openstack/openstack-ansible-os_keystone
Code Issues Proposed changes
c8631347e7
openstack-ansible-os_keystone/tasks/keystone_idp_self_signed_create.yml
Jimmy McCrory 04737f5dbd Implement zero downtime upgrades 
This patch implements upgrading keystone with zero downtime as the
default installation process. Handlers have been modified to ensure that
the first keystone node is stopped, facilitates the database migrations,
and that it is started and available before restarting any other keystone
nodes. Migrations also now only occur when there is a change within the
installed keystone venv.

This process is documented at
http://docs.openstack.org/developer/keystone/upgrading.html#upgrading-without-downtime

A new test scenario has been added for testing basic upgradability
between releases.

Implements: blueprint upgrade-testing
Change-Id: I0d3cfcb80b64d005d60f4c8445f991855f844796
2016-11-17 08:10:57 -08:00

48 lines
1.5 KiB
YAML
Raw Blame History

---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Remove IdP self-signed certificate for regen
file:
dest: "{{ keystone_idp.cerfile }}"
state: "absent"
when: >
keystone_idp.regen_cert == true or
keystone_idp.regen_cert == "True"
- name: Create IdP self-signed ssl cert
command: >
openssl req -new -nodes -sha256 -x509 -subj
"{{ keystone_idp.self_signed_cert_subject }}"
-days 3650
-keyout {{ keystone_idp.keyfile }}
-out {{ keystone_idp.certfile }}
-extensions v3_ca
creates={{ keystone_idp.certfile }}
when: >
inventory_hostname == groups['keystone_all'][0]
notify:
- Restart service on first node
- Restart service on other nodes
- name: Set appropriate file ownership on the IdP self-signed cert
file:
path: "{{ item }}"
owner: "{{ keystone_system_user_name }}"
group: "{{ keystone_system_group_name }}"
mode: "0640"
with_items:
- "{{ keystone_idp.keyfile }}"
- "{{ keystone_idp.certfile }}"
View Git Blame Copy Permalink