d14c56e1b6
Adds a step0 for most services to check that the state is running before continuing with any of the other upgrades steps (these are tagged step0). You can skip this service check by overriding the SkipUpgradeConfigTags parameter as follows: parameter_defaults: SkipUpgradeConfigTags: validation Co-Authored-By: Steven Hardy <shardy@redhat.com> Change-Id: Ie276f153015f671b720b6ed5beaac1b921661909
96 lines
3.4 KiB
YAML
96 lines
3.4 KiB
YAML
heat_template_version: ocata
|
|
|
|
description: >
|
|
HAproxy service configured with Puppet
|
|
|
|
parameters:
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
HAProxyStatsPassword:
|
|
description: Password for HAProxy stats endpoint
|
|
hidden: true
|
|
type: string
|
|
HAProxyStatsUser:
|
|
description: User for HAProxy stats endpoint
|
|
default: admin
|
|
type: string
|
|
HAProxySyslogAddress:
|
|
default: /dev/log
|
|
description: Syslog address where HAproxy will send its log
|
|
type: string
|
|
RedisPassword:
|
|
description: The password for Redis
|
|
type: string
|
|
hidden: true
|
|
MonitoringSubscriptionHaproxy:
|
|
default: 'overcloud-haproxy'
|
|
type: string
|
|
|
|
resources:
|
|
|
|
HAProxyPublicTLS:
|
|
type: OS::TripleO::Services::HAProxyPublicTLS
|
|
properties:
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
EndpointMap: {get_param: EndpointMap}
|
|
|
|
HAProxyInternalTLS:
|
|
type: OS::TripleO::Services::HAProxyInternalTLS
|
|
properties:
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
EndpointMap: {get_param: EndpointMap}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the HAproxy role.
|
|
value:
|
|
service_name: haproxy
|
|
monitoring_subscription: {get_param: MonitoringSubscriptionHaproxy}
|
|
config_settings:
|
|
map_merge:
|
|
- get_attr: [HAProxyPublicTLS, role_data, config_settings]
|
|
- get_attr: [HAProxyInternalTLS, role_data, config_settings]
|
|
- tripleo.haproxy.firewall_rules:
|
|
'107 haproxy stats':
|
|
dport: 1993
|
|
tripleo::haproxy::haproxy_log_address: {get_param: HAProxySyslogAddress}
|
|
tripleo::haproxy::haproxy_stats_user: {get_param: HAProxyStatsUser}
|
|
tripleo::haproxy::haproxy_stats_password: {get_param: HAProxyStatsPassword}
|
|
tripleo::haproxy::redis_password: {get_param: RedisPassword}
|
|
tripleo::profile::base::haproxy::certificates_specs:
|
|
map_merge:
|
|
- get_attr: [HAProxyPublicTLS, role_data, certificates_specs]
|
|
- get_attr: [HAProxyInternalTLS, role_data, certificates_specs]
|
|
step_config: |
|
|
include ::tripleo::profile::base::haproxy
|
|
upgrade_tasks:
|
|
- name: "PreUpgrade step0,validation: Check service haproxy is running"
|
|
shell: /usr/bin/systemctl show 'haproxy' --property ActiveState | grep '\bactive\b'
|
|
tags: step0,validation
|
|
- name: Stop haproxy service
|
|
tags: step1
|
|
service: name=haproxy state=stopped
|
|
- name: Start haproxy service
|
|
tags: step4 # Needed at step 4 for mysql
|
|
service: name=haproxy state=started
|
|
metadata_settings:
|
|
yaql:
|
|
expression: '[].concat(coalesce($.data.internal, []), coalesce($.data.public, []))'
|
|
data:
|
|
public: {get_attr: [HAProxyPublicTLS, role_data, metadata_settings]}
|
|
internal: {get_attr: [HAProxyInternalTLS, role_data, metadata_settings]}
|