aboutsummaryrefslogtreecommitdiffstats
path: root/puppet
diff options
context:
space:
mode:
Diffstat (limited to 'puppet')
-rw-r--r--puppet/all-nodes-config.yaml6
-rw-r--r--puppet/role.role.j2.yaml30
-rw-r--r--puppet/services/aodh-api.yaml15
-rw-r--r--puppet/services/barbican-api.yaml35
-rw-r--r--puppet/services/ceilometer-api.yaml15
-rw-r--r--puppet/services/cinder-api.yaml53
-rw-r--r--puppet/services/cinder-backend-dellemc-vmax-iscsi.yaml65
-rw-r--r--puppet/services/database/redis-base.yaml20
-rw-r--r--puppet/services/database/redis.yaml41
-rw-r--r--puppet/services/disabled/mongodb-disabled.yaml4
-rw-r--r--puppet/services/gnocchi-api.yaml15
-rw-r--r--puppet/services/haproxy-public-tls-certmonger.yaml17
-rw-r--r--puppet/services/keystone.yaml15
-rw-r--r--puppet/services/manila-backend-isilon.yaml72
-rw-r--r--puppet/services/manila-backend-vmax.yaml74
-rw-r--r--puppet/services/manila-scheduler.yaml2
-rw-r--r--puppet/services/neutron-ovs-agent.yaml35
-rw-r--r--puppet/services/neutron-plugin-nsx.yaml18
-rw-r--r--puppet/services/nova-api.yaml167
-rw-r--r--puppet/services/opendaylight-api.yaml9
-rw-r--r--puppet/services/opendaylight-ovs.yaml35
-rw-r--r--puppet/services/openvswitch.yaml4
-rw-r--r--puppet/services/pacemaker/database/redis.yaml11
-rw-r--r--puppet/services/panko-api.yaml45
-rw-r--r--puppet/services/rabbitmq.yaml1
-rw-r--r--puppet/services/zaqar-api.yaml68
26 files changed, 564 insertions, 308 deletions
diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml
index 3044fe39..37c1d4e5 100644
--- a/puppet/all-nodes-config.yaml
+++ b/puppet/all-nodes-config.yaml
@@ -16,10 +16,6 @@ parameters:
type: comma_delimited_list
controller_ips:
type: comma_delimited_list
- logging_groups:
- type: json
- logging_sources:
- type: json
service_ips:
type: json
service_node_names:
@@ -113,8 +109,6 @@ resources:
bootstrap_nodeid_ip: {get_input: bootstrap_nodeid_ip}
all_nodes:
map_merge:
- - tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: logging_sources}
- - tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: logging_groups}
- enabled_services:
yaql:
expression: $.data.distinct()
diff --git a/puppet/role.role.j2.yaml b/puppet/role.role.j2.yaml
index 5453e65c..15da1773 100644
--- a/puppet/role.role.j2.yaml
+++ b/puppet/role.role.j2.yaml
@@ -105,6 +105,11 @@ parameters:
description: DEPRECATED - use {{role.name}}IPs instead
type: json
{%- endif %}
+ {{role.name}}NetworkDeploymentActions:
+ type: comma_delimited_list
+ description: >
+ Heat action when to apply network configuration changes
+ default: []
NetworkDeploymentActions:
type: comma_delimited_list
description: >
@@ -148,12 +153,6 @@ parameters:
type: json
description: Optional scheduler hints to pass to nova
default: {}
-{%- if role.deprecated_param_scheduler_hints is defined %}
- {{role.deprecated_param_scheduler_hints}}:
- type: json
- description: DEPRECATED - use {{role.name}}SchedulerHints instead
- default: {}
-{%- endif %}
NodeIndex:
type: number
default: 0
@@ -239,7 +238,7 @@ parameter_groups:
description: Do not use deprecated params, they will be removed.
parameters:
{%- for property in role %}
-{%- if property.startswith('deprecated_param_') %}
+{%- if property.startswith('deprecated_param_') and not role[property].endswith('SchedulerHints') %}
- {{role[property]}}
{%- endif %}
{%- endfor %}
@@ -271,6 +270,11 @@ conditions:
- {get_param: {{role.deprecated_param_flavor}}}
- {{default_flavor_name}}
{%- endif %}
+ role_network_deployment_actions_exists:
+ not:
+ equals:
+ - {get_param: {{role.name}}NetworkDeploymentActions}
+ - []
resources:
{{server_resource_name}}:
@@ -317,12 +321,7 @@ resources:
{%- endif %}
- {get_param: {{role.name}}ServerMetadata}
- {get_param: ServiceMetadataSettings}
- scheduler_hints:
- map_merge:
-{%- if role.deprecated_param_scheduler_hints is defined %}
- - {get_param: {{role.deprecated_param_scheduler_hints}}}
-{%- endif %}
- - {get_param: {{role.name}}SchedulerHints}
+ scheduler_hints: {get_param: {{role.name}}SchedulerHints}
deployment_swift_data:
if:
- deployment_swift_data_map_unset
@@ -501,7 +500,10 @@ resources:
actions:
if:
- server_not_blacklisted
- - {get_param: NetworkDeploymentActions}
+ - if:
+ - role_network_deployment_actions_exists
+ - {get_param: {{role.name}}NetworkDeploymentActions}
+ - {get_param: NetworkDeploymentActions}
- []
{{server_resource_name}}UpgradeInitConfig:
diff --git a/puppet/services/aodh-api.yaml b/puppet/services/aodh-api.yaml
index f84edde0..f0493f0e 100644
--- a/puppet/services/aodh-api.yaml
+++ b/puppet/services/aodh-api.yaml
@@ -116,12 +116,9 @@ outputs:
metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks:
- yaql:
- expression: $.data.apache_upgrade + $.data.aodh_api_upgrade
- data:
- apache_upgrade:
- get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
- aodh_api_upgrade:
- - name: Stop aodh_api service (running under httpd)
- tags: step1
- service: name=httpd state=stopped
+ list_concat:
+ - get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
+ -
+ - name: Stop aodh_api service (running under httpd)
+ tags: step1
+ service: name=httpd state=stopped
diff --git a/puppet/services/barbican-api.yaml b/puppet/services/barbican-api.yaml
index a894dbdf..974c2538 100644
--- a/puppet/services/barbican-api.yaml
+++ b/puppet/services/barbican-api.yaml
@@ -186,22 +186,19 @@ outputs:
metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks:
- yaql:
- expression: $.data.apache_upgrade + $.data.barbican_api_upgrade
- data:
- apache_upgrade:
- get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
- barbican_api_upgrade:
- - name: Check if barbican_api is deployed
- command: systemctl is-enabled openstack-barbican-api
- tags: common
- ignore_errors: True
- register: barbican_api_enabled
- - name: "PreUpgrade step0,validation: Check service openstack-barbican-api is running"
- shell: /usr/bin/systemctl show 'openstack-barbican-api' --property ActiveState | grep '\bactive\b'
- when: barbican_api_enabled.rc == 0
- tags: step0,validation
- - name: Install openstack-barbican-api package if it was disabled
- tags: step3
- yum: name=openstack-barbican-api state=latest
- when: barbican_api_enabled.rc != 0
+ list_concat:
+ - get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
+ -
+ - name: Check if barbican_api is deployed
+ command: systemctl is-enabled openstack-barbican-api
+ tags: common
+ ignore_errors: True
+ register: barbican_api_enabled
+ - name: "PreUpgrade step0,validation: Check service openstack-barbican-api is running"
+ shell: /usr/bin/systemctl show 'openstack-barbican-api' --property ActiveState | grep '\bactive\b'
+ when: barbican_api_enabled.rc == 0
+ tags: step0,validation
+ - name: Install openstack-barbican-api package if it was disabled
+ tags: step3
+ yum: name=openstack-barbican-api state=latest
+ when: barbican_api_enabled.rc != 0
diff --git a/puppet/services/ceilometer-api.yaml b/puppet/services/ceilometer-api.yaml
index aba303fb..1076c043 100644
--- a/puppet/services/ceilometer-api.yaml
+++ b/puppet/services/ceilometer-api.yaml
@@ -118,12 +118,9 @@ outputs:
metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks:
- yaql:
- expression: $.data.apache_upgrade + $.data.ceilometer_api_upgrade
- data:
- apache_upgrade:
- get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
- ceilometer_api_upgrade:
- - name: Stop ceilometer_api service (running under httpd)
- tags: step1
- service: name=httpd state=stopped
+ list_concat:
+ - get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
+ -
+ - name: Stop ceilometer_api service (running under httpd)
+ tags: step1
+ service: name=httpd state=stopped
diff --git a/puppet/services/cinder-api.yaml b/puppet/services/cinder-api.yaml
index fbfe532a..193c6ba3 100644
--- a/puppet/services/cinder-api.yaml
+++ b/puppet/services/cinder-api.yaml
@@ -184,31 +184,28 @@ outputs:
metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks:
- yaql:
- expression: $.data.apache_upgrade + $.data.cinder_api_upgrade
- data:
- apache_upgrade:
- get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
- cinder_api_upgrade:
- - name: Check if cinder_api is deployed
- command: systemctl is-enabled openstack-cinder-api
- tags: common
- ignore_errors: True
- register: cinder_api_enabled
- - name: "PreUpgrade step0,validation: Check service openstack-cinder-api is running"
- shell: /usr/bin/systemctl show 'openstack-cinder-api' --property ActiveState | grep '\bactive\b'
- when: cinder_api_enabled.rc == 0
- tags: step0,validation
- - name: check for cinder running under apache (post upgrade)
- tags: step1
- shell: "httpd -t -D DUMP_VHOSTS | grep -q cinder"
- register: cinder_apache
- ignore_errors: true
- - name: Stop cinder_api service (running under httpd)
- tags: step1
- service: name=httpd state=stopped
- when: cinder_apache.rc == 0
- - name: Stop and disable cinder_api service (pre-upgrade not under httpd)
- tags: step1
- when: cinder_api_enabled.rc == 0
- service: name=openstack-cinder-api state=stopped enabled=no
+ list_concat:
+ - get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
+ -
+ - name: Check if cinder_api is deployed
+ command: systemctl is-enabled openstack-cinder-api
+ tags: common
+ ignore_errors: True
+ register: cinder_api_enabled
+ - name: "PreUpgrade step0,validation: Check service openstack-cinder-api is running"
+ shell: /usr/bin/systemctl show 'openstack-cinder-api' --property ActiveState | grep '\bactive\b'
+ when: cinder_api_enabled.rc == 0
+ tags: step0,validation
+ - name: check for cinder running under apache (post upgrade)
+ tags: step1
+ shell: "httpd -t -D DUMP_VHOSTS | grep -q cinder"
+ register: cinder_apache
+ ignore_errors: true
+ - name: Stop cinder_api service (running under httpd)
+ tags: step1
+ service: name=httpd state=stopped
+ when: cinder_apache.rc == 0
+ - name: Stop and disable cinder_api service (pre-upgrade not under httpd)
+ tags: step1
+ when: cinder_api_enabled.rc == 0
+ service: name=openstack-cinder-api state=stopped enabled=no
diff --git a/puppet/services/cinder-backend-dellemc-vmax-iscsi.yaml b/puppet/services/cinder-backend-dellemc-vmax-iscsi.yaml
new file mode 100644
index 00000000..1a3beab5
--- /dev/null
+++ b/puppet/services/cinder-backend-dellemc-vmax-iscsi.yaml
@@ -0,0 +1,65 @@
+# Copyright (c) 2016-2017 Dell Inc, or its subsidiaries.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+heat_template_version: pike
+
+description: >
+ Openstack Cinder Dell EMC VMAX iscsi backend
+
+parameters:
+ CinderEnableDellEMCVMAXISCSIBackend:
+ type: boolean
+ default: true
+ CinderDellEMCVMAXISCSIBackendName:
+ type: string
+ default: 'tripleo_dellemc_vmax_iscsi'
+ CinderDellEMCVMAXISCSIConfigFile:
+ type: string
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ EndpointMap:
+ default: {}
+ type: json
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+
+outputs:
+ role_data:
+ description: Role data for the Cinder Dell EMC VMAX iscsi backend.
+ value:
+ service_name: cinder_backend_dellemc_vmax_iscsi
+ config_settings:
+ tripleo::profile::base::cinder::volume::cinder_enable_dellemc_vmax_iscsi_backend: {get_param: CinderEnableDellEMCVMAXISCSIBackend}
+ cinder::backend::dell_emc_vmax_iscsi::volume_backend_name: {get_param: CinderDellEMCVMAXISCSIBackendName}
+ cinder::backend::dell_emc_vmax_iscsi::cinder_emc_config_file: {get_param: CinderDellEMCVMAXISCSIConfigFile}
+ step_config: |
+ include ::tripleo::profile::base::cinder::volume
diff --git a/puppet/services/database/redis-base.yaml b/puppet/services/database/redis-base.yaml
index 2a6a89e9..8436062a 100644
--- a/puppet/services/database/redis-base.yaml
+++ b/puppet/services/database/redis-base.yaml
@@ -38,6 +38,12 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ EnableInternalTLS:
+ type: boolean
+ default: false
+
+conditions:
+ use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
outputs:
role_data:
@@ -53,10 +59,20 @@ outputs:
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
- redis::bind: {get_param: [ServiceNetMap, RedisNetwork]}
+ # Bind to localhost if internal TLS is enabled, since we put a TLs
+ # proxy in front.
+ redis::bind:
+ if:
+ - use_tls_proxy
+ - 'localhost'
+ - {get_param: [ServiceNetMap, RedisNetwork]}
redis::port: 6379
redis::sentinel::master_name: "%{hiera('bootstrap_nodeid')}"
redis::sentinel::redis_host: "%{hiera('bootstrap_nodeid_ip')}"
redis::sentinel::notification_script: '/usr/local/bin/redis-notifications.sh'
- redis::sentinel::sentinel_bind: {get_param: [ServiceNetMap, RedisNetwork]}
+ redis::sentinel::sentinel_bind:
+ if:
+ - use_tls_proxy
+ - 'localhost'
+ - {get_param: [ServiceNetMap, RedisNetwork]}
redis::ulimit: {get_param: RedisFDLimit}
diff --git a/puppet/services/database/redis.yaml b/puppet/services/database/redis.yaml
index bdcc4fcd..810e467e 100644
--- a/puppet/services/database/redis.yaml
+++ b/puppet/services/database/redis.yaml
@@ -30,8 +30,15 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ EnableInternalTLS:
+ type: boolean
+ default: false
+
+conditions:
+ use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
resources:
+
RedisBase:
type: ./redis-base.yaml
properties:
@@ -41,6 +48,7 @@ resources:
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
+ EnableInternalTLS: {get_param: EnableInternalTLS}
outputs:
role_data:
@@ -55,8 +63,41 @@ outputs:
dport:
- 6379
- 26379
+ tripleo::profile::base::database::redis::tls_proxy_bind_ip:
+ get_param: [ServiceNetMap, RedisNetwork]
+ tripleo::profile::base::database::redis::tls_proxy_fqdn:
+ str_replace:
+ template:
+ "%{hiera('fqdn_$NETWORK')}"
+ params:
+ $NETWORK: {get_param: [ServiceNetMap, RedisNetwork]}
+ tripleo::profile::base::database::redis::tls_proxy_port: 6379
+ - if:
+ - use_tls_proxy
+ - redis_certificate_specs:
+ service_certificate: '/etc/pki/tls/certs/redis.crt'
+ service_key: '/etc/pki/tls/private/redis.key'
+ hostname:
+ str_replace:
+ template: "%{hiera('cloud_name_NETWORK')}"
+ params:
+ NETWORK: {get_param: [ServiceNetMap, RedisNetwork]}
+ principal:
+ str_replace:
+ template: "redis/%{hiera('cloud_name_NETWORK')}"
+ params:
+ NETWORK: {get_param: [ServiceNetMap, RedisNetwork]}
+ - {}
step_config: |
include ::tripleo::profile::base::database::redis
+ metadata_settings:
+ if:
+ - use_tls_proxy
+ -
+ - service: redis
+ network: {get_param: [ServiceNetMap, RabbitmqNetwork]}
+ type: vip
+ - null
upgrade_tasks:
- name: Check if redis is deployed
command: systemctl is-enabled redis
diff --git a/puppet/services/disabled/mongodb-disabled.yaml b/puppet/services/disabled/mongodb-disabled.yaml
index 9e58103c..c01a91fb 100644
--- a/puppet/services/disabled/mongodb-disabled.yaml
+++ b/puppet/services/disabled/mongodb-disabled.yaml
@@ -37,6 +37,10 @@ outputs:
value:
service_name: mongodb_disabled
upgrade_tasks:
+ - name: Check for mongodb service
+ stat: path=/usr/lib/systemd/system/mongod.service
+ register: mongod_service
- name: Stop and disable mongodb service on upgrade
tags: step1
service: name=mongod state=stopped enabled=no
+ when: mongod_service.stat.exists
diff --git a/puppet/services/gnocchi-api.yaml b/puppet/services/gnocchi-api.yaml
index cd7ab692..0f8f352a 100644
--- a/puppet/services/gnocchi-api.yaml
+++ b/puppet/services/gnocchi-api.yaml
@@ -151,12 +151,9 @@ outputs:
metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks:
- yaql:
- expression: $.data.apache_upgrade + $.data.gnocchi_api_upgrade
- data:
- apache_upgrade:
- get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
- gnocchi_api_upgrade:
- - name: Stop gnocchi_api service (running under httpd)
- tags: step1
- service: name=httpd state=stopped
+ list_concat:
+ - get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
+ -
+ - name: Stop gnocchi_api service (running under httpd)
+ tags: step1
+ service: name=httpd state=stopped
diff --git a/puppet/services/haproxy-public-tls-certmonger.yaml b/puppet/services/haproxy-public-tls-certmonger.yaml
index 14d171dc..cdfc41cf 100644
--- a/puppet/services/haproxy-public-tls-certmonger.yaml
+++ b/puppet/services/haproxy-public-tls-certmonger.yaml
@@ -36,6 +36,11 @@ parameters:
HAProxyInternalTLSKeysDirectory:
default: '/etc/pki/tls/private/haproxy'
type: string
+ DeployedSSLCertificatePath:
+ default: '/etc/pki/tls/private/overcloud_endpoint.pem'
+ description: >
+ The filepath of the certificate as it will be stored in the controller.
+ type: string
outputs:
role_data:
@@ -44,22 +49,14 @@ outputs:
service_name: haproxy_public_tls_certmonger
config_settings:
generate_service_certificates: true
- tripleo::haproxy::service_certificate:
- list_join:
- - ''
- - - {get_param: HAProxyInternalTLSCertsDirectory}
- - '/overcloud-haproxy-external.pem'
+ tripleo::haproxy::service_certificate: {get_param: DeployedSSLCertificatePath}
tripleo::certmonger::haproxy_dirs::certificate_dir:
get_param: HAProxyInternalTLSCertsDirectory
tripleo::certmonger::haproxy_dirs::key_dir:
get_param: HAProxyInternalTLSKeysDirectory
certificates_specs:
haproxy-external:
- service_pem:
- list_join:
- - ''
- - - {get_param: HAProxyInternalTLSCertsDirectory}
- - '/overcloud-haproxy-external.pem'
+ service_pem: {get_param: DeployedSSLCertificatePath}
service_certificate:
list_join:
- ''
diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml
index 218ba740..6301314a 100644
--- a/puppet/services/keystone.yaml
+++ b/puppet/services/keystone.yaml
@@ -400,12 +400,9 @@ outputs:
metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks:
- yaql:
- expression: $.data.apache_upgrade + $.data.keystone_upgrade
- data:
- apache_upgrade:
- get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
- keystone_upgrade:
- - name: Stop keystone service (running under httpd)
- tags: step1
- service: name=httpd state=stopped
+ list_concat:
+ - get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
+ -
+ - name: Stop keystone service (running under httpd)
+ tags: step1
+ service: name=httpd state=stopped
diff --git a/puppet/services/manila-backend-isilon.yaml b/puppet/services/manila-backend-isilon.yaml
new file mode 100644
index 00000000..6d8a1fb6
--- /dev/null
+++ b/puppet/services/manila-backend-isilon.yaml
@@ -0,0 +1,72 @@
+heat_template_version: pike
+
+description: >
+ Openstack Manila isilon backend.
+
+parameters:
+ ManilaIsilonDriverHandlesShareServers:
+ type: string
+ default: true
+ ManilaIsilonBackendName:
+ type: string
+ default: tripleo_isilon
+ ManilaIsilonNasLogin:
+ type: string
+ default: ''
+ ManilaIsilonNasPassword:
+ type: string
+ default: ''
+ ManilaIsilonNasServer:
+ type: string
+ default: ''
+ ManilaIsilonNasRootDir:
+ type: string
+ default: ''
+ ManilaIsilonNasServerPort:
+ type: number
+ default: 8080
+ ManilaIsilonNasServerSecure:
+ type: string
+ default: ''
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ EndpointMap:
+ default: {}
+ type: json
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+
+outputs:
+ role_data:
+ description: Role data for the Manila Isilon backend.
+ value:
+ service_name: manila_backend_isilon
+ config_settings:
+ manila::backend::dellemc_isilon::title: {get_param: ManilaIsilonBackendName}
+ manila::backend::dellemc_isilon::emc_nas_login: {get_param: ManilaIsilonNasLogin}
+ manila::backend::dellemc_isilon::driver_handles_share_servers: {get_param: ManilaIsilonDriverHandlesShareServers}
+ manila::backend::dellemc_isilon::emc_nas_password: {get_param: ManilaIsilonNasPassword}
+ manila::backend::dellemc_isilon::emc_nas_server: {get_param: ManilaIsilonNasServer}
+ manila::backend::dellemc_isilon::emc_nas_root_dir: {get_param: ManilaIsilonNasRootDir}
+ manila::backend::dellemc_isilon::emc_nas_server_port: {get_param: ManilaIsilonNasServerPort}
+ manila::backend::dellemc_isilon::emc_nas_server_secure: {get_param: ManilaIsilonNasServerSecure}
+ step_config:
diff --git a/puppet/services/manila-backend-vmax.yaml b/puppet/services/manila-backend-vmax.yaml
new file mode 100644
index 00000000..cdd32f5d
--- /dev/null
+++ b/puppet/services/manila-backend-vmax.yaml
@@ -0,0 +1,74 @@
+heat_template_version: pike
+
+description: >
+ Openstack Manila vmax backend.
+
+parameters:
+ ManilaVMAXDriverHandlesShareServers:
+ type: string
+ default: false
+ ManilaVMAXBackendName:
+ type: string
+ default: tripleo_manila_vmax
+ ManilaVMAXNasLogin:
+ type: string
+ default: ''
+ ManilaVMAXNasPassword:
+ type: string
+ default: ''
+ ManilaVMAXNasServer:
+ type: string
+ default: ''
+ ManilaVMAXServerContainer:
+ type: string
+ default: ''
+ ManilaVMAXShareDataPools:
+ type: string
+ default: ''
+ ManilaVMAXEthernetPorts:
+ type: string
+ default: ''
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ EndpointMap:
+ default: {}
+ type: json
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+
+outputs:
+ role_data:
+ description: Role data for the Manila VMAX backend.
+ value:
+ service_name: manila_backend_vmax
+ config_settings:
+ manila::backend::dellemc_vmax::title: {get_param: ManilaVMAXBackendName}
+ manila::backend::dellemc_vmax::emc_nas_login: {get_param: ManilaVMAXNasLogin}
+ manila::backend::dellemc_vmax::driver_handles_share_servers: {get_param: ManilaVMAXDriverHandlesShareServers}
+ manila::backend::dellemc_vmax::emc_nas_password: {get_param: ManilaVMAXNasPassword}
+ manila::backend::dellemc_vmax::emc_nas_server: {get_param: ManilaVMAXNasServer}
+ manila::backend::dellemc_vmax::emc_share_backend: {'vmax'}
+ manila::backend::dellemc_vmax::vmax_server_container: {get_param: ManilaVMAXServerContainer}
+ manila::backend::dellemc_vmax::vmax_share_data_pools: {get_param: ManilaVMAXShareDataPools}
+ manila::backend::dellemc_vmax::vmax_ethernet_ports: {get_param: ManilaVMAXEthernetPorts}
+ step_config:
+
diff --git a/puppet/services/manila-scheduler.yaml b/puppet/services/manila-scheduler.yaml
index 7d43f685..364a1a3d 100644
--- a/puppet/services/manila-scheduler.yaml
+++ b/puppet/services/manila-scheduler.yaml
@@ -70,7 +70,7 @@ outputs:
manila::compute::nova::nova_admin_password: {get_param: NovaPassword}
manila::compute::nova::nova_admin_tenant_name: 'service'
manila::network::neutron::neutron_url: {get_param: [EndpointMap, NeutronInternal, uri]}
- manila::network::neutron::neutron_admin_auth_url: {get_param: [EndpointMap, NeutronAdmin, uri]}
+ manila::network::neutron::neutron_admin_auth_url: {get_param: [EndpointMap, KeystoneInternal, uri]}
manila::network::neutron::neutron_admin_password: {get_param: NeutronPassword}
step_config: |
include ::tripleo::profile::base::manila::scheduler
diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml
index 7894f78b..a2f82a58 100644
--- a/puppet/services/neutron-ovs-agent.yaml
+++ b/puppet/services/neutron-ovs-agent.yaml
@@ -140,22 +140,19 @@ outputs:
step_config: |
include ::tripleo::profile::base::neutron::ovs
upgrade_tasks:
- yaql:
- expression: $.data.ovs_upgrade + $.data.neutron_ovs_upgrade
- data:
- ovs_upgrade:
- get_attr: [Ovs, role_data, upgrade_tasks]
- neutron_ovs_upgrade:
- - name: Check if neutron_ovs_agent is deployed
- command: systemctl is-enabled neutron-openvswitch-agent
- tags: common
- ignore_errors: True
- register: neutron_ovs_agent_enabled
- - name: "PreUpgrade step0,validation: Check service neutron-openvswitch-agent is running"
- shell: /usr/bin/systemctl show 'neutron-openvswitch-agent' --property ActiveState | grep '\bactive\b'
- when: neutron_ovs_agent_enabled.rc == 0
- tags: step0,validation
- - name: Stop neutron_ovs_agent service
- tags: step1
- when: neutron_ovs_agent_enabled.rc == 0
- service: name=neutron-openvswitch-agent state=stopped
+ list_concat:
+ - get_attr: [Ovs, role_data, upgrade_tasks]
+ -
+ - name: Check if neutron_ovs_agent is deployed
+ command: systemctl is-enabled neutron-openvswitch-agent
+ tags: common
+ ignore_errors: True
+ register: neutron_ovs_agent_enabled
+ - name: "PreUpgrade step0,validation: Check service neutron-openvswitch-agent is running"
+ shell: /usr/bin/systemctl show 'neutron-openvswitch-agent' --property ActiveState | grep '\bactive\b'
+ when: neutron_ovs_agent_enabled.rc == 0
+ tags: step0,validation
+ - name: Stop neutron_ovs_agent service
+ tags: step1
+ when: neutron_ovs_agent_enabled.rc == 0
+ service: name=neutron-openvswitch-agent state=stopped
diff --git a/puppet/services/neutron-plugin-nsx.yaml b/puppet/services/neutron-plugin-nsx.yaml
index 2774b03e..26380649 100644
--- a/puppet/services/neutron-plugin-nsx.yaml
+++ b/puppet/services/neutron-plugin-nsx.yaml
@@ -65,14 +65,14 @@ outputs:
value:
service_name: neutron_plugin_nsx
config_settings:
- neutron::plugins::nsx_v3::default_overlay_tz: {get_param: DefaultOverlayTz}
- neutron::plugins::nsx_v3::default_tier0_router: {get_param: DefaultTier0Router}
- neutron::plugins::nsx_v3::nsx_api_managers: {get_param: NsxApiManagers}
- neutron::plugins::nsx_v3::nsx_api_user: {get_param: NsxApiUser}
- neutron::plugins::nsx_v3::nsx_api_password: {get_param: NsxApiPassword}
- neutron::plugins::nsx_v3::native_dhcp_metadata: {get_param: NativeDhcpMetadata}
- neutron::plugins::nsx_v3::dhcp_profile_uuid: {get_param: DhcpProfileUuid}
- neutron::plugins::nsx_v3::metadata_proxy_uuid: {get_param: MetadataProxyUuid}
+ neutron::plugins::nsx::default_overlay_tz: {get_param: DefaultOverlayTz}
+ neutron::plugins::nsx::default_tier0_router: {get_param: DefaultTier0Router}
+ neutron::plugins::nsx::nsx_api_managers: {get_param: NsxApiManagers}
+ neutron::plugins::nsx::nsx_api_user: {get_param: NsxApiUser}
+ neutron::plugins::nsx::nsx_api_password: {get_param: NsxApiPassword}
+ neutron::plugins::nsx::native_dhcp_metadata: {get_param: NativeDhcpMetadata}
+ neutron::plugins::nsx::dhcp_profile_uuid: {get_param: DhcpProfileUuid}
+ neutron::plugins::nsx::metadata_proxy_uuid: {get_param: MetadataProxyUuid}
step_config: |
- include tripleo::profile::base::neutron::plugins::nsx_v3
+ include tripleo::profile::base::neutron::plugins::nsx
diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml
index b413fb12..a4a3ca2b 100644
--- a/puppet/services/nova-api.yaml
+++ b/puppet/services/nova-api.yaml
@@ -199,88 +199,85 @@ outputs:
metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks:
- yaql:
- expression: $.data.apache_upgrade + $.data.nova_api_upgrade
- data:
- apache_upgrade:
- get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
- nova_api_upgrade:
- - name: get bootstrap nodeid
- tags: common
- command: hiera bootstrap_nodeid
- register: bootstrap_node
- - name: set is_bootstrap_node fact
- tags: common
- set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}}
- - name: Extra migration for nova tripleo/+bug/1656791
- tags: step0,pre-upgrade
- when: is_bootstrap_node
- command: nova-manage db online_data_migrations
- - name: Stop and disable nova_api service (pre-upgrade not under httpd)
- tags: step2
- service: name=openstack-nova-api state=stopped enabled=no
- - name: Create puppet manifest to set transport_url in nova.conf
- tags: step5
- when: is_bootstrap_node
- copy:
- dest: /root/nova-api_upgrade_manifest.pp
- mode: 0600
- content: >
- $transport_url = os_transport_url({
- 'transport' => hiera('messaging_service_name', 'rabbit'),
- 'hosts' => any2array(hiera('rabbitmq_node_names', undef)),
- 'port' => sprintf('%s',hiera('nova::rabbit_port', '5672') ),
- 'username' => hiera('nova::rabbit_userid', 'guest'),
- 'password' => hiera('nova::rabbit_password'),
- 'ssl' => sprintf('%s', bool2num(str2bool(hiera('nova::rabbit_use_ssl', '0'))))
- })
- oslo::messaging::default { 'nova_config':
- transport_url => $transport_url
- }
- - name: Run puppet apply to set tranport_url in nova.conf
- tags: step5
- when: is_bootstrap_node
- command: puppet apply --modulepath /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules --detailed-exitcodes /root/nova-api_upgrade_manifest.pp
- register: puppet_apply_nova_api_upgrade
- failed_when: puppet_apply_nova_api_upgrade.rc not in [0,2]
- changed_when: puppet_apply_nova_api_upgrade.rc == 2
- - name: Setup cell_v2 (map cell0)
- tags: step5
- when: is_bootstrap_node
- shell: nova-manage cell_v2 map_cell0 --database_connection=$(hiera nova::cell0_database_connection)
- - name: Setup cell_v2 (create default cell)
- tags: step5
- when: is_bootstrap_node
- # (owalsh) puppet-nova expects the cell name 'default'
- # (owalsh) pass the db uri explicitly to avoid https://bugs.launchpad.net/tripleo/+bug/1662344
- shell: nova-manage cell_v2 create_cell --name='default' --database_connection=$(hiera nova::database_connection)
- register: nova_api_create_cell
- failed_when: nova_api_create_cell.rc not in [0,2]
- changed_when: nova_api_create_cell.rc == 0
- - name: Setup cell_v2 (sync nova/cell DB)
- tags: step5
- when: is_bootstrap_node
- command: nova-manage db sync
- async: {get_param: NovaDbSyncTimeout}
- poll: 10
- - name: Setup cell_v2 (get cell uuid)
- tags: step5
- when: is_bootstrap_node
- shell: nova-manage cell_v2 list_cells | sed -e '1,3d' -e '$d' | awk -F ' *| *' '$2 == "default" {print $4}'
- register: nova_api_cell_uuid
- - name: Setup cell_v2 (migrate hosts)
- tags: step5
- when: is_bootstrap_node
- command: nova-manage cell_v2 discover_hosts --cell_uuid {{nova_api_cell_uuid.stdout}} --verbose
- - name: Setup cell_v2 (migrate instances)
- tags: step5
- when: is_bootstrap_node
- command: nova-manage cell_v2 map_instances --cell_uuid {{nova_api_cell_uuid.stdout}}
- - name: Sync nova_api DB
- tags: step5
- command: nova-manage api_db sync
- when: is_bootstrap_node
- - name: Online data migration for nova
- tags: step5
- when: is_bootstrap_node
- command: nova-manage db online_data_migrations
+ list_concat:
+ - get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
+ -
+ - name: get bootstrap nodeid
+ tags: common
+ command: hiera bootstrap_nodeid
+ register: bootstrap_node
+ - name: set is_bootstrap_node fact
+ tags: common
+ set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}}
+ - name: Extra migration for nova tripleo/+bug/1656791
+ tags: step0,pre-upgrade
+ when: is_bootstrap_node
+ command: nova-manage db online_data_migrations
+ - name: Stop and disable nova_api service (pre-upgrade not under httpd)
+ tags: step2
+ service: name=openstack-nova-api state=stopped enabled=no
+ - name: Create puppet manifest to set transport_url in nova.conf
+ tags: step5
+ when: is_bootstrap_node
+ copy:
+ dest: /root/nova-api_upgrade_manifest.pp
+ mode: 0600
+ content: >
+ $transport_url = os_transport_url({
+ 'transport' => hiera('messaging_service_name', 'rabbit'),
+ 'hosts' => any2array(hiera('rabbitmq_node_names', undef)),
+ 'port' => sprintf('%s',hiera('nova::rabbit_port', '5672') ),
+ 'username' => hiera('nova::rabbit_userid', 'guest'),
+ 'password' => hiera('nova::rabbit_password'),
+ 'ssl' => sprintf('%s', bool2num(str2bool(hiera('nova::rabbit_use_ssl', '0'))))
+ })
+ oslo::messaging::default { 'nova_config':
+ transport_url => $transport_url
+ }
+ - name: Run puppet apply to set tranport_url in nova.conf
+ tags: step5
+ when: is_bootstrap_node
+ command: puppet apply --modulepath /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules --detailed-exitcodes /root/nova-api_upgrade_manifest.pp
+ register: puppet_apply_nova_api_upgrade
+ failed_when: puppet_apply_nova_api_upgrade.rc not in [0,2]
+ changed_when: puppet_apply_nova_api_upgrade.rc == 2
+ - name: Setup cell_v2 (map cell0)
+ tags: step5
+ when: is_bootstrap_node
+ shell: nova-manage cell_v2 map_cell0 --database_connection=$(hiera nova::cell0_database_connection)
+ - name: Setup cell_v2 (create default cell)
+ tags: step5
+ when: is_bootstrap_node
+ # (owalsh) puppet-nova expects the cell name 'default'
+ # (owalsh) pass the db uri explicitly to avoid https://bugs.launchpad.net/tripleo/+bug/1662344
+ shell: nova-manage cell_v2 create_cell --name='default' --database_connection=$(hiera nova::database_connection)
+ register: nova_api_create_cell
+ failed_when: nova_api_create_cell.rc not in [0,2]
+ changed_when: nova_api_create_cell.rc == 0
+ - name: Setup cell_v2 (sync nova/cell DB)
+ tags: step5
+ when: is_bootstrap_node
+ command: nova-manage db sync
+ async: {get_param: NovaDbSyncTimeout}
+ poll: 10
+ - name: Setup cell_v2 (get cell uuid)
+ tags: step5
+ when: is_bootstrap_node
+ shell: nova-manage cell_v2 list_cells | sed -e '1,3d' -e '$d' | awk -F ' *| *' '$2 == "default" {print $4}'
+ register: nova_api_cell_uuid
+ - name: Setup cell_v2 (migrate hosts)
+ tags: step5
+ when: is_bootstrap_node
+ command: nova-manage cell_v2 discover_hosts --cell_uuid {{nova_api_cell_uuid.stdout}} --verbose
+ - name: Setup cell_v2 (migrate instances)
+ tags: step5
+ when: is_bootstrap_node
+ command: nova-manage cell_v2 map_instances --cell_uuid {{nova_api_cell_uuid.stdout}}
+ - name: Sync nova_api DB
+ tags: step5
+ command: nova-manage api_db sync
+ when: is_bootstrap_node
+ - name: Online data migration for nova
+ tags: step5
+ when: is_bootstrap_node
+ command: nova-manage db online_data_migrations
diff --git a/puppet/services/opendaylight-api.yaml b/puppet/services/opendaylight-api.yaml
index 472dbcce..71536ff3 100644
--- a/puppet/services/opendaylight-api.yaml
+++ b/puppet/services/opendaylight-api.yaml
@@ -62,6 +62,14 @@ parameters:
description: Whether to manage the OpenDaylight repository
type: boolean
default: false
+ OpenDaylightSNATMechanism:
+ description: SNAT mechanism to be used
+ default: 'conntrack'
+ type: string
+ constraints:
+ - allowed_values:
+ - conntrack
+ - controller
outputs:
role_data:
@@ -84,6 +92,7 @@ outputs:
- 6640
- 6653
- 2550
+ opendaylight::snat_mechanism: {get_param: OpenDaylightSNATMechanism}
step_config: |
include tripleo::profile::base::neutron::opendaylight
upgrade_tasks:
diff --git a/puppet/services/opendaylight-ovs.yaml b/puppet/services/opendaylight-ovs.yaml
index 139ab7c7..c1cec4ff 100644
--- a/puppet/services/opendaylight-ovs.yaml
+++ b/puppet/services/opendaylight-ovs.yaml
@@ -141,22 +141,19 @@ outputs:
step_config: |
include tripleo::profile::base::neutron::plugins::ovs::opendaylight
upgrade_tasks:
- yaql:
- expression: $.data.ovs_upgrade + $.data.opendaylight_upgrade
- data:
- ovs_upgrade:
- get_attr: [Ovs, role_data, upgrade_tasks]
- opendaylight_upgrade:
- - name: Check if openvswitch is deployed
- command: systemctl is-enabled openvswitch
- tags: common
- ignore_errors: True
- register: openvswitch_enabled
- - name: "PreUpgrade step0,validation: Check service openvswitch is running"
- shell: /usr/bin/systemctl show 'openvswitch' --property ActiveState | grep '\bactive\b'
- when: openvswitch_enabled.rc == 0
- tags: step0,validation
- - name: Stop openvswitch service
- tags: step1
- when: openvswitch_enabled.rc == 0
- service: name=openvswitch state=stopped
+ list_concat:
+ - get_attr: [Ovs, role_data, upgrade_tasks]
+ -
+ - name: Check if openvswitch is deployed
+ command: systemctl is-enabled openvswitch
+ tags: common
+ ignore_errors: True
+ register: openvswitch_enabled
+ - name: "PreUpgrade step0,validation: Check service openvswitch is running"
+ shell: /usr/bin/systemctl show 'openvswitch' --property ActiveState | grep '\bactive\b'
+ when: openvswitch_enabled.rc == 0
+ tags: step0,validation
+ - name: Stop openvswitch service
+ tags: step1
+ when: openvswitch_enabled.rc == 0
+ service: name=openvswitch state=stopped
diff --git a/puppet/services/openvswitch.yaml b/puppet/services/openvswitch.yaml
index d8061d4b..6479d7f9 100644
--- a/puppet/services/openvswitch.yaml
+++ b/puppet/services/openvswitch.yaml
@@ -179,6 +179,6 @@ outputs:
with_items:
- "{{ovs_list_of_rpms.stdout_lines}}"
tags: step2
- when: "'2.5.0-14' in '{{ovs_version.stdout}}'
+ when: "'2.5.0-14' in ovs_version.stdout|default('')
or
- ovs_packaging_issue|succeeded"
+ ovs_packaging_issue|default(false)|succeeded"
diff --git a/puppet/services/pacemaker/database/redis.yaml b/puppet/services/pacemaker/database/redis.yaml
index 66eb4b2a..e466f304 100644
--- a/puppet/services/pacemaker/database/redis.yaml
+++ b/puppet/services/pacemaker/database/redis.yaml
@@ -53,5 +53,16 @@ outputs:
- redis::service_manage: false
redis::notify_service: false
redis::managed_by_cluster_manager: true
+ tripleo::profile::pacemaker::database::redis::tls_proxy_bind_ip:
+ get_param: [ServiceNetMap, RedisNetwork]
+ tripleo::profile::pacemaker::database::redis::tls_proxy_fqdn:
+ str_replace:
+ template:
+ "%{hiera('fqdn_$NETWORK')}"
+ params:
+ $NETWORK: {get_param: [ServiceNetMap, RedisNetwork]}
+ tripleo::profile::pacemaker::database::redis::tls_proxy_port: 6379
step_config: |
include ::tripleo::profile::pacemaker::database::redis
+ metadata_settings:
+ get_attr: [RedisBase, role_data, metadata_settings]
diff --git a/puppet/services/panko-api.yaml b/puppet/services/panko-api.yaml
index 74d3f27c..892ad1c1 100644
--- a/puppet/services/panko-api.yaml
+++ b/puppet/services/panko-api.yaml
@@ -112,27 +112,24 @@ outputs:
metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks:
- yaql:
- expression: $.data.apache_upgrade + $.data.panko_api_upgrade
- data:
- apache_upgrade:
- get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
- panko_api_upgrade:
- - name: Check if httpd is deployed
- command: systemctl is-enabled httpd
- tags: common
- ignore_errors: True
- register: httpd_enabled
- - name: "PreUpgrade step0,validation: Check if httpd is running"
- shell: >
- /usr/bin/systemctl show 'httpd' --property ActiveState |
- grep '\bactive\b'
- when: httpd_enabled.rc == 0
- tags: step0,validation
- - name: Stop panko-api service (running under httpd)
- tags: step1
- service: name=httpd state=stopped
- when: httpd_enabled.rc == 0
- - name: Install openstack-panko-api package if it was not installed
- tags: step3
- yum: name=openstack-panko-api state=latest
+ list_concat:
+ - get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
+ -
+ - name: Check if httpd is deployed
+ command: systemctl is-enabled httpd
+ tags: common
+ ignore_errors: True
+ register: httpd_enabled
+ - name: "PreUpgrade step0,validation: Check if httpd is running"
+ shell: >
+ /usr/bin/systemctl show 'httpd' --property ActiveState |
+ grep '\bactive\b'
+ when: httpd_enabled.rc == 0
+ tags: step0,validation
+ - name: Stop panko-api service (running under httpd)
+ tags: step1
+ service: name=httpd state=stopped
+ when: httpd_enabled.rc == 0
+ - name: Install openstack-panko-api package if it was not installed
+ tags: step3
+ yum: name=openstack-panko-api state=latest
diff --git a/puppet/services/rabbitmq.yaml b/puppet/services/rabbitmq.yaml
index ba3a0984..a1a60201 100644
--- a/puppet/services/rabbitmq.yaml
+++ b/puppet/services/rabbitmq.yaml
@@ -122,6 +122,7 @@ outputs:
rabbitmq::interface: {get_param: [ServiceNetMap, RabbitmqNetwork]}
rabbitmq::nr_ha_queues: {get_param: RabbitHAQueues}
rabbitmq::ssl: {get_param: EnableInternalTLS}
+ rabbitmq::ssl_erl_dist: {get_param: EnableInternalTLS}
rabbitmq::ssl_port: 5672
rabbitmq::ssl_depth: 1
rabbitmq::ssl_only: {get_param: EnableInternalTLS}
diff --git a/puppet/services/zaqar-api.yaml b/puppet/services/zaqar-api.yaml
index 82d105ef..71f90534 100644
--- a/puppet/services/zaqar-api.yaml
+++ b/puppet/services/zaqar-api.yaml
@@ -98,6 +98,7 @@ outputs:
zaqar::keystone::authtoken::project_name: 'service'
zaqar::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
zaqar::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
+ zaqar::keystone::trust::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
zaqar::debug:
if:
- service_debug_unset
@@ -164,6 +165,8 @@ outputs:
zaqar::keystone::auth_websocket::internal_url: {get_param: [EndpointMap, ZaqarWebSocketInternal, uri]}
zaqar::keystone::auth_websocket::region: {get_param: KeystoneRegion}
zaqar::keystone::auth_websocket::tenant: 'service'
+ zaqar::keystone::trust::password: {get_param: ZaqarPassword}
+ zaqar::keystone::trust::user_domain_name: 'Default'
-
if:
- zaqar_management_store_sqlalchemy
@@ -181,37 +184,34 @@ outputs:
metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks:
- yaql:
- expression: $.data.apache_upgrade + $.data.zaqar_upgrade
- data:
- apache_upgrade:
- get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
- zaqar_upgrade:
- - name: Check if zaqar is deployed
- command: systemctl is-enabled openstack-zaqar
- tags: common
- ignore_errors: True
- register: zaqar_enabled
- - name: "PreUpgrade step0,validation: Check if openstack-zaqar is running"
- shell: >
- /usr/bin/systemctl show 'openstack-zaqar' --property ActiveState |
- grep '\bactive\b'
- when: zaqar_enabled.rc == 0
- tags: step0,validation
- - name: Check for zaqar running under apache (post upgrade)
- tags: step1
- shell: "httpd -t -D DUMP_VHOSTS | grep -q zaqar_wsgi"
- register: zaqar_apache
- ignore_errors: true
- - name: Stop zaqar service (running under httpd)
- tags: step1
- service: name=httpd state=stopped
- when: zaqar_apache.rc == 0
- - name: Stop and disable zaqar service (pre-upgrade not under httpd)
- tags: step1
- when: zaqar_enabled.rc == 0
- service: name=openstack-zaqar state=stopped enabled=no
- - name: Install openstack-zaqar package if it was disabled
- tags: step3
- yum: name=openstack-zaqar state=latest
- when: zaqar_enabled.rc != 0
+ list_concat:
+ - get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
+ -
+ - name: Check if zaqar is deployed
+ command: systemctl is-enabled openstack-zaqar
+ tags: common
+ ignore_errors: True
+ register: zaqar_enabled
+ - name: "PreUpgrade step0,validation: Check if openstack-zaqar is running"
+ shell: >
+ /usr/bin/systemctl show 'openstack-zaqar' --property ActiveState |
+ grep '\bactive\b'
+ when: zaqar_enabled.rc == 0
+ tags: step0,validation
+ - name: Check for zaqar running under apache (post upgrade)
+ tags: step1
+ shell: "httpd -t -D DUMP_VHOSTS | grep -q zaqar_wsgi"
+ register: zaqar_apache
+ ignore_errors: true
+ - name: Stop zaqar service (running under httpd)
+ tags: step1
+ service: name=httpd state=stopped
+ when: zaqar_apache.rc == 0
+ - name: Stop and disable zaqar service (pre-upgrade not under httpd)
+ tags: step1
+ when: zaqar_enabled.rc == 0
+ service: name=openstack-zaqar state=stopped enabled=no
+ - name: Install openstack-zaqar package if it was disabled
+ tags: step3
+ yum: name=openstack-zaqar state=latest
+ when: zaqar_enabled.rc != 0