summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Polenchuk <mpolenchuk@mirantis.com>2017-08-28 14:50:03 +0400
committerMichael Polenchuk <mpolenchuk@mirantis.com>2017-08-28 20:23:26 +0400
commit4003dfc1ff62edc587f83aa54cd9eb3fd0347635 (patch)
treedb7c59ebfb5350d519a2bf5a221d2ec01e1ab4fe
parent08bb570b39b123c5a5adf70e34e05bb43a6e3387 (diff)
Sync os cacert from proxy to salt master
JIRA: FUEL-274 Change-Id: I2c8161b24cb18a0d1f9dc6fd509ce18af7ea8cf5 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
-rwxr-xr-xmcp/config/states/openstack_ha3
-rw-r--r--mcp/patches/0008-Handle-file_recv-option.patch18
-rw-r--r--mcp/patches/patches.list1
-rw-r--r--mcp/reclass/classes/cluster/baremetal-mcp-ocata-odl-ha/infra/config.yml1
-rw-r--r--mcp/reclass/classes/cluster/baremetal-mcp-ocata-odl-ha/openstack/control.yml3
-rw-r--r--mcp/reclass/classes/cluster/baremetal-mcp-ocata-ovs-dpdk-ha/infra/config.yml1
-rw-r--r--mcp/reclass/classes/cluster/baremetal-mcp-ocata-ovs-dpdk-ha/openstack/control.yml3
-rw-r--r--mcp/reclass/classes/cluster/baremetal-mcp-ocata-ovs-ha/infra/config.yml1
-rw-r--r--mcp/reclass/classes/cluster/baremetal-mcp-ocata-ovs-ha/openstack/control.yml3
m---------mcp/reclass/classes/system0
10 files changed, 34 insertions, 0 deletions
diff --git a/mcp/config/states/openstack_ha b/mcp/config/states/openstack_ha
index 507ca6124..cc4279c8f 100755
--- a/mcp/config/states/openstack_ha
+++ b/mcp/config/states/openstack_ha
@@ -44,3 +44,6 @@ salt -I 'nova:compute' state.sls nova
salt -I 'horizon:server' state.sls horizon
salt -I 'nginx:server' state.sls nginx
+
+salt -C 'I@nginx:server and *01*' cp.push /etc/ssl/certs/10.167.4.80-with-chain.crt upload_path='/os_cacert'
+cd /etc/ssl/certs && ln -s /var/cache/salt/master/minions/prx01.*/files/os_cacert
diff --git a/mcp/patches/0008-Handle-file_recv-option.patch b/mcp/patches/0008-Handle-file_recv-option.patch
new file mode 100644
index 000000000..0c76449f7
--- /dev/null
+++ b/mcp/patches/0008-Handle-file_recv-option.patch
@@ -0,0 +1,18 @@
+From: Michael Polenchuk <mpolenchuk@mirantis.com>
+Date: Mon, 28 Aug 2017 16:17:43 +0400
+Subject: [PATCH] Handle file_recv option
+
+
+diff --git a/salt/files/master.conf b/salt/files/master.conf
+index 329ae0d..a9d9656 100644
+--- a/salt/files/master.conf
++++ b/salt/files/master.conf
+@@ -95,6 +95,8 @@ logstash_zmq_handler:
+ order_masters: True
+ {%- endif %}
+
++file_recv: {{ master.get('file_recv', False) }}
++
+ {#-
+ vim: syntax=jinja
+ -#}
diff --git a/mcp/patches/patches.list b/mcp/patches/patches.list
index 1a651cfe0..419ff261c 100644
--- a/mcp/patches/patches.list
+++ b/mcp/patches/patches.list
@@ -5,3 +5,4 @@
/usr/share/salt-formulas/env: 0005-maas-module-Obtain-fabric-ID-from-CIDR.patch
/usr/share/salt-formulas/env: 0006-maas-module-Add-VLAN-DHCP-enable-support.patch
/usr/share/salt-formulas/env: 0007-linux.network.interface-noifupdown-support.patch
+/usr/share/salt-formulas/env: 0008-Handle-file_recv-option.patch
diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-ocata-odl-ha/infra/config.yml b/mcp/reclass/classes/cluster/baremetal-mcp-ocata-odl-ha/infra/config.yml
index 202799fde..a7b08f8df 100644
--- a/mcp/reclass/classes/cluster/baremetal-mcp-ocata-odl-ha/infra/config.yml
+++ b/mcp/reclass/classes/cluster/baremetal-mcp-ocata-odl-ha/infra/config.yml
@@ -38,6 +38,7 @@ parameters:
salt:
master:
accept_policy: open_mode
+ file_recv: true
reclass:
storage:
data_source:
diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-ocata-odl-ha/openstack/control.yml b/mcp/reclass/classes/cluster/baremetal-mcp-ocata-odl-ha/openstack/control.yml
index 227c64921..e8666d6c1 100644
--- a/mcp/reclass/classes/cluster/baremetal-mcp-ocata-odl-ha/openstack/control.yml
+++ b/mcp/reclass/classes/cluster/baremetal-mcp-ocata-odl-ha/openstack/control.yml
@@ -39,6 +39,9 @@ parameters:
interface:
ens2: ${_param:linux_dhcp_interface}
ens3: ${_param:linux_single_interface}
+ keystone:
+ server:
+ cacert: /etc/ssl/certs/mcp_os_cacert
neutron:
server:
backend:
diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-ocata-ovs-dpdk-ha/infra/config.yml b/mcp/reclass/classes/cluster/baremetal-mcp-ocata-ovs-dpdk-ha/infra/config.yml
index b7fd1283b..be3dc38b6 100644
--- a/mcp/reclass/classes/cluster/baremetal-mcp-ocata-ovs-dpdk-ha/infra/config.yml
+++ b/mcp/reclass/classes/cluster/baremetal-mcp-ocata-ovs-dpdk-ha/infra/config.yml
@@ -37,6 +37,7 @@ parameters:
salt:
master:
accept_policy: open_mode
+ file_recv: true
reclass:
storage:
data_source:
diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-ocata-ovs-dpdk-ha/openstack/control.yml b/mcp/reclass/classes/cluster/baremetal-mcp-ocata-ovs-dpdk-ha/openstack/control.yml
index 4bfd27c8b..e7a3b85c4 100644
--- a/mcp/reclass/classes/cluster/baremetal-mcp-ocata-ovs-dpdk-ha/openstack/control.yml
+++ b/mcp/reclass/classes/cluster/baremetal-mcp-ocata-ovs-dpdk-ha/openstack/control.yml
@@ -43,6 +43,9 @@ parameters:
interface:
ens2: ${_param:linux_dhcp_interface}
ens3: ${_param:linux_single_interface}
+ keystone:
+ server:
+ cacert: /etc/ssl/certs/mcp_os_cacert
bind:
server:
control:
diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-ocata-ovs-ha/infra/config.yml b/mcp/reclass/classes/cluster/baremetal-mcp-ocata-ovs-ha/infra/config.yml
index ce2c95145..a75b41d3d 100644
--- a/mcp/reclass/classes/cluster/baremetal-mcp-ocata-ovs-ha/infra/config.yml
+++ b/mcp/reclass/classes/cluster/baremetal-mcp-ocata-ovs-ha/infra/config.yml
@@ -37,6 +37,7 @@ parameters:
salt:
master:
accept_policy: open_mode
+ file_recv: true
reclass:
storage:
data_source:
diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-ocata-ovs-ha/openstack/control.yml b/mcp/reclass/classes/cluster/baremetal-mcp-ocata-ovs-ha/openstack/control.yml
index 6f47f8ad0..a5913dd52 100644
--- a/mcp/reclass/classes/cluster/baremetal-mcp-ocata-ovs-ha/openstack/control.yml
+++ b/mcp/reclass/classes/cluster/baremetal-mcp-ocata-ovs-ha/openstack/control.yml
@@ -39,6 +39,9 @@ parameters:
interface:
ens2: ${_param:linux_dhcp_interface}
ens3: ${_param:linux_single_interface}
+ keystone:
+ server:
+ cacert: /etc/ssl/certs/mcp_os_cacert
bind:
server:
control:
diff --git a/mcp/reclass/classes/system b/mcp/reclass/classes/system
-Subproject fc30e3196598bb01f8807d90113d7b8c0794ea9
+Subproject 7b186ff21829b6a0055c08cc681b94bd89aedf1