Merge "Fix example pillar in readme"
diff --git a/heat/map.jinja b/heat/map.jinja
index fe301a4..7da9bdb 100644
--- a/heat/map.jinja
+++ b/heat/map.jinja
@@ -71,3 +71,5 @@
'endpoint_failed_major_threshold': 0.5,
},
}, grain='os_family', merge=salt['pillar.get']('heat:monitoring')) %}
+
+{% set upgrade = pillar.get('heat', {}).get('upgrade', {}) %}
diff --git a/heat/meta/salt.yml b/heat/meta/salt.yml
index eff9d22..ba339ba 100644
--- a/heat/meta/salt.yml
+++ b/heat/meta/salt.yml
@@ -12,3 +12,8 @@
client:
priority: 720
+orchestration:
+ upgrade:
+ applications:
+ heat:
+ priority: 1250
diff --git a/heat/server.sls b/heat/server.sls
index 266d5fb..775d562 100644
--- a/heat/server.sls
+++ b/heat/server.sls
@@ -14,6 +14,8 @@
file.managed:
- source: salt://heat/files/{{ server.version }}/heat.conf.{{ grains.os_family }}
- template: jinja
+ - mode: 0640
+ - group: heat
- require:
- pkg: heat_server_packages
- require_in:
@@ -23,6 +25,8 @@
file.managed:
- source: salt://heat/files/{{ server.version }}/api-paste.ini
- template: jinja
+ - mode: 0640
+ - group: heat
- require:
- pkg: heat_server_packages
@@ -55,7 +59,8 @@
- name: /etc/heat/logging.conf
- source: salt://oslo_templates/files/logging/_logging.conf
- template: jinja
- - user: heat
+ - mode: 0640
+ - user: root
- group: heat
- defaults:
service_name: heat
@@ -82,7 +87,8 @@
- source: salt://oslo_templates/files/logging/_logging.conf
- template: jinja
- makedirs: True
- - user: heat
+ - mode: 0640
+ - user: root
- group: heat
- defaults:
service_name: {{ service_name }}
@@ -218,4 +224,14 @@
- file: /etc/heat/heat.conf
{%- endif %}
+correct_file_permissions_heat:
+ cmd.run:
+ - name: find /etc/heat -type f \( \! -perm 640 -o \! -user root -o \! -group heat \) -execdir chmod 640 {} + -execdir chown root:heat {} +
+ - onlyif: find /etc/heat -type f \( \! -perm 640 -o \! -user root -o \! -group heat \) -printf found | grep -q found
+
+correct_dir_permissions_heat:
+ cmd.run:
+ - name: find /etc/heat -type d \( \! -perm 750 -o \! -user root -o \! -group heat \) -execdir chmod 750 {} + -execdir chown root:heat {} +
+ - onlyif: find /etc/heat -type d \( \! -perm 750 -o \! -user root -o \! -group heat \) -printf found | grep -q found
+
{%- endif %}
diff --git a/heat/upgrade/pkgs_latest.sls b/heat/upgrade/pkgs_latest.sls
new file mode 100644
index 0000000..5b8e0e4
--- /dev/null
+++ b/heat/upgrade/pkgs_latest.sls
@@ -0,0 +1,38 @@
+{%- from "heat/map.jinja" import server, client, upgrade with context %}
+
+heat_task_pkgs_latest:
+ test.show_notification:
+ - name: "dump_message_pkgs_latest"
+ - text: "Running heat.upgrade.pkgs_latest"
+
+policy-rc.d_present:
+ file.managed:
+ - name: /usr/sbin/policy-rc.d
+ - mode: 755
+ - contents: |
+ #!/bin/sh
+ exit 101
+
+{%- set pkgs = [] %}
+{%- if server.get('enabled', false) %}
+ {%- do pkgs.extend(server.pkgs) %}
+{%- endif %}
+{%- if client.get('enabled', false) %}
+ {%- do pkgs.extend(client.pkgs) %}
+{%- endif %}
+
+{%- if server.version in ["juno", "kilo", "liberty", "mitaka", "newton", "ocata", "pike"] %}
+ {%- do pkgs.append('heat-api-cloudwatch') %}
+{%- endif %}
+
+heat_packages:
+ pkg.latest:
+ - names: {{ pkgs|unique }}
+ - require:
+ - file: policy-rc.d_present
+ - require_in:
+ - file: policy-rc.d_absent
+
+policy-rc.d_absent:
+ file.absent:
+ - name: /usr/sbin/policy-rc.d
diff --git a/heat/upgrade/post/init.sls b/heat/upgrade/post/init.sls
new file mode 100644
index 0000000..a74a5fa
--- /dev/null
+++ b/heat/upgrade/post/init.sls
@@ -0,0 +1,4 @@
+heat_post:
+ test.show_notification:
+ - name: "dump_post-upgrade_message_heat"
+ - text: "Running heat.upgrade.post"
diff --git a/heat/upgrade/pre/init.sls b/heat/upgrade/pre/init.sls
new file mode 100644
index 0000000..675f796
--- /dev/null
+++ b/heat/upgrade/pre/init.sls
@@ -0,0 +1,7 @@
+include:
+ - heat.upgrade.verify.api
+
+heat_pre:
+ test.show_notification:
+ - name: "dump_message_pre-upgrade_heat"
+ - text: "Running heat.upgrade.pre"
diff --git a/heat/upgrade/render_config.sls b/heat/upgrade/render_config.sls
new file mode 100644
index 0000000..f297250
--- /dev/null
+++ b/heat/upgrade/render_config.sls
@@ -0,0 +1,15 @@
+{%- from "heat/map.jinja" import server, upgrade with context %}
+
+heat_render_config:
+ test.show_notification:
+ - name: "dump_message_render_config_heat"
+ - text: "Running heat.upgrade.render_config"
+
+{%- if server.get('enabled', False) %}
+
+/etc/heat/heat.conf:
+ file.managed:
+ - source: salt://heat/files/{{ server.version }}/heat.conf.{{ grains.os_family }}
+ - template: jinja
+
+{%- endif %}
diff --git a/heat/upgrade/service_running.sls b/heat/upgrade/service_running.sls
new file mode 100644
index 0000000..e3021e5
--- /dev/null
+++ b/heat/upgrade/service_running.sls
@@ -0,0 +1,16 @@
+{%- from "heat/map.jinja" import server with context %}
+
+heat_task_service_running:
+ test.show_notification:
+ - name: "dump_message_service_running_heat"
+ - text: "Running heat.upgrade.service_running"
+
+{%- if server.get('enabled', false) %}
+
+ {%- for hservice in server.services %}
+heat_server_service_{{ hservice }}:
+ service.running:
+ - name: {{ hservice }}
+ - enable: true
+ {%- endfor %}
+{%- endif %}
diff --git a/heat/upgrade/service_stopped.sls b/heat/upgrade/service_stopped.sls
new file mode 100644
index 0000000..14348bf
--- /dev/null
+++ b/heat/upgrade/service_stopped.sls
@@ -0,0 +1,19 @@
+{%- from "heat/map.jinja" import server, upgrade with context %}
+
+heat_task_service_stopped:
+ test.show_notification:
+ - name: "dump_message_service_stopped_heat"
+ - text: "Running heat.upgrade.service_stopped"
+
+{%- if server.get('enabled', false) %}
+
+{%- if upgrade.get('old_release', {}) in ["juno", "kilo", "liberty", "mitaka", "newton", "ocata", "pike"] %}
+ {%- do server.services.append('heat-api-cloudwatch') %}
+{%- endif %}
+
+heat_server_services_stopped:
+ service.dead:
+ - names: {{ server.services }}
+ - enable: false
+
+{%- endif %}
diff --git a/heat/upgrade/upgrade/init.sls b/heat/upgrade/upgrade/init.sls
new file mode 100644
index 0000000..0cd62a4
--- /dev/null
+++ b/heat/upgrade/upgrade/init.sls
@@ -0,0 +1,13 @@
+{%- from "heat/map.jinja" import server with context %}
+
+heat_upgrade:
+ test.show_notification:
+ - name: "dump_message_upgrade_heat"
+ - text: "Running heat.upgrade.upgrade"
+
+include:
+ - heat.upgrade.service_stopped
+ - heat.upgrade.pkgs_latest
+ - heat.upgrade.render_config
+ - heat.db.offline_sync
+ - heat.upgrade.service_running
diff --git a/heat/upgrade/verify/api.sls b/heat/upgrade/verify/api.sls
new file mode 100644
index 0000000..92a18cd
--- /dev/null
+++ b/heat/upgrade/verify/api.sls
@@ -0,0 +1,15 @@
+{%- from "keystone/map.jinja" import client as kclient with context %}
+
+heat_upgrade_verify_api:
+ test.show_notification:
+ - name: "dump_message_verify_api"
+ - text: "Running heat.upgrade.verify.api"
+
+{%- if kclient.enabled and kclient.get('os_client_config', {}).get('enabled', False) %}
+
+heatv1_stack_list:
+ module.run:
+ - name: heatv1.stack_list
+ - kwargs:
+ cloud_name: admin_identity
+{%- endif %}