upgrades: deploy mod_ssl when upgrading apache
1) When Apache is upgraded, install mod_ssl rpm. See https://bugs.launchpad.net/tripleo/+bug/1682448 to understand why we need mod_ssl. 2) All services that run Apache for API will use the snippet from Apache service to deploy mod_ssl, so we don't duplicate the code in all services. It's using the same mechanism as ovs upgrade to compile upgrade_tasks between both services. Change-Id: Ia2f6fea45c2c09790c49baab19b1efcab25e9a84 Closes-Bug: #1686503
This commit is contained in:
parent
933dd62de3
commit
a6041608ca
|
@ -93,6 +93,12 @@ outputs:
|
||||||
metadata_settings:
|
metadata_settings:
|
||||||
get_attr: [ApacheServiceBase, role_data, metadata_settings]
|
get_attr: [ApacheServiceBase, role_data, metadata_settings]
|
||||||
upgrade_tasks:
|
upgrade_tasks:
|
||||||
- name: Stop aodh_api service (running under httpd)
|
yaql:
|
||||||
tags: step1
|
expression: $.data.apache_upgrade + $.data.aodh_api_upgrade
|
||||||
service: name=httpd state=stopped
|
data:
|
||||||
|
apache_upgrade:
|
||||||
|
get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
|
||||||
|
aodh_api_upgrade:
|
||||||
|
- name: Stop aodh_api service (running under httpd)
|
||||||
|
tags: step1
|
||||||
|
service: name=httpd state=stopped
|
||||||
|
|
|
@ -112,3 +112,6 @@ outputs:
|
||||||
shell: /usr/bin/systemctl show 'httpd' --property ActiveState | grep '\bactive\b'
|
shell: /usr/bin/systemctl show 'httpd' --property ActiveState | grep '\bactive\b'
|
||||||
when: httpd_enabled.rc == 0
|
when: httpd_enabled.rc == 0
|
||||||
tags: step0,validation
|
tags: step0,validation
|
||||||
|
- name: Ensure mod_ssl package is installed
|
||||||
|
tags: step3
|
||||||
|
yum: name=mod_ssl state=latest
|
||||||
|
|
|
@ -153,16 +153,22 @@ outputs:
|
||||||
metadata_settings:
|
metadata_settings:
|
||||||
get_attr: [ApacheServiceBase, role_data, metadata_settings]
|
get_attr: [ApacheServiceBase, role_data, metadata_settings]
|
||||||
upgrade_tasks:
|
upgrade_tasks:
|
||||||
- name: Check if barbican_api is deployed
|
yaql:
|
||||||
command: systemctl is-enabled openstack-barbican-api
|
expression: $.data.apache_upgrade + $.data.barbican_api_upgrade
|
||||||
tags: common
|
data:
|
||||||
ignore_errors: True
|
apache_upgrade:
|
||||||
register: barbican_api_enabled
|
get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
|
||||||
- name: "PreUpgrade step0,validation: Check service openstack-barbican-api is running"
|
barbican_api_upgrade:
|
||||||
shell: /usr/bin/systemctl show 'openstack-barbican-api' --property ActiveState | grep '\bactive\b'
|
- name: Check if barbican_api is deployed
|
||||||
when: barbican_api_enabled.rc == 0
|
command: systemctl is-enabled openstack-barbican-api
|
||||||
tags: step0,validation
|
tags: common
|
||||||
- name: Install openstack-barbican-api package if it was disabled
|
ignore_errors: True
|
||||||
tags: step3
|
register: barbican_api_enabled
|
||||||
yum: name=openstack-barbican-api state=latest
|
- name: "PreUpgrade step0,validation: Check service openstack-barbican-api is running"
|
||||||
when: barbican_api_enabled.rc != 0
|
shell: /usr/bin/systemctl show 'openstack-barbican-api' --property ActiveState | grep '\bactive\b'
|
||||||
|
when: barbican_api_enabled.rc == 0
|
||||||
|
tags: step0,validation
|
||||||
|
- name: Install openstack-barbican-api package if it was disabled
|
||||||
|
tags: step3
|
||||||
|
yum: name=openstack-barbican-api state=latest
|
||||||
|
when: barbican_api_enabled.rc != 0
|
||||||
|
|
|
@ -100,6 +100,12 @@ outputs:
|
||||||
metadata_settings:
|
metadata_settings:
|
||||||
get_attr: [ApacheServiceBase, role_data, metadata_settings]
|
get_attr: [ApacheServiceBase, role_data, metadata_settings]
|
||||||
upgrade_tasks:
|
upgrade_tasks:
|
||||||
- name: Stop ceilometer_api service (running under httpd)
|
yaql:
|
||||||
tags: step1
|
expression: $.data.apache_upgrade + $.data.ceilometer_api_upgrade
|
||||||
service: name=httpd state=stopped
|
data:
|
||||||
|
apache_upgrade:
|
||||||
|
get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
|
||||||
|
ceilometer_api_upgrade:
|
||||||
|
- name: Stop ceilometer_api service (running under httpd)
|
||||||
|
tags: step1
|
||||||
|
service: name=httpd state=stopped
|
||||||
|
|
|
@ -159,25 +159,31 @@ outputs:
|
||||||
metadata_settings:
|
metadata_settings:
|
||||||
get_attr: [ApacheServiceBase, role_data, metadata_settings]
|
get_attr: [ApacheServiceBase, role_data, metadata_settings]
|
||||||
upgrade_tasks:
|
upgrade_tasks:
|
||||||
- name: Check if cinder_api is deployed
|
yaql:
|
||||||
command: systemctl is-enabled openstack-cinder-api
|
expression: $.data.apache_upgrade + $.data.cinder_api_upgrade
|
||||||
tags: common
|
data:
|
||||||
ignore_errors: True
|
apache_upgrade:
|
||||||
register: cinder_api_enabled
|
get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
|
||||||
- name: "PreUpgrade step0,validation: Check service openstack-cinder-api is running"
|
cinder_api_upgrade:
|
||||||
shell: /usr/bin/systemctl show 'openstack-cinder-api' --property ActiveState | grep '\bactive\b'
|
- name: Check if cinder_api is deployed
|
||||||
when: cinder_api_enabled.rc == 0
|
command: systemctl is-enabled openstack-cinder-api
|
||||||
tags: step0,validation
|
tags: common
|
||||||
- name: check for cinder running under apache (post upgrade)
|
ignore_errors: True
|
||||||
tags: step1
|
register: cinder_api_enabled
|
||||||
shell: "httpd -t -D DUMP_VHOSTS | grep -q cinder"
|
- name: "PreUpgrade step0,validation: Check service openstack-cinder-api is running"
|
||||||
register: cinder_apache
|
shell: /usr/bin/systemctl show 'openstack-cinder-api' --property ActiveState | grep '\bactive\b'
|
||||||
ignore_errors: true
|
when: cinder_api_enabled.rc == 0
|
||||||
- name: Stop cinder_api service (running under httpd)
|
tags: step0,validation
|
||||||
tags: step1
|
- name: check for cinder running under apache (post upgrade)
|
||||||
service: name=httpd state=stopped
|
tags: step1
|
||||||
when: cinder_apache.rc == 0
|
shell: "httpd -t -D DUMP_VHOSTS | grep -q cinder"
|
||||||
- name: Stop and disable cinder_api service (pre-upgrade not under httpd)
|
register: cinder_apache
|
||||||
tags: step1
|
ignore_errors: true
|
||||||
when: cinder_api_enabled.rc == 0
|
- name: Stop cinder_api service (running under httpd)
|
||||||
service: name=openstack-cinder-api state=stopped enabled=no
|
tags: step1
|
||||||
|
service: name=httpd state=stopped
|
||||||
|
when: cinder_apache.rc == 0
|
||||||
|
- name: Stop and disable cinder_api service (pre-upgrade not under httpd)
|
||||||
|
tags: step1
|
||||||
|
when: cinder_api_enabled.rc == 0
|
||||||
|
service: name=openstack-cinder-api state=stopped enabled=no
|
||||||
|
|
|
@ -133,6 +133,12 @@ outputs:
|
||||||
metadata_settings:
|
metadata_settings:
|
||||||
get_attr: [ApacheServiceBase, role_data, metadata_settings]
|
get_attr: [ApacheServiceBase, role_data, metadata_settings]
|
||||||
upgrade_tasks:
|
upgrade_tasks:
|
||||||
- name: Stop gnocchi_api service (running under httpd)
|
yaql:
|
||||||
tags: step1
|
expression: $.data.apache_upgrade + $.data.gnocchi_api_upgrade
|
||||||
service: name=httpd state=stopped
|
data:
|
||||||
|
apache_upgrade:
|
||||||
|
get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
|
||||||
|
gnocchi_api_upgrade:
|
||||||
|
- name: Stop gnocchi_api service (running under httpd)
|
||||||
|
tags: step1
|
||||||
|
service: name=httpd state=stopped
|
||||||
|
|
|
@ -339,10 +339,15 @@ outputs:
|
||||||
horizon::keystone_multidomain_support: true
|
horizon::keystone_multidomain_support: true
|
||||||
horizon::keystone_default_domain: 'Default'
|
horizon::keystone_default_domain: 'Default'
|
||||||
- {}
|
- {}
|
||||||
# Ansible tasks to handle upgrade
|
|
||||||
upgrade_tasks:
|
|
||||||
- name: Stop keystone service (running under httpd)
|
|
||||||
tags: step1
|
|
||||||
service: name=httpd state=stopped
|
|
||||||
metadata_settings:
|
metadata_settings:
|
||||||
get_attr: [ApacheServiceBase, role_data, metadata_settings]
|
get_attr: [ApacheServiceBase, role_data, metadata_settings]
|
||||||
|
upgrade_tasks:
|
||||||
|
yaql:
|
||||||
|
expression: $.data.apache_upgrade + $.data.keystone_upgrade
|
||||||
|
data:
|
||||||
|
apache_upgrade:
|
||||||
|
get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
|
||||||
|
keystone_upgrade:
|
||||||
|
- name: Stop keystone service (running under httpd)
|
||||||
|
tags: step1
|
||||||
|
service: name=httpd state=stopped
|
||||||
|
|
|
@ -92,21 +92,27 @@ outputs:
|
||||||
metadata_settings:
|
metadata_settings:
|
||||||
get_attr: [ApacheServiceBase, role_data, metadata_settings]
|
get_attr: [ApacheServiceBase, role_data, metadata_settings]
|
||||||
upgrade_tasks:
|
upgrade_tasks:
|
||||||
- name: Check if httpd is deployed
|
yaql:
|
||||||
command: systemctl is-enabled httpd
|
expression: $.data.apache_upgrade + $.data.panko_api_upgrade
|
||||||
tags: common
|
data:
|
||||||
ignore_errors: True
|
apache_upgrade:
|
||||||
register: httpd_enabled
|
get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
|
||||||
- name: "PreUpgrade step0,validation: Check if httpd is running"
|
panko_api_upgrade:
|
||||||
shell: >
|
- name: Check if httpd is deployed
|
||||||
/usr/bin/systemctl show 'httpd' --property ActiveState |
|
command: systemctl is-enabled httpd
|
||||||
grep '\bactive\b'
|
tags: common
|
||||||
when: httpd_enabled.rc == 0
|
ignore_errors: True
|
||||||
tags: step0,validation
|
register: httpd_enabled
|
||||||
- name: Stop panko-api service (running under httpd)
|
- name: "PreUpgrade step0,validation: Check if httpd is running"
|
||||||
tags: step1
|
shell: >
|
||||||
service: name=httpd state=stopped
|
/usr/bin/systemctl show 'httpd' --property ActiveState |
|
||||||
when: httpd_enabled.rc == 0
|
grep '\bactive\b'
|
||||||
- name: Install openstack-panko-api package if it was not installed
|
when: httpd_enabled.rc == 0
|
||||||
tags: step3
|
tags: step0,validation
|
||||||
yum: name=openstack-panko-api state=latest
|
- name: Stop panko-api service (running under httpd)
|
||||||
|
tags: step1
|
||||||
|
service: name=httpd state=stopped
|
||||||
|
when: httpd_enabled.rc == 0
|
||||||
|
- name: Install openstack-panko-api package if it was not installed
|
||||||
|
tags: step3
|
||||||
|
yum: name=openstack-panko-api state=latest
|
||||||
|
|
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
upgrade:
|
||||||
|
- When a service is deployed in WSGI with Apache, make sure mode_ssl
|
||||||
|
package is deployed during the upgrade process, it's now required
|
||||||
|
by default so Apache can start properly.
|
|
@ -105,31 +105,37 @@ outputs:
|
||||||
step_config: |
|
step_config: |
|
||||||
include ::tripleo::profile::base::zaqar
|
include ::tripleo::profile::base::zaqar
|
||||||
upgrade_tasks:
|
upgrade_tasks:
|
||||||
- name: Check if zaqar is deployed
|
yaql:
|
||||||
command: systemctl is-enabled openstack-zaqar
|
expression: $.data.apache_upgrade + $.data.zaqar_upgrade
|
||||||
tags: common
|
data:
|
||||||
ignore_errors: True
|
apache_upgrade:
|
||||||
register: zaqar_enabled
|
get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
|
||||||
- name: "PreUpgrade step0,validation: Check if openstack-zaqar is running"
|
zaqar_upgrade:
|
||||||
shell: >
|
- name: Check if zaqar is deployed
|
||||||
/usr/bin/systemctl show 'openstack-zaqar' --property ActiveState |
|
command: systemctl is-enabled openstack-zaqar
|
||||||
grep '\bactive\b'
|
tags: common
|
||||||
when: zaqar_enabled.rc == 0
|
ignore_errors: True
|
||||||
tags: step0,validation
|
register: zaqar_enabled
|
||||||
- name: Check for zaqar running under apache (post upgrade)
|
- name: "PreUpgrade step0,validation: Check if openstack-zaqar is running"
|
||||||
tags: step1
|
shell: >
|
||||||
shell: "httpd -t -D DUMP_VHOSTS | grep -q zaqar_wsgi"
|
/usr/bin/systemctl show 'openstack-zaqar' --property ActiveState |
|
||||||
register: zaqar_apache
|
grep '\bactive\b'
|
||||||
ignore_errors: true
|
when: zaqar_enabled.rc == 0
|
||||||
- name: Stop zaqar service (running under httpd)
|
tags: step0,validation
|
||||||
tags: step1
|
- name: Check for zaqar running under apache (post upgrade)
|
||||||
service: name=httpd state=stopped
|
tags: step1
|
||||||
when: zaqar_apache.rc == 0
|
shell: "httpd -t -D DUMP_VHOSTS | grep -q zaqar_wsgi"
|
||||||
- name: Stop and disable zaqar service (pre-upgrade not under httpd)
|
register: zaqar_apache
|
||||||
tags: step1
|
ignore_errors: true
|
||||||
when: zaqar_enabled.rc == 0
|
- name: Stop zaqar service (running under httpd)
|
||||||
service: name=openstack-zaqar state=stopped enabled=no
|
tags: step1
|
||||||
- name: Install openstack-zaqar package if it was disabled
|
service: name=httpd state=stopped
|
||||||
tags: step3
|
when: zaqar_apache.rc == 0
|
||||||
yum: name=openstack-zaqar state=latest
|
- name: Stop and disable zaqar service (pre-upgrade not under httpd)
|
||||||
when: zaqar_enabled.rc != 0
|
tags: step1
|
||||||
|
when: zaqar_enabled.rc == 0
|
||||||
|
service: name=openstack-zaqar state=stopped enabled=no
|
||||||
|
- name: Install openstack-zaqar package if it was disabled
|
||||||
|
tags: step3
|
||||||
|
yum: name=openstack-zaqar state=latest
|
||||||
|
when: zaqar_enabled.rc != 0
|
||||||
|
|
Loading…
Reference in New Issue