From 4003dfc1ff62edc587f83aa54cd9eb3fd0347635 Mon Sep 17 00:00:00 2001 From: Michael Polenchuk Date: Mon, 28 Aug 2017 14:50:03 +0400 Subject: Sync os cacert from proxy to salt master JIRA: FUEL-274 Change-Id: I2c8161b24cb18a0d1f9dc6fd509ce18af7ea8cf5 Signed-off-by: Michael Polenchuk --- mcp/config/states/openstack_ha | 3 +++ mcp/patches/0008-Handle-file_recv-option.patch | 18 ++++++++++++++++++ mcp/patches/patches.list | 1 + .../baremetal-mcp-ocata-odl-ha/infra/config.yml | 1 + .../baremetal-mcp-ocata-odl-ha/openstack/control.yml | 3 +++ .../baremetal-mcp-ocata-ovs-dpdk-ha/infra/config.yml | 1 + .../openstack/control.yml | 3 +++ .../baremetal-mcp-ocata-ovs-ha/infra/config.yml | 1 + .../baremetal-mcp-ocata-ovs-ha/openstack/control.yml | 3 +++ mcp/reclass/classes/system | 2 +- 10 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 mcp/patches/0008-Handle-file_recv-option.patch diff --git a/mcp/config/states/openstack_ha b/mcp/config/states/openstack_ha index 507ca6124..cc4279c8f 100755 --- a/mcp/config/states/openstack_ha +++ b/mcp/config/states/openstack_ha @@ -44,3 +44,6 @@ salt -I 'nova:compute' state.sls nova salt -I 'horizon:server' state.sls horizon salt -I 'nginx:server' state.sls nginx + +salt -C 'I@nginx:server and *01*' cp.push /etc/ssl/certs/10.167.4.80-with-chain.crt upload_path='/os_cacert' +cd /etc/ssl/certs && ln -s /var/cache/salt/master/minions/prx01.*/files/os_cacert diff --git a/mcp/patches/0008-Handle-file_recv-option.patch b/mcp/patches/0008-Handle-file_recv-option.patch new file mode 100644 index 000000000..0c76449f7 --- /dev/null +++ b/mcp/patches/0008-Handle-file_recv-option.patch @@ -0,0 +1,18 @@ +From: Michael Polenchuk +Date: Mon, 28 Aug 2017 16:17:43 +0400 +Subject: [PATCH] Handle file_recv option + + +diff --git a/salt/files/master.conf b/salt/files/master.conf +index 329ae0d..a9d9656 100644 +--- a/salt/files/master.conf ++++ b/salt/files/master.conf +@@ -95,6 +95,8 @@ logstash_zmq_handler: + order_masters: True + {%- endif %} + ++file_recv: {{ master.get('file_recv', False) }} ++ + {#- + vim: syntax=jinja + -#} diff --git a/mcp/patches/patches.list b/mcp/patches/patches.list index 1a651cfe0..419ff261c 100644 --- a/mcp/patches/patches.list +++ b/mcp/patches/patches.list @@ -5,3 +5,4 @@ /usr/share/salt-formulas/env: 0005-maas-module-Obtain-fabric-ID-from-CIDR.patch /usr/share/salt-formulas/env: 0006-maas-module-Add-VLAN-DHCP-enable-support.patch /usr/share/salt-formulas/env: 0007-linux.network.interface-noifupdown-support.patch +/usr/share/salt-formulas/env: 0008-Handle-file_recv-option.patch diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-ocata-odl-ha/infra/config.yml b/mcp/reclass/classes/cluster/baremetal-mcp-ocata-odl-ha/infra/config.yml index 202799fde..a7b08f8df 100644 --- a/mcp/reclass/classes/cluster/baremetal-mcp-ocata-odl-ha/infra/config.yml +++ b/mcp/reclass/classes/cluster/baremetal-mcp-ocata-odl-ha/infra/config.yml @@ -38,6 +38,7 @@ parameters: salt: master: accept_policy: open_mode + file_recv: true reclass: storage: data_source: diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-ocata-odl-ha/openstack/control.yml b/mcp/reclass/classes/cluster/baremetal-mcp-ocata-odl-ha/openstack/control.yml index 227c64921..e8666d6c1 100644 --- a/mcp/reclass/classes/cluster/baremetal-mcp-ocata-odl-ha/openstack/control.yml +++ b/mcp/reclass/classes/cluster/baremetal-mcp-ocata-odl-ha/openstack/control.yml @@ -39,6 +39,9 @@ parameters: interface: ens2: ${_param:linux_dhcp_interface} ens3: ${_param:linux_single_interface} + keystone: + server: + cacert: /etc/ssl/certs/mcp_os_cacert neutron: server: backend: diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-ocata-ovs-dpdk-ha/infra/config.yml b/mcp/reclass/classes/cluster/baremetal-mcp-ocata-ovs-dpdk-ha/infra/config.yml index b7fd1283b..be3dc38b6 100644 --- a/mcp/reclass/classes/cluster/baremetal-mcp-ocata-ovs-dpdk-ha/infra/config.yml +++ b/mcp/reclass/classes/cluster/baremetal-mcp-ocata-ovs-dpdk-ha/infra/config.yml @@ -37,6 +37,7 @@ parameters: salt: master: accept_policy: open_mode + file_recv: true reclass: storage: data_source: diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-ocata-ovs-dpdk-ha/openstack/control.yml b/mcp/reclass/classes/cluster/baremetal-mcp-ocata-ovs-dpdk-ha/openstack/control.yml index 4bfd27c8b..e7a3b85c4 100644 --- a/mcp/reclass/classes/cluster/baremetal-mcp-ocata-ovs-dpdk-ha/openstack/control.yml +++ b/mcp/reclass/classes/cluster/baremetal-mcp-ocata-ovs-dpdk-ha/openstack/control.yml @@ -43,6 +43,9 @@ parameters: interface: ens2: ${_param:linux_dhcp_interface} ens3: ${_param:linux_single_interface} + keystone: + server: + cacert: /etc/ssl/certs/mcp_os_cacert bind: server: control: diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-ocata-ovs-ha/infra/config.yml b/mcp/reclass/classes/cluster/baremetal-mcp-ocata-ovs-ha/infra/config.yml index ce2c95145..a75b41d3d 100644 --- a/mcp/reclass/classes/cluster/baremetal-mcp-ocata-ovs-ha/infra/config.yml +++ b/mcp/reclass/classes/cluster/baremetal-mcp-ocata-ovs-ha/infra/config.yml @@ -37,6 +37,7 @@ parameters: salt: master: accept_policy: open_mode + file_recv: true reclass: storage: data_source: diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-ocata-ovs-ha/openstack/control.yml b/mcp/reclass/classes/cluster/baremetal-mcp-ocata-ovs-ha/openstack/control.yml index 6f47f8ad0..a5913dd52 100644 --- a/mcp/reclass/classes/cluster/baremetal-mcp-ocata-ovs-ha/openstack/control.yml +++ b/mcp/reclass/classes/cluster/baremetal-mcp-ocata-ovs-ha/openstack/control.yml @@ -39,6 +39,9 @@ parameters: interface: ens2: ${_param:linux_dhcp_interface} ens3: ${_param:linux_single_interface} + keystone: + server: + cacert: /etc/ssl/certs/mcp_os_cacert bind: server: control: diff --git a/mcp/reclass/classes/system b/mcp/reclass/classes/system index fc30e3196..7b186ff21 160000 --- a/mcp/reclass/classes/system +++ b/mcp/reclass/classes/system @@ -1 +1 @@ -Subproject commit fc30e3196598bb01f8807d90113d7b8c0794ea94 +Subproject commit 7b186ff21829b6a0055c08cc681b94bd89aedf1d -- cgit 1.2.3-korg