diff options
Diffstat (limited to 'puppet')
-rw-r--r-- | puppet/services/aodh-api.yaml | 12 | ||||
-rw-r--r-- | puppet/services/aodh-base.yaml | 2 | ||||
-rw-r--r-- | puppet/services/apache.yaml | 4 | ||||
-rw-r--r-- | puppet/services/barbican-api.yaml | 32 | ||||
-rw-r--r-- | puppet/services/ceilometer-api.yaml | 12 | ||||
-rw-r--r-- | puppet/services/cinder-api.yaml | 50 | ||||
-rw-r--r-- | puppet/services/gnocchi-api.yaml | 12 | ||||
-rw-r--r-- | puppet/services/ironic-conductor.yaml | 8 | ||||
-rw-r--r-- | puppet/services/keystone.yaml | 15 | ||||
-rw-r--r-- | puppet/services/pacemaker/rabbitmq.yaml | 29 | ||||
-rw-r--r-- | puppet/services/panko-api.yaml | 42 | ||||
-rw-r--r-- | puppet/services/rabbitmq.yaml | 8 | ||||
-rw-r--r-- | puppet/services/releasenotes/notes/mod_ssl-e7fd4db71189242e.yaml | 5 | ||||
-rw-r--r-- | puppet/services/zaqar.yaml | 63 |
14 files changed, 165 insertions, 129 deletions
diff --git a/puppet/services/aodh-api.yaml b/puppet/services/aodh-api.yaml index 7cc6e4c6..e2bf0155 100644 --- a/puppet/services/aodh-api.yaml +++ b/puppet/services/aodh-api.yaml @@ -93,6 +93,12 @@ outputs: metadata_settings: get_attr: [ApacheServiceBase, role_data, metadata_settings] upgrade_tasks: - - name: Stop aodh_api service (running under httpd) - tags: step1 - service: name=httpd state=stopped + yaql: + expression: $.data.apache_upgrade + $.data.aodh_api_upgrade + data: + apache_upgrade: + get_attr: [ApacheServiceBase, role_data, upgrade_tasks] + aodh_api_upgrade: + - name: Stop aodh_api service (running under httpd) + tags: step1 + service: name=httpd state=stopped diff --git a/puppet/services/aodh-base.yaml b/puppet/services/aodh-base.yaml index 48a2aecd..5b78e28b 100644 --- a/puppet/services/aodh-base.yaml +++ b/puppet/services/aodh-base.yaml @@ -83,7 +83,7 @@ outputs: aodh::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } aodh::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } aodh::auth::auth_password: {get_param: AodhPassword} - aodh::auth::auth_region: 'regionOne' + aodh::auth::auth_region: {get_param: KeystoneRegion} aodh::auth::auth_tenant_name: 'service' service_config_settings: keystone: diff --git a/puppet/services/apache.yaml b/puppet/services/apache.yaml index 6e53b1f7..a2c3c7af 100644 --- a/puppet/services/apache.yaml +++ b/puppet/services/apache.yaml @@ -64,6 +64,7 @@ outputs: # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR apache::ip: {get_param: [ServiceNetMap, ApacheNetwork]} + apache::default_vhost: false apache::server_signature: 'Off' apache::server_tokens: 'Prod' apache_remote_proxy_ips_network: @@ -112,3 +113,6 @@ outputs: shell: /usr/bin/systemctl show 'httpd' --property ActiveState | grep '\bactive\b' when: httpd_enabled.rc == 0 tags: step0,validation + - name: Ensure mod_ssl package is installed + tags: step3 + yum: name=mod_ssl state=latest diff --git a/puppet/services/barbican-api.yaml b/puppet/services/barbican-api.yaml index 91a5b01c..ad59e701 100644 --- a/puppet/services/barbican-api.yaml +++ b/puppet/services/barbican-api.yaml @@ -153,16 +153,22 @@ outputs: metadata_settings: get_attr: [ApacheServiceBase, role_data, metadata_settings] upgrade_tasks: - - name: Check if barbican_api is deployed - command: systemctl is-enabled openstack-barbican-api - tags: common - ignore_errors: True - register: barbican_api_enabled - - name: "PreUpgrade step0,validation: Check service openstack-barbican-api is running" - shell: /usr/bin/systemctl show 'openstack-barbican-api' --property ActiveState | grep '\bactive\b' - when: barbican_api_enabled.rc == 0 - tags: step0,validation - - name: Install openstack-barbican-api package if it was disabled - tags: step3 - yum: name=openstack-barbican-api state=latest - when: barbican_api_enabled.rc != 0 + yaql: + expression: $.data.apache_upgrade + $.data.barbican_api_upgrade + data: + apache_upgrade: + get_attr: [ApacheServiceBase, role_data, upgrade_tasks] + barbican_api_upgrade: + - name: Check if barbican_api is deployed + command: systemctl is-enabled openstack-barbican-api + tags: common + ignore_errors: True + register: barbican_api_enabled + - name: "PreUpgrade step0,validation: Check service openstack-barbican-api is running" + shell: /usr/bin/systemctl show 'openstack-barbican-api' --property ActiveState | grep '\bactive\b' + when: barbican_api_enabled.rc == 0 + tags: step0,validation + - name: Install openstack-barbican-api package if it was disabled + tags: step3 + yum: name=openstack-barbican-api state=latest + when: barbican_api_enabled.rc != 0 diff --git a/puppet/services/ceilometer-api.yaml b/puppet/services/ceilometer-api.yaml index ba94b451..91bee507 100644 --- a/puppet/services/ceilometer-api.yaml +++ b/puppet/services/ceilometer-api.yaml @@ -100,6 +100,12 @@ outputs: metadata_settings: get_attr: [ApacheServiceBase, role_data, metadata_settings] upgrade_tasks: - - name: Stop ceilometer_api service (running under httpd) - tags: step1 - service: name=httpd state=stopped + yaql: + expression: $.data.apache_upgrade + $.data.ceilometer_api_upgrade + data: + apache_upgrade: + get_attr: [ApacheServiceBase, role_data, upgrade_tasks] + ceilometer_api_upgrade: + - name: Stop ceilometer_api service (running under httpd) + tags: step1 + service: name=httpd state=stopped diff --git a/puppet/services/cinder-api.yaml b/puppet/services/cinder-api.yaml index c1e6b0b0..0e3ceccb 100644 --- a/puppet/services/cinder-api.yaml +++ b/puppet/services/cinder-api.yaml @@ -159,25 +159,31 @@ outputs: metadata_settings: get_attr: [ApacheServiceBase, role_data, metadata_settings] upgrade_tasks: - - name: Check if cinder_api is deployed - command: systemctl is-enabled openstack-cinder-api - tags: common - ignore_errors: True - register: cinder_api_enabled - - name: "PreUpgrade step0,validation: Check service openstack-cinder-api is running" - shell: /usr/bin/systemctl show 'openstack-cinder-api' --property ActiveState | grep '\bactive\b' - when: cinder_api_enabled.rc == 0 - tags: step0,validation - - name: check for cinder running under apache (post upgrade) - tags: step1 - shell: "httpd -t -D DUMP_VHOSTS | grep -q cinder" - register: cinder_apache - ignore_errors: true - - name: Stop cinder_api service (running under httpd) - tags: step1 - service: name=httpd state=stopped - when: cinder_apache.rc == 0 - - name: Stop and disable cinder_api service (pre-upgrade not under httpd) - tags: step1 - when: cinder_api_enabled.rc == 0 - service: name=openstack-cinder-api state=stopped enabled=no + yaql: + expression: $.data.apache_upgrade + $.data.cinder_api_upgrade + data: + apache_upgrade: + get_attr: [ApacheServiceBase, role_data, upgrade_tasks] + cinder_api_upgrade: + - name: Check if cinder_api is deployed + command: systemctl is-enabled openstack-cinder-api + tags: common + ignore_errors: True + register: cinder_api_enabled + - name: "PreUpgrade step0,validation: Check service openstack-cinder-api is running" + shell: /usr/bin/systemctl show 'openstack-cinder-api' --property ActiveState | grep '\bactive\b' + when: cinder_api_enabled.rc == 0 + tags: step0,validation + - name: check for cinder running under apache (post upgrade) + tags: step1 + shell: "httpd -t -D DUMP_VHOSTS | grep -q cinder" + register: cinder_apache + ignore_errors: true + - name: Stop cinder_api service (running under httpd) + tags: step1 + service: name=httpd state=stopped + when: cinder_apache.rc == 0 + - name: Stop and disable cinder_api service (pre-upgrade not under httpd) + tags: step1 + when: cinder_api_enabled.rc == 0 + service: name=openstack-cinder-api state=stopped enabled=no diff --git a/puppet/services/gnocchi-api.yaml b/puppet/services/gnocchi-api.yaml index cd323703..5310b282 100644 --- a/puppet/services/gnocchi-api.yaml +++ b/puppet/services/gnocchi-api.yaml @@ -133,6 +133,12 @@ outputs: metadata_settings: get_attr: [ApacheServiceBase, role_data, metadata_settings] upgrade_tasks: - - name: Stop gnocchi_api service (running under httpd) - tags: step1 - service: name=httpd state=stopped + yaql: + expression: $.data.apache_upgrade + $.data.gnocchi_api_upgrade + data: + apache_upgrade: + get_attr: [ApacheServiceBase, role_data, upgrade_tasks] + gnocchi_api_upgrade: + - name: Stop gnocchi_api service (running under httpd) + tags: step1 + service: name=httpd state=stopped diff --git a/puppet/services/ironic-conductor.yaml b/puppet/services/ironic-conductor.yaml index 666967b9..83e2b850 100644 --- a/puppet/services/ironic-conductor.yaml +++ b/puppet/services/ironic-conductor.yaml @@ -32,6 +32,13 @@ parameters: created yet) and should be changed to an actual UUID in a post-deployment stack update. type: string + IronicDefaultBootOption: + default: 'local' + description: How to boot the bare metal instances. Set to 'local' (the + default) to use local bootloader (requires grub2 for partition + images). Set to 'netboot' to make the instances boot from + controllers using PXE/iPXE. + type: string IronicDefaultNetworkInterface: default: 'flat' description: Network interface implementation to use by default. @@ -95,6 +102,7 @@ outputs: ironic::conductor::cleaning_disk_erase: {get_param: IronicCleaningDiskErase} ironic::conductor::cleaning_network: {get_param: IronicCleaningNetwork} ironic::conductor::provisioning_network: {get_param: IronicProvisioningNetwork} + ironic::conductor::default_boot_option: {get_param: IronicDefaultBootOption} ironic::conductor::enabled_drivers: {get_param: IronicEnabledDrivers} ironic::conductor::enabled_hardware_types: {get_param: IronicEnabledHardwareTypes} # We need an endpoint containing a real IP, not a VIP here diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index 8a0e750d..b25b2e84 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -339,10 +339,15 @@ outputs: horizon::keystone_multidomain_support: true horizon::keystone_default_domain: 'Default' - {} - # Ansible tasks to handle upgrade - upgrade_tasks: - - name: Stop keystone service (running under httpd) - tags: step1 - service: name=httpd state=stopped metadata_settings: get_attr: [ApacheServiceBase, role_data, metadata_settings] + upgrade_tasks: + yaql: + expression: $.data.apache_upgrade + $.data.keystone_upgrade + data: + apache_upgrade: + get_attr: [ApacheServiceBase, role_data, upgrade_tasks] + keystone_upgrade: + - name: Stop keystone service (running under httpd) + tags: step1 + service: name=httpd state=stopped diff --git a/puppet/services/pacemaker/rabbitmq.yaml b/puppet/services/pacemaker/rabbitmq.yaml index caada950..30ea6d6c 100644 --- a/puppet/services/pacemaker/rabbitmq.yaml +++ b/puppet/services/pacemaker/rabbitmq.yaml @@ -39,34 +39,5 @@ outputs: - rabbitmq::service_manage: false step_config: | include ::tripleo::profile::pacemaker::rabbitmq - upgrade_tasks: - - name: get bootstrap nodeid - tags: common - command: hiera bootstrap_nodeid - register: bootstrap_node - - name: set is_bootstrap_node fact - tags: common - set_fact: is_bootstrap_node={{bootstrap_node.stdout == ansible_hostname}} - - name: get rabbitmq policy - tags: common - shell: pcs resource show rabbitmq | grep -q -E "Attributes:.*\"ha-mode\":\"all\"" - register: rabbit_ha_mode - when: is_bootstrap_node - ignore_errors: true - - name: set migrate_rabbit_ha_mode fact - tags: common - set_fact: migrate_rabbit_ha_mode={{rabbit_ha_mode.rc == 0}} - when: is_bootstrap_node - - name: Fixup for rabbitmq ha-queues LP#1668600 - tags: step0,pre-upgrade - shell: | - nr_controllers=$(($(hiera controller_node_names | grep -o "," |wc -l) + 1)) - nr_queues=$(($nr_controllers / 2 + ($nr_controllers % 2))) - if ! [ $nr_queues -gt 0 -a $nr_queues -le $nr_controllers ]; then - echo "ERROR: The nr. of HA queues during the rabbit upgrade is out of range: $nr_queues" - exit 1 - fi - pcs resource update rabbitmq set_policy='ha-all ^(?!amq\\.).* {"ha-mode":"exactly","ha-params":'"$nr_queues}" --wait=600 - when: is_bootstrap_node and migrate_rabbit_ha_mode metadata_settings: get_attr: [RabbitMQServiceBase, role_data, metadata_settings] diff --git a/puppet/services/panko-api.yaml b/puppet/services/panko-api.yaml index 43e7aa18..63cddb04 100644 --- a/puppet/services/panko-api.yaml +++ b/puppet/services/panko-api.yaml @@ -92,21 +92,27 @@ outputs: metadata_settings: get_attr: [ApacheServiceBase, role_data, metadata_settings] upgrade_tasks: - - name: Check if httpd is deployed - command: systemctl is-enabled httpd - tags: common - ignore_errors: True - register: httpd_enabled - - name: "PreUpgrade step0,validation: Check if httpd is running" - shell: > - /usr/bin/systemctl show 'httpd' --property ActiveState | - grep '\bactive\b' - when: httpd_enabled.rc == 0 - tags: step0,validation - - name: Stop panko-api service (running under httpd) - tags: step1 - service: name=httpd state=stopped - when: httpd_enabled.rc == 0 - - name: Install openstack-panko-api package if it was not installed - tags: step3 - yum: name=openstack-panko-api state=latest + yaql: + expression: $.data.apache_upgrade + $.data.panko_api_upgrade + data: + apache_upgrade: + get_attr: [ApacheServiceBase, role_data, upgrade_tasks] + panko_api_upgrade: + - name: Check if httpd is deployed + command: systemctl is-enabled httpd + tags: common + ignore_errors: True + register: httpd_enabled + - name: "PreUpgrade step0,validation: Check if httpd is running" + shell: > + /usr/bin/systemctl show 'httpd' --property ActiveState | + grep '\bactive\b' + when: httpd_enabled.rc == 0 + tags: step0,validation + - name: Stop panko-api service (running under httpd) + tags: step1 + service: name=httpd state=stopped + when: httpd_enabled.rc == 0 + - name: Install openstack-panko-api package if it was not installed + tags: step3 + yum: name=openstack-panko-api state=latest diff --git a/puppet/services/rabbitmq.yaml b/puppet/services/rabbitmq.yaml index 47479783..d69da3e1 100644 --- a/puppet/services/rabbitmq.yaml +++ b/puppet/services/rabbitmq.yaml @@ -40,10 +40,10 @@ parameters: hidden: true RabbitHAQueues: description: - The number of HA queues to be configured in rabbit. The default is 0 which will - be automatically overridden to CEIL(N/2) where N is the number of nodes running - rabbitmq. - default: 0 + The number of HA queues to be configured in rabbit. The default is -1 which + translates to "ha-mode all". The special value 0 will be automatically + overridden to CEIL(N/2) where N is the number of nodes running rabbitmq. + default: -1 type: number MonitoringSubscriptionRabbitmq: default: 'overcloud-rabbitmq' diff --git a/puppet/services/releasenotes/notes/mod_ssl-e7fd4db71189242e.yaml b/puppet/services/releasenotes/notes/mod_ssl-e7fd4db71189242e.yaml new file mode 100644 index 00000000..eb7b513c --- /dev/null +++ b/puppet/services/releasenotes/notes/mod_ssl-e7fd4db71189242e.yaml @@ -0,0 +1,5 @@ +--- +upgrade: + - When a service is deployed in WSGI with Apache, make sure mode_ssl + package is deployed during the upgrade process, it's now required + by default so Apache can start properly. diff --git a/puppet/services/zaqar.yaml b/puppet/services/zaqar.yaml index 06965c8c..2a38e2c0 100644 --- a/puppet/services/zaqar.yaml +++ b/puppet/services/zaqar.yaml @@ -71,6 +71,7 @@ outputs: zaqar::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} zaqar::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} zaqar::debug: {get_param: Debug} + zaqar::server::service_name: 'httpd' zaqar::transport::websocket::bind: {get_param: [EndpointMap, ZaqarInternal, host]} zaqar::wsgi::apache::ssl: false zaqar::wsgi::apache::bind_host: {get_param: [ServiceNetMap, ZaqarApiNetwork]} @@ -105,31 +106,37 @@ outputs: step_config: | include ::tripleo::profile::base::zaqar upgrade_tasks: - - name: Check if zaqar is deployed - command: systemctl is-enabled openstack-zaqar - tags: common - ignore_errors: True - register: zaqar_enabled - - name: "PreUpgrade step0,validation: Check if openstack-zaqar is running" - shell: > - /usr/bin/systemctl show 'openstack-zaqar' --property ActiveState | - grep '\bactive\b' - when: zaqar_enabled.rc == 0 - tags: step0,validation - - name: Check for zaqar running under apache (post upgrade) - tags: step1 - shell: "httpd -t -D DUMP_VHOSTS | grep -q zaqar_wsgi" - register: zaqar_apache - ignore_errors: true - - name: Stop zaqar service (running under httpd) - tags: step1 - service: name=httpd state=stopped - when: zaqar_apache.rc == 0 - - name: Stop and disable zaqar service (pre-upgrade not under httpd) - tags: step1 - when: zaqar_enabled.rc == 0 - service: name=openstack-zaqar state=stopped enabled=no - - name: Install openstack-zaqar package if it was disabled - tags: step3 - yum: name=openstack-zaqar state=latest - when: zaqar_enabled.rc != 0 + yaql: + expression: $.data.apache_upgrade + $.data.zaqar_upgrade + data: + apache_upgrade: + get_attr: [ApacheServiceBase, role_data, upgrade_tasks] + zaqar_upgrade: + - name: Check if zaqar is deployed + command: systemctl is-enabled openstack-zaqar + tags: common + ignore_errors: True + register: zaqar_enabled + - name: "PreUpgrade step0,validation: Check if openstack-zaqar is running" + shell: > + /usr/bin/systemctl show 'openstack-zaqar' --property ActiveState | + grep '\bactive\b' + when: zaqar_enabled.rc == 0 + tags: step0,validation + - name: Check for zaqar running under apache (post upgrade) + tags: step1 + shell: "httpd -t -D DUMP_VHOSTS | grep -q zaqar_wsgi" + register: zaqar_apache + ignore_errors: true + - name: Stop zaqar service (running under httpd) + tags: step1 + service: name=httpd state=stopped + when: zaqar_apache.rc == 0 + - name: Stop and disable zaqar service (pre-upgrade not under httpd) + tags: step1 + when: zaqar_enabled.rc == 0 + service: name=openstack-zaqar state=stopped enabled=no + - name: Install openstack-zaqar package if it was disabled + tags: step3 + yum: name=openstack-zaqar state=latest + when: zaqar_enabled.rc != 0 |