Skip to content

Commit 552a5c5

Browse files
bbezakbbezak
authored
Merge pull request #182 from stackhpc/stable/wallaby
sync stackhpc/wallaby with upstream
2 parents 1818bda + c3461c2 commit 552a5c5

File tree

53 files changed

+377
-189
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

53 files changed

+377
-189
lines changed

ansible/group_vars/all.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -381,6 +381,9 @@ mariadb_clustercheck_port: "4569"
381381
mariadb_monitor_user: "haproxy"
382382
mariadb_default_database_shard_id: 0
383383
mariadb_default_database_shard_hosts: "{% set default_shard = [] %}{% for host in groups['mariadb'] %}{% if hostvars[host]['mariadb_shard_id'] is not defined or hostvars[host]['mariadb_shard_id'] == mariadb_default_database_shard_id %}{{ default_shard.append(host) }}{% endif %}{% endfor %}{{ default_shard }}"
384+
mariadb_shard_id: "{{ mariadb_default_database_shard_id }}"
385+
mariadb_shard_name: "shard_{{ mariadb_shard_id }}"
386+
mariadb_shard_group: "mariadb_{{ mariadb_shard_name }}"
384387
mariadb_loadbalancer: "haproxy"
385388

386389
masakari_api_port: "15868"

ansible/roles/common/tasks/config.yml

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,6 @@
1414
- - service_name: "cron"
1515
paths:
1616
- "cron"
17-
- "cron/logrotate"
1817
- service_name: "fluentd"
1918
paths:
2019
- "fluentd"

ansible/roles/cyborg/templates/cyborg.conf.j2

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@ max_pool_size = {{ database_max_pool_size }}
1818
memcache_security_strategy = ENCRYPT
1919
memcache_secret_key = {{ memcache_secret_key }}
2020
memcache_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_address(host) | put_address_in_context('memcache') }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
21-
auth_uri = {{ keystone_internal_url }}
21+
www_authenticate_uri = {{ keystone_internal_url }}
2222
project_domain_name = {{ default_project_domain_name }}
2323
project_name = service
2424
user_domain_name = {{ default_user_domain_name }}

ansible/roles/haproxy/templates/haproxy_main.cfg.j2

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -17,8 +17,6 @@ global
1717
ssl-default-bind-ciphers DEFAULT:!MEDIUM:!3DES
1818
ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11
1919
tune.ssl.default-dh-param 4096
20-
{% endif %}
21-
{% if kolla_enable_tls_internal | bool or kolla_enable_tls_external | bool %}
2220
ca-base {{ haproxy_backend_cacert_dir }}
2321
{% endif %}
2422

ansible/roles/keystone/defaults/main.yml

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -59,6 +59,7 @@ keystone_services:
5959
- "kolla_logs:/var/log/kolla/"
6060
- "keystone_fernet_tokens:/etc/keystone/fernet-keys"
6161
dimensions: "{{ keystone_fernet_dimensions }}"
62+
healthcheck: "{{ keystone_fernet_healthcheck }}"
6263

6364
####################
6465
# Database
@@ -123,6 +124,19 @@ keystone_ssh_healthcheck:
123124
test: "{% if keystone_ssh_enable_healthchecks | bool %}{{ keystone_ssh_healthcheck_test }}{% else %}NONE{% endif %}"
124125
timeout: "{{ keystone_ssh_healthcheck_timeout }}"
125126

127+
keystone_fernet_enable_healthchecks: "{{ enable_container_healthchecks }}"
128+
keystone_fernet_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
129+
keystone_fernet_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
130+
keystone_fernet_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
131+
keystone_fernet_healthcheck_test: ["CMD-SHELL", "/usr/bin/fernet-healthcheck.sh"]
132+
keystone_fernet_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
133+
keystone_fernet_healthcheck:
134+
interval: "{{ keystone_fernet_healthcheck_interval }}"
135+
retries: "{{ keystone_fernet_healthcheck_retries }}"
136+
start_period: "{{ keystone_fernet_healthcheck_start_period }}"
137+
test: "{% if keystone_fernet_enable_healthchecks | bool %}{{ keystone_fernet_healthcheck_test }}{% else %}NONE{% endif %}"
138+
timeout: "{{ keystone_fernet_healthcheck_timeout }}"
139+
126140
keystone_default_volumes:
127141
- "{{ node_config_directory }}/keystone/:{{ container_config_directory }}/:ro"
128142
- "/etc/localtime:/etc/localtime:ro"

ansible/roles/keystone/tasks/config.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -223,6 +223,7 @@
223223
- { src: "fernet-rotate.sh.j2", dest: "fernet-rotate.sh" }
224224
- { src: "fernet-node-sync.sh.j2", dest: "fernet-node-sync.sh" }
225225
- { src: "fernet-push.sh.j2", dest: "fernet-push.sh" }
226+
- { src: "fernet-healthcheck.sh.j2", dest: "fernet-healthcheck.sh" }
226227
- { src: "id_rsa", dest: "id_rsa" }
227228
- { src: "ssh_config.j2", dest: "ssh_config" }
228229
when:

ansible/roles/keystone/templates/fernet-healthcheck.sh.j2

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
#!/bin/bash
2+
3+
set -o errexit
4+
set -o pipefail
5+
6+
(/usr/bin/fernet-node-sync.sh --check && /usr/bin/fernet-push.sh --check) || exit 1

ansible/roles/keystone/templates/fernet-node-sync.sh.j2

Lines changed: 21 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -3,17 +3,27 @@
33
set -o errexit
44
set -o pipefail
55

6-
# Ensure tokens are populated, check for 0 key which should always exist
7-
n=0
8-
while [ ! -f /etc/keystone/fernet-keys/0 ]; do
9-
if [ $n -lt 10 ]; then
10-
n=$(( n + 1 ))
11-
echo "ERROR: Fernet tokens have not been populated, rechecking in 1 minute"
12-
echo "DEBUG: /etc/keystone/fernet-keys contents:"
13-
ls -l /etc/keystone/fernet-keys/
14-
sleep 60
6+
if [ ! -z "$1" ] && [ "$1" == "--check" ]; then
7+
if [ -f /etc/keystone/fernet-keys/0 ]; then
8+
if [[ $(stat -c %U:%G /etc/keystone/fernet-keys/0) != "keystone:keystone" ]]; then
9+
exit 1
10+
fi
1511
else
16-
echo "CRITICAL: Waited for 10 minutes - failing"
1712
exit 1
1813
fi
19-
done
14+
else
15+
# Ensure tokens are populated, check for 0 key which should always exist
16+
n=0
17+
while [ ! -f /etc/keystone/fernet-keys/0 ]; do
18+
if [ $n -lt 10 ]; then
19+
n=$(( n + 1 ))
20+
echo "ERROR: Fernet tokens have not been populated, rechecking in 1 minute"
21+
echo "DEBUG: /etc/keystone/fernet-keys contents:"
22+
ls -l /etc/keystone/fernet-keys/
23+
sleep 60
24+
else
25+
echo "CRITICAL: Waited for 10 minutes - failing"
26+
exit 1
27+
fi
28+
done
29+
fi

ansible/roles/keystone/templates/fernet-push.sh.j2

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,8 +3,24 @@
33
set -o errexit
44
set -o pipefail
55

6+
if [ ! -z "$1" ] && [ "$1" == "--check" ]; then
7+
{% if groups['keystone'] | length > 1 %}
8+
{% for host in groups['keystone'] %}
9+
{% if inventory_hostname != host %}
10+
/usr/bin/rsync --dry-run -az -e 'ssh -i /var/lib/keystone/.ssh/id_rsa -p {{ hostvars[host]['keystone_ssh_port'] }} -F /var/lib/keystone/.ssh/config' --delete /etc/keystone/fernet-keys/ keystone@{{ 'api' | kolla_address(host) | put_address_in_context('url') }}:/etc/keystone/fernet-keys
11+
{% endif %}
12+
{% endfor %}
13+
{% else %}
14+
echo "No additional keystone-server where fernet keys could be rsynced."
15+
{% endif %}
16+
else
17+
{% if groups['keystone'] | length > 1 %}
618
{% for host in groups['keystone'] %}
719
{% if inventory_hostname != host %}
820
/usr/bin/rsync -az -e 'ssh -i /var/lib/keystone/.ssh/id_rsa -p {{ hostvars[host]['keystone_ssh_port'] }} -F /var/lib/keystone/.ssh/config' --delete /etc/keystone/fernet-keys/ keystone@{{ 'api' | kolla_address(host) | put_address_in_context('url') }}:/etc/keystone/fernet-keys
921
{% endif %}
1022
{% endfor %}
23+
{% else %}
24+
echo "No additional keystone-server where fernet keys could be rsynced."
25+
{% endif %}
26+
fi

ansible/roles/keystone/templates/keystone-fernet.json.j2

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -49,6 +49,12 @@
4949
"dest": "/etc/keystone/{{ keystone_policy_file }}",
5050
"owner": "keystone",
5151
"perm": "0600"
52+
}{% endif %}{% if keystone_fernet_enable_healthchecks | bool %},
53+
{
54+
"source": "{{ container_config_directory }}/fernet-healthcheck.sh",
55+
"dest": "/usr/bin/fernet-healthcheck.sh",
56+
"owner": "root",
57+
"perm": "0755"
5258
}{% endif %}
5359
],
5460
"permissions": [

0 commit comments

Comments
 (0)