Merge "Simplify manila, memcached and logging services"
This commit is contained in:
commit
18ee787f73
|
@ -51,4 +51,3 @@ outputs:
|
|||
state: started
|
||||
name: rsyslog
|
||||
enabled: true
|
||||
|
||||
|
|
|
@ -192,7 +192,6 @@ outputs:
|
|||
- tripleo::profile::base::logging::rsyslog::elasticsearch_tls_ca_cert: {get_param: RsyslogElasticsearchTlsCACert}
|
||||
tripleo::profile::base::logging::rsyslog::elasticsearch_tls_client_cert: {get_param: RsyslogElasticsearchTlsClientCert}
|
||||
tripleo::profile::base::logging::rsyslog::elasticsearch_tls_client_key: {get_param: RsyslogElasticsearchTlsClientKey}
|
||||
- {}
|
||||
# BEGIN DOCKER SETTINGS
|
||||
puppet_config:
|
||||
config_volume: rsyslog
|
||||
|
@ -226,8 +225,7 @@ outputs:
|
|||
volumes:
|
||||
list_concat:
|
||||
- {get_attr: [ContainersCommon, volumes]}
|
||||
-
|
||||
- /var/lib/kolla/config_files/rsyslog.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- - /var/lib/kolla/config_files/rsyslog.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- /var/lib/config-data/puppet-generated/rsyslog:/var/lib/kolla/config_files/src:ro
|
||||
- /var/log/containers:/var/log/containers:ro
|
||||
- /var/log/containers/rsyslog:/var/log/rsyslog:rw,z
|
||||
|
|
|
@ -32,7 +32,6 @@ parameters:
|
|||
type: json
|
||||
|
||||
resources:
|
||||
|
||||
ContainersCommon:
|
||||
type: ../containers-common.yaml
|
||||
|
||||
|
@ -41,7 +40,7 @@ outputs:
|
|||
description: Role data for the rsyslog-sidecar role.
|
||||
value:
|
||||
service_name: rsyslog_sidecar
|
||||
config_settings: null
|
||||
config_settings: {}
|
||||
# BEGIN DOCKER SETTINGS
|
||||
puppet_config:
|
||||
config_volume: rsyslog_sidecar
|
||||
|
@ -58,5 +57,5 @@ outputs:
|
|||
merge: true
|
||||
preserve_properties: true
|
||||
docker_config: {}
|
||||
host_prep_tasks: null
|
||||
upgrade_tasks: null
|
||||
host_prep_tasks: []
|
||||
upgrade_tasks: []
|
||||
|
|
|
@ -69,15 +69,10 @@ parameters:
|
|||
type: boolean
|
||||
default: false
|
||||
|
||||
conditions:
|
||||
|
||||
logrotatedateext_is_enabled: {equals: [{get_param: LogrotateDateExt}, true]}
|
||||
|
||||
|
||||
resources:
|
||||
|
||||
ContainersCommon:
|
||||
type: ../containers-common.yaml
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
description: Role data for the crond role.
|
||||
|
@ -91,10 +86,9 @@ outputs:
|
|||
tripleo::profile::base::logging::logrotate::purge_after_days: {get_param: LogrotatePurgeAfterDays}
|
||||
tripleo::profile::base::logging::logrotate::dateext: {get_param: LogrotateDateExt}
|
||||
- if:
|
||||
- logrotatedateext_is_enabled
|
||||
- {get_param: LogrotateDateExt}
|
||||
- tripleo::profile::base::logging::logrotate::dateformat: {get_param: LogrotateDateFormat}
|
||||
tripleo::profile::base::logging::logrotate::dateyesterday: {get_param: LogrotateDateYesterday}
|
||||
- {}
|
||||
host_prep_tasks:
|
||||
- name: allow logrotate to read inside containers
|
||||
seboolean:
|
||||
|
@ -161,8 +155,7 @@ outputs:
|
|||
volumes:
|
||||
list_concat:
|
||||
- {get_attr: [ContainersCommon, volumes]}
|
||||
-
|
||||
- /var/lib/kolla/config_files/logrotate-crond.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- - /var/lib/kolla/config_files/logrotate-crond.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- /var/lib/config-data/puppet-generated/crond:/var/lib/kolla/config_files/src:ro
|
||||
- /var/log/containers:/var/log/containers:z
|
||||
environment:
|
||||
|
|
|
@ -103,13 +103,7 @@ parameters:
|
|||
Cron to purge db entries marked as deleted and older than $age - Max Delay
|
||||
default: '3600'
|
||||
|
||||
conditions:
|
||||
|
||||
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
||||
manila_workers_zero: {equals : [{get_param: ManilaWorkers}, 0]}
|
||||
|
||||
resources:
|
||||
|
||||
ContainersCommon:
|
||||
type: ../containers-common.yaml
|
||||
|
||||
|
@ -211,16 +205,13 @@ outputs:
|
|||
manila::cron::db_purge::age: {get_param: ManilaCronDbPurgeAge}
|
||||
manila::cron::db_purge::destination: {get_param: ManilaCronDbPurgeDestination}
|
||||
manila::cron::db_purge::maxdelay: {get_param: ManilaCronDbPurgeMaxDelay}
|
||||
- manila::wsgi::apache::servername:
|
||||
manila::wsgi::apache::servername:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('fqdn_$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, ManilaApiNetwork]}
|
||||
- if:
|
||||
- manila_workers_zero
|
||||
- {}
|
||||
- manila::wsgi::apache::workers: {get_param: ManilaWorkers}
|
||||
manila::wsgi::apache::workers: {get_param: ManilaWorkers}
|
||||
service_config_settings: {get_attr: [ManilaBase, role_data, service_config_settings]}
|
||||
# BEGIN DOCKER SETTINGS #
|
||||
puppet_config:
|
||||
|
@ -285,8 +276,7 @@ outputs:
|
|||
volumes:
|
||||
list_concat:
|
||||
- {get_attr: [ContainersCommon, volumes]}
|
||||
-
|
||||
- /var/lib/config-data/manila/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
|
||||
- - /var/lib/config-data/manila/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
|
||||
- /var/lib/config-data/manila/etc/manila/:/etc/manila/:ro
|
||||
- /var/log/containers/manila:/var/log/manila:z
|
||||
- /var/log/containers/httpd/manila-api:/var/log/httpd:z
|
||||
|
@ -302,19 +292,14 @@ outputs:
|
|||
volumes:
|
||||
list_concat:
|
||||
- {get_attr: [ContainersCommon, volumes]}
|
||||
-
|
||||
- /var/lib/kolla/config_files/manila_api.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- - /var/lib/kolla/config_files/manila_api.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- /var/lib/config-data/puppet-generated/manila:/var/lib/kolla/config_files/src:ro
|
||||
- /var/log/containers/manila:/var/log/manila:z
|
||||
- /var/log/containers/httpd/manila-api:/var/log/httpd:z
|
||||
- if:
|
||||
- internal_tls_enabled
|
||||
- {get_param: EnableInternalTLS}
|
||||
- - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
|
||||
- []
|
||||
- if:
|
||||
- internal_tls_enabled
|
||||
- - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
|
||||
- []
|
||||
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
|
||||
environment:
|
||||
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
|
||||
manila_api_cron:
|
||||
|
@ -328,8 +313,7 @@ outputs:
|
|||
volumes:
|
||||
list_concat:
|
||||
- {get_attr: [ContainersCommon, volumes]}
|
||||
-
|
||||
- /var/lib/kolla/config_files/manila_api_cron.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- - /var/lib/kolla/config_files/manila_api_cron.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- /var/lib/config-data/puppet-generated/manila:/var/lib/kolla/config_files/src:ro
|
||||
- /var/log/containers/manila:/var/log/manila:z
|
||||
- /var/log/containers/httpd/manila-api:/var/log/httpd:z
|
||||
|
|
|
@ -96,4 +96,3 @@ outputs:
|
|||
manila::backend::cephfs::cephfs_enable_snapshots: {get_param: ManilaCephFSCephFSEnableSnapshots}
|
||||
manila::backend::cephfs::cephfs_volume_mode: {get_param: ManilaCephFSCephVolumeMode}
|
||||
manila::backend::cephfs::cephfs_protocol_helper_type: {get_param: ManilaCephFSCephFSProtocolHelperType}
|
||||
step_config:
|
||||
|
|
|
@ -66,4 +66,3 @@ outputs:
|
|||
manila::backend::dellemc_isilon::emc_nas_root_dir: {get_param: ManilaIsilonNasRootDir}
|
||||
manila::backend::dellemc_isilon::emc_nas_server_port: {get_param: ManilaIsilonNasServerPort}
|
||||
manila::backend::dellemc_isilon::emc_nas_server_secure: {get_param: ManilaIsilonNasServerSecure}
|
||||
step_config:
|
||||
|
|
|
@ -114,4 +114,3 @@ outputs:
|
|||
manila::backend::netapp::netapp_enabled_share_protocols: {get_param: ManilaNetappEnabledShareProtocols}
|
||||
manila::backend::netapp::netapp_volume_snapshot_reserve_percent: {get_param: ManilaNetappVolumeSnapshotReservePercent}
|
||||
manila::backend::netapp::netapp_snapmirror_quiesce_timeout: {get_param: ManilaNetappSnapmirrorQuiesceTimeout}
|
||||
step_config:
|
||||
|
|
|
@ -80,5 +80,3 @@ outputs:
|
|||
manila::backend::dellemc_unity::network_plugin_ipv6_enabled: {get_param: ManilaIPv6}
|
||||
manila::backend::dellemc_unity::emc_ssl_cert_verify: {get_param: ManilaUnityEmcSslCertVerify}
|
||||
manila::backend::dellemc_unity::emc_ssl_cert_path: {get_param: ManilaUnityEmcSslCertPath}
|
||||
step_config:
|
||||
|
||||
|
|
|
@ -67,5 +67,3 @@ outputs:
|
|||
manila::backend::dellemc_vmax::vmax_server_container: {get_param: ManilaVMAXServerContainer}
|
||||
manila::backend::dellemc_vmax::vmax_share_data_pools: {get_param: ManilaVMAXShareDataPools}
|
||||
manila::backend::dellemc_vmax::vmax_ethernet_ports: {get_param: ManilaVMAXEthernetPorts}
|
||||
step_config:
|
||||
|
||||
|
|
|
@ -80,6 +80,3 @@ outputs:
|
|||
manila::backend::dellemc_vnx::network_plugin_ipv6_enabled: {get_param: ManilaIPv6}
|
||||
manila::backend::dellemc_vnx::emc_ssl_cert_verify: {get_param: ManilaVNXEmcSslCertVerify}
|
||||
manila::backend::dellemc_vnx::emc_ssl_cert_path: {get_param: ManilaVNXEmcSslCertPath}
|
||||
step_config:
|
||||
|
||||
|
||||
|
|
|
@ -53,10 +53,6 @@ parameters:
|
|||
default: 'noop'
|
||||
description: Driver or drivers to handle sending notifications.
|
||||
|
||||
conditions:
|
||||
manila_ipv6: {equals : [{get_param: ManilaIPv6}, true]}
|
||||
enable_sqlalchemy_collectd: {equals : [{get_param: EnableSQLAlchemyCollectd}, true]}
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
description: Role data for the Manila Base service.
|
||||
|
@ -79,21 +75,19 @@ outputs:
|
|||
host: {get_param: [EndpointMap, MysqlInternal, host]}
|
||||
path: /manila
|
||||
query:
|
||||
if:
|
||||
- enable_sqlalchemy_collectd
|
||||
-
|
||||
read_default_file: /etc/my.cnf.d/tripleo.cnf
|
||||
read_default_group: tripleo
|
||||
plugin: collectd
|
||||
collectd_program_name: manila
|
||||
collectd_host: localhost
|
||||
-
|
||||
read_default_file: /etc/my.cnf.d/tripleo.cnf
|
||||
read_default_group: tripleo
|
||||
|
||||
if:
|
||||
- {get_param: EnableSQLAlchemyCollectd}
|
||||
- read_default_file: /etc/my.cnf.d/tripleo.cnf
|
||||
read_default_group: tripleo
|
||||
plugin: collectd
|
||||
collectd_program_name: manila
|
||||
collectd_host: localhost
|
||||
- read_default_file: /etc/my.cnf.d/tripleo.cnf
|
||||
read_default_group: tripleo
|
||||
manila::network::neutron::network_plugin_ipv6_enabled: {get_param: ManilaIPv6}
|
||||
# Currently the address family parameters are mutually exclusive
|
||||
manila::network::neutron::network_plugin_ipv4_enabled: {if: ["manila_ipv6", false, true]}
|
||||
manila::network::neutron::network_plugin_ipv4_enabled:
|
||||
if: [{get_param: ManilaIPv6}, false, true]
|
||||
service_config_settings:
|
||||
mysql:
|
||||
manila::db::mysql::password: {get_param: ManilaPassword}
|
||||
|
|
|
@ -38,7 +38,6 @@ parameters:
|
|||
type: string
|
||||
|
||||
resources:
|
||||
|
||||
ContainersCommon:
|
||||
type: ../containers-common.yaml
|
||||
|
||||
|
@ -92,8 +91,7 @@ outputs:
|
|||
volumes:
|
||||
list_concat:
|
||||
- {get_attr: [ContainersCommon, volumes]}
|
||||
-
|
||||
- /var/lib/kolla/config_files/manila_scheduler.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- - /var/lib/kolla/config_files/manila_scheduler.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- /var/lib/config-data/puppet-generated/manila:/var/lib/kolla/config_files/src:ro
|
||||
- /var/log/containers/manila:/var/log/manila:z
|
||||
environment:
|
||||
|
|
|
@ -42,11 +42,9 @@ parameters:
|
|||
The path where the Ceph Cluster config files are stored on the host.
|
||||
|
||||
conditions:
|
||||
|
||||
cephfs_nfs_enabled: {equals: [{get_param: ManilaCephFSCephFSProtocolHelperType}, 'NFS']}
|
||||
|
||||
resources:
|
||||
|
||||
ContainersCommon:
|
||||
type: ../containers-common.yaml
|
||||
|
||||
|
@ -56,8 +54,7 @@ outputs:
|
|||
value:
|
||||
list_concat:
|
||||
- {get_attr: [ContainersCommon, volumes]}
|
||||
-
|
||||
- /var/lib/kolla/config_files/manila_share.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- - /var/lib/kolla/config_files/manila_share.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- /var/lib/config-data/puppet-generated/manila:/var/lib/kolla/config_files/src:ro
|
||||
- list_join:
|
||||
- ':'
|
||||
|
@ -72,11 +69,8 @@ outputs:
|
|||
- /var/log/containers/manila:/var/log/manila:z
|
||||
- if:
|
||||
- cephfs_nfs_enabled
|
||||
-
|
||||
- /etc/ganesha:/etc/ganesha
|
||||
- - /etc/ganesha:/etc/ganesha
|
||||
- /run/dbus/system_bus_socket:/run/dbus/system_bus_socket
|
||||
- null
|
||||
|
||||
manila_share_environment:
|
||||
description: Docker environment for the manila-share container (HA or non-HA)
|
||||
value:
|
||||
|
|
|
@ -63,7 +63,6 @@ parameters:
|
|||
description: Keystone region for endpoint
|
||||
|
||||
resources:
|
||||
|
||||
ContainersCommon:
|
||||
type: ../containers-common.yaml
|
||||
|
||||
|
@ -91,9 +90,8 @@ outputs:
|
|||
config_settings:
|
||||
map_merge:
|
||||
- get_attr: [ManilaBase, role_data, config_settings]
|
||||
-
|
||||
# keystone_authtoken
|
||||
manila::keystone::authtoken::password: {get_param: ManilaPassword}
|
||||
- manila::keystone::authtoken::password: {get_param: ManilaPassword}
|
||||
manila::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
|
||||
manila::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
manila::keystone::authtoken::project_name: 'service'
|
||||
|
|
|
@ -69,13 +69,7 @@ parameters:
|
|||
description: |
|
||||
The path where the Ceph Cluster config files are stored on the host.
|
||||
|
||||
conditions:
|
||||
docker_enabled: {equals: [{get_param: ContainerCli}, 'docker']}
|
||||
common_tag_enabled: {equals: [{get_param: ClusterCommonTag}, true]}
|
||||
common_tag_full: {equals: [{get_param: ClusterFullTag}, true]}
|
||||
|
||||
resources:
|
||||
|
||||
ContainersCommon:
|
||||
type: ../containers-common.yaml
|
||||
|
||||
|
@ -104,12 +98,12 @@ outputs:
|
|||
- get_attr: [ManilaShareContainerBase, role_data, config_settings]
|
||||
- tripleo::profile::pacemaker::manila::share_bundle::manila_share_docker_image: &manila_share_image_pcmklatest
|
||||
if:
|
||||
- common_tag_full
|
||||
- {get_param: ClusterFullTag}
|
||||
- "cluster.common.tag/manila-share:pcmklatest"
|
||||
- yaql:
|
||||
data:
|
||||
if:
|
||||
- common_tag_enabled
|
||||
- {get_param: ClusterCommonTag}
|
||||
- yaql:
|
||||
data: {get_param: ContainerManilaShareImage}
|
||||
expression: concat("cluster.common.tag/", $.data.rightSplit(separator => "/", maxSplits => 1)[1])
|
||||
|
|
|
@ -87,24 +87,24 @@ parameters:
|
|||
certificate for this service
|
||||
|
||||
conditions:
|
||||
internal_tls_enabled: {get_param: MemcachedTLS}
|
||||
# NOTE: A non-tls port is necessary while there are still services
|
||||
# consuming Memcached that do not support TLS. Once all services
|
||||
# do support TLS, this config should be dropped.
|
||||
enable_non_tls_port:
|
||||
and:
|
||||
- internal_tls_enabled
|
||||
- {get_param: MemcachedTLS}
|
||||
- not: {equals: [{get_param: MemcachedPort}, 11211]}
|
||||
memcached_network_unset: {equals : [{get_param: MemcachedIpSubnet}, '']}
|
||||
memcached_network_set:
|
||||
not: {equals : [{get_param: MemcachedIpSubnet}, '']}
|
||||
service_debug: {get_param: MemcachedDebug}
|
||||
is_ipv6:
|
||||
equals:
|
||||
- {get_param: [ServiceData, net_ip_version_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
|
||||
- 6
|
||||
key_size_override_unset: {equals: [{get_param: MemcachedCertificateKeySize}, '']}
|
||||
key_size_override_set:
|
||||
not: {equals: [{get_param: MemcachedCertificateKeySize}, '']}
|
||||
|
||||
resources:
|
||||
|
||||
ContainersCommon:
|
||||
type: ../containers-common.yaml
|
||||
|
||||
|
@ -120,7 +120,16 @@ outputs:
|
|||
# Even if binding is configured on internal_api network, enforce it
|
||||
# via firewall as well.
|
||||
if:
|
||||
- memcached_network_unset
|
||||
- memcached_network_set
|
||||
- '121 memcached':
|
||||
dport:
|
||||
list_concat:
|
||||
- - {get_param: MemcachedPort}
|
||||
- if:
|
||||
- enable_non_tls_port
|
||||
- [11211]
|
||||
proto: 'tcp'
|
||||
source: {get_param: MemcachedIpSubnet}
|
||||
- map_merge:
|
||||
repeat:
|
||||
for_each:
|
||||
|
@ -137,29 +146,17 @@ outputs:
|
|||
- if:
|
||||
- enable_non_tls_port
|
||||
- [11211]
|
||||
- []
|
||||
proto: 'tcp'
|
||||
source: <%net_cidr%>
|
||||
- '121 memcached':
|
||||
dport:
|
||||
list_concat:
|
||||
- - {get_param: MemcachedPort}
|
||||
- if:
|
||||
- enable_non_tls_port
|
||||
- [11211]
|
||||
- []
|
||||
proto: 'tcp'
|
||||
source: {get_param: MemcachedIpSubnet}
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionMemcached}
|
||||
config_settings:
|
||||
map_merge:
|
||||
-
|
||||
- memcached::listen:
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
|
||||
# for the given network; replacement examples (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
memcached::listen:
|
||||
list_concat:
|
||||
- - if:
|
||||
- is_ipv6
|
||||
|
@ -181,7 +178,6 @@ outputs:
|
|||
- is_ipv6
|
||||
- 'notls:[::1]:11211'
|
||||
- 'notls:127.0.0.1:11211'
|
||||
- []
|
||||
# NOTE(xek): the IP addresses are configured with:
|
||||
# memcached::listen - the new way
|
||||
# memcached::listen_ip - will be deprecated
|
||||
|
@ -223,25 +219,21 @@ outputs:
|
|||
memcached::disable_cachedump: true
|
||||
memcached::logstdout: true
|
||||
tripleo::profile::base::memcached::enable_internal_memcached_tls: {get_param: MemcachedTLS}
|
||||
-
|
||||
- if:
|
||||
# NOTE: This config is necessary while there are still services
|
||||
# consuming Memcached that do not support TLS. Once all services
|
||||
# do support TLS, this config should be dropped.
|
||||
if:
|
||||
- enable_non_tls_port
|
||||
- memcached_port: {get_param: MemcachedPort}
|
||||
memcached_authtoken_port: 11211
|
||||
- memcached_port: {get_param: MemcachedPort}
|
||||
memcached_authtoken_port: {get_param: MemcachedPort}
|
||||
-
|
||||
if:
|
||||
- internal_tls_enabled
|
||||
-
|
||||
tripleo::memcached::service_certificate: '/etc/pki/tls/certs/memcached.crt'
|
||||
- if:
|
||||
- {get_param: MemcachedTLS}
|
||||
- tripleo::memcached::service_certificate: '/etc/pki/tls/certs/memcached.crt'
|
||||
tripleo::profile::base::memcached::certificate_specs:
|
||||
service_certificate: '/etc/pki/tls/certs/memcached.crt'
|
||||
service_key: '/etc/pki/tls/private/memcached.key'
|
||||
- {}
|
||||
service_config_settings:
|
||||
collectd:
|
||||
tripleo.collectd.plugins.memcached:
|
||||
|
@ -297,31 +289,25 @@ outputs:
|
|||
volumes:
|
||||
list_concat:
|
||||
- {get_attr: [ContainersCommon, volumes]}
|
||||
-
|
||||
- /var/lib/kolla/config_files/memcached.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- - /var/lib/kolla/config_files/memcached.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- /var/lib/config-data/puppet-generated/memcached:/var/lib/kolla/config_files/src:rw,z
|
||||
- /var/log/containers/memcached:/var/log/memcached:rw
|
||||
- if:
|
||||
- internal_tls_enabled
|
||||
-
|
||||
- /etc/pki/tls/certs/memcached.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/memcached.crt:ro
|
||||
- {get_param: MemcachedTLS}
|
||||
- - /etc/pki/tls/certs/memcached.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/memcached.crt:ro
|
||||
- /etc/pki/tls/private/memcached.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/memcached.key:ro
|
||||
- null
|
||||
environment:
|
||||
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
|
||||
metadata_settings:
|
||||
if:
|
||||
- internal_tls_enabled
|
||||
-
|
||||
- service: memcached
|
||||
- {get_param: MemcachedTLS}
|
||||
- - service: memcached
|
||||
network: {get_param: [ServiceNetMap, MemcachedNetwork]}
|
||||
type: node
|
||||
- null
|
||||
deploy_steps_tasks:
|
||||
if:
|
||||
- internal_tls_enabled
|
||||
-
|
||||
- name: Certificate generation
|
||||
- {get_param: MemcachedTLS}
|
||||
- - name: Certificate generation
|
||||
when: step|int == 1
|
||||
block:
|
||||
- include_role:
|
||||
|
@ -356,11 +342,10 @@ outputs:
|
|||
echo refresh_certs | openssl s_client -connect $memcached_ip:$memcached_port
|
||||
key_size:
|
||||
if:
|
||||
- key_size_override_unset
|
||||
- {get_param: CertificateKeySize}
|
||||
- key_size_override_set
|
||||
- {get_param: MemcachedCertificateKeySize}
|
||||
- {get_param: CertificateKeySize}
|
||||
ca: ipa
|
||||
- null
|
||||
host_prep_tasks:
|
||||
- name: create persistent directories
|
||||
file:
|
||||
|
|
Loading…
Reference in New Issue