734315ed7c
Current validity period of Octavia CA and certificates is one year, this is too short for cloud deployments: Octavia services can no longer control a load balancer that has been running for more than one year (dataplane still works, but cannot be configured). This commit defines these values: - Octavia CA validity period is 50 years. - Octavia client certificate validity period is 10 years. For existing deployment, the existing CA private key is fetched from controllers, is updated using AES256 cipher if needed, then the key is used to generate a new CA. Using an existing private key for this CA allows to keep compability with existing client certificates. Change-Id: I435c86306ecd5e0cafeda9d8d468483b7a34f040 Related-Bug: #1869203 (cherry picked from commit 0f168dc9ca5b01fe616f196c2f49001d7882a2c8) (cherry picked from commit f69dfefd055642f0fddfdf5e4bf910dbf98dea40) Note-Queens: cherry picked from tripleo-ansible/stein (cherry picked from commit f09b55266feffc4b25dd386575e7a78be4d15f42) |
||
|---|---|---|
| ansible_plugins/callback | ||
| container-images | ||
| contrib | ||
| doc/source | ||
| healthcheck | ||
| heat_docker_agent | ||
| image-yaml | ||
| playbooks | ||
| releasenotes | ||
| roles | ||
| scripts | ||
| tools | ||
| tripleo_common | ||
| undercloud_heat_plugins | ||
| workbooks | ||
| zuul.d | ||
| .coveragerc | ||
| .gitignore | ||
| .gitreview | ||
| .mailmap | ||
| .testr.conf | ||
| CONTRIBUTING.rst | ||
| HACKING.rst | ||
| LICENSE | ||
| README.rst | ||
| babel.cfg | ||
| requirements.txt | ||
| setup.cfg | ||
| setup.py | ||
| sudoers | ||
| test-requirements.txt | ||
| tox.ini | ||
README.rst
Team and repository tags
tripleo-common
A common library for TripleO workflows.
- Free software: Apache license
- Documentation: https://docs.openstack.org/tripleo-common/latest/
- Source: http://git.openstack.org/cgit/openstack/tripleo-common
- Bugs: https://bugs.launchpad.net/tripleo-common
Action Development
When developing new actions, you will checkout a copy of tripleo-common to an undercloud machine and add actions as needed. To test the actions they need to be installed and selected services need to be restarted. Use the following code to accomplish these tasks. :
sudo rm -Rf /usr/lib/python2.7/site-packages/tripleo_common*
sudo python setup.py install
sudo cp /usr/share/tripleo-common/sudoers /etc/sudoers.d/tripleo-common
sudo systemctl restart openstack-mistral-executor
sudo systemctl restart openstack-mistral-engine
# this loads the actions via entrypoints
sudo mistral-db-manage populate
# make sure the new actions got loaded
mistral action-list | grep tripleoWorkflow Development
When developing new workflows, you will need to reload the modified workflows, e.g the following will reload all the workflows from the default packaged location, or you can use a similar approach to replace only a single workbook while under development. :
for workbook in $(openstack workbook list -f value -c Name | grep tripleo); do
openstack workbook delete $workbook
done
for workflow in $(openstack workflow list -f value -c Name | grep tripleo); do
openstack workflow delete $workflow
done
for workbook in $(ls /usr/share/openstack-tripleo-common/workbooks/*); do
openstack workbook create $workbook
doneValidations
Prerequisites
If you haven't installed the undercloud with the
enable_validations set to true, you will have to prepare
your undercloud to run the validations:
$ sudo pip install git+https://git.openstack.org/openstack/tripleo-validations
$ sudo yum install ansible
$ sudo useradd validationsFinally you need to generate an SSH keypair for the validation user and copy it to the overcloud's authorized_keys files:
$ mistral execution-create tripleo.validations.v1.copy_ssh_keyRunning validations using the mistral workflow
Create a context.json file containing the arguments passed to the workflow:
{
"validation_names": ["512e", "rabbitmq-limits"]
}Run the tripleo.validations.v1.run_validations workflow
with mistral client:
mistral execution-create tripleo.validations.v1.run_validations context.jsonRunning groups of validations
Create a context.json file containing the arguments passed to the workflow:
{
"group_names": ["network", "post-deployment"]
}Run the tripleo.validations.v1.run_groups workflow with
mistral client:
mistral execution-create tripleo.validations.v1.run_groups context.json