diff options
Diffstat (limited to 'puppet')
-rw-r--r-- | puppet/blockstorage-role.yaml | 14 | ||||
-rw-r--r-- | puppet/cephstorage-role.yaml | 17 | ||||
-rw-r--r-- | puppet/compute-role.yaml | 17 | ||||
-rw-r--r-- | puppet/controller-role.yaml | 17 | ||||
-rw-r--r-- | puppet/deploy-artifacts.sh | 2 | ||||
-rw-r--r-- | puppet/objectstorage-role.yaml | 14 | ||||
-rw-r--r-- | puppet/role.role.j2.yaml | 17 | ||||
-rw-r--r-- | puppet/services/database/mysql.yaml | 13 | ||||
-rw-r--r-- | puppet/services/database/redis.yaml | 20 | ||||
-rw-r--r-- | puppet/services/horizon.yaml | 1 | ||||
-rw-r--r-- | puppet/services/ironic-api.yaml | 31 | ||||
-rw-r--r-- | puppet/services/pacemaker/database/mysql.yaml | 7 |
12 files changed, 70 insertions, 100 deletions
diff --git a/puppet/blockstorage-role.yaml b/puppet/blockstorage-role.yaml index 95dcf0b5..551a88ca 100644 --- a/puppet/blockstorage-role.yaml +++ b/puppet/blockstorage-role.yaml @@ -377,7 +377,6 @@ resources: properties: server: {get_resource: BlockStorage} RoleParameters: {get_param: RoleParameters} - deployment_actions: {get_attr: [DeploymentActions, value]} NetworkDeployment: type: OS::TripleO::SoftwareDeployment @@ -486,9 +485,6 @@ resources: NodeExtraConfig: depends_on: NodeTLSCAData type: OS::TripleO::NodeExtraConfig - # We have to use conditions here so that we don't break backwards - # compatibility with templates everywhere - condition: server_not_blacklisted properties: server: {get_resource: BlockStorage} @@ -511,21 +507,11 @@ resources: - ['CREATE', 'UPDATE'] - [] - DeploymentActions: - type: OS::Heat::Value - properties: - value: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - SshHostPubKey: type: OS::TripleO::Ssh::HostPubKey depends_on: BlockStorageDeployment properties: server: {get_resource: BlockStorage} - deployment_actions: {get_attr: [DeploymentActions, value]} outputs: ip_address: diff --git a/puppet/cephstorage-role.yaml b/puppet/cephstorage-role.yaml index 6674a8ac..4336f3e7 100644 --- a/puppet/cephstorage-role.yaml +++ b/puppet/cephstorage-role.yaml @@ -383,7 +383,6 @@ resources: properties: server: {get_resource: CephStorage} RoleParameters: {get_param: RoleParameters} - deployment_actions: {get_attr: [DeploymentActions, value]} NetworkDeployment: type: OS::TripleO::SoftwareDeployment @@ -490,9 +489,6 @@ resources: CephStorageExtraConfigPre: depends_on: CephStorageDeployment type: OS::TripleO::CephStorageExtraConfigPre - # We have to use conditions here so that we don't break backwards - # compatibility with templates everywhere - condition: server_not_blacklisted properties: server: {get_resource: CephStorage} @@ -501,9 +497,6 @@ resources: NodeExtraConfig: depends_on: [CephStorageExtraConfigPre, NodeTLSCAData] type: OS::TripleO::NodeExtraConfig - # We have to use conditions here so that we don't break backwards - # compatibility with templates everywhere - condition: server_not_blacklisted properties: server: {get_resource: CephStorage} @@ -525,21 +518,11 @@ resources: - ['CREATE', 'UPDATE'] - [] - DeploymentActions: - type: OS::Heat::Value - properties: - value: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - SshHostPubKey: type: OS::TripleO::Ssh::HostPubKey depends_on: CephStorageDeployment properties: server: {get_resource: CephStorage} - deployment_actions: {get_attr: [DeploymentActions, value]} outputs: ip_address: diff --git a/puppet/compute-role.yaml b/puppet/compute-role.yaml index 37eb98d1..7bcee47d 100644 --- a/puppet/compute-role.yaml +++ b/puppet/compute-role.yaml @@ -386,7 +386,6 @@ resources: properties: server: {get_resource: NovaCompute} RoleParameters: {get_param: RoleParameters} - deployment_actions: {get_attr: [DeploymentActions, value]} NetworkConfig: type: OS::TripleO::Compute::Net::SoftwareConfig @@ -513,9 +512,6 @@ resources: ComputeExtraConfigPre: depends_on: NovaComputeDeployment type: OS::TripleO::ComputeExtraConfigPre - # We have to use conditions here so that we don't break backwards - # compatibility with templates everywhere - condition: server_not_blacklisted properties: server: {get_resource: NovaCompute} @@ -524,9 +520,6 @@ resources: NodeExtraConfig: depends_on: [ComputeExtraConfigPre, NodeTLSCAData] type: OS::TripleO::NodeExtraConfig - # We have to use conditions here so that we don't break backwards - # compatibility with templates everywhere - condition: server_not_blacklisted properties: server: {get_resource: NovaCompute} @@ -549,21 +542,11 @@ resources: update_identifier: get_param: UpdateIdentifier - DeploymentActions: - type: OS::Heat::Value - properties: - value: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - SshHostPubKey: type: OS::TripleO::Ssh::HostPubKey depends_on: NovaComputeDeployment properties: server: {get_resource: NovaCompute} - deployment_actions: {get_attr: [DeploymentActions, value]} outputs: ip_address: diff --git a/puppet/controller-role.yaml b/puppet/controller-role.yaml index 01f54df0..6a032656 100644 --- a/puppet/controller-role.yaml +++ b/puppet/controller-role.yaml @@ -406,7 +406,6 @@ resources: properties: server: {get_resource: Controller} RoleParameters: {get_param: RoleParameters} - deployment_actions: {get_attr: [DeploymentActions, value]} NetworkConfig: type: OS::TripleO::Controller::Net::SoftwareConfig @@ -553,9 +552,6 @@ resources: ControllerExtraConfigPre: depends_on: ControllerDeployment type: OS::TripleO::ControllerExtraConfigPre - # We have to use conditions here so that we don't break backwards - # compatibility with templates everywhere - condition: server_not_blacklisted properties: server: {get_resource: Controller} @@ -564,9 +560,6 @@ resources: NodeExtraConfig: depends_on: [ControllerExtraConfigPre, NodeTLSData] type: OS::TripleO::NodeExtraConfig - # We have to use conditions here so that we don't break backwards - # compatibility with templates everywhere - condition: server_not_blacklisted properties: server: {get_resource: Controller} @@ -589,21 +582,11 @@ resources: update_identifier: get_param: UpdateIdentifier - DeploymentActions: - type: OS::Heat::Value - properties: - value: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - SshHostPubKey: type: OS::TripleO::Ssh::HostPubKey depends_on: ControllerDeployment properties: server: {get_resource: Controller} - deployment_actions: {get_attr: [DeploymentActions, value]} outputs: ip_address: diff --git a/puppet/deploy-artifacts.sh b/puppet/deploy-artifacts.sh index 4e1ad89f..6e7f0ec1 100644 --- a/puppet/deploy-artifacts.sh +++ b/puppet/deploy-artifacts.sh @@ -16,7 +16,7 @@ if [ -n "$artifact_urls" ]; then tar xvzf $TMP_DATA/file_data popd else - echo "ERROR: Unsupported file format." + echo "ERROR: Unsupported file format: $URL" exit 1 fi rm $TMP_DATA/file_data diff --git a/puppet/objectstorage-role.yaml b/puppet/objectstorage-role.yaml index e6348420..40a5d441 100644 --- a/puppet/objectstorage-role.yaml +++ b/puppet/objectstorage-role.yaml @@ -377,7 +377,6 @@ resources: properties: server: {get_resource: SwiftStorage} RoleParameters: {get_param: RoleParameters} - deployment_actions: {get_attr: [DeploymentActions, value]} NetworkDeployment: type: OS::TripleO::SoftwareDeployment @@ -486,9 +485,6 @@ resources: NodeExtraConfig: depends_on: NodeTLSCAData type: OS::TripleO::NodeExtraConfig - # We have to use conditions here so that we don't break backwards - # compatibility with templates everywhere - condition: server_not_blacklisted properties: server: {get_resource: SwiftStorage} @@ -510,21 +506,11 @@ resources: - ['CREATE', 'UPDATE'] - [] - DeploymentActions: - type: OS::Heat::Value - properties: - value: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - SshHostPubKey: type: OS::TripleO::Ssh::HostPubKey depends_on: SwiftStorageHieraDeploy properties: server: {get_resource: SwiftStorage} - deployment_actions: {get_attr: [DeploymentActions, value]} outputs: ip_address: diff --git a/puppet/role.role.j2.yaml b/puppet/role.role.j2.yaml index 3be2861c..320bf991 100644 --- a/puppet/role.role.j2.yaml +++ b/puppet/role.role.j2.yaml @@ -399,7 +399,6 @@ resources: properties: server: {get_resource: {{role}}} RoleParameters: {get_param: RoleParameters} - deployment_actions: {get_attr: [DeploymentActions, value]} NetworkDeployment: type: OS::TripleO::SoftwareDeployment @@ -512,9 +511,6 @@ resources: {{role}}ExtraConfigPre: depends_on: {{role}}Deployment type: OS::TripleO::{{role}}ExtraConfigPre - # We have to use conditions here so that we don't break backwards - # compatibility with templates everywhere - condition: server_not_blacklisted properties: server: {get_resource: {{role}}} @@ -523,9 +519,6 @@ resources: NodeExtraConfig: depends_on: [{{role}}ExtraConfigPre, NodeTLSCAData] type: OS::TripleO::NodeExtraConfig - # We have to use conditions here so that we don't break backwards - # compatibility with templates everywhere - condition: server_not_blacklisted properties: server: {get_resource: {{role}}} @@ -548,21 +541,11 @@ resources: - ['CREATE', 'UPDATE'] - [] - DeploymentActions: - type: OS::Heat::Value - properties: - value: - if: - - server_not_blacklisted - - ['CREATE', 'UPDATE'] - - [] - SshHostPubKey: type: OS::TripleO::Ssh::HostPubKey depends_on: {{role}}Deployment properties: server: {get_resource: {{role}}} - deployment_actions: {get_attr: [DeploymentActions, value]} outputs: ip_address: diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml index 2bde9033..882ba299 100644 --- a/puppet/services/database/mysql.yaml +++ b/puppet/services/database/mysql.yaml @@ -118,6 +118,16 @@ outputs: template: "%{hiera('cloud_name_NETWORK')}" params: NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} + dnsnames: + - str_replace: + template: "%{hiera('cloud_name_NETWORK')}" + params: + NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} + - str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} principal: str_replace: template: "mysql/%{hiera('cloud_name_NETWORK')}" @@ -132,6 +142,9 @@ outputs: - service: mysql network: {get_param: [ServiceNetMap, MysqlNetwork]} type: vip + - service: mysql + network: {get_param: [ServiceNetMap, MysqlNetwork]} + type: node - null upgrade_tasks: - name: Check for galera root password diff --git a/puppet/services/database/redis.yaml b/puppet/services/database/redis.yaml index df406a8c..9567a73f 100644 --- a/puppet/services/database/redis.yaml +++ b/puppet/services/database/redis.yaml @@ -52,3 +52,23 @@ outputs: - 26379 step_config: | include ::tripleo::profile::base::database::redis + upgrade_tasks: + - name: Check if redis is deployed + command: systemctl is-enabled redis + tags: common + ignore_errors: True + register: redis_enabled + - name: "PreUpgrade step0,validation: Check if redis is running" + shell: > + /usr/bin/systemctl show 'redis' --property ActiveState | + grep '\bactive\b' + when: redis_enabled.rc == 0 + tags: step0,validation + - name: Stop redis service + tags: step1 + when: redis_enabled.rc == 0 + service: name=redis state=stopped + - name: Install redis package if it was disabled + tags: step3 + yum: name=redis state=latest + when: redis_enabled.rc != 0 diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml index 092d0720..1f97b8ba 100644 --- a/puppet/services/horizon.yaml +++ b/puppet/services/horizon.yaml @@ -89,7 +89,6 @@ outputs: horizon::cache_backend: django.core.cache.backends.memcached.MemcachedCache horizon::django_session_engine: 'django.contrib.sessions.backends.cache' horizon::vhost_extra_params: - add_listen: false priority: 10 access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"' options: ['FollowSymLinks','MultiViews'] diff --git a/puppet/services/ironic-api.yaml b/puppet/services/ironic-api.yaml index 945033a1..0e8eacf1 100644 --- a/puppet/services/ironic-api.yaml +++ b/puppet/services/ironic-api.yaml @@ -43,8 +43,21 @@ parameters: e.g. { ironic-context_is_admin: { key: context_is_admin, value: 'role:admin' } } default: {} type: json + EnableInternalTLS: + type: boolean + default: false resources: + ApacheServiceBase: + type: ./apache.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + EnableInternalTLS: {get_param: EnableInternalTLS} + IronicBase: type: ./ironic-base.yaml properties: @@ -63,6 +76,7 @@ outputs: config_settings: map_merge: - get_attr: [IronicBase, role_data, config_settings] + - get_attr: [ApacheServiceBase, role_data, config_settings] - ironic::api::authtoken::password: {get_param: IronicPassword} ironic::api::authtoken::project_name: 'service' ironic::api::authtoken::user_domain_name: 'Default' @@ -80,7 +94,17 @@ outputs: ironic::api::port: {get_param: [EndpointMap, IronicInternal, port]} # This is used to build links in responses ironic::api::public_endpoint: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]} + ironic::api::service_name: 'httpd' ironic::policy::policies: {get_param: IronicApiPolicies} + ironic::wsgi::apache::bind_host: {get_param: [ServiceNetMap, IronicApiNetwork]} + ironic::wsgi::apache::port: {get_param: [EndpointMap, IronicInternal, port]} + ironic::wsgi::apache::servername: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, IronicApiNetwork]} + ironic::wsgi::apache::ssl: {get_param: EnableInternalTLS} tripleo.ironic_api.firewall_rules: '133 ironic api': dport: @@ -106,6 +130,9 @@ outputs: - '%' - "%{hiera('mysql_bind_host')}" upgrade_tasks: - - name: Stop ironic_api service + - name: Stop ironic_api service (before httpd support) + tags: step1 + service: name=openstack-ironic-api state=stopped enabled=no + - name: Stop ironic_api service (running under httpd) tags: step1 - service: name=openstack-ironic-api state=stopped + service: name=httpd state=stopped diff --git a/puppet/services/pacemaker/database/mysql.yaml b/puppet/services/pacemaker/database/mysql.yaml index d8e942d0..0a7659e0 100644 --- a/puppet/services/pacemaker/database/mysql.yaml +++ b/puppet/services/pacemaker/database/mysql.yaml @@ -27,6 +27,11 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + InternalTLSCAFile: + default: '/etc/ipa/ca.crt' + type: string + description: Specifies the default CA cert to use if TLS is used for + services in the internal network. resources: @@ -61,6 +66,8 @@ outputs: # internal_api_subnet - > IP/CIDR tripleo::profile::pacemaker::database::mysql::gmcast_listen_addr: get_param: [ServiceNetMap, MysqlNetwork] + tripleo::profile::pacemaker::database::mysql::ca_file: + get_param: InternalTLSCAFile step_config: | include ::tripleo::profile::pacemaker::database::mysql metadata_settings: |