From 82892046f05edcc1f3ad275a6cbe778004f8675a Mon Sep 17 00:00:00 2001 From: Steve Baker Date: Mon, 5 Feb 2018 14:54:23 +1300 Subject: [PATCH] Add missing pacemaker cindier CA cert mounts This adds the same CA cert mounts which other pacemaker managed containers like rabbitmq, redis, and haproxy. With this change, cinder-backup should work correctly when running SSL enabled. Change-Id: I199c03ba36a24e6b1caf535ed285047952ac9eb0 Closes-Bug: #1747326 --- .../profile/pacemaker/cinder/backup_bundle.pp | 44 ++++++++++++++----- .../profile/pacemaker/cinder/volume_bundle.pp | 44 ++++++++++++++----- 2 files changed, 64 insertions(+), 24 deletions(-) diff --git a/manifests/profile/pacemaker/cinder/backup_bundle.pp b/manifests/profile/pacemaker/cinder/backup_bundle.pp index 720f912af..0aa2ee967 100644 --- a/manifests/profile/pacemaker/cinder/backup_bundle.pp +++ b/manifests/profile/pacemaker/cinder/backup_bundle.pp @@ -79,62 +79,82 @@ class tripleo::profile::pacemaker::cinder::backup_bundle ( options => '--ipc=host --privileged=true --user=root --log-driver=journald -e KOLLA_CONFIG_STRATEGY=COPY_ALWAYS', run_command => '/bin/bash /usr/local/bin/kolla_start', storage_maps => { - 'cinder-backup-cfg-files' => { + 'cinder-backup-cfg-files' => { 'source-dir' => '/var/lib/kolla/config_files/cinder_backup.json', 'target-dir' => '/var/lib/kolla/config_files/config.json', 'options' => 'ro', }, - 'cinder-backup-cfg-data' => { + 'cinder-backup-cfg-data' => { 'source-dir' => '/var/lib/config-data/puppet-generated/cinder/', 'target-dir' => '/var/lib/kolla/config_files/src', 'options' => 'ro', }, - 'cinder-backup-hosts' => { + 'cinder-backup-hosts' => { 'source-dir' => '/etc/hosts', 'target-dir' => '/etc/hosts', 'options' => 'ro', }, - 'cinder-backup-localtime' => { + 'cinder-backup-localtime' => { 'source-dir' => '/etc/localtime', 'target-dir' => '/etc/localtime', 'options' => 'ro', }, - 'cinder-backup-dev' => { + 'cinder-backup-dev' => { 'source-dir' => '/dev', 'target-dir' => '/dev', 'options' => 'rw', }, - 'cinder-backup-run' => { + 'cinder-backup-run' => { 'source-dir' => '/run', 'target-dir' => '/run', 'options' => 'rw', }, - 'cinder-backup-sys' => { + 'cinder-backup-sys' => { 'source-dir' => '/sys', 'target-dir' => '/sys', 'options' => 'rw', }, - 'cinder-backup-lib-modules' => { + 'cinder-backup-lib-modules' => { 'source-dir' => '/lib/modules', 'target-dir' => '/lib/modules', 'options' => 'ro', }, - 'cinder-backup-iscsi' => { + 'cinder-backup-iscsi' => { 'source-dir' => '/etc/iscsi', 'target-dir' => '/var/lib/kolla/config_files/src-iscsid', 'options' => 'ro', }, - 'cinder-backup-var-lib-cinder' => { + 'cinder-backup-var-lib-cinder' => { 'source-dir' => '/var/lib/cinder', 'target-dir' => '/var/lib/cinder', 'options' => 'rw', }, - 'cinder-backup-var-log' => { + 'cinder-backup-pki-extracted' => { + 'source-dir' => '/etc/pki/ca-trust/extracted', + 'target-dir' => '/etc/pki/ca-trust/extracted', + 'options' => 'ro', + }, + 'cinder-backup-pki-ca-bundle-crt' => { + 'source-dir' => '/etc/pki/tls/certs/ca-bundle.crt', + 'target-dir' => '/etc/pki/tls/certs/ca-bundle.crt', + 'options' => 'ro', + }, + 'cinder-backup-pki-ca-bundle-trust-crt' => { + 'source-dir' => '/etc/pki/tls/certs/ca-bundle.trust.crt', + 'target-dir' => '/etc/pki/tls/certs/ca-bundle.trust.crt', + 'options' => 'ro', + }, + 'cinder-backup-pki-cert' => { + 'source-dir' => '/etc/pki/tls/cert.pem', + 'target-dir' => '/etc/pki/tls/cert.pem', + 'options' => 'ro', + }, + 'cinder-backup-var-log' => { 'source-dir' => '/var/log/containers/cinder', 'target-dir' => '/var/log/cinder', 'options' => 'rw', }, - 'cinder-backup-ceph-cfg-dir' => { + 'cinder-backup-ceph-cfg-dir' => { 'source-dir' => '/etc/ceph', 'target-dir' => '/var/lib/kolla/config_files/src-ceph', 'options' => 'ro', diff --git a/manifests/profile/pacemaker/cinder/volume_bundle.pp b/manifests/profile/pacemaker/cinder/volume_bundle.pp index 3009d574d..3396db84b 100644 --- a/manifests/profile/pacemaker/cinder/volume_bundle.pp +++ b/manifests/profile/pacemaker/cinder/volume_bundle.pp @@ -79,62 +79,82 @@ class tripleo::profile::pacemaker::cinder::volume_bundle ( options => '--ipc=host --privileged=true --user=root --log-driver=journald -e KOLLA_CONFIG_STRATEGY=COPY_ALWAYS', run_command => '/bin/bash /usr/local/bin/kolla_start', storage_maps => { - 'cinder-volume-cfg-files' => { + 'cinder-volume-cfg-files' => { 'source-dir' => '/var/lib/kolla/config_files/cinder_volume.json', 'target-dir' => '/var/lib/kolla/config_files/config.json', 'options' => 'ro', }, - 'cinder-volume-cfg-data' => { + 'cinder-volume-cfg-data' => { 'source-dir' => '/var/lib/config-data/puppet-generated/cinder/', 'target-dir' => '/var/lib/kolla/config_files/src', 'options' => 'ro', }, - 'cinder-volume-hosts' => { + 'cinder-volume-hosts' => { 'source-dir' => '/etc/hosts', 'target-dir' => '/etc/hosts', 'options' => 'ro', }, - 'cinder-volume-localtime' => { + 'cinder-volume-localtime' => { 'source-dir' => '/etc/localtime', 'target-dir' => '/etc/localtime', 'options' => 'ro', }, - 'cinder-volume-dev' => { + 'cinder-volume-dev' => { 'source-dir' => '/dev', 'target-dir' => '/dev', 'options' => 'rw', }, - 'cinder-volume-run' => { + 'cinder-volume-run' => { 'source-dir' => '/run', 'target-dir' => '/run', 'options' => 'rw', }, - 'cinder-volume-sys' => { + 'cinder-volume-sys' => { 'source-dir' => '/sys', 'target-dir' => '/sys', 'options' => 'rw', }, - 'cinder-volume-lib-modules' => { + 'cinder-volume-lib-modules' => { 'source-dir' => '/lib/modules', 'target-dir' => '/lib/modules', 'options' => 'ro', }, - 'cinder-volume-iscsi' => { + 'cinder-volume-iscsi' => { 'source-dir' => '/etc/iscsi', 'target-dir' => '/var/lib/kolla/config_files/src-iscsid', 'options' => 'ro', }, - 'cinder-volume-var-lib-cinder' => { + 'cinder-volume-var-lib-cinder' => { 'source-dir' => '/var/lib/cinder', 'target-dir' => '/var/lib/cinder', 'options' => 'rw', }, - 'cinder-volume-var-log' => { + 'cinder-volume-pki-extracted' => { + 'source-dir' => '/etc/pki/ca-trust/extracted', + 'target-dir' => '/etc/pki/ca-trust/extracted', + 'options' => 'ro', + }, + 'cinder-volume-pki-ca-bundle-crt' => { + 'source-dir' => '/etc/pki/tls/certs/ca-bundle.crt', + 'target-dir' => '/etc/pki/tls/certs/ca-bundle.crt', + 'options' => 'ro', + }, + 'cinder-volume-pki-ca-bundle-trust-crt' => { + 'source-dir' => '/etc/pki/tls/certs/ca-bundle.trust.crt', + 'target-dir' => '/etc/pki/tls/certs/ca-bundle.trust.crt', + 'options' => 'ro', + }, + 'cinder-volume-pki-cert' => { + 'source-dir' => '/etc/pki/tls/cert.pem', + 'target-dir' => '/etc/pki/tls/cert.pem', + 'options' => 'ro', + }, + 'cinder-volume-var-log' => { 'source-dir' => '/var/log/containers/cinder', 'target-dir' => '/var/log/cinder', 'options' => 'rw', }, - 'cinder-volume-ceph-cfg-dir' => { + 'cinder-volume-ceph-cfg-dir' => { 'source-dir' => '/etc/ceph', 'target-dir' => '/var/lib/kolla/config_files/src-ceph/', 'options' => 'ro',