7c84a9b390
During upgrades, validation test if a service is running before the upgrade process starts. In some cases, servies doesn't exist yet so we don't want to run the validation. This patch makes sure we check if the service is actually present on the system before validating it's running correctly. Also it makes sure that services are enabled before trying to stop them. It allows use-cases where we want to add new services during an upgrade. Also install new packages of services added in Ocata, so we can validate upgrades on scenarios jobs. Change-Id: Ib48fb6b1557be43956557cbde4cbe26b53a50bd8
175 lines
7.1 KiB
YAML
175 lines
7.1 KiB
YAML
heat_template_version: ocata
|
|
|
|
description: >
|
|
OpenStack Cinder API service configured with Puppet
|
|
|
|
parameters:
|
|
CinderEnableDBPurge:
|
|
default: true
|
|
description: |
|
|
Whether to create cron job for purging soft deleted rows in Cinder database.
|
|
type: boolean
|
|
CinderPassword:
|
|
description: The password for the cinder service account, used by cinder-api.
|
|
type: string
|
|
hidden: true
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
KeystoneRegion:
|
|
type: string
|
|
default: 'regionOne'
|
|
description: Keystone region for endpoint
|
|
MonitoringSubscriptionCinderApi:
|
|
default: 'overcloud-cinder-api'
|
|
type: string
|
|
CinderApiLoggingSource:
|
|
type: json
|
|
default:
|
|
tag: openstack.cinder.api
|
|
path: /var/log/cinder/cinder-api.log
|
|
CinderWorkers:
|
|
type: string
|
|
description: Set the number of workers for cinder::wsgi::apache
|
|
default: '%{::os_workers}'
|
|
EnableInternalTLS:
|
|
type: boolean
|
|
default: false
|
|
|
|
conditions:
|
|
cinder_workers_zero: {equals : [{get_param: CinderWorkers}, 0]}
|
|
|
|
resources:
|
|
|
|
ApacheServiceBase:
|
|
type: ./apache.yaml
|
|
properties:
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
EndpointMap: {get_param: EndpointMap}
|
|
EnableInternalTLS: {get_param: EnableInternalTLS}
|
|
|
|
CinderBase:
|
|
type: ./cinder-base.yaml
|
|
properties:
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
EndpointMap: {get_param: EndpointMap}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Cinder API role.
|
|
value:
|
|
service_name: cinder_api
|
|
monitoring_subscription: {get_param: MonitoringSubscriptionCinderApi}
|
|
logging_source: {get_param: CinderApiLoggingSource}
|
|
logging_groups:
|
|
- cinder
|
|
config_settings:
|
|
map_merge:
|
|
- get_attr: [CinderBase, role_data, config_settings]
|
|
- get_attr: [ApacheServiceBase, role_data, config_settings]
|
|
- cinder::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
|
|
cinder::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
|
cinder::keystone::authtoken::password: {get_param: CinderPassword}
|
|
cinder::keystone::authtoken::project_name: 'service'
|
|
cinder::api::enable_proxy_headers_parsing: true
|
|
|
|
cinder::api::nova_catalog_info: 'compute:nova:internalURL'
|
|
cinder::api::nova_catalog_admin_info: 'compute:nova:adminURL'
|
|
# TODO(emilien) move it to puppet-cinder
|
|
cinder::config:
|
|
DEFAULT/swift_catalog_info:
|
|
value: 'object-store:swift:internalURL'
|
|
tripleo::profile::base::cinder::cinder_enable_db_purge: {get_param: CinderEnableDBPurge}
|
|
tripleo.cinder_api.firewall_rules:
|
|
'119 cinder':
|
|
dport:
|
|
- 8776
|
|
- 13776
|
|
cinder::api::bind_host:
|
|
str_replace:
|
|
template:
|
|
"%{hiera('fqdn_$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, CinderApiNetwork]}
|
|
cinder::wsgi::apache::ssl: {get_param: EnableInternalTLS}
|
|
cinder::api::service_name: 'httpd'
|
|
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
|
|
# for the given network; replacement examples (eg. for internal_api):
|
|
# internal_api -> IP
|
|
# internal_api_uri -> [IP]
|
|
# internal_api_subnet - > IP/CIDR
|
|
cinder::wsgi::apache::bind_host: {get_param: [ServiceNetMap, CinderApiNetwork]}
|
|
cinder::wsgi::apache::servername:
|
|
str_replace:
|
|
template:
|
|
"%{hiera('fqdn_$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, CinderApiNetwork]}
|
|
-
|
|
if:
|
|
- cinder_workers_zero
|
|
- {}
|
|
- cinder::wsgi::apache::workers: {get_param: CinderWorkers}
|
|
step_config: |
|
|
include ::tripleo::profile::base::cinder::api
|
|
service_config_settings:
|
|
keystone:
|
|
cinder::keystone::auth::tenant: 'service'
|
|
cinder::keystone::auth::public_url: {get_param: [EndpointMap, CinderPublic, uri]}
|
|
cinder::keystone::auth::internal_url: {get_param: [EndpointMap, CinderInternal, uri]}
|
|
cinder::keystone::auth::admin_url: {get_param: [EndpointMap, CinderAdmin, uri]}
|
|
cinder::keystone::auth::public_url_v2: {get_param: [EndpointMap, CinderV2Public, uri]}
|
|
cinder::keystone::auth::internal_url_v2: {get_param: [EndpointMap, CinderV2Internal, uri]}
|
|
cinder::keystone::auth::admin_url_v2: {get_param: [EndpointMap, CinderV2Admin, uri]}
|
|
cinder::keystone::auth::public_url_v3: {get_param: [EndpointMap, CinderV3Public, uri]}
|
|
cinder::keystone::auth::internal_url_v3: {get_param: [EndpointMap, CinderV3Internal, uri]}
|
|
cinder::keystone::auth::admin_url_v3: {get_param: [EndpointMap, CinderV3Admin, uri]}
|
|
cinder::keystone::auth::password: {get_param: CinderPassword}
|
|
cinder::keystone::auth::region: {get_param: KeystoneRegion}
|
|
mysql:
|
|
cinder::db::mysql::password: {get_param: CinderPassword}
|
|
cinder::db::mysql::user: cinder
|
|
cinder::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
|
|
cinder::db::mysql::dbname: cinder
|
|
cinder::db::mysql::allowed_hosts:
|
|
- '%'
|
|
- "%{hiera('mysql_bind_host')}"
|
|
metadata_settings:
|
|
get_attr: [ApacheServiceBase, role_data, metadata_settings]
|
|
upgrade_tasks:
|
|
- name: Check if cinder_api is deployed
|
|
command: systemctl is-enabled openstack-cinder-api
|
|
tags: common
|
|
ignore_errors: True
|
|
register: cinder_api_enabled
|
|
- name: "PreUpgrade step0,validation: Check service openstack-cinder-api is running"
|
|
shell: /usr/bin/systemctl show 'openstack-cinder-api' --property ActiveState | grep '\bactive\b'
|
|
when: cinder_api_enabled.rc == 0
|
|
tags: step0,validation
|
|
- name: check for cinder running under apache (post upgrade)
|
|
tags: step1
|
|
shell: "apachectl -t -D DUMP_VHOSTS | grep -q cinder"
|
|
register: cinder_apache
|
|
ignore_errors: true
|
|
- name: Stop cinder_api service (running under httpd)
|
|
tags: step1
|
|
service: name=httpd state=stopped
|
|
when: "cinder_apache.rc == 0"
|
|
- name: Stop and disable cinder_api service (pre-upgrade not under httpd)
|
|
tags: step1
|
|
when: cinder_api_enabled.rc == 0
|
|
service: name=openstack-cinder-api state=stopped enabled=no
|