Fix redis_tls_proxy
Since we merged the pcs-host patches we erroneously also removed the sidecar container that does the tls stunneling for redis. This is needed to allow the redis master stream the deplications to its slaves via TLS. Tested this and we now correctly get the working container and cluster state: [root@controller-0 ~]# podman ps -a |grep redis 4182a78811a2 undercloud-0.ctlplane.redhat.local:8787/openstack-redis:16.2_20210218.1-hotfixupdate2 /bin/bash /usr/lo... 3 minutes ago Up 3 minutes ago redis-bundle-podman-0 604a086bb53c undercloud-0.ctlplane.redhat.local:8787/openstack-redis:16.2_20210218.1-hotfixupdate2 kolla_start 8 minutes ago Up 8 minutes ago redis_tls_proxy [root@controller-0 ~]# pcs status |grep redis * GuestOnline: [ galera-bundle-0@database-1 galera-bundle-1@database-2 galera-bundle-2@database-0 ovn-dbs-bundle-0@controller-0 ovn-dbs-bundle-1@controller-1 ovn-dbs-bundle-2@controller-2 rabbitmq-bundle-0@messaging-0 rabbitmq-bundle-1@messaging-1 rabbitmq-bundle-2@messaging-2 redis-bundle-0@controller-0 redis-bundle-1@controller-1 redis-bundle-2@controller-2 ] * Container bundle set: redis-bundle [cluster.common.tag/openstack-redis:pcmklatest]: * redis-bundle-0 (ocf:💓redis): Master controller-0 * redis-bundle-1 (ocf:💓redis): Slave controller-1 * redis-bundle-2 (ocf:💓redis): Slave controller-2 We also move the redis_tls_proxy from step_2/start_order: 3 to step_1 since it actually makes sense to have it run before we start the redis pcmk bundle at step 2 (i.e. so the slave replica can work right away from the start). Closes-Bug: #1916873 Change-Id: I44df0ee32e5c35b87f74bdb75dcb384496dfb6ab
This commit is contained in:
parent
8872de03e3
commit
badc6bc1ed
@ -220,6 +220,28 @@ outputs:
|
|||||||
perm: '0600'
|
perm: '0600'
|
||||||
optional: true
|
optional: true
|
||||||
container_config_scripts: {get_attr: [ContainersCommon, container_config_scripts]}
|
container_config_scripts: {get_attr: [ContainersCommon, container_config_scripts]}
|
||||||
|
docker_config:
|
||||||
|
step_1:
|
||||||
|
if:
|
||||||
|
- internal_tls_enabled
|
||||||
|
- redis_tls_proxy:
|
||||||
|
start_order: 0
|
||||||
|
image: {get_param: ContainerRedisImage}
|
||||||
|
net: host
|
||||||
|
user: root
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
list_concat:
|
||||||
|
- {get_attr: [ContainersCommon, volumes]}
|
||||||
|
-
|
||||||
|
- /var/lib/kolla/config_files/redis_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro
|
||||||
|
- /var/lib/config-data/puppet-generated/redis:/var/lib/kolla/config_files/src:ro
|
||||||
|
- /etc/pki/tls/certs/redis.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/redis.crt:ro
|
||||||
|
- /etc/pki/tls/private/redis.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/redis.key:ro
|
||||||
|
- /var/lib/container-config-scripts/wait-port-and-run.sh:/wait-port-and-run.sh:ro
|
||||||
|
environment:
|
||||||
|
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
|
||||||
|
- {}
|
||||||
metadata_settings:
|
metadata_settings:
|
||||||
get_attr: [RedisBase, role_data, metadata_settings]
|
get_attr: [RedisBase, role_data, metadata_settings]
|
||||||
host_prep_tasks:
|
host_prep_tasks:
|
||||||
|
Loading…
Reference in New Issue
Block a user