From bc1fd47416627413346afd80458d3068bd10d2b1 Mon Sep 17 00:00:00 2001 From: Michele Baldessari Date: Thu, 25 Feb 2021 09:58:17 +0100 Subject: [PATCH] Fix redis_tls_proxy Since we merged the pcs-host patches we erroneously also removed the sidecar container that does the tls stunneling for redis. This is needed to allow the redis master stream the deplications to its slaves via TLS. Tested this and we now correctly get the working container and cluster state: [root@controller-0 ~]# podman ps -a |grep redis 4182a78811a2 undercloud-0.ctlplane.redhat.local:8787/openstack-redis:16.2_20210218.1-hotfixupdate2 /bin/bash /usr/lo... 3 minutes ago Up 3 minutes ago redis-bundle-podman-0 604a086bb53c undercloud-0.ctlplane.redhat.local:8787/openstack-redis:16.2_20210218.1-hotfixupdate2 kolla_start 8 minutes ago Up 8 minutes ago redis_tls_proxy [root@controller-0 ~]# pcs status |grep redis * GuestOnline: [ galera-bundle-0@database-1 galera-bundle-1@database-2 galera-bundle-2@database-0 ovn-dbs-bundle-0@controller-0 ovn-dbs-bundle-1@controller-1 ovn-dbs-bundle-2@controller-2 rabbitmq-bundle-0@messaging-0 rabbitmq-bundle-1@messaging-1 rabbitmq-bundle-2@messaging-2 redis-bundle-0@controller-0 redis-bundle-1@controller-1 redis-bundle-2@controller-2 ] * Container bundle set: redis-bundle [cluster.common.tag/openstack-redis:pcmklatest]: * redis-bundle-0 (ocf::heartbeat:redis): Master controller-0 * redis-bundle-1 (ocf::heartbeat:redis): Slave controller-1 * redis-bundle-2 (ocf::heartbeat:redis): Slave controller-2 We also move the redis_tls_proxy from step_2/start_order: 3 to step_1 since it actually makes sense to have it run before we start the redis pcmk bundle at step 2 (i.e. so the slave replica can work right away from the start). Closes-Bug: #1916873 Change-Id: I44df0ee32e5c35b87f74bdb75dcb384496dfb6ab --- .../database/redis-pacemaker-puppet.yaml | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/deployment/database/redis-pacemaker-puppet.yaml b/deployment/database/redis-pacemaker-puppet.yaml index 0b43f2fbe0..218c4fd6e6 100644 --- a/deployment/database/redis-pacemaker-puppet.yaml +++ b/deployment/database/redis-pacemaker-puppet.yaml @@ -233,6 +233,28 @@ outputs: perm: '0600' optional: true container_config_scripts: {get_attr: [ContainersCommon, container_config_scripts]} + docker_config: + step_1: + if: + - internal_tls_enabled + - redis_tls_proxy: + start_order: 0 + image: {get_param: ContainerRedisImage} + net: host + user: root + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/redis_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/redis:/var/lib/kolla/config_files/src:ro + - /etc/pki/tls/certs/redis.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/redis.crt:ro + - /etc/pki/tls/private/redis.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/redis.key:ro + - /var/lib/container-config-scripts/wait-port-and-run.sh:/wait-port-and-run.sh:ro + environment: + KOLLA_CONFIG_STRATEGY: COPY_ALWAYS + - {} metadata_settings: get_attr: [RedisBase, role_data, metadata_settings] host_prep_tasks: