Merge "[REFACTOR] Implement X.509 auth for MySQL and Cinder"
diff --git a/README.rst b/README.rst
index 7c2787f..3a081dc 100644
--- a/README.rst
+++ b/README.rst
@@ -440,6 +440,7 @@
ceph_backend:
type_name: standard-iops
backend: ceph_backend
+ backend_host: ceph
pool: volumes
engine: ceph
user: cinder
@@ -795,6 +796,66 @@
You can read more about it here:
https://docs.openstack.org/security-guide/databases/database-access-control.html
+Upgrades
+========
+
+Each openstack formula provide set of phases (logical bloks) that will help to
+build flexible upgrade orchestration logic for particular components. The list
+of phases and theirs descriptions are listed in table below:
+
++-------------------------------+------------------------------------------------------+
+| State | Description |
++===============================+======================================================+
+| <app>.upgrade.service_running | Ensure that all services for particular application |
+| | are enabled for autostart and running |
++-------------------------------+------------------------------------------------------+
+| <app>.upgrade.service_stopped | Ensure that all services for particular application |
+| | disabled for autostart and dead |
++-------------------------------+------------------------------------------------------+
+| <app>.upgrade.pkgs_latest | Ensure that packages used by particular application |
+| | are installed to latest available version. |
+| | This will not upgrade data plane packages like qemu |
+| | and openvswitch as usually minimal required version |
+| | in openstack services is really old. The data plane |
+| | packages should be upgraded separately by `apt-get |
+| | upgrade` or `apt-get dist-upgrade` |
+| | Applying this state will not autostart service. |
++-------------------------------+------------------------------------------------------+
+| <app>.upgrade.render_config | Ensure configuration is rendered actual version. +
++-------------------------------+------------------------------------------------------+
+| <app>.upgrade.pre | We assume this state is applied on all nodes in the |
+| | cloud before running upgrade. |
+| | Only non destructive actions will be applied during |
+| | this phase. Perform service built in service check |
+| | like (keystone-manage doctor and nova-status upgrade)|
++-------------------------------+------------------------------------------------------+
+| <app>.upgrade.upgrade.pre | Mostly applicable for data plane nodes. During this |
+| | phase resources will be gracefully removed from |
+| | current node if it is allowed. Services for upgraded |
+| | application will be set to admin disabled state to |
+| | make sure node will not participate in resources |
+| | scheduling. For example on gtw nodes this will set |
+| | all agents to admin disable state and will move all |
+| | routers to other agents. |
++-------------------------------+------------------------------------------------------+
+| <app>.upgrade.upgrade | This state will basically upgrade application on |
+| | particular target. Stop services, render |
+| | configuration, install new packages, run offline |
+| | dbsync (for ctl), start services. Data plane should |
+| | not be affected, only OpenStack python services. |
++-------------------------------+------------------------------------------------------+
+| <app>.upgrade.upgrade.post | Add services back to scheduling. |
++-------------------------------+------------------------------------------------------+
+| <app>.upgrade.post | This phase should be launched only when upgrade of |
+| | the cloud is completed. Cleanup temporary files, |
+| | perform other post upgrade tasks. |
++-------------------------------+------------------------------------------------------+
+| <app>.upgrade.verify | Here we will do basic health checks (API CRUD |
+| | operations, verify do not have dead network |
+| | agents/compute services) |
++-------------------------------+------------------------------------------------------+
+
+
**Documentation and bugs**
======================
* http://salt-formulas.readthedocs.io/
diff --git a/cinder/files/backend/_ceph.conf b/cinder/files/backend/_ceph.conf
index 41f8fa1..75c7dd6 100644
--- a/cinder/files/backend/_ceph.conf
+++ b/cinder/files/backend/_ceph.conf
@@ -1,10 +1,6 @@
[{{ backend_name }}]
-{%- if backend.get('backend_host', False) %}
-backend_host={{ backend.backend_host }}
-{%- else %}
-host={{ backend.get('host', grains.host) }}
-{%- endif %}
+backend_host={{ backend.get('backend_host', backend.get('host', grains.host)) }}
volume_backend_name={{ backend_name }}
volume_driver = cinder.volume.drivers.rbd.RBDDriver
#
diff --git a/cinder/files/pike/cinder.conf.controller.Debian b/cinder/files/pike/cinder.conf.controller.Debian
index 4a5ead5..5501ae8 100644
--- a/cinder/files/pike/cinder.conf.controller.Debian
+++ b/cinder/files/pike/cinder.conf.controller.Debian
@@ -94,6 +94,10 @@
volumes_dir = /var/lib/cinder/volumes
log_dir=/var/log/cinder
+{%- if controller.logging.log_appender %}
+log_config_append=/etc/cinder/logging.conf
+{%- endif %}
+
# Use syslog for logging. (boolean value)
#use_syslog=false
diff --git a/cinder/map.jinja b/cinder/map.jinja
index 79dff75..18050cf 100644
--- a/cinder/map.jinja
+++ b/cinder/map.jinja
@@ -77,7 +77,11 @@
'BaseDefaults': default_params,
'Debian': {
'pkgs': ['cinder-volume', 'lvm2', 'sysfsutils', 'sg3-utils', 'python-cinder','python-mysqldb','p7zip', 'gettext-base', 'python-memcache', 'python-pycadf'],
+ 'openiscsi_pkgs': ['open-iscsi', 'tgt'],
+ 'iscsitarget_pkgs': ['iscsitarget', 'iscsitarget-dkms'],
'services': ['cinder-volume'],
+ 'iscsitarget_services': ['iscsitarget'],
+ 'openiscsi_services': ['open-iscsi', 'tgt', 'iscsid'],
'wipe_method': 'none',
'notification': False,
'audit': {
@@ -106,6 +110,10 @@
},
'RedHat': {
'pkgs': ['openstack-cinder', 'python-cinder', 'lvm2', 'sysfsutils', 'sg3_utils', 'device-mapper-multipath', 'device-mapper-multipath-libs', 'python-pycadf'],
+ 'iscsitarget_pkgs': ['iscsitarget', 'iscsitarget-dkms'],
+ 'openiscsi_pkgs': ['open-iscsi', 'tgt'],
+ 'iscsitarget_services': ['iscsitarget'],
+ 'openiscsi_services': ['open-iscsi', 'tgt', 'iscsid'],
'services': ['openstack-cinder-volume'],
'wipe_method': 'none',
'notification': False,
diff --git a/cinder/upgrade/post/init.sls b/cinder/upgrade/post/init.sls
index fcad85f..ecd861e 100644
--- a/cinder/upgrade/post/init.sls
+++ b/cinder/upgrade/post/init.sls
@@ -1,3 +1,7 @@
cinder_post:
test.show_notification:
- text: "Running cinder.upgrade.post"
+
+keystone_os_client_config_absent:
+ file.absent:
+ - name: /etc/openstack/clouds.yml
diff --git a/cinder/upgrade/pre/init.sls b/cinder/upgrade/pre/init.sls
index 5dcfa90..21c9efc 100644
--- a/cinder/upgrade/pre/init.sls
+++ b/cinder/upgrade/pre/init.sls
@@ -1,7 +1,14 @@
-include:
- - cinder.upgrade.verify.api
-
-
cinder_pre:
test.show_notification:
- text: "Running cinder.upgrade.pre"
+
+{%- set os_content = salt['mine.get']('I@keystone:client:os_client_config:enabled:true', 'keystone_os_client_config', 'compound').values()[0] %}
+keystone_os_client_config:
+ file.managed:
+ - name: /etc/openstack/clouds.yml
+ - contents: |
+ {{ os_content |yaml(False)|indent(8) }}
+ - user: 'root'
+ - group: 'root'
+ - makedirs: True
+ - unless: test -f /etc/openstack/clouds.yml
diff --git a/cinder/upgrade/upgrade/init.sls b/cinder/upgrade/upgrade/init.sls
index 2a84a9a..7dc157a 100644
--- a/cinder/upgrade/upgrade/init.sls
+++ b/cinder/upgrade/upgrade/init.sls
@@ -3,8 +3,10 @@
- text: "Running cinder.upgrade.upgrade"
include:
+ - cinder.upgrade.upgrade.pre
- cinder.upgrade.service_stopped
- cinder.upgrade.pkgs_latest
- cinder.upgrade.render_config
- cinder.db.offline_sync
- cinder.upgrade.service_running
+ - cinder.upgrade.upgrade.post
diff --git a/cinder/upgrade/upgrade/post.sls b/cinder/upgrade/upgrade/post.sls
new file mode 100644
index 0000000..940a957
--- /dev/null
+++ b/cinder/upgrade/upgrade/post.sls
@@ -0,0 +1,3 @@
+cinder_upgrade_uprade_post:
+ test.show_notification:
+ - text: "Running cinder.upgrade.upgrade.post"
diff --git a/cinder/upgrade/upgrade/pre.sls b/cinder/upgrade/upgrade/pre.sls
new file mode 100644
index 0000000..2892843
--- /dev/null
+++ b/cinder/upgrade/upgrade/pre.sls
@@ -0,0 +1,3 @@
+cinder_upgrade_upgrade_pre:
+ test.show_notification:
+ - text: "Running cinder.upgrade.upgrade.pre"
diff --git a/cinder/upgrade/verify/api.sls b/cinder/upgrade/verify/_api.sls
similarity index 100%
rename from cinder/upgrade/verify/api.sls
rename to cinder/upgrade/verify/_api.sls
diff --git a/cinder/upgrade/verify/init.sls b/cinder/upgrade/verify/init.sls
new file mode 100644
index 0000000..5b7aa99
--- /dev/null
+++ b/cinder/upgrade/verify/init.sls
@@ -0,0 +1,2 @@
+include:
+ - cinder.upgrade.verify._api
diff --git a/cinder/volume.sls b/cinder/volume.sls
index e902832..b8b26de 100644
--- a/cinder/volume.sls
+++ b/cinder/volume.sls
@@ -193,14 +193,29 @@
{%- endif %}
-{%- if backend.engine in ['iscsi' , 'hp_lefthand'] %}
+{%- if backend.engine in ['lvm'] %}
+
+cinder_openiscsi_packages_{{ loop.index }}:
+ pkg.installed:
+ - names: {{ volume.openiscsi_pkgs }}
+ - require:
+ - pkg: cinder_volume_packages
+
+cinder_openiscsi_service:
+ service.running:
+ - names: {{ volume.openiscsi_services }}
+ - enable: true
+ {%- if grains.get('noservices') %}
+ - onlyif: /bin/false
+ {%- endif %}
+ - require:
+ - pkg: cinder_openiscsi_packages_{{ loop.index }}
+
+{%- elif backend.engine in ['iscsi' , 'hp_lefthand'] %}
cinder_iscsi_packages_{{ loop.index }}:
pkg.installed:
- - names:
- - iscsitarget
- - open-iscsi
- - iscsitarget-dkms
+ - names: {{ volume.iscsitarget_pkgs + volume.openiscsi_pkgs }}
- require:
- pkg: cinder_volume_packages
@@ -213,9 +228,7 @@
cinder_scsi_service:
service.running:
- - names:
- - iscsitarget
- - open-iscsi
+ - names: {{ volume.iscsitarget_services + volume.openiscsi_services }}
- enable: true
{%- if grains.get('noservices') %}
- onlyif: /bin/false
diff --git a/tests/pillar/ceph_single.sls b/tests/pillar/ceph_single.sls
index 761943b..c12365b 100644
--- a/tests/pillar/ceph_single.sls
+++ b/tests/pillar/ceph_single.sls
@@ -4,6 +4,7 @@
version: liberty
backend:
ceph_backend:
+ backend_host: ceph
type_name: standard-iops
backend: ceph_backend
pool: volumes
@@ -58,6 +59,7 @@
version: liberty
backend:
ceph_backend:
+ backend_host: ceph
type_name: standard-iops
backend: ceph_backend
pool: volumes