diff options
Diffstat (limited to 'puppet/services')
| -rw-r--r-- | puppet/services/README.rst | 14 | ||||
| -rw-r--r-- | puppet/services/horizon.yaml | 16 | ||||
| -rw-r--r-- | puppet/services/neutron-plugin-ml2.yaml | 7 | ||||
| -rw-r--r-- | puppet/services/pacemaker/cinder-volume.yaml | 20 | ||||
| -rw-r--r-- | puppet/services/pacemaker_remote.yaml | 13 | ||||
| -rw-r--r-- | puppet/services/tripleo-packages.yaml | 4 |
6 files changed, 66 insertions, 8 deletions
diff --git a/puppet/services/README.rst b/puppet/services/README.rst index d55414b7..a593d55e 100644 --- a/puppet/services/README.rst +++ b/puppet/services/README.rst @@ -155,7 +155,7 @@ Similar to the step_config, we allow a series of steps for the per-service upgrade sequence, defined as ansible tasks with a tag e.g "step1" for the first step, "step2" for the second, etc. - Steps/tages correlate to the following: + Steps/tags correlate to the following: 1) Stop all control-plane services. @@ -186,6 +186,18 @@ Note that the services are not started in the upgrade tasks - we instead re-run puppet which does any reconfiguration required for the new version, then starts the services. +Update Steps +------------ + +Each service template may optionally define a `update_tasks` key, which is a +list of ansible tasks to be performed during the minor update process. + +Similar to the upgrade_tasks, we allow a series of steps for the per-service +update sequence, but note update_task selects the steps via a conditional +referencing the step variable e.g when: step == 2, which is different to the +tags based approach used for upgrade_tasks (the two may be aligned in future). + + Nova Server Metadata Settings ----------------------------- diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml index 63ab92eb..642a0f09 100644 --- a/puppet/services/horizon.yaml +++ b/puppet/services/horizon.yaml @@ -67,6 +67,14 @@ parameters: MonitoringSubscriptionHorizon: default: 'overcloud-horizon' type: string + EnableInternalTLS: + type: boolean + default: false + InternalTLSCAFile: + default: '/etc/ipa/ca.crt' + type: string + description: Specifies the default CA cert to use if TLS is used for + services in the internal network. conditions: @@ -109,6 +117,14 @@ outputs: - {get_param: [DefaultPasswords, horizon_secret]} horizon::secure_cookies: {get_param: [HorizonSecureCookies]} memcached_ipv6: {get_param: MemcachedIPv6} + horizon::servername: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, HorizonNetwork]} + horizon::listen_ssl: {get_param: EnableInternalTLS} + horizon::horizon_ca: {get_param: InternalTLSCAFile} - if: - debug_unset diff --git a/puppet/services/neutron-plugin-ml2.yaml b/puppet/services/neutron-plugin-ml2.yaml index bc91374a..1ea6b1ae 100644 --- a/puppet/services/neutron-plugin-ml2.yaml +++ b/puppet/services/neutron-plugin-ml2.yaml @@ -76,6 +76,12 @@ parameters: description: Firewall driver for realizing neutron security group function type: string default: 'openvswitch' + NeutronOverlayIPVersion: + default: 4 + description: IP version used for all overlay network endpoints. + type: number + constraints: + - allowed_values: [4,6] resources: NeutronBase: @@ -105,6 +111,7 @@ outputs: neutron::plugins::ml2::vni_ranges: {get_param: NeutronVniRanges} neutron::plugins::ml2::tenant_network_types: {get_param: NeutronNetworkType} neutron::plugins::ml2::firewall_driver: {get_param: NeutronFirewallDriver} + neutron::plugins::ml2::overlay_ip_version: {get_param: NeutronOverlayIPVersion} step_config: | include ::tripleo::profile::base::neutron::plugins::ml2 diff --git a/puppet/services/pacemaker/cinder-volume.yaml b/puppet/services/pacemaker/cinder-volume.yaml index a1134f3e..f4675875 100644 --- a/puppet/services/pacemaker/cinder-volume.yaml +++ b/puppet/services/pacemaker/cinder-volume.yaml @@ -66,11 +66,17 @@ outputs: resource: openstack-cinder-volume state: disable wait_for_resource: true - - name: Sync cinder DB + - name: get bootstrap nodeid tags: step5 - command: cinder-manage db sync - - name: Start cinder_volume service (pacemaker) - tags: step5 - pacemaker_resource: - resource: openstack-cinder-volume - state: enable + command: hiera bootstrap_nodeid + register: bootstrap_node + - block: + - name: Sync cinder DB + tags: step5 + command: cinder-manage db sync + - name: Start cinder_volume service (pacemaker) + tags: step5 + pacemaker_resource: + resource: openstack-cinder-volume + state: enable + when: bootstrap_node.stdout == ansible_hostname diff --git a/puppet/services/pacemaker_remote.yaml b/puppet/services/pacemaker_remote.yaml index 76511784..47ca6142 100644 --- a/puppet/services/pacemaker_remote.yaml +++ b/puppet/services/pacemaker_remote.yaml @@ -35,6 +35,11 @@ parameters: description: The authkey for the pacemaker remote service. hidden: true default: '' + PcsdPassword: + type: string + description: The password for the 'pcsd' user for pacemaker. + hidden: true + default: '' MonitoringSubscriptionPacemakerRemote: default: 'overcloud-pacemaker_remote' type: string @@ -103,5 +108,13 @@ outputs: tripleo::fencing::config: {get_param: FencingConfig} enable_fencing: {get_param: EnableFencing} tripleo::profile::base::pacemaker_remote::remote_authkey: {get_param: PacemakerRemoteAuthkey} + pacemaker::corosync::manage_fw: false + hacluster_pwd: + yaql: + expression: $.data.passwords.where($ != '').first() + data: + passwords: + - {get_param: PcsdPassword} + - {get_param: [DefaultPasswords, pcsd_password]} step_config: | include ::tripleo::profile::base::pacemaker_remote diff --git a/puppet/services/tripleo-packages.yaml b/puppet/services/tripleo-packages.yaml index e471c2a6..2a8620c8 100644 --- a/puppet/services/tripleo-packages.yaml +++ b/puppet/services/tripleo-packages.yaml @@ -56,3 +56,7 @@ outputs: - name: Update all packages tags: step3 yum: name=* state=latest + update_tasks: + - name: Update all packages + yum: name=* state=latest + when: step == "3" |