openstack
/
tripleo-heat-templates
Code Issues Proposed changes

upgrades: deploy mod_ssl when upgrading apache 

1) When Apache is upgraded, install mod_ssl rpm.
   See https://bugs.launchpad.net/tripleo/+bug/1682448
   to understand why we need mod_ssl.

2) All services that run Apache for API will use the snippet from
   Apache service to deploy mod_ssl, so we don't duplicate the code
   in all services. It's using the same mechanism as ovs upgrade to
   compile upgrade_tasks between both services.

Change-Id: Ia2f6fea45c2c09790c49baab19b1efcab25e9a84
Closes-Bug: #1686503
This commit is contained in:
Emilien Macchi 2017-04-26 15:56:41 -04:00
parent 933dd62de3
commit a6041608ca
10 changed files with 150 additions and 95 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
puppet/services/aodh-api.yaml
View File

@ -93,6 +93,12 @@ outputs:
metadata_settings: metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings] get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks: upgrade_tasks:
- name: Stop aodh_api service (running under httpd) yaql:
tags: step1 expression: $.data.apache_upgrade + $.data.aodh_api_upgrade
service: name=httpd state=stopped data:
apache_upgrade:
get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
aodh_api_upgrade:
- name: Stop aodh_api service (running under httpd)
tags: step1
service: name=httpd state=stopped

3
puppet/services/apache.yaml
View File

@ -112,3 +112,6 @@ outputs:
shell: /usr/bin/systemctl show 'httpd' --property ActiveState | grep '\bactive\b' shell: /usr/bin/systemctl show 'httpd' --property ActiveState | grep '\bactive\b'
when: httpd_enabled.rc == 0 when: httpd_enabled.rc == 0
tags: step0,validation tags: step0,validation
- name: Ensure mod_ssl package is installed
tags: step3
yum: name=mod_ssl state=latest

32
puppet/services/barbican-api.yaml
View File

@ -153,16 +153,22 @@ outputs:
metadata_settings: metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings] get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks: upgrade_tasks:
- name: Check if barbican_api is deployed yaql:
command: systemctl is-enabled openstack-barbican-api expression: $.data.apache_upgrade + $.data.barbican_api_upgrade
tags: common data:
ignore_errors: True apache_upgrade:
register: barbican_api_enabled get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
- name: "PreUpgrade step0,validation: Check service openstack-barbican-api is running" barbican_api_upgrade:
shell: /usr/bin/systemctl show 'openstack-barbican-api' --property ActiveState | grep '\bactive\b' - name: Check if barbican_api is deployed
when: barbican_api_enabled.rc == 0 command: systemctl is-enabled openstack-barbican-api
tags: step0,validation tags: common
- name: Install openstack-barbican-api package if it was disabled ignore_errors: True
tags: step3 register: barbican_api_enabled
yum: name=openstack-barbican-api state=latest - name: "PreUpgrade step0,validation: Check service openstack-barbican-api is running"
when: barbican_api_enabled.rc != 0 shell: /usr/bin/systemctl show 'openstack-barbican-api' --property ActiveState | grep '\bactive\b'
when: barbican_api_enabled.rc == 0
tags: step0,validation
- name: Install openstack-barbican-api package if it was disabled
tags: step3
yum: name=openstack-barbican-api state=latest
when: barbican_api_enabled.rc != 0

12
puppet/services/ceilometer-api.yaml
View File

@ -100,6 +100,12 @@ outputs:
metadata_settings: metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings] get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks: upgrade_tasks:
- name: Stop ceilometer_api service (running under httpd) yaql:
tags: step1 expression: $.data.apache_upgrade + $.data.ceilometer_api_upgrade
service: name=httpd state=stopped data:
apache_upgrade:
get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
ceilometer_api_upgrade:
- name: Stop ceilometer_api service (running under httpd)
tags: step1
service: name=httpd state=stopped

50
puppet/services/cinder-api.yaml
View File

@ -159,25 +159,31 @@ outputs:
metadata_settings: metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings] get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks: upgrade_tasks:
- name: Check if cinder_api is deployed yaql:
command: systemctl is-enabled openstack-cinder-api expression: $.data.apache_upgrade + $.data.cinder_api_upgrade
tags: common data:
ignore_errors: True apache_upgrade:
register: cinder_api_enabled get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
- name: "PreUpgrade step0,validation: Check service openstack-cinder-api is running" cinder_api_upgrade:
shell: /usr/bin/systemctl show 'openstack-cinder-api' --property ActiveState | grep '\bactive\b' - name: Check if cinder_api is deployed
when: cinder_api_enabled.rc == 0 command: systemctl is-enabled openstack-cinder-api
tags: step0,validation tags: common
- name: check for cinder running under apache (post upgrade) ignore_errors: True
tags: step1 register: cinder_api_enabled
shell: "httpd -t -D DUMP_VHOSTS | grep -q cinder" - name: "PreUpgrade step0,validation: Check service openstack-cinder-api is running"
register: cinder_apache shell: /usr/bin/systemctl show 'openstack-cinder-api' --property ActiveState | grep '\bactive\b'
ignore_errors: true when: cinder_api_enabled.rc == 0
- name: Stop cinder_api service (running under httpd) tags: step0,validation
tags: step1 - name: check for cinder running under apache (post upgrade)
service: name=httpd state=stopped tags: step1
when: cinder_apache.rc == 0 shell: "httpd -t -D DUMP_VHOSTS | grep -q cinder"
- name: Stop and disable cinder_api service (pre-upgrade not under httpd) register: cinder_apache
tags: step1 ignore_errors: true
when: cinder_api_enabled.rc == 0 - name: Stop cinder_api service (running under httpd)
service: name=openstack-cinder-api state=stopped enabled=no tags: step1
service: name=httpd state=stopped
when: cinder_apache.rc == 0
- name: Stop and disable cinder_api service (pre-upgrade not under httpd)
tags: step1
when: cinder_api_enabled.rc == 0
service: name=openstack-cinder-api state=stopped enabled=no

12
puppet/services/gnocchi-api.yaml
View File

@ -133,6 +133,12 @@ outputs:
metadata_settings: metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings] get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks: upgrade_tasks:
- name: Stop gnocchi_api service (running under httpd) yaql:
tags: step1 expression: $.data.apache_upgrade + $.data.gnocchi_api_upgrade
service: name=httpd state=stopped data:
apache_upgrade:
get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
gnocchi_api_upgrade:
- name: Stop gnocchi_api service (running under httpd)
tags: step1
service: name=httpd state=stopped

15
puppet/services/keystone.yaml
View File

@ -339,10 +339,15 @@ outputs:
horizon::keystone_multidomain_support: true horizon::keystone_multidomain_support: true
horizon::keystone_default_domain: 'Default' horizon::keystone_default_domain: 'Default'
- {} - {}
# Ansible tasks to handle upgrade
upgrade_tasks:
- name: Stop keystone service (running under httpd)
tags: step1
service: name=httpd state=stopped
metadata_settings: metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings] get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks:
yaql:
expression: $.data.apache_upgrade + $.data.keystone_upgrade
data:
apache_upgrade:
get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
keystone_upgrade:
- name: Stop keystone service (running under httpd)
tags: step1
service: name=httpd state=stopped

42
puppet/services/panko-api.yaml
View File

@ -92,21 +92,27 @@ outputs:
metadata_settings: metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings] get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks: upgrade_tasks:
- name: Check if httpd is deployed yaql:
command: systemctl is-enabled httpd expression: $.data.apache_upgrade + $.data.panko_api_upgrade
tags: common data:
ignore_errors: True apache_upgrade:
register: httpd_enabled get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
- name: "PreUpgrade step0,validation: Check if httpd is running" panko_api_upgrade:
shell: > - name: Check if httpd is deployed
/usr/bin/systemctl show 'httpd' --property ActiveState | command: systemctl is-enabled httpd
grep '\bactive\b' tags: common
when: httpd_enabled.rc == 0 ignore_errors: True
tags: step0,validation register: httpd_enabled
- name: Stop panko-api service (running under httpd) - name: "PreUpgrade step0,validation: Check if httpd is running"
tags: step1 shell: >
service: name=httpd state=stopped /usr/bin/systemctl show 'httpd' --property ActiveState |
when: httpd_enabled.rc == 0 grep '\bactive\b'
- name: Install openstack-panko-api package if it was not installed when: httpd_enabled.rc == 0
tags: step3 tags: step0,validation
yum: name=openstack-panko-api state=latest - name: Stop panko-api service (running under httpd)
tags: step1
service: name=httpd state=stopped
when: httpd_enabled.rc == 0
- name: Install openstack-panko-api package if it was not installed
tags: step3
yum: name=openstack-panko-api state=latest

5
puppet/services/releasenotes/notes/mod_ssl-e7fd4db71189242e.yaml Normal file
View File

@ -0,0 +1,5 @@
---
upgrade:
- When a service is deployed in WSGI with Apache, make sure mode_ssl
package is deployed during the upgrade process, it's now required
by default so Apache can start properly.

62
puppet/services/zaqar.yaml
View File

@ -105,31 +105,37 @@ outputs:
step_config: | step_config: |
include ::tripleo::profile::base::zaqar include ::tripleo::profile::base::zaqar
upgrade_tasks: upgrade_tasks:
- name: Check if zaqar is deployed yaql:
command: systemctl is-enabled openstack-zaqar expression: $.data.apache_upgrade + $.data.zaqar_upgrade
tags: common data:
ignore_errors: True apache_upgrade:
register: zaqar_enabled get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
- name: "PreUpgrade step0,validation: Check if openstack-zaqar is running" zaqar_upgrade:
shell: > - name: Check if zaqar is deployed
/usr/bin/systemctl show 'openstack-zaqar' --property ActiveState | command: systemctl is-enabled openstack-zaqar
grep '\bactive\b' tags: common
when: zaqar_enabled.rc == 0 ignore_errors: True
tags: step0,validation register: zaqar_enabled
- name: Check for zaqar running under apache (post upgrade) - name: "PreUpgrade step0,validation: Check if openstack-zaqar is running"
tags: step1 shell: >
shell: "httpd -t -D DUMP_VHOSTS | grep -q zaqar_wsgi" /usr/bin/systemctl show 'openstack-zaqar' --property ActiveState |
register: zaqar_apache grep '\bactive\b'
ignore_errors: true when: zaqar_enabled.rc == 0
- name: Stop zaqar service (running under httpd) tags: step0,validation
tags: step1 - name: Check for zaqar running under apache (post upgrade)
service: name=httpd state=stopped tags: step1
when: zaqar_apache.rc == 0 shell: "httpd -t -D DUMP_VHOSTS | grep -q zaqar_wsgi"
- name: Stop and disable zaqar service (pre-upgrade not under httpd) register: zaqar_apache
tags: step1 ignore_errors: true
when: zaqar_enabled.rc == 0 - name: Stop zaqar service (running under httpd)
service: name=openstack-zaqar state=stopped enabled=no tags: step1
- name: Install openstack-zaqar package if it was disabled service: name=httpd state=stopped
tags: step3 when: zaqar_apache.rc == 0
yum: name=openstack-zaqar state=latest - name: Stop and disable zaqar service (pre-upgrade not under httpd)
when: zaqar_enabled.rc != 0 tags: step1
when: zaqar_enabled.rc == 0
service: name=openstack-zaqar state=stopped enabled=no
- name: Install openstack-zaqar package if it was disabled
tags: step3
yum: name=openstack-zaqar state=latest
when: zaqar_enabled.rc != 0