upgrades: deploy mod_ssl when upgrading apache
1) When Apache is upgraded, install mod_ssl rpm. See https://bugs.launchpad.net/tripleo/+bug/1682448 to understand why we need mod_ssl. 2) All services that run Apache for API will use the snippet from Apache service to deploy mod_ssl, so we don't duplicate the code in all services. It's using the same mechanism as ovs upgrade to compile upgrade_tasks between both services. Change-Id: Ia2f6fea45c2c09790c49baab19b1efcab25e9a84 Closes-Bug: #1686503
This commit is contained in:
Emilien Macchi
parent
933dd62de3
commit
a6041608ca
|
|
@ -93,6 +93,12 @@ outputs:
|
|||
metadata_settings:
|
||||
get_attr: [ApacheServiceBase, role_data, metadata_settings]
|
||||
upgrade_tasks:
|
||||
- name: Stop aodh_api service (running under httpd)
|
||||
tags: step1
|
||||
service: name=httpd state=stopped
|
||||
yaql:
|
||||
expression: $.data.apache_upgrade + $.data.aodh_api_upgrade
|
||||
data:
|
||||
apache_upgrade:
|
||||
get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
|
||||
aodh_api_upgrade:
|
||||
- name: Stop aodh_api service (running under httpd)
|
||||
tags: step1
|
||||
service: name=httpd state=stopped
|
||||
|
|
|
|||
|
|
@ -112,3 +112,6 @@ outputs:
|
|||
shell: /usr/bin/systemctl show 'httpd' --property ActiveState | grep '\bactive\b'
|
||||
when: httpd_enabled.rc == 0
|
||||
tags: step0,validation
|
||||
- name: Ensure mod_ssl package is installed
|
||||
tags: step3
|
||||
yum: name=mod_ssl state=latest
|
||||
|
|
|
|||
|
|
@ -153,16 +153,22 @@ outputs:
|
|||
metadata_settings:
|
||||
get_attr: [ApacheServiceBase, role_data, metadata_settings]
|
||||
upgrade_tasks:
|
||||
- name: Check if barbican_api is deployed
|
||||
command: systemctl is-enabled openstack-barbican-api
|
||||
tags: common
|
||||
ignore_errors: True
|
||||
register: barbican_api_enabled
|
||||
- name: "PreUpgrade step0,validation: Check service openstack-barbican-api is running"
|
||||
shell: /usr/bin/systemctl show 'openstack-barbican-api' --property ActiveState | grep '\bactive\b'
|
||||
when: barbican_api_enabled.rc == 0
|
||||
tags: step0,validation
|
||||
- name: Install openstack-barbican-api package if it was disabled
|
||||
tags: step3
|
||||
yum: name=openstack-barbican-api state=latest
|
||||
when: barbican_api_enabled.rc != 0
|
||||
yaql:
|
||||
expression: $.data.apache_upgrade + $.data.barbican_api_upgrade
|
||||
data:
|
||||
apache_upgrade:
|
||||
get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
|
||||
barbican_api_upgrade:
|
||||
- name: Check if barbican_api is deployed
|
||||
command: systemctl is-enabled openstack-barbican-api
|
||||
tags: common
|
||||
ignore_errors: True
|
||||
register: barbican_api_enabled
|
||||
- name: "PreUpgrade step0,validation: Check service openstack-barbican-api is running"
|
||||
shell: /usr/bin/systemctl show 'openstack-barbican-api' --property ActiveState | grep '\bactive\b'
|
||||
when: barbican_api_enabled.rc == 0
|
||||
tags: step0,validation
|
||||
- name: Install openstack-barbican-api package if it was disabled
|
||||
tags: step3
|
||||
yum: name=openstack-barbican-api state=latest
|
||||
when: barbican_api_enabled.rc != 0
|
||||
|
|
|
|||
|
|
@ -100,6 +100,12 @@ outputs:
|
|||
metadata_settings:
|
||||
get_attr: [ApacheServiceBase, role_data, metadata_settings]
|
||||
upgrade_tasks:
|
||||
- name: Stop ceilometer_api service (running under httpd)
|
||||
tags: step1
|
||||
service: name=httpd state=stopped
|
||||
yaql:
|
||||
expression: $.data.apache_upgrade + $.data.ceilometer_api_upgrade
|
||||
data:
|
||||
apache_upgrade:
|
||||
get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
|
||||
ceilometer_api_upgrade:
|
||||
- name: Stop ceilometer_api service (running under httpd)
|
||||
tags: step1
|
||||
service: name=httpd state=stopped
|
||||
|
|
|
|||
|
|
@ -159,25 +159,31 @@ outputs:
|
|||
metadata_settings:
|
||||
get_attr: [ApacheServiceBase, role_data, metadata_settings]
|
||||
upgrade_tasks:
|
||||
- name: Check if cinder_api is deployed
|
||||
command: systemctl is-enabled openstack-cinder-api
|
||||
tags: common
|
||||
ignore_errors: True
|
||||
register: cinder_api_enabled
|
||||
- name: "PreUpgrade step0,validation: Check service openstack-cinder-api is running"
|
||||
shell: /usr/bin/systemctl show 'openstack-cinder-api' --property ActiveState | grep '\bactive\b'
|
||||
when: cinder_api_enabled.rc == 0
|
||||
tags: step0,validation
|
||||
- name: check for cinder running under apache (post upgrade)
|
||||
tags: step1
|
||||
shell: "httpd -t -D DUMP_VHOSTS | grep -q cinder"
|
||||
register: cinder_apache
|
||||
ignore_errors: true
|
||||
- name: Stop cinder_api service (running under httpd)
|
||||
tags: step1
|
||||
service: name=httpd state=stopped
|
||||
when: cinder_apache.rc == 0
|
||||
- name: Stop and disable cinder_api service (pre-upgrade not under httpd)
|
||||
tags: step1
|
||||
when: cinder_api_enabled.rc == 0
|
||||
service: name=openstack-cinder-api state=stopped enabled=no
|
||||
yaql:
|
||||
expression: $.data.apache_upgrade + $.data.cinder_api_upgrade
|
||||
data:
|
||||
apache_upgrade:
|
||||
get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
|
||||
cinder_api_upgrade:
|
||||
- name: Check if cinder_api is deployed
|
||||
command: systemctl is-enabled openstack-cinder-api
|
||||
tags: common
|
||||
ignore_errors: True
|
||||
register: cinder_api_enabled
|
||||
- name: "PreUpgrade step0,validation: Check service openstack-cinder-api is running"
|
||||
shell: /usr/bin/systemctl show 'openstack-cinder-api' --property ActiveState | grep '\bactive\b'
|
||||
when: cinder_api_enabled.rc == 0
|
||||
tags: step0,validation
|
||||
- name: check for cinder running under apache (post upgrade)
|
||||
tags: step1
|
||||
shell: "httpd -t -D DUMP_VHOSTS | grep -q cinder"
|
||||
register: cinder_apache
|
||||
ignore_errors: true
|
||||
- name: Stop cinder_api service (running under httpd)
|
||||
tags: step1
|
||||
service: name=httpd state=stopped
|
||||
when: cinder_apache.rc == 0
|
||||
- name: Stop and disable cinder_api service (pre-upgrade not under httpd)
|
||||
tags: step1
|
||||
when: cinder_api_enabled.rc == 0
|
||||
service: name=openstack-cinder-api state=stopped enabled=no
|
||||
|
|
|
|||
|
|
@ -133,6 +133,12 @@ outputs:
|
|||
metadata_settings:
|
||||
get_attr: [ApacheServiceBase, role_data, metadata_settings]
|
||||
upgrade_tasks:
|
||||
- name: Stop gnocchi_api service (running under httpd)
|
||||
tags: step1
|
||||
service: name=httpd state=stopped
|
||||
yaql:
|
||||
expression: $.data.apache_upgrade + $.data.gnocchi_api_upgrade
|
||||
data:
|
||||
apache_upgrade:
|
||||
get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
|
||||
gnocchi_api_upgrade:
|
||||
- name: Stop gnocchi_api service (running under httpd)
|
||||
tags: step1
|
||||
service: name=httpd state=stopped
|
||||
|
|
|
|||
|
|
@ -339,10 +339,15 @@ outputs:
|
|||
horizon::keystone_multidomain_support: true
|
||||
horizon::keystone_default_domain: 'Default'
|
||||
- {}
|
||||
# Ansible tasks to handle upgrade
|
||||
upgrade_tasks:
|
||||
- name: Stop keystone service (running under httpd)
|
||||
tags: step1
|
||||
service: name=httpd state=stopped
|
||||
metadata_settings:
|
||||
get_attr: [ApacheServiceBase, role_data, metadata_settings]
|
||||
upgrade_tasks:
|
||||
yaql:
|
||||
expression: $.data.apache_upgrade + $.data.keystone_upgrade
|
||||
data:
|
||||
apache_upgrade:
|
||||
get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
|
||||
keystone_upgrade:
|
||||
- name: Stop keystone service (running under httpd)
|
||||
tags: step1
|
||||
service: name=httpd state=stopped
|
||||
|
|
|
|||
|
|
@ -92,21 +92,27 @@ outputs:
|
|||
metadata_settings:
|
||||
get_attr: [ApacheServiceBase, role_data, metadata_settings]
|
||||
upgrade_tasks:
|
||||
- name: Check if httpd is deployed
|
||||
command: systemctl is-enabled httpd
|
||||
tags: common
|
||||
ignore_errors: True
|
||||
register: httpd_enabled
|
||||
- name: "PreUpgrade step0,validation: Check if httpd is running"
|
||||
shell: >
|
||||
/usr/bin/systemctl show 'httpd' --property ActiveState |
|
||||
grep '\bactive\b'
|
||||
when: httpd_enabled.rc == 0
|
||||
tags: step0,validation
|
||||
- name: Stop panko-api service (running under httpd)
|
||||
tags: step1
|
||||
service: name=httpd state=stopped
|
||||
when: httpd_enabled.rc == 0
|
||||
- name: Install openstack-panko-api package if it was not installed
|
||||
tags: step3
|
||||
yum: name=openstack-panko-api state=latest
|
||||
yaql:
|
||||
expression: $.data.apache_upgrade + $.data.panko_api_upgrade
|
||||
data:
|
||||
apache_upgrade:
|
||||
get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
|
||||
panko_api_upgrade:
|
||||
- name: Check if httpd is deployed
|
||||
command: systemctl is-enabled httpd
|
||||
tags: common
|
||||
ignore_errors: True
|
||||
register: httpd_enabled
|
||||
- name: "PreUpgrade step0,validation: Check if httpd is running"
|
||||
shell: >
|
||||
/usr/bin/systemctl show 'httpd' --property ActiveState |
|
||||
grep '\bactive\b'
|
||||
when: httpd_enabled.rc == 0
|
||||
tags: step0,validation
|
||||
- name: Stop panko-api service (running under httpd)
|
||||
tags: step1
|
||||
service: name=httpd state=stopped
|
||||
when: httpd_enabled.rc == 0
|
||||
- name: Install openstack-panko-api package if it was not installed
|
||||
tags: step3
|
||||
yum: name=openstack-panko-api state=latest
|
||||
|
|
|
|||
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
upgrade:
|
||||
- When a service is deployed in WSGI with Apache, make sure mode_ssl
|
||||
package is deployed during the upgrade process, it's now required
|
||||
by default so Apache can start properly.
|
||||
|
|
@ -105,31 +105,37 @@ outputs:
|
|||
step_config: |
|
||||
include ::tripleo::profile::base::zaqar
|
||||
upgrade_tasks:
|
||||
- name: Check if zaqar is deployed
|
||||
command: systemctl is-enabled openstack-zaqar
|
||||
tags: common
|
||||
ignore_errors: True
|
||||
register: zaqar_enabled
|
||||
- name: "PreUpgrade step0,validation: Check if openstack-zaqar is running"
|
||||
shell: >
|
||||
/usr/bin/systemctl show 'openstack-zaqar' --property ActiveState |
|
||||
grep '\bactive\b'
|
||||
when: zaqar_enabled.rc == 0
|
||||
tags: step0,validation
|
||||
- name: Check for zaqar running under apache (post upgrade)
|
||||
tags: step1
|
||||
shell: "httpd -t -D DUMP_VHOSTS | grep -q zaqar_wsgi"
|
||||
register: zaqar_apache
|
||||
ignore_errors: true
|
||||
- name: Stop zaqar service (running under httpd)
|
||||
tags: step1
|
||||
service: name=httpd state=stopped
|
||||
when: zaqar_apache.rc == 0
|
||||
- name: Stop and disable zaqar service (pre-upgrade not under httpd)
|
||||
tags: step1
|
||||
when: zaqar_enabled.rc == 0
|
||||
service: name=openstack-zaqar state=stopped enabled=no
|
||||
- name: Install openstack-zaqar package if it was disabled
|
||||
tags: step3
|
||||
yum: name=openstack-zaqar state=latest
|
||||
when: zaqar_enabled.rc != 0
|
||||
yaql:
|
||||
expression: $.data.apache_upgrade + $.data.zaqar_upgrade
|
||||
data:
|
||||
apache_upgrade:
|
||||
get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
|
||||
zaqar_upgrade:
|
||||
- name: Check if zaqar is deployed
|
||||
command: systemctl is-enabled openstack-zaqar
|
||||
tags: common
|
||||
ignore_errors: True
|
||||
register: zaqar_enabled
|
||||
- name: "PreUpgrade step0,validation: Check if openstack-zaqar is running"
|
||||
shell: >
|
||||
/usr/bin/systemctl show 'openstack-zaqar' --property ActiveState |
|
||||
grep '\bactive\b'
|
||||
when: zaqar_enabled.rc == 0
|
||||
tags: step0,validation
|
||||
- name: Check for zaqar running under apache (post upgrade)
|
||||
tags: step1
|
||||
shell: "httpd -t -D DUMP_VHOSTS | grep -q zaqar_wsgi"
|
||||
register: zaqar_apache
|
||||
ignore_errors: true
|
||||
- name: Stop zaqar service (running under httpd)
|
||||
tags: step1
|
||||
service: name=httpd state=stopped
|
||||
when: zaqar_apache.rc == 0
|
||||
- name: Stop and disable zaqar service (pre-upgrade not under httpd)
|
||||
tags: step1
|
||||
when: zaqar_enabled.rc == 0
|
||||
service: name=openstack-zaqar state=stopped enabled=no
|
||||
- name: Install openstack-zaqar package if it was disabled
|
||||
tags: step3
|
||||
yum: name=openstack-zaqar state=latest
|
||||
when: zaqar_enabled.rc != 0
|
||||
|
|
|
|||
Loading…
Reference in New Issue