Merge "Setting listen_default_ports to False"
diff --git a/aodh/server/cluster.yml b/aodh/server/cluster.yml
index f9b8682..c458c2c 100644
--- a/aodh/server/cluster.yml
+++ b/aodh/server/cluster.yml
@@ -1,5 +1,6 @@
classes:
- service.aodh.server.cluster
+- system.aodh.upgrade
- system.salt.minion.cert.mysql.clients.openstack.aodh
- service.haproxy.proxy.single
- system.haproxy.proxy.listen.openstack.aodh
diff --git a/aodh/server/single.yml b/aodh/server/single.yml
index c231be6..3f2ea75 100644
--- a/aodh/server/single.yml
+++ b/aodh/server/single.yml
@@ -1,5 +1,6 @@
classes:
- service.aodh.server.single
+- system.aodh.upgrade
- system.salt.minion.cert.mysql.clients.openstack.aodh
- system.salt.minion.cert.rabbitmq.clients.openstack.aodh
parameters:
diff --git a/aodh/upgrade/init.yml b/aodh/upgrade/init.yml
new file mode 100644
index 0000000..fe99afa
--- /dev/null
+++ b/aodh/upgrade/init.yml
@@ -0,0 +1,6 @@
+parameters:
+ aodh:
+ upgrade:
+ enabled: ${_param:aodh_upgrade_enabled}
+ old_release: ${_param:aodh_old_version}
+ new_release: ${_param:aodh_version}
\ No newline at end of file
diff --git a/barbican/client/init.yml b/barbican/client/init.yml
new file mode 100644
index 0000000..716242d
--- /dev/null
+++ b/barbican/client/init.yml
@@ -0,0 +1,4 @@
+parameters:
+ barbican:
+ client:
+ enabled: True
\ No newline at end of file
diff --git a/barbican/client/v1/init.yml b/barbican/client/v1/init.yml
new file mode 100644
index 0000000..c582343
--- /dev/null
+++ b/barbican/client/v1/init.yml
@@ -0,0 +1,5 @@
+barbican:
+ client:
+ resources:
+ v1:
+ enabled: true
\ No newline at end of file
diff --git a/barbican/client/v1/octavia.yml b/barbican/client/v1/octavia.yml
new file mode 100644
index 0000000..931bef0
--- /dev/null
+++ b/barbican/client/v1/octavia.yml
@@ -0,0 +1,26 @@
+classes:
+- system.barbican.client
+- system.barbican.client.v1
+- system.keystone.client.os_client_config.octavia_identity
+
+parameters:
+ _param:
+ octavia_image_cert_file: '/etc/octavia/certs/image.crt'
+
+ barbican:
+ client:
+ resources:
+ v1:
+ cloud_name: octavia_identity
+ secrets:
+ OctaviaAmphoraSecret:
+ type: certificate
+ algorithm: RSA
+ payload_content_type: application/octet-stream
+ payload_content_encoding: base64
+ payload_path: ${_param:octavia_image_cert_file}
+ encodeb64_payload: true
+ acl:
+ OctaviaAmphoraSecret:
+ octavia:
+ enabled: True
diff --git a/barbican/client/v1/signed_images/octavia.yml b/barbican/client/v1/signed_images/octavia.yml
new file mode 100644
index 0000000..c348674
--- /dev/null
+++ b/barbican/client/v1/signed_images/octavia.yml
@@ -0,0 +1,17 @@
+parameters:
+ _param:
+ octavia_image_cert_key: '/etc/octavia/certs/image.key'
+ amphora_image_name: "amphora-x64-haproxy"
+
+
+ barbican:
+ client:
+ signed_images:
+ v1:
+ enabled: true
+ images:
+ OctaviaAmphora:
+ secret_name: 'OctaviaAmphoraSecret'
+ cert_key: ${_param:octavia_image_cert_key}
+ name: ${_param:amphora_image_name}
+ cloud_name: octavia_identity
\ No newline at end of file
diff --git a/barbican/server/single.yml b/barbican/server/single.yml
index 4e8ef26..c1ef15e 100644
--- a/barbican/server/single.yml
+++ b/barbican/server/single.yml
@@ -1,5 +1,6 @@
classes:
- service.barbican.server.single
+- system.barbican.upgrade
- system.salt.minion.cert.mysql.clients.openstack.barbican
- system.salt.minion.cert.rabbitmq.clients.openstack.barbican
parameters:
diff --git a/barbican/upgrade/init.yml b/barbican/upgrade/init.yml
new file mode 100644
index 0000000..39276e5
--- /dev/null
+++ b/barbican/upgrade/init.yml
@@ -0,0 +1,6 @@
+parameters:
+ barbican:
+ upgrade:
+ enabled: ${_param:barbican_upgrade_enabled}
+ old_release: ${_param:barbican_old_version}
+ new_release: ${_param:barbican_version}
\ No newline at end of file
diff --git a/ceilometer/agent/cluster.yml b/ceilometer/agent/cluster.yml
index 681e990..6bb4e71 100644
--- a/ceilometer/agent/cluster.yml
+++ b/ceilometer/agent/cluster.yml
@@ -1,5 +1,6 @@
classes:
- service.ceilometer.agent.cluster
+- system.ceilometer.upgrade
- system.salt.minion.cert.rabbitmq.clients.openstack.ceilometer
parameters:
ceilometer:
diff --git a/ceilometer/agent/single.yml b/ceilometer/agent/single.yml
index ada8cd5..037bb4e 100644
--- a/ceilometer/agent/single.yml
+++ b/ceilometer/agent/single.yml
@@ -1,5 +1,6 @@
classes:
- service.ceilometer.agent.single
+- system.ceilometer.upgrade
- system.salt.minion.cert.rabbitmq.clients.openstack.ceilometer
parameters:
ceilometer:
diff --git a/ceilometer/agent/telemetry/cluster.yml b/ceilometer/agent/telemetry/cluster.yml
index 73f6d5a..26f9a68 100644
--- a/ceilometer/agent/telemetry/cluster.yml
+++ b/ceilometer/agent/telemetry/cluster.yml
@@ -1,5 +1,6 @@
classes:
- service.ceilometer.agent.cluster.common
+- system.ceilometer.upgrade
- system.salt.minion.cert.rabbitmq.clients.openstack.ceilometer
parameters:
ceilometer:
diff --git a/ceilometer/agent/telemetry/single.yml b/ceilometer/agent/telemetry/single.yml
index c86bee4..36f2f08 100644
--- a/ceilometer/agent/telemetry/single.yml
+++ b/ceilometer/agent/telemetry/single.yml
@@ -1,5 +1,6 @@
classes:
- service.ceilometer.agent.single.common
+- system.ceilometer.upgrade
- system.salt.minion.cert.rabbitmq.clients.openstack.ceilometer
parameters:
ceilometer:
diff --git a/ceilometer/client/init.yml b/ceilometer/client/init.yml
index 5a0aaa0..ff75932 100644
--- a/ceilometer/client/init.yml
+++ b/ceilometer/client/init.yml
@@ -3,4 +3,5 @@
- system.ceilometer.client.keystone
- system.ceilometer.client.glance
- system.ceilometer.client.heat
-- system.ceilometer.client.nova_control
\ No newline at end of file
+- system.ceilometer.client.nova_control
+- system.ceilometer.upgrade
\ No newline at end of file
diff --git a/ceilometer/server/cluster.yml b/ceilometer/server/cluster.yml
index 5e3c9a2..0704a2b 100644
--- a/ceilometer/server/cluster.yml
+++ b/ceilometer/server/cluster.yml
@@ -1,6 +1,7 @@
# This class is deprecated since Openstack Pike
classes:
- service.ceilometer.server.cluster
+- system.ceilometer.upgrade
- service.haproxy.proxy.single
- system.haproxy.proxy.listen.openstack.ceilometer
- system.keepalived.cluster.instance.openstack_telemetry_vip
diff --git a/ceilometer/server/single.yml b/ceilometer/server/single.yml
index 9045f68..eeadcc0 100644
--- a/ceilometer/server/single.yml
+++ b/ceilometer/server/single.yml
@@ -1,5 +1,6 @@
classes:
- service.ceilometer.server.single
+- system.ceilometer.upgrade
- system.salt.minion.cert.rabbitmq.clients.openstack.ceilometer
parameters:
ceilometer:
diff --git a/ceilometer/server/telemetry/cluster.yml b/ceilometer/server/telemetry/cluster.yml
index 81f6c38..c7d2686 100644
--- a/ceilometer/server/telemetry/cluster.yml
+++ b/ceilometer/server/telemetry/cluster.yml
@@ -1,6 +1,7 @@
# This class intended to be used since Openstack Pike release
classes:
- service.ceilometer.server.cluster.common
+- system.ceilometer.upgrade
- system.keepalived.cluster.instance.openstack_telemetry_vip
- system.salt.minion.cert.rabbitmq.clients.openstack.ceilometer
parameters:
diff --git a/ceilometer/server/telemetry/single.yml b/ceilometer/server/telemetry/single.yml
index 66b9431..1724277 100644
--- a/ceilometer/server/telemetry/single.yml
+++ b/ceilometer/server/telemetry/single.yml
@@ -1,5 +1,6 @@
classes:
- service.ceilometer.server.single.common
+- system.ceilometer.upgrade
- system.salt.minion.cert.rabbitmq.clients.openstack.ceilometer
parameters:
ceilometer:
diff --git a/ceilometer/upgrade/init.yml b/ceilometer/upgrade/init.yml
new file mode 100644
index 0000000..c4cb18e
--- /dev/null
+++ b/ceilometer/upgrade/init.yml
@@ -0,0 +1,6 @@
+parameters:
+ ceilometer:
+ upgrade:
+ enabled: ${_param:ceilometer_upgrade_enabled}
+ old_release: ${_param:ceilometer_old_version}
+ new_release: ${_param:ceilometer_version}
\ No newline at end of file
diff --git a/ceph/rgw/cluster.yml b/ceph/rgw/cluster.yml
index 31aae9a..82c9041 100644
--- a/ceph/rgw/cluster.yml
+++ b/ceph/rgw/cluster.yml
@@ -1,5 +1,5 @@
classes:
- system.haproxy.proxy.single
- system.haproxy.proxy.listen.radosgw
-- service.keepalived.cluster.single
+- system.keepalived.cluster.instance.ceph_rgw_vip
- service.ceph.radosgw.cluster
diff --git a/cinder/control/cluster.yml b/cinder/control/cluster.yml
index 8528bc6..7f8e2d7 100644
--- a/cinder/control/cluster.yml
+++ b/cinder/control/cluster.yml
@@ -1,5 +1,6 @@
classes:
- service.cinder.control.cluster_control
+- system.cinder.upgrade
- service.haproxy.proxy.single
- service.keepalived.cluster.single
- system.haproxy.proxy.listen.openstack.cinder
diff --git a/cinder/control/single.yml b/cinder/control/single.yml
index 890a5ea..b8f670d 100644
--- a/cinder/control/single.yml
+++ b/cinder/control/single.yml
@@ -1,5 +1,6 @@
classes:
- service.cinder.control.single
+- system.cinder.upgrade
- system.salt.minion.cert.mysql.clients.openstack.cinder
- system.salt.minion.cert.rabbitmq.clients.openstack.cinder
parameters:
diff --git a/cinder/upgrade/init.yml b/cinder/upgrade/init.yml
new file mode 100644
index 0000000..1a3cbcc
--- /dev/null
+++ b/cinder/upgrade/init.yml
@@ -0,0 +1,6 @@
+parameters:
+ cinder:
+ upgrade:
+ enabled: ${_param:cinder_upgrade_enabled}
+ old_release: ${_param:cinder_old_version}
+ new_release: ${_param:cinder_version}
\ No newline at end of file
diff --git a/cinder/volume/local.yml b/cinder/volume/local.yml
index a71c1df..301946b 100644
--- a/cinder/volume/local.yml
+++ b/cinder/volume/local.yml
@@ -1,5 +1,6 @@
classes:
- service.cinder.volume.local
+- system.cinder.upgrade
- system.salt.minion.cert.mysql.clients.openstack.cinder
- system.salt.minion.cert.rabbitmq.clients.openstack.cinder
parameters:
diff --git a/cinder/volume/single.yml b/cinder/volume/single.yml
index ea29a32..9531aa4 100644
--- a/cinder/volume/single.yml
+++ b/cinder/volume/single.yml
@@ -1,5 +1,6 @@
classes:
- service.cinder.volume.single
+- system.cinder.upgrade
- system.salt.minion.cert.mysql.clients.openstack.cinder
- system.salt.minion.cert.rabbitmq.clients.openstack.cinder
parameters:
diff --git a/defaults/keepalived/init.yml b/defaults/keepalived/init.yml
index 6d457e5..65c2c46 100644
--- a/defaults/keepalived/init.yml
+++ b/defaults/keepalived/init.yml
@@ -1,4 +1,4 @@
parameters:
_param:
keepalived_openstack_web_vrrp_script_check_pidof_args: "nginx"
- keepalived_galera_vrrp_script_check_pidof_args: "/usr/sbin/haproxy"
+ keepalived_vrrp_script_check_pidof_args: "/usr/sbin/haproxy"
diff --git a/defaults/openstack/init.yml b/defaults/openstack/init.yml
index 2f6d807..b1f814c 100644
--- a/defaults/openstack/init.yml
+++ b/defaults/openstack/init.yml
@@ -19,35 +19,82 @@
openstack_memcache_security_strategy: 'ENCRYPT'
openstack_memcached_proto_tcp_enabled: True
openstack_memcached_proto_udp_enabled: False
+ openstack_old_version: ocata
+ openstack_version: ocata
+ openstack_upgrade_enabled: False
# Cinder
cinder_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
cinder_memcache_secret_key: ''
+ cinder_old_version: ${_param:openstack_old_version}
+ cinder_version: ${_param:openstack_version}
+ cinder_upgrade_enabled: ${_param:openstack_upgrade_enabled}
# Nova
nova_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
nova_memcache_secret_key: ''
+ nova_old_version: ${_param:openstack_old_version}
+ nova_version: ${_param:openstack_version}
+ nova_upgrade_enabled: ${_param:openstack_upgrade_enabled}
# Glance
glance_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
glance_memcache_secret_key: ''
+ glance_old_version: ${_param:openstack_old_version}
+ glance_version: ${_param:openstack_version}
+ glance_upgrade_enabled: ${_param:openstack_upgrade_enabled}
# Allow CORS from horizon, needed for direct upload
glance_cors_allowed_origin: '${_param:horizon_public_protocol}://${_param:horizon_public_host}'
# Heat
heat_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
heat_memcache_secret_key: ''
+ heat_old_version: ${_param:openstack_old_version}
+ heat_version: ${_param:openstack_version}
+ heat_upgrade_enabled: ${_param:openstack_upgrade_enabled}
# Aodh
aodh_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
aodh_memcache_secret_key: ''
+ aodh_old_version: ${_param:openstack_old_version}
+ aodh_version: ${_param:openstack_version}
+ aodh_upgrade_enabled: ${_param:openstack_upgrade_enabled}
+ # Ceilometer
+ ceilometer_old_version: ${_param:openstack_old_version}
+ ceilometer_version: ${_param:openstack_version}
+ ceilometer_upgrade_enabled: ${_param:openstack_upgrade_enabled}
# Gnocchi
gnocchi_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
gnocchi_memcache_secret_key: ''
+ gnocchi_old_version: 4.0
+ gnocchi_version: 4.0
+ gnocchi_upgrade_enabled: ${_param:openstack_upgrade_enabled}
# Panko
panko_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
panko_memcache_secret_key: ''
+ panko_old_version: ${_param:openstack_old_version}
+ panko_version: ${_param:openstack_version}
+ panko_upgrade_enabled: ${_param:openstack_upgrade_enabled}
# Barbican
barbican_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
barbican_memcache_secret_key: ''
+ barbican_old_version: ${_param:openstack_old_version}
+ barbican_version: ${_param:openstack_version}
+ barbican_upgrade_enabled: ${_param:openstack_upgrade_enabled}
+ # Designate
+ designate_old_version: ${_param:openstack_old_version}
+ designate_version: ${_param:openstack_version}
+ designate_upgrade_enabled: ${_param:openstack_upgrade_enabled}
# Ironic
ironic_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
ironic_memcache_secret_key: ''
+ # Keystone
+ keystone_old_version: ${_param:openstack_old_version}
+ keystone_version: ${_param:openstack_version}
+ keystone_upgrade_enabled: ${_param:openstack_upgrade_enabled}
+ # Manila
+ manila_old_version: ${_param:openstack_old_version}
+ manila_version: ${_param:openstack_version}
+ manila_upgrade_enabled: ${_param:openstack_upgrade_enabled}
+ # Neutron
+ neutron_old_version: ${_param:openstack_old_version}
+ neutron_version: ${_param:openstack_version}
+ neutron_upgrade_enabled: ${_param:openstack_upgrade_enabled}
# Apache mods defaults
apache_mods_status_enabled: True
apache_mods_status_status: 'disabled'
@@ -60,6 +107,9 @@
horizon_public_port: 443
horizon_public_protocol: https
horizon_server_bind_address: ${_param:single_address}
+ horizon_old_version: ${_param:openstack_old_version}
+ horizon_version: ${_param:openstack_version}
+ horizon_upgrade_enabled: ${_param:openstack_upgrade_enabled}
# HAproxy
haproxy_openstack_web_bind_port: ${_param:horizon_public_port}
#
diff --git a/designate/server/cluster/default.yml b/designate/server/cluster/default.yml
index ea53cb6..a7d6bb2 100644
--- a/designate/server/cluster/default.yml
+++ b/designate/server/cluster/default.yml
@@ -3,6 +3,7 @@
- service.haproxy.proxy.single
- system.haproxy.proxy.listen.openstack.designate
- service.designate.server.cluster
+- system.designate.upgrade
- system.salt.minion.cert.mysql.clients.openstack.designate
- system.salt.minion.cert.rabbitmq.clients.openstack.designate
parameters:
diff --git a/designate/server/cluster/simple.yml b/designate/server/cluster/simple.yml
index 6ab1013..ecf34c1 100644
--- a/designate/server/cluster/simple.yml
+++ b/designate/server/cluster/simple.yml
@@ -1,5 +1,6 @@
classes:
- service.designate.server.cluster
+- system.designate.upgrade
- system.salt.minion.cert.mysql.clients.openstack.designate
- system.salt.minion.cert.rabbitmq.clients.openstack.designate
parameters:
diff --git a/designate/server/single.yml b/designate/server/single.yml
index 10aac33..f054b0c 100644
--- a/designate/server/single.yml
+++ b/designate/server/single.yml
@@ -1,5 +1,6 @@
classes:
- service.designate.server.single
+- system.designate.upgrade
- system.salt.minion.cert.mysql.clients.openstack.designate
- system.salt.minion.cert.rabbitmq.clients.openstack.designate
parameters:
diff --git a/designate/upgrade/init.yml b/designate/upgrade/init.yml
new file mode 100644
index 0000000..28f6641
--- /dev/null
+++ b/designate/upgrade/init.yml
@@ -0,0 +1,6 @@
+parameters:
+ designate:
+ upgrade:
+ enabled: ${_param:designate_upgrade_enabled}
+ old_release: ${_param:designate_old_version}
+ new_release: ${_param:designate_version}
\ No newline at end of file
diff --git a/glance/client/init.yml b/glance/client/init.yml
index 305f9ba..c1590c7 100644
--- a/glance/client/init.yml
+++ b/glance/client/init.yml
@@ -1,3 +1,5 @@
+classes:
+ - system.glance.upgrade
parameters:
glance:
client:
diff --git a/glance/control/cluster.yml b/glance/control/cluster.yml
index d127aa3..a75f8c5 100644
--- a/glance/control/cluster.yml
+++ b/glance/control/cluster.yml
@@ -1,5 +1,6 @@
classes:
- service.glance.control.cluster
+- system.glance.upgrade
- service.keepalived.cluster.single
- service.haproxy.proxy.single
- system.haproxy.proxy.listen.openstack.glance
diff --git a/glance/control/single.yml b/glance/control/single.yml
index a22da65..694c395 100644
--- a/glance/control/single.yml
+++ b/glance/control/single.yml
@@ -1,5 +1,6 @@
classes:
- service.glance.control.single
+- system.glance.upgrade
- system.salt.minion.cert.mysql.clients.openstack.glance
- system.salt.minion.cert.rabbitmq.clients.openstack.glance
parameters:
diff --git a/glance/upgrade/init.yml b/glance/upgrade/init.yml
new file mode 100644
index 0000000..960ed4b
--- /dev/null
+++ b/glance/upgrade/init.yml
@@ -0,0 +1,6 @@
+parameters:
+ glance:
+ upgrade:
+ enabled: ${_param:glance_upgrade_enabled}
+ old_release: ${_param:glance_old_version}
+ new_release: ${_param:glance_version}
\ No newline at end of file
diff --git a/gnocchi/client/init.yml b/gnocchi/client/init.yml
index 2fcea87..bcef5d1 100644
--- a/gnocchi/client/init.yml
+++ b/gnocchi/client/init.yml
@@ -1,2 +1,3 @@
classes:
- service.gnocchi.client
+- system.gnocchi.upgrade
diff --git a/gnocchi/common/cluster.yml b/gnocchi/common/cluster.yml
index a841b56..b00ffa5 100644
--- a/gnocchi/common/cluster.yml
+++ b/gnocchi/common/cluster.yml
@@ -1,5 +1,6 @@
classes:
- service.gnocchi.common.cluster
+- system.gnocchi.upgrade
- system.salt.minion.cert.mysql.clients.openstack.gnocchi
parameters:
gnocchi:
diff --git a/gnocchi/common/single.yml b/gnocchi/common/single.yml
index b7d9d96..834db2f 100644
--- a/gnocchi/common/single.yml
+++ b/gnocchi/common/single.yml
@@ -1,5 +1,6 @@
classes:
- service.gnocchi.common.single
+- system.gnocchi.upgrade
- system.salt.minion.cert.mysql.clients.openstack.gnocchi
parameters:
gnocchi:
diff --git a/gnocchi/statsd/single.yml b/gnocchi/statsd/single.yml
index 4be519f..34722bb 100644
--- a/gnocchi/statsd/single.yml
+++ b/gnocchi/statsd/single.yml
@@ -1,2 +1,3 @@
classes:
-- service.gnocchi.statsd.single
\ No newline at end of file
+- service.gnocchi.statsd.single
+- system.gnocchi.upgrade
\ No newline at end of file
diff --git a/gnocchi/upgrade/init.yml b/gnocchi/upgrade/init.yml
new file mode 100644
index 0000000..c430188
--- /dev/null
+++ b/gnocchi/upgrade/init.yml
@@ -0,0 +1,6 @@
+parameters:
+ gnocchi:
+ upgrade:
+ enabled: ${_param:gnocchi_upgrade_enabled}
+ old_release: ${_param:gnocchi_old_version}
+ new_release: ${_param:gnocchi_version}
\ No newline at end of file
diff --git a/heat/client/init.yml b/heat/client/init.yml
index cb3ce4f..e0d999e 100644
--- a/heat/client/init.yml
+++ b/heat/client/init.yml
@@ -1,3 +1,5 @@
+classes:
+- system.heat.upgrade
parameters:
_param:
heat_data_revision: master
diff --git a/heat/server/cluster.yml b/heat/server/cluster.yml
index d442d82..1edf790 100644
--- a/heat/server/cluster.yml
+++ b/heat/server/cluster.yml
@@ -1,5 +1,6 @@
classes:
- service.heat.server.cluster
+- system.heat.upgrade
- service.haproxy.proxy.single
- service.keepalived.cluster.single
- system.haproxy.proxy.listen.openstack.heat
diff --git a/heat/server/single.yml b/heat/server/single.yml
index 2cef28a..24db595 100644
--- a/heat/server/single.yml
+++ b/heat/server/single.yml
@@ -1,5 +1,6 @@
classes:
- service.heat.server.single
+- system.heat.upgrade
- system.salt.minion.cert.mysql.clients.openstack.heat
- system.salt.minion.cert.rabbitmq.clients.openstack.heat
parameters:
diff --git a/heat/upgrade/init.yml b/heat/upgrade/init.yml
new file mode 100644
index 0000000..37c6343
--- /dev/null
+++ b/heat/upgrade/init.yml
@@ -0,0 +1,6 @@
+parameters:
+ heat:
+ upgrade:
+ enabled: ${_param:heat_upgrade_enabled}
+ old_release: ${_param:heat_old_version}
+ new_release: ${_param:heat_version}
\ No newline at end of file
diff --git a/horizon/server/cluster.yml b/horizon/server/cluster.yml
index 06a720c..837d9b5 100644
--- a/horizon/server/cluster.yml
+++ b/horizon/server/cluster.yml
@@ -1,6 +1,7 @@
classes:
- service.keepalived.cluster.single
- service.horizon.server.cluster
+- system.horizon.upgrade
- system.horizon.server.iptables
- service.haproxy.proxy.single
- system.apache.server.single
diff --git a/horizon/server/single.yml b/horizon/server/single.yml
index 73fbcc3..79783cc 100644
--- a/horizon/server/single.yml
+++ b/horizon/server/single.yml
@@ -1,5 +1,6 @@
classes:
- service.horizon.server.single
+- system.horizon.upgrade
- system.horizon.server.iptables
- system.apache.server.single
- system.memcached.server.single
diff --git a/horizon/upgrade/init.yml b/horizon/upgrade/init.yml
new file mode 100644
index 0000000..11e17b2
--- /dev/null
+++ b/horizon/upgrade/init.yml
@@ -0,0 +1,6 @@
+parameters:
+ horizon:
+ upgrade:
+ enabled: ${_param:horizon_upgrade_enabled}
+ old_release: ${_param:horizon_old_version}
+ new_release: ${_param:horizon_version}
\ No newline at end of file
diff --git a/keepalived/cluster/instance/ceph_rgw_vip.yml b/keepalived/cluster/instance/ceph_rgw_vip.yml
new file mode 100644
index 0000000..e118ca7
--- /dev/null
+++ b/keepalived/cluster/instance/ceph_rgw_vip.yml
@@ -0,0 +1,9 @@
+classes:
+- service.keepalived.cluster.single
+- system.keepalived.cluster.vrrp_scripts.check_single_process
+parameters:
+ keepalived:
+ cluster:
+ instance:
+ VIP:
+ track_script: check_pidof
\ No newline at end of file
diff --git a/keepalived/cluster/instance/default_keepalived_check.yml b/keepalived/cluster/instance/default_keepalived_check.yml
index e088dd6..9f9afd2 100644
--- a/keepalived/cluster/instance/default_keepalived_check.yml
+++ b/keepalived/cluster/instance/default_keepalived_check.yml
@@ -1,21 +1,18 @@
+# DEPRECATED: for backward compatibility until openstack/control.yml migrate to
+# check_multiple_processes.yml
+#
# This instance is needed for the example case, where on control node the GlusterFS is deployed with keepalived and
# a `remote_agent` from `Stacklight` sends its queries to the control's VIP to gather the GlusterFS data.
# In case of `glusterd` process failure, the VIP should be moved to another node, to prevent `remote_agent` from failing.
# In addition, check for haproxy process too, as on its failure VIP should be also moved to another node.
classes:
-- service.keepalived.support
+- service.keepalived.cluster.single
+- system.keepalived.cluster.vrrp_scripts.check_custom_content
parameters:
_param:
keepalived_vip_vrrp_check_script_content: "pidof glusterd && pidof haproxy"
keepalived:
cluster:
- vrrp_scripts:
- vrrp_check:
- content: ${_param:keepalived_vip_vrrp_check_script_content}
- interval: 10
- rise: 1
- fall: 1
- enabled: true
instance:
VIP:
track_script: vrrp_check
diff --git a/keepalived/cluster/instance/galera_vip.yml b/keepalived/cluster/instance/galera_vip.yml
index 8b0a462..e118ca7 100644
--- a/keepalived/cluster/instance/galera_vip.yml
+++ b/keepalived/cluster/instance/galera_vip.yml
@@ -1,14 +1,9 @@
classes:
- service.keepalived.cluster.single
+- system.keepalived.cluster.vrrp_scripts.check_single_process
parameters:
keepalived:
cluster:
- vrrp_scripts:
- check_pidof:
- args: ${_param:keepalived_galera_vrrp_script_check_pidof_args}
- interval: 10
- rise: 1
- fall: 1
instance:
VIP:
- track_script: check_pidof
+ track_script: check_pidof
\ No newline at end of file
diff --git a/keepalived/cluster/instance/opencontrail_vip.yml b/keepalived/cluster/instance/opencontrail_vip.yml
new file mode 100644
index 0000000..e118ca7
--- /dev/null
+++ b/keepalived/cluster/instance/opencontrail_vip.yml
@@ -0,0 +1,9 @@
+classes:
+- service.keepalived.cluster.single
+- system.keepalived.cluster.vrrp_scripts.check_single_process
+parameters:
+ keepalived:
+ cluster:
+ instance:
+ VIP:
+ track_script: check_pidof
\ No newline at end of file
diff --git a/keepalived/cluster/instance/openstack_controller_vip.yml b/keepalived/cluster/instance/openstack_controller_vip.yml
new file mode 100644
index 0000000..30c839f
--- /dev/null
+++ b/keepalived/cluster/instance/openstack_controller_vip.yml
@@ -0,0 +1,11 @@
+classes:
+- service.keepalived.cluster.single
+- system.keepalived.cluster.vrrp_scripts.check_multiple_processes
+parameters:
+ _param:
+ keepalived_vrrp_script_check_multiple_processes: 'glusterd haproxy'
+ keepalived:
+ cluster:
+ instance:
+ VIP:
+ track_script: multiple_processes
\ No newline at end of file
diff --git a/keepalived/cluster/instance/openstack_proxy_vip.yml b/keepalived/cluster/instance/openstack_proxy_vip.yml
new file mode 100644
index 0000000..9af94ed
--- /dev/null
+++ b/keepalived/cluster/instance/openstack_proxy_vip.yml
@@ -0,0 +1,11 @@
+classes:
+- service.keepalived.cluster.single
+- system.keepalived.cluster.vrrp_scripts.check_multiple_processes
+parameters:
+ _param:
+ keepalived_vrrp_script_check_multiple_processes: 'nginx haproxy'
+ keepalived:
+ cluster:
+ instance:
+ VIP:
+ track_script: multiple_processes
\ No newline at end of file
diff --git a/keepalived/cluster/vrrp_scripts/check_custom_content.yml b/keepalived/cluster/vrrp_scripts/check_custom_content.yml
new file mode 100644
index 0000000..6cc7e80
--- /dev/null
+++ b/keepalived/cluster/vrrp_scripts/check_custom_content.yml
@@ -0,0 +1,9 @@
+parameters:
+ keepalived:
+ cluster:
+ vrrp_scripts:
+ vrrp_check:
+ content: ${_param:keepalived_vip_vrrp_check_script_content}
+ interval: 10
+ rise: 1
+ fall: 1
diff --git a/keepalived/cluster/vrrp_scripts/check_single_process.yml b/keepalived/cluster/vrrp_scripts/check_single_process.yml
new file mode 100644
index 0000000..4b605c3
--- /dev/null
+++ b/keepalived/cluster/vrrp_scripts/check_single_process.yml
@@ -0,0 +1,9 @@
+parameters:
+ keepalived:
+ cluster:
+ vrrp_scripts:
+ check_pidof:
+ args: ${_param:keepalived_vrrp_script_check_pidof_args}
+ interval: 10
+ rise: 1
+ fall: 1
diff --git a/keystone/server/cluster.yml b/keystone/server/cluster.yml
index 02e747d..95884e7 100644
--- a/keystone/server/cluster.yml
+++ b/keystone/server/cluster.yml
@@ -1,5 +1,6 @@
classes:
- service.keystone.server.cluster
+- system.keystone.upgrade
- service.keepalived.cluster.single
- system.haproxy.proxy.listen.openstack.keystone
- system.haproxy.proxy.listen.openstack.keystone.standalone
diff --git a/keystone/server/single.yml b/keystone/server/single.yml
index a57d99a..c792bf5 100644
--- a/keystone/server/single.yml
+++ b/keystone/server/single.yml
@@ -1,5 +1,6 @@
classes:
- service.keystone.server.single
+- system.keystone.upgrade
- system.linux.system.users.keystone
- system.keystone.server.fernet_rotation.single
- system.salt.minion.cert.mysql.clients.openstack.keystone
diff --git a/keystone/upgrade/init.yml b/keystone/upgrade/init.yml
new file mode 100644
index 0000000..cd72c7d
--- /dev/null
+++ b/keystone/upgrade/init.yml
@@ -0,0 +1,6 @@
+parameters:
+ keystone:
+ upgrade:
+ enabled: ${_param:keystone_upgrade_enabled}
+ old_release: ${_param:keystone_old_version}
+ new_release: ${_param:keystone_version}
\ No newline at end of file
diff --git a/manila/client/init.yml b/manila/client/init.yml
index 2fdadfd..268a1d1 100644
--- a/manila/client/init.yml
+++ b/manila/client/init.yml
@@ -2,3 +2,4 @@
- service.manila.client
- system.keystone.client.os_client_config.admin_identity
- system.manila.client.share_type
+- system.manila.upgrade
\ No newline at end of file
diff --git a/manila/common/cluster.yml b/manila/common/cluster.yml
index a821aa3..57ced1d 100644
--- a/manila/common/cluster.yml
+++ b/manila/common/cluster.yml
@@ -1,5 +1,6 @@
classes:
- service.manila.common.cluster
+- system.manila.upgrade
- system.salt.minion.cert.mysql.clients.openstack.manila
- system.salt.minion.cert.rabbitmq.clients.openstack.manila
parameters:
@@ -7,7 +8,7 @@
manila_cluster_vip_address: ${_param:cluster_vip_address}
manila:
common:
- version: ${_param:openstack_version}
+ version: ${_param:manila_version}
message_queue:
engine: rabbitmq
port: ${_param:openstack_rabbitmq_port}
diff --git a/manila/common/single.yml b/manila/common/single.yml
index d91a115..00f42eb 100644
--- a/manila/common/single.yml
+++ b/manila/common/single.yml
@@ -1,11 +1,12 @@
classes:
- service.manila.common.single
+- system.manila.upgrade
- system.salt.minion.cert.mysql.clients.openstack.manila
- system.salt.minion.cert.rabbitmq.clients.openstack.manila
parameters:
manila:
common:
- version: ${_param:openstack_version}
+ version: ${_param:manila_version}
message_queue:
engine: rabbitmq
port: ${_param:openstack_rabbitmq_port}
diff --git a/manila/control/cluster.yml b/manila/control/cluster.yml
index 75b6f76..087748b 100644
--- a/manila/control/cluster.yml
+++ b/manila/control/cluster.yml
@@ -7,11 +7,11 @@
manila:
common:
dhss: false
- version: ${_param:openstack_version}
+ version: ${_param:manila_version}
api:
enabled: true
- version: ${_param:openstack_version}
+ version: ${_param:manila_version}
role: ${_param:openstack_node_role}
scheduler:
enabled: true
- version: ${_param:openstack_version}
+ version: ${_param:manila_version}
diff --git a/manila/control/single.yml b/manila/control/single.yml
index 9d5f9f6..0b804c1 100644
--- a/manila/control/single.yml
+++ b/manila/control/single.yml
@@ -8,11 +8,11 @@
common:
dhss: false
default_share_type: default
- version: ${_param:openstack_version}
+ version: ${_param:manila_version}
api:
role: ${_param:openstack_node_role}
enabled: true
- version: ${_param:openstack_version}
+ version: ${_param:manila_version}
scheduler:
enabled: true
- version: ${_param:openstack_version}
+ version: ${_param:manila_version}
diff --git a/manila/share/init.yml b/manila/share/init.yml
index 346bfcd..6eb4163 100644
--- a/manila/share/init.yml
+++ b/manila/share/init.yml
@@ -4,7 +4,7 @@
manila:
common:
dhss: false
- version: ${_param:openstack_version}
+ version: ${_param:manila_version}
share:
enabled: true
- version: ${_param:openstack_version}
+ version: ${_param:manila_version}
diff --git a/manila/upgrade/init.yml b/manila/upgrade/init.yml
new file mode 100644
index 0000000..43e2021
--- /dev/null
+++ b/manila/upgrade/init.yml
@@ -0,0 +1,6 @@
+parameters:
+ manila:
+ upgrade:
+ enabled: ${_param:manila_upgrade_enabled}
+ old_release: ${_param:manila_old_version}
+ new_release: ${_param:manila_version}
\ No newline at end of file
diff --git a/neutron/compute/cluster.yml b/neutron/compute/cluster.yml
index a9cf9c1..c8a0922 100644
--- a/neutron/compute/cluster.yml
+++ b/neutron/compute/cluster.yml
@@ -1,5 +1,6 @@
classes:
- service.neutron.compute.single
+- system.neutron.upgrade
- system.salt.minion.cert.rabbitmq.clients.openstack.neutron
parameters:
_param:
diff --git a/neutron/control/cluster.yml b/neutron/control/cluster.yml
index 12e09e6..63e4faf 100644
--- a/neutron/control/cluster.yml
+++ b/neutron/control/cluster.yml
@@ -2,6 +2,7 @@
- service.keepalived.cluster.single
- service.haproxy.proxy.single
- service.neutron.control.cluster
+- system.neutron.upgrade
- system.haproxy.proxy.listen.openstack.neutron
- system.salt.minion.cert.mysql.clients.openstack.neutron
- system.salt.minion.cert.rabbitmq.clients.openstack.neutron
diff --git a/neutron/control/single.yml b/neutron/control/single.yml
index 2210f2f..803f12f 100644
--- a/neutron/control/single.yml
+++ b/neutron/control/single.yml
@@ -1,5 +1,6 @@
classes:
- service.neutron.control.single
+- system.neutron.upgrade
- system.salt.minion.cert.mysql.clients.openstack.neutron
- system.salt.minion.cert.rabbitmq.clients.openstack.neutron
parameters:
diff --git a/neutron/gateway/cluster.yml b/neutron/gateway/cluster.yml
index 8f84fa1..6d33684 100644
--- a/neutron/gateway/cluster.yml
+++ b/neutron/gateway/cluster.yml
@@ -1,5 +1,6 @@
classes:
- service.neutron.gateway.single
+- system.neutron.upgrade
- system.salt.minion.cert.rabbitmq.clients.openstack.neutron
parameters:
_param:
diff --git a/neutron/upgrade/init.yml b/neutron/upgrade/init.yml
new file mode 100644
index 0000000..616678d
--- /dev/null
+++ b/neutron/upgrade/init.yml
@@ -0,0 +1,6 @@
+parameters:
+ neutron:
+ upgrade:
+ enabled: ${_param:neutron_upgrade_enabled}
+ old_release: ${_param:neutron_old_version}
+ new_release: ${_param:neutron_version}
\ No newline at end of file
diff --git a/nginx/server/proxy/ceph_radosgw.yml b/nginx/server/proxy/ceph_radosgw.yml
index 2601849..c69ec3a 100644
--- a/nginx/server/proxy/ceph_radosgw.yml
+++ b/nginx/server/proxy/ceph_radosgw.yml
@@ -16,6 +16,8 @@
host: ${_param:nginx_proxy_radosgw_service_host}
port: ${_param:nginx_proxy_radosgw_service_port}
protocol: http
+ # Prevent nginx from caching request body
+ request_buffer: false
host:
name: ${_param:nginx_proxy_radosgw_host}
port: ${_param:nginx_proxy_radosgw_port}
diff --git a/nginx/server/proxy/opencontrail_web.yml b/nginx/server/proxy/opencontrail_web.yml
index 85169b3..5949b85 100644
--- a/nginx/server/proxy/opencontrail_web.yml
+++ b/nginx/server/proxy/opencontrail_web.yml
@@ -11,6 +11,8 @@
host: ${_param:opencontrail_control_address}
port: 8143
protocol: https
+ # Prevent nginx from caching request body
+ request_buffer: false
host:
name: ${_param:cluster_public_host}
port: 8143
diff --git a/nginx/server/proxy/openstack/aodh.yml b/nginx/server/proxy/openstack/aodh.yml
index d15bca5..e01bf44 100644
--- a/nginx/server/proxy/openstack/aodh.yml
+++ b/nginx/server/proxy/openstack/aodh.yml
@@ -17,6 +17,8 @@
host: ${_param:nginx_proxy_openstack_aodh_host}
port: 8042
protocol: ${_param:nginx_proxy_openstack_aodh_protocol}
+ # Prevent nginx from caching request body
+ request_buffer: false
host:
name: ${_param:nginx_proxy_openstack_api_host}
port: 8042
diff --git a/nginx/server/proxy/openstack/barbican.yml b/nginx/server/proxy/openstack/barbican.yml
index 6ac6a14..9776f14 100644
--- a/nginx/server/proxy/openstack/barbican.yml
+++ b/nginx/server/proxy/openstack/barbican.yml
@@ -17,6 +17,8 @@
host: ${_param:nginx_proxy_openstack_barbican_host}
port: 9311
protocol: ${_param:nginx_proxy_openstack_barbican_protocol}
+ # Prevent nginx from caching request body
+ request_buffer: false
host:
name: ${_param:nginx_proxy_openstack_api_host}
port: 9311
diff --git a/nginx/server/proxy/openstack/ceilometer.yml b/nginx/server/proxy/openstack/ceilometer.yml
index 78b1f00..553d5b4 100644
--- a/nginx/server/proxy/openstack/ceilometer.yml
+++ b/nginx/server/proxy/openstack/ceilometer.yml
@@ -17,6 +17,8 @@
host: ${_param:nginx_proxy_openstack_ceilometer_host}
port: 8777
protocol: ${_param:nginx_proxy_openstack_ceilometer_protocol}
+ # Prevent nginx from caching request body
+ request_buffer: false
host:
name: ${_param:nginx_proxy_openstack_api_host}
port: 8777
diff --git a/nginx/server/proxy/openstack/cinder.yml b/nginx/server/proxy/openstack/cinder.yml
index c89fa11..1d06df3 100644
--- a/nginx/server/proxy/openstack/cinder.yml
+++ b/nginx/server/proxy/openstack/cinder.yml
@@ -17,6 +17,8 @@
host: ${_param:nginx_proxy_openstack_cinder_host}
port: 8776
protocol: ${_param:nginx_proxy_openstack_cinder_protocol}
+ # Prevent nginx from caching request body
+ request_buffer: false
host:
name: ${_param:nginx_proxy_openstack_api_host}
port: 8776
diff --git a/nginx/server/proxy/openstack/designate.yml b/nginx/server/proxy/openstack/designate.yml
index ce92ff6..286c9d3 100644
--- a/nginx/server/proxy/openstack/designate.yml
+++ b/nginx/server/proxy/openstack/designate.yml
@@ -16,6 +16,8 @@
host: ${_param:nginx_proxy_openstack_designate_host}
port: 9001
protocol: ${_param:nginx_proxy_openstack_designate_protocol}
+ # Prevent nginx from caching request body
+ request_buffer: false
host:
name: ${_param:nginx_proxy_openstack_api_host}
port: 9001
diff --git a/nginx/server/proxy/openstack/glance_registry.yml b/nginx/server/proxy/openstack/glance_registry.yml
index b374e40..1677917 100644
--- a/nginx/server/proxy/openstack/glance_registry.yml
+++ b/nginx/server/proxy/openstack/glance_registry.yml
@@ -18,6 +18,8 @@
host: ${_param:nginx_proxy_openstack_glance_registry_host}
port: 9191
protocol: ${_param:nginx_proxy_openstack_glance_registry_protocol}
+ # Prevent nginx from caching request body
+ request_buffer: false
host:
name: ${_param:nginx_proxy_openstack_api_host}
port: 9191
diff --git a/nginx/server/proxy/openstack/glare.yml b/nginx/server/proxy/openstack/glare.yml
index 898f622..b761138 100644
--- a/nginx/server/proxy/openstack/glare.yml
+++ b/nginx/server/proxy/openstack/glare.yml
@@ -16,6 +16,8 @@
port: 9494
protocol: http
size: 30000m
+ # Prevent nginx from caching request body
+ request_buffer: false
host:
name: ${_param:nginx_proxy_openstack_api_host}
port: 9494
diff --git a/nginx/server/proxy/openstack/gnocchi.yml b/nginx/server/proxy/openstack/gnocchi.yml
index 6169648..125152e 100644
--- a/nginx/server/proxy/openstack/gnocchi.yml
+++ b/nginx/server/proxy/openstack/gnocchi.yml
@@ -17,6 +17,8 @@
host: ${_param:nginx_proxy_openstack_gnocchi_host}
port: 8041
protocol: ${_param:nginx_proxy_openstack_gnocchi_protocol}
+ # Prevent nginx from caching request body
+ request_buffer: false
host:
name: ${_param:nginx_proxy_openstack_api_host}
port: 8041
diff --git a/nginx/server/proxy/openstack/heat.yml b/nginx/server/proxy/openstack/heat.yml
index bfb7745..b16dc96 100644
--- a/nginx/server/proxy/openstack/heat.yml
+++ b/nginx/server/proxy/openstack/heat.yml
@@ -17,6 +17,8 @@
host: ${_param:nginx_proxy_openstack_heat_host}
port: 8004
protocol: ${_param:nginx_proxy_openstack_heat_protocol}
+ # Prevent nginx from caching request body
+ request_buffer: false
host:
name: ${_param:nginx_proxy_openstack_api_host}
port: 8004
diff --git a/nginx/server/proxy/openstack/heat_cfn.yml b/nginx/server/proxy/openstack/heat_cfn.yml
index 99bb2d3..3ac02c1 100644
--- a/nginx/server/proxy/openstack/heat_cfn.yml
+++ b/nginx/server/proxy/openstack/heat_cfn.yml
@@ -16,6 +16,8 @@
host: ${_param:nginx_proxy_openstack_heat_host}
port: 8000
protocol: ${_param:nginx_proxy_openstack_heat_protocol}
+ # Prevent nginx from caching request body
+ request_buffer: false
host:
name: ${_param:nginx_proxy_openstack_api_host}
port: 8000
diff --git a/nginx/server/proxy/openstack/heat_cloudwatch.yml b/nginx/server/proxy/openstack/heat_cloudwatch.yml
index 2c6a30a..3b2dad6 100644
--- a/nginx/server/proxy/openstack/heat_cloudwatch.yml
+++ b/nginx/server/proxy/openstack/heat_cloudwatch.yml
@@ -16,6 +16,8 @@
host: ${_param:nginx_proxy_openstack_heat_host}
port: 8003
protocol: ${_param:nginx_proxy_openstack_heat_protocol}
+ # Prevent nginx from caching request body
+ request_buffer: false
host:
name: ${_param:nginx_proxy_openstack_api_host}
port: 8003
diff --git a/nginx/server/proxy/openstack/horizon.yml b/nginx/server/proxy/openstack/horizon.yml
index 03e3f3c..a44f862 100644
--- a/nginx/server/proxy/openstack/horizon.yml
+++ b/nginx/server/proxy/openstack/horizon.yml
@@ -15,6 +15,8 @@
host: ${_param:nginx_proxy_openstack_horizon_host}
port: 443
protocol: https
+ # Prevent nginx from caching request body
+ request_buffer: false
host:
name: ${_param:nginx_proxy_openstack_api_host}
port: 443
diff --git a/nginx/server/proxy/openstack/ironic.yml b/nginx/server/proxy/openstack/ironic.yml
index 6ccedb3..1d13bf9 100644
--- a/nginx/server/proxy/openstack/ironic.yml
+++ b/nginx/server/proxy/openstack/ironic.yml
@@ -16,6 +16,8 @@
host: ${_param:nginx_proxy_openstack_ironic_host}
port: 6385
protocol: ${_param:nginx_proxy_openstack_ironic_protocol}
+ # Prevent nginx from caching request body
+ request_buffer: false
host:
name: ${_param:nginx_proxy_openstack_api_host}
port: 6385
diff --git a/nginx/server/proxy/openstack/keystone.yml b/nginx/server/proxy/openstack/keystone.yml
index bf6646a..6428eb9 100644
--- a/nginx/server/proxy/openstack/keystone.yml
+++ b/nginx/server/proxy/openstack/keystone.yml
@@ -17,6 +17,8 @@
host: ${_param:nginx_proxy_openstack_keystone_host}
port: 5000
protocol: ${_param:nginx_proxy_openstack_keystone_protocol}
+ # Prevent nginx from caching request body
+ request_buffer: false
host:
name: ${_param:nginx_proxy_openstack_api_host}
port: 5000
diff --git a/nginx/server/proxy/openstack/keystone_private.yml b/nginx/server/proxy/openstack/keystone_private.yml
index bffae74..2f13c6b 100644
--- a/nginx/server/proxy/openstack/keystone_private.yml
+++ b/nginx/server/proxy/openstack/keystone_private.yml
@@ -17,6 +17,8 @@
host: ${_param:nginx_proxy_openstack_keystone_host}
port: 35357
protocol: ${_param:nginx_proxy_openstack_keystone_protocol}
+ # Prevent nginx from caching request body
+ request_buffer: false
host:
name: ${_param:nginx_proxy_openstack_api_host}
port: 35357
diff --git a/nginx/server/proxy/openstack/manila.yml b/nginx/server/proxy/openstack/manila.yml
index 8157dd8..458ffc9 100644
--- a/nginx/server/proxy/openstack/manila.yml
+++ b/nginx/server/proxy/openstack/manila.yml
@@ -16,6 +16,8 @@
host: ${_param:nginx_proxy_openstack_manila_host}
port: 8786
protocol: ${_param:nginx_proxy_openstack_manila_protocol}
+ # Prevent nginx from caching request body
+ request_buffer: false
host:
name: ${_param:nginx_proxy_openstack_api_host}
port: 8786
diff --git a/nginx/server/proxy/openstack/murano.yml b/nginx/server/proxy/openstack/murano.yml
index 06b8c1a..4321c56 100644
--- a/nginx/server/proxy/openstack/murano.yml
+++ b/nginx/server/proxy/openstack/murano.yml
@@ -13,6 +13,8 @@
host: ${_param:nginx_proxy_openstack_api_proxy_host}
port: 8082
protocol: http
+ # Prevent nginx from caching request body
+ request_buffer: false
host:
name: ${_param:nginx_proxy_openstack_api_host}
port: 8082
diff --git a/nginx/server/proxy/openstack/neutron.yml b/nginx/server/proxy/openstack/neutron.yml
index 9ee5796..f7feb4a 100644
--- a/nginx/server/proxy/openstack/neutron.yml
+++ b/nginx/server/proxy/openstack/neutron.yml
@@ -16,6 +16,8 @@
host: ${_param:nginx_proxy_openstack_neutron_host}
port: 9696
protocol: ${_param:nginx_proxy_openstack_neutron_protocol}
+ # Prevent nginx from caching request body
+ request_buffer: false
host:
name: ${_param:nginx_proxy_openstack_api_host}
port: 9696
diff --git a/nginx/server/proxy/openstack/nova.yml b/nginx/server/proxy/openstack/nova.yml
index 456e056..0593639 100644
--- a/nginx/server/proxy/openstack/nova.yml
+++ b/nginx/server/proxy/openstack/nova.yml
@@ -17,6 +17,8 @@
host: ${_param:nginx_proxy_openstack_nova_host}
port: 8774
protocol: ${_param:nginx_proxy_openstack_nova_protocol}
+ # Prevent nginx from caching request body
+ request_buffer: false
host:
name: ${_param:nginx_proxy_openstack_api_host}
port: 8774
diff --git a/nginx/server/proxy/openstack/panko.yml b/nginx/server/proxy/openstack/panko.yml
index 45d389b..83c90e2 100644
--- a/nginx/server/proxy/openstack/panko.yml
+++ b/nginx/server/proxy/openstack/panko.yml
@@ -17,6 +17,8 @@
host: ${_param:nginx_proxy_openstack_panko_host}
port: 8977
protocol: ${_param:nginx_proxy_openstack_panko_protocol}
+ # Prevent nginx from caching request body
+ request_buffer: false
host:
name: ${_param:nginx_proxy_openstack_api_host}
port: 8977
diff --git a/nginx/server/proxy/openstack/placement.yml b/nginx/server/proxy/openstack/placement.yml
index 9e8b08c..a54966e 100644
--- a/nginx/server/proxy/openstack/placement.yml
+++ b/nginx/server/proxy/openstack/placement.yml
@@ -16,6 +16,8 @@
host: ${_param:nginx_proxy_openstack_placement_host}
port: 8778
protocol: ${_param:nginx_proxy_openstack_placement_protocol}
+ # Prevent nginx from caching request body
+ request_buffer: false
host:
name: ${_param:nginx_proxy_openstack_api_host}
port: 8778
diff --git a/nginx/server/proxy/openstack/sahara.yml b/nginx/server/proxy/openstack/sahara.yml
index 17ae236..2aa1b5e 100644
--- a/nginx/server/proxy/openstack/sahara.yml
+++ b/nginx/server/proxy/openstack/sahara.yml
@@ -11,6 +11,8 @@
host: ${_param:nginx_proxy_openstack_api_proxy_host}
port: 8386
protocol: http
+ # Prevent nginx from caching request body
+ request_buffer: false
host:
name: ${_param:nginx_proxy_openstack_api_host}
port: 8386
diff --git a/nginx/server/proxy/openstack_vnc.yml b/nginx/server/proxy/openstack_vnc.yml
index 526f0db..ab71656 100644
--- a/nginx/server/proxy/openstack_vnc.yml
+++ b/nginx/server/proxy/openstack_vnc.yml
@@ -13,6 +13,8 @@
port: 6080
protocol: http
websocket: true
+ # Prevent nginx from caching request body
+ request_buffer: false
host:
name: ${_param:cluster_public_host}
port: 6080
diff --git a/nova/compute/cluster.yml b/nova/compute/cluster.yml
index fdb8bcb..c3f60f8 100644
--- a/nova/compute/cluster.yml
+++ b/nova/compute/cluster.yml
@@ -1,5 +1,6 @@
classes:
- service.nova.compute.kvm
+- system.nova.upgrade
- system.salt.minion.cert.rabbitmq.clients.openstack.nova
parameters:
_param:
diff --git a/nova/compute/single.yml b/nova/compute/single.yml
index f14192c..5d161e2 100644
--- a/nova/compute/single.yml
+++ b/nova/compute/single.yml
@@ -2,6 +2,7 @@
- nova
classes:
- service.nova.compute.kvm
+- system.nova.upgrade
- system.salt.minion.cert.rabbitmq.clients.openstack.nova
parameters:
_param:
diff --git a/nova/compute_ironic/cluster.yml b/nova/compute_ironic/cluster.yml
index deed63a..a357ba8 100644
--- a/nova/compute_ironic/cluster.yml
+++ b/nova/compute_ironic/cluster.yml
@@ -1,5 +1,6 @@
classes:
- service.nova.compute.ironic
+- system.nova.upgrade
parameters:
nova:
compute:
diff --git a/nova/compute_ironic/single.yml b/nova/compute_ironic/single.yml
index cddaa4d..fe5db6c 100644
--- a/nova/compute_ironic/single.yml
+++ b/nova/compute_ironic/single.yml
@@ -1,5 +1,6 @@
classes:
- service.nova.compute.ironic
+- system.nova.upgrade
parameters:
nova:
compute:
diff --git a/nova/control/cluster.yml b/nova/control/cluster.yml
index 08bbf07..6591552 100644
--- a/nova/control/cluster.yml
+++ b/nova/control/cluster.yml
@@ -1,6 +1,7 @@
classes:
- service.haproxy.proxy.single
- service.nova.control.cluster
+- system.nova.upgrade
- service.keepalived.cluster.single
- system.haproxy.proxy.listen.openstack.nova
- system.haproxy.proxy.listen.openstack.novnc
diff --git a/nova/control/single.yml b/nova/control/single.yml
index a97a033..9a0bc00 100644
--- a/nova/control/single.yml
+++ b/nova/control/single.yml
@@ -2,6 +2,7 @@
- system.salt.minion.cert.mysql.clients.openstack.nova
- system.salt.minion.cert.rabbitmq.clients.openstack.nova
- service.nova.control.single
+- system.nova.upgrade
parameters:
linux:
system:
diff --git a/nova/upgrade/init.yml b/nova/upgrade/init.yml
new file mode 100644
index 0000000..4441bb7
--- /dev/null
+++ b/nova/upgrade/init.yml
@@ -0,0 +1,6 @@
+parameters:
+ nova:
+ upgrade:
+ enabled: ${_param:nova_upgrade_enabled}
+ old_release: ${_param:nova_old_version}
+ new_release: ${_param:nova_version}
\ No newline at end of file
diff --git a/opencontrail/control/control.yml b/opencontrail/control/control.yml
index 4719dff..4dd79f3 100644
--- a/opencontrail/control/control.yml
+++ b/opencontrail/control/control.yml
@@ -1,7 +1,7 @@
classes:
-- service.keepalived.cluster.single
- service.opencontrail.control.control
- system.haproxy.proxy.listen.opencontrail.control
+- system.keepalived.cluster.instance.opencontrail_vip
parameters:
_param:
multi_tenancy: true
diff --git a/opencontrail/control/control4_0.yml b/opencontrail/control/control4_0.yml
index 09b1e12..acf5530 100644
--- a/opencontrail/control/control4_0.yml
+++ b/opencontrail/control/control4_0.yml
@@ -1,8 +1,8 @@
classes:
- service.docker.host
-- service.keepalived.cluster.single
- service.opencontrail.control.control
- system.haproxy.proxy.listen.opencontrail.control4_0
+- system.keepalived.cluster.instance.opencontrail_vip
parameters:
_param:
opencontrail_version: 4.0
diff --git a/panko/server/cluster.yml b/panko/server/cluster.yml
index 7c442dd..b6e87bb 100644
--- a/panko/server/cluster.yml
+++ b/panko/server/cluster.yml
@@ -1,5 +1,6 @@
classes:
- service.panko.server.cluster
+- system.panko.upgrade
- service.haproxy.proxy.single
- system.apache.server.site.panko
- system.haproxy.proxy.listen.openstack.panko
diff --git a/panko/server/single.yml b/panko/server/single.yml
index dd08349..ea8f4a1 100644
--- a/panko/server/single.yml
+++ b/panko/server/single.yml
@@ -1,5 +1,6 @@
classes:
- service.panko.server.single
+- system.panko.upgrade
- system.apache.server.site.panko
- system.salt.minion.cert.mysql.clients.openstack.panko
parameters:
diff --git a/panko/upgrade/init.yml b/panko/upgrade/init.yml
new file mode 100644
index 0000000..4777146
--- /dev/null
+++ b/panko/upgrade/init.yml
@@ -0,0 +1,6 @@
+parameters:
+ panko:
+ upgrade:
+ enabled: ${_param:panko_upgrade_enabled}
+ old_release: ${_param:panko_old_version}
+ new_release: ${_param:panko_version}
\ No newline at end of file
diff --git a/salt/minion/cert/octavia/image_sign.yml b/salt/minion/cert/octavia/image_sign.yml
new file mode 100644
index 0000000..2e67a02
--- /dev/null
+++ b/salt/minion/cert/octavia/image_sign.yml
@@ -0,0 +1,17 @@
+classes:
+- system.salt.minion.cert.octavia
+parameters:
+ _param:
+ octavia_image_cert_key: /etc/octavia/certs/image.key
+ octavia_image_cert_file: /etc/octavia/certs/image.crt
+ salt:
+ minion:
+ cert:
+ octavia:
+ host: ${_param:octavia_ca_host}
+ authority: octavia_ca
+ common_name: octavia
+ signing_policy: cert_server
+ key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
+ key_file: ${_param:octavia_image_cert_key}
+ cert_file: ${_param:octavia_image_cert_file}
\ No newline at end of file