True
+ register: httpd_enabled
+ - name: "PreUpgrade step0,validation: Check if httpd is running"
+ shell: >
+ /usr/bin/systemctl show 'httpd' --property ActiveState |
+ grep '\bactive\b'
+ when: httpd_enabled.rc == 0
+ tags: step0,validation
+ - name: Stop panko-api service (running under httpd)
+ tags: step1
+ service: name=httpd state=stopped
+ when: httpd_enabled.rc == 0
+ - name: Install openstack-panko-api package if it was not installed
+ tags: step3
+ yum: name=openstack-panko-api state=latest
diff --git a/puppet/services/rabbitmq.yaml b/puppet/services/rabbitmq.yaml
index 47479783..d69da3e1 100644
--- a/puppet/services/rabbitmq.yaml
+++ b/puppet/services/rabbitmq.yaml
@@ -40,10 +40,10 @@ parameters:
hidden: true
RabbitHAQueues:
description:
- The number of HA queues to be configured in rabbit. The default is 0 which will
- be automatically overridden to CEIL(N/2) where N is the number of nodes running
- rabbitmq.
- default: 0
+ The number of HA queues to be configured in rabbit. The default is -1 which
+ translates to "ha-mode all". The special value 0 will be automatically
+ overridden to CEIL(N/2) where N is the number of nodes running rabbitmq.
+ default: -1
type: number
MonitoringSubscriptionRabbitmq:
default: 'overcloud-rabbitmq'
diff --git a/puppet/services/releasenotes/notes/mod_ssl-e7fd4db71189242e.yaml b/puppet/services/releasenotes/notes/mod_ssl-e7fd4db71189242e.yaml
new file mode 100644
index 00000000..eb7b513c
--- /dev/null
+++ b/puppet/services/releasenotes/notes/mod_ssl-e7fd4db71189242e.yaml
@@ -0,0 +1,5 @@
+---
+upgrade:
+ - When a service is deployed in WSGI with Apache, make sure mode_ssl
+ package is deployed during the upgrade process, it's now required
+ by default so Apache can start properly.
diff --git a/puppet/services/zaqar.yaml b/puppet/services/zaqar.yaml
index 06965c8c..2a38e2c0 100644
--- a/puppet/services/zaqar.yaml
+++ b/puppet/services/zaqar.yaml
@@ -71,6 +71,7 @@ outputs:
zaqar::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
zaqar::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
zaqar::debug: {get_param: Debug}
+ zaqar::server::service_name: 'httpd'
zaqar::transport::websocket::bind: {get_param: [EndpointMap, ZaqarInternal, host]}
zaqar::wsgi::apache::ssl: false
zaqar::wsgi::apache::bind_host: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
@@ -105,31 +106,37 @@ outputs:
step_config: |
include ::tripleo::profile::base::zaqar
upgrade_tasks:
- - name: Check if zaqar is deployed
- command: systemctl is-enabled openstack-zaqar
- tags: common
- ignore_errors: True
- register: zaqar_enabled
- - name: "PreUpgrade step0,validation: Check if openstack-zaqar is running"
- shell: >
- /usr/bin/systemctl show 'openstack-zaqar' --property ActiveState |
- grep '\bactive\b'
- when: zaqar_enabled.rc == 0
- tags: step0,validation
- - name: Check for zaqar running under apache (post upgrade)
- tags: step1
- shell: "httpd -t -D DUMP_VHOSTS | grep -q zaqar_wsgi"
- register: zaqar_apache
- ignore_errors: true
- - name: Stop zaqar service (running under httpd)
- tags: step1
- service: name=httpd state=stopped
- when: zaqar_apache.rc == 0
- - name: Stop and disable zaqar service (pre-upgrade not under httpd)
- tags: step1
- when: zaqar_enabled.rc == 0
- service: name=openstack-zaqar state=stopped enabled=no
- - name: Install openstack-zaqar package if it was disabled
- tags: step3
- yum: name=openstack-zaqar state=latest
- when: zaqar_enabled.rc != 0
+ yaql:
+ expression: $.data.apache_upgrade + $.data.zaqar_upgrade
+ data:
+ apache_upgrade:
+ get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
+ zaqar_upgrade:
+ - name: Check if zaqar is deployed
+ command: systemctl is-enabled openstack-zaqar
+ tags: common
+ ignore_errors: True
+ register: zaqar_enabled
+ - name: "PreUpgrade step0,validation: Check if openstack-zaqar is running"
+ shell: >
+ /usr/bin/systemctl show 'openstack-zaqar' --property ActiveState |
+ grep '\bactive\b'
+ when: zaqar_enabled.rc == 0
+ tags: step0,validation
+ - name: Check for zaqar running under apache (post upgrade)
+ tags: step1
+ shell: "httpd -t -D DUMP_VHOSTS | grep -q zaqar_wsgi"
+ register: zaqar_apache
+ ignore_errors: true
+ - name: Stop zaqar service (running under httpd)
+ tags: step1
+ service: name=httpd state=stopped
+ when: zaqar_apache.rc == 0
+ - name: Stop and disable zaqar service (pre-upgrade not under httpd)
+ tags: step1
+ when: zaqar_enabled.rc == 0
+ service: name=openstack-zaqar state=stopped enabled=no
+ - name: Install openstack-zaqar package if it was disabled
+ tags: step3
+ yum: name=openstack-zaqar state=latest
+ when: zaqar_enabled.rc != 0