openstack/tripleo-heat-templates
Code Issues Proposed changes
dedef90750
tripleo-heat-templates/puppet/services/glance-api.yaml
Emilien Macchi 7c84a9b390 upgrades/validation: only run validation when services exist 
During upgrades, validation test if a service is running before the
upgrade process starts.
In some cases, servies doesn't exist yet so we don't want to run the
validation.

This patch makes sure we check if the service is actually present on the
system before validating it's running correctly.

Also it makes sure that services are enabled before trying to stop them.
It allows use-cases where we want to add new services during an upgrade.
Also install new packages of services added in Ocata, so we can validate
upgrades on scenarios jobs.

Change-Id: Ib48fb6b1557be43956557cbde4cbe26b53a50bd8
2017-03-01 19:49:00 +00:00

163 lines
6.4 KiB
YAML
Raw Blame History

heat_template_version: ocata
description: >
OpenStack Glance API service configured with Puppet
parameters:
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
Debug:
default: ''
description: Set to True to enable debugging on all services.
type: string
GlancePassword:
description: The password for the glance service and db account, used by the glance services.
type: string
hidden: true
GlanceWorkers:
default: ''
description: |
Number of API worker processes for Glance. If left unset (empty string), the
default value will result in the configuration being left unset and a
system-dependent default value will be chosen (e.g.: number of
processors). Please note that this will create a large number of
processes on systems with a large number of CPUs resulting in excess
memory consumption. It is recommended that a suitable non-default value
be selected on such systems.
type: string
MonitoringSubscriptionGlanceApi:
default: 'overcloud-glance-api'
type: string
GlanceApiLoggingSource:
type: json
default:
tag: openstack.glance.api
path: /var/log/glance/api.log
EnableInternalTLS:
type: boolean
default: false
conditions:
use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
resources:
TLSProxyBase:
type: OS::TripleO::Services::TLSProxyBase
properties:
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
EnableInternalTLS: {get_param: EnableInternalTLS}
GlanceBase:
type: ./glance-base.yaml
properties:
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
description: Role data for the Glance API role.
value:
service_name: glance_api
monitoring_subscription: {get_param: MonitoringSubscriptionGlanceApi}
logging_source: {get_param: GlanceApiLoggingSource}
logging_groups:
- glance
config_settings:
map_merge:
- get_attr: [GlanceBase, role_data, config_settings]
- get_attr: [TLSProxyBase, role_data, config_settings]
- glance::api::database_connection:
list_join:
- ''
- - {get_param: [EndpointMap, MysqlInternal, protocol]}
- '://glance:'
- {get_param: GlancePassword}
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/glance'
- '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
glance::api::bind_port: {get_param: [EndpointMap, GlanceInternal, port]}
glance::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
glance::api::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
glance::api::enable_v1_api: false
glance::api::enable_v2_api: true
glance::api::authtoken::password: {get_param: GlancePassword}
glance::api::enable_proxy_headers_parsing: true
glance::api::debug: {get_param: Debug}
glance::api::workers: {get_param: GlanceWorkers}
tripleo.glance_api.firewall_rules:
'112 glance_api':
dport:
- 9292
- 13292
glance::api::authtoken::project_name: 'service'
glance::api::pipeline: 'keystone'
glance::api::show_image_direct_url: true
# NOTE: bind IP is found in Heat replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
tripleo::profile::base::glance::api::tls_proxy_bind_ip:
get_param: [ServiceNetMap, GlanceApiNetwork]
tripleo::profile::base::glance::api::tls_proxy_fqdn:
str_replace:
template:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, GlanceApiNetwork]}
tripleo::profile::base::glance::api::tls_proxy_port:
get_param: [EndpointMap, GlanceInternal, port]
# Bind to localhost if internal TLS is enabled, since we put a TLs
# proxy in front.
glance::api::bind_host:
if:
- use_tls_proxy
- 'localhost'
- {get_param: [ServiceNetMap, GlanceApiNetwork]}
step_config: |
include ::tripleo::profile::base::glance::api
service_config_settings:
get_attr: [GlanceBase, role_data, service_config_settings]
upgrade_tasks:
- name: Check if glance_api is deployed
command: systemctl is-enabled openstack-glance-api
tags: common
ignore_errors: True
register: glance_api_enabled
#(TODO) Remove all glance-registry bits in Pike.
- name: Check if glance_registry is deployed
command: systemctl is-enabled openstack-glance-registry
tags: common
ignore_errors: True
register: glance_registry_enabled
- name: "PreUpgrade step0,validation: Check service openstack-glance-api is running"
shell: /usr/bin/systemctl show 'openstack-glance-api' --property ActiveState | grep '\bactive\b'
tags: step0,validation
when: glance_api_enabled.rc == 0
- name: Stop glance_api service
tags: step1
when: glance_api_enabled.rc == 0
service: name=openstack-glance-api state=stopped
- name: Stop and disable glance registry (removed for Ocata)
tags: step1
when: glance_registry_enabled.rc == 0
service: name=openstack-glance-registry state=stopped enabled=no
View Git Blame Copy Permalink