7953fbe8c2
The current code tries to restart apache for every change to
/etc/nova/nova.conf even on compute nodes that do not have apache
installed. This changeset splits out the apache service resource into a
separate recipe that (unlike nova-common) is not included by the compute
recipe.
Conflicts: recipes/placement_api.rb
Added version bump.
Change-Id: I87dda61dfabec460fe042b4cee21277382dd9487
(cherry picked from commit 5747451dcb)
177 lines
6.3 KiB
Ruby
177 lines
6.3 KiB
Ruby
# encoding: UTF-8
|
|
#
|
|
# Cookbook:: openstack-compute
|
|
# Recipe:: placement-api
|
|
#
|
|
# Copyright:: 2017, OpenStack Foundation
|
|
# Copyright:: 2019-2020, Oregon State University
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
#
|
|
|
|
class ::Chef::Recipe
|
|
include ::Openstack
|
|
include Apache2::Cookbook::Helpers
|
|
end
|
|
|
|
include_recipe 'openstack-compute::_nova_apache'
|
|
include_recipe 'openstack-compute::_nova_cell'
|
|
|
|
# Create valid apache site configuration file before installing package
|
|
bind_service = node['openstack']['bind_service']['all']['placement-api']
|
|
if node['openstack']['compute']['nova_placement']
|
|
placement_user = node['openstack']['compute']['user']
|
|
placement_group = node['openstack']['compute']['group']
|
|
placement_http = 'nova-placement'
|
|
placement_binary = '/usr/bin/nova-placement-api'
|
|
placement_dbsync = 'nova-manage api_db sync'
|
|
else
|
|
placement_user = 'placement'
|
|
placement_group = 'placement'
|
|
placement_http = 'placement'
|
|
placement_binary = '/usr/bin/placement-api'
|
|
placement_dbsync = 'placement-manage db sync'
|
|
end
|
|
|
|
platform_options = node['openstack']['compute']['platform']
|
|
|
|
package platform_options['api_placement_packages'] do
|
|
options platform_options['package_overrides']
|
|
action :upgrade
|
|
end
|
|
|
|
service platform_options['api_placement_service'] do
|
|
supports status: true, restart: true
|
|
action [:disable, :stop]
|
|
end
|
|
|
|
apache2_site 'nova-placement-api' do
|
|
action :disable
|
|
only_if { platform_family?('debian') }
|
|
end
|
|
|
|
unless node['openstack']['compute']['nova_placement']
|
|
db_user = node['openstack']['db']['placement']['username']
|
|
db_pass = get_password 'db', 'placement'
|
|
identity_endpoint = internal_endpoint 'identity'
|
|
auth_url = ::URI.decode identity_endpoint.to_s
|
|
|
|
node.default['openstack']['placement']['conf_secrets']
|
|
.[]('placement_database')['connection'] =
|
|
db_uri('placement', db_user, db_pass)
|
|
node.default['openstack']['placement']['conf_secrets']
|
|
.[]('keystone_authtoken')['password'] =
|
|
get_password 'service', 'openstack-placement'
|
|
if node['openstack']['endpoints']['db']['enabled_slave']
|
|
node.default['openstack']['placement']['conf_secrets']
|
|
.[]('placement_database')['slave_connection'] =
|
|
db_uri('placement', db_user, db_pass, true)
|
|
end
|
|
|
|
if node['openstack']['mq']['service_type'] == 'rabbit'
|
|
node.default['openstack']['placement']['conf_secrets']['DEFAULT']['transport_url'] = rabbit_transport_url 'placement'
|
|
end
|
|
|
|
memcache_servers = memcached_servers.join ','
|
|
placement_api_endpoint = internal_endpoint 'placement-api'
|
|
Chef::Log.debug("openstack-compute::nova-common:placement_api_endpoint|#{::URI.decode placement_api_endpoint.to_s}")
|
|
|
|
node.default['openstack']['placement']['conf'].tap do |conf|
|
|
unless memcache_servers.empty?
|
|
# Need to set the backend explicitly, see LP bug #1572062
|
|
conf['cache']['backend'] = 'oslo_cache.memcache_pool'
|
|
conf['cache']['enabled'] = 'true'
|
|
conf['cache']['memcache_servers'] = memcache_servers
|
|
end
|
|
# [keystone_authtoken] section
|
|
conf['keystone_authtoken']['auth_url'] = auth_url
|
|
conf['keystone_authtoken']['www_authenticate_uri'] = auth_url
|
|
end
|
|
# merge all config options and secrets to be used in placement.conf
|
|
placement_conf_options = merge_config_options 'placement'
|
|
|
|
template '/etc/placement/placement.conf' do
|
|
source 'openstack-service.conf.erb'
|
|
cookbook 'openstack-common'
|
|
owner placement_user
|
|
group placement_group
|
|
mode '640'
|
|
sensitive true
|
|
variables(
|
|
service_config: placement_conf_options
|
|
)
|
|
notifies :restart, 'service[apache2]'
|
|
end
|
|
|
|
# delete all secrets saved in the attribute
|
|
# node['openstack']['placement']['conf_secrets'] after creating the neutron.conf
|
|
ruby_block "delete all attributes in node['openstack']['placement']['conf_secrets']" do
|
|
block do
|
|
node.rm(:openstack, :placement, :conf_secrets)
|
|
end
|
|
end
|
|
end
|
|
|
|
# Finds and appends the listen port to the apache2_install[openstack]
|
|
# resource which is defined in openstack-identity::server-apache.
|
|
apache_resource = find_resource(:apache2_install, 'openstack')
|
|
|
|
if apache_resource
|
|
apache_resource.listen = [apache_resource.listen, "#{bind_service['host']}:#{bind_service['port']}"].flatten
|
|
else
|
|
apache2_install 'openstack' do
|
|
listen "#{bind_service['host']}:#{bind_service['port']}"
|
|
end
|
|
end
|
|
|
|
apache2_module 'wsgi'
|
|
apache2_module 'ssl' if node['openstack']['compute']['placement']['ssl']['enabled']
|
|
|
|
template "#{apache_dir}/sites-available/#{placement_http}.conf" do
|
|
extend Apache2::Cookbook::Helpers
|
|
source 'wsgi-template.conf.erb'
|
|
variables(
|
|
daemon_process: 'placement-api',
|
|
server_host: bind_service['host'],
|
|
server_port: bind_service['port'],
|
|
server_entry: placement_binary,
|
|
log_dir: default_log_dir,
|
|
run_dir: lock_dir,
|
|
user: placement_user,
|
|
group: placement_group,
|
|
processes: node['openstack']['compute']['placement']['processes'],
|
|
threads: node['openstack']['compute']['placement']['threads'],
|
|
use_ssl: node['openstack']['compute']['placement']['ssl']['enabled'],
|
|
cert_file: node['openstack']['compute']['placement']['ssl']['certfile'],
|
|
chain_file: node['openstack']['compute']['placement']['ssl']['chainfile'],
|
|
key_file: node['openstack']['compute']['placement']['ssl']['keyfile'],
|
|
ca_certs_path: node['openstack']['compute']['placement']['ssl']['ca_certs_path'],
|
|
cert_required: node['openstack']['compute']['placement']['ssl']['cert_required'],
|
|
protocol: node['openstack']['compute']['placement']['ssl']['protocol'],
|
|
ciphers: node['openstack']['compute']['placement']['ssl']['ciphers']
|
|
)
|
|
notifies :restart, 'service[apache2]'
|
|
end
|
|
|
|
apache2_site placement_http do
|
|
notifies :restart, 'service[apache2]', :immediately
|
|
end
|
|
|
|
execute 'placement-api: nova-manage api_db sync' do
|
|
timeout node['openstack']['compute']['dbsync_timeout']
|
|
user placement_user
|
|
group placement_group
|
|
command placement_dbsync
|
|
action :run
|
|
end
|