openstack
/
puppet-tripleo
Code Issues Proposed changes

Add missing pacemaker cindier CA cert mounts 

This adds the same CA cert mounts which other pacemaker managed
containers like rabbitmq, redis, and haproxy.

With this change, cinder-backup should work correctly when running SSL
enabled.

Change-Id: I199c03ba36a24e6b1caf535ed285047952ac9eb0
Closes-Bug: #1747326
This commit is contained in:
Steve Baker 2018-02-05 14:54:23 +13:00
parent 19289b4e53
commit 82892046f0
2 changed files with 64 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
manifests/profile/pacemaker/cinder/backup_bundle.pp
View File

@ -79,62 +79,82 @@ class tripleo::profile::pacemaker::cinder::backup_bundle (
options => '--ipc=host --privileged=true --user=root --log-driver=journald -e KOLLA_CONFIG_STRATEGY=COPY_ALWAYS',
run_command => '/bin/bash /usr/local/bin/kolla_start',
storage_maps => {
'cinder-backup-cfg-files' => {
'cinder-backup-cfg-files' => {
'source-dir' => '/var/lib/kolla/config_files/cinder_backup.json',
'target-dir' => '/var/lib/kolla/config_files/config.json',
'options' => 'ro',
},
'cinder-backup-cfg-data' => {
'cinder-backup-cfg-data' => {
'source-dir' => '/var/lib/config-data/puppet-generated/cinder/',
'target-dir' => '/var/lib/kolla/config_files/src',
'options' => 'ro',
},
'cinder-backup-hosts' => {
'cinder-backup-hosts' => {
'source-dir' => '/etc/hosts',
'target-dir' => '/etc/hosts',
'options' => 'ro',
},
'cinder-backup-localtime' => {
'cinder-backup-localtime' => {
'source-dir' => '/etc/localtime',
'target-dir' => '/etc/localtime',
'options' => 'ro',
},
'cinder-backup-dev' => {
'cinder-backup-dev' => {
'source-dir' => '/dev',
'target-dir' => '/dev',
'options' => 'rw',
},
'cinder-backup-run' => {
'cinder-backup-run' => {
'source-dir' => '/run',
'target-dir' => '/run',
'options' => 'rw',
},
'cinder-backup-sys' => {
'cinder-backup-sys' => {
'source-dir' => '/sys',
'target-dir' => '/sys',
'options' => 'rw',
},
'cinder-backup-lib-modules' => {
'cinder-backup-lib-modules' => {
'source-dir' => '/lib/modules',
'target-dir' => '/lib/modules',
'options' => 'ro',
},
'cinder-backup-iscsi' => {
'cinder-backup-iscsi' => {
'source-dir' => '/etc/iscsi',
'target-dir' => '/var/lib/kolla/config_files/src-iscsid',
'options' => 'ro',
},
'cinder-backup-var-lib-cinder' => {
'cinder-backup-var-lib-cinder' => {
'source-dir' => '/var/lib/cinder',
'target-dir' => '/var/lib/cinder',
'options' => 'rw',
},
'cinder-backup-var-log' => {
'cinder-backup-pki-extracted' => {
'source-dir' => '/etc/pki/ca-trust/extracted',
'target-dir' => '/etc/pki/ca-trust/extracted',
'options' => 'ro',
},
'cinder-backup-pki-ca-bundle-crt' => {
'source-dir' => '/etc/pki/tls/certs/ca-bundle.crt',
'target-dir' => '/etc/pki/tls/certs/ca-bundle.crt',
'options' => 'ro',
},
'cinder-backup-pki-ca-bundle-trust-crt' => {
'source-dir' => '/etc/pki/tls/certs/ca-bundle.trust.crt',
'target-dir' => '/etc/pki/tls/certs/ca-bundle.trust.crt',
'options' => 'ro',
},
'cinder-backup-pki-cert' => {
'source-dir' => '/etc/pki/tls/cert.pem',
'target-dir' => '/etc/pki/tls/cert.pem',
'options' => 'ro',
},
'cinder-backup-var-log' => {
'source-dir' => '/var/log/containers/cinder',
'target-dir' => '/var/log/cinder',
'options' => 'rw',
},
'cinder-backup-ceph-cfg-dir' => {
'cinder-backup-ceph-cfg-dir' => {
'source-dir' => '/etc/ceph',
'target-dir' => '/var/lib/kolla/config_files/src-ceph',
'options' => 'ro',

44
manifests/profile/pacemaker/cinder/volume_bundle.pp
View File

@ -79,62 +79,82 @@ class tripleo::profile::pacemaker::cinder::volume_bundle (
options => '--ipc=host --privileged=true --user=root --log-driver=journald -e KOLLA_CONFIG_STRATEGY=COPY_ALWAYS',
run_command => '/bin/bash /usr/local/bin/kolla_start',
storage_maps => {
'cinder-volume-cfg-files' => {
'cinder-volume-cfg-files' => {
'source-dir' => '/var/lib/kolla/config_files/cinder_volume.json',
'target-dir' => '/var/lib/kolla/config_files/config.json',
'options' => 'ro',
},
'cinder-volume-cfg-data' => {
'cinder-volume-cfg-data' => {
'source-dir' => '/var/lib/config-data/puppet-generated/cinder/',
'target-dir' => '/var/lib/kolla/config_files/src',
'options' => 'ro',
},
'cinder-volume-hosts' => {
'cinder-volume-hosts' => {
'source-dir' => '/etc/hosts',
'target-dir' => '/etc/hosts',
'options' => 'ro',
},
'cinder-volume-localtime' => {
'cinder-volume-localtime' => {
'source-dir' => '/etc/localtime',
'target-dir' => '/etc/localtime',
'options' => 'ro',
},
'cinder-volume-dev' => {
'cinder-volume-dev' => {
'source-dir' => '/dev',
'target-dir' => '/dev',
'options' => 'rw',
},
'cinder-volume-run' => {
'cinder-volume-run' => {
'source-dir' => '/run',
'target-dir' => '/run',
'options' => 'rw',
},
'cinder-volume-sys' => {
'cinder-volume-sys' => {
'source-dir' => '/sys',
'target-dir' => '/sys',
'options' => 'rw',
},
'cinder-volume-lib-modules' => {
'cinder-volume-lib-modules' => {
'source-dir' => '/lib/modules',
'target-dir' => '/lib/modules',
'options' => 'ro',
},
'cinder-volume-iscsi' => {
'cinder-volume-iscsi' => {
'source-dir' => '/etc/iscsi',
'target-dir' => '/var/lib/kolla/config_files/src-iscsid',
'options' => 'ro',
},
'cinder-volume-var-lib-cinder' => {
'cinder-volume-var-lib-cinder' => {
'source-dir' => '/var/lib/cinder',
'target-dir' => '/var/lib/cinder',
'options' => 'rw',
},
'cinder-volume-var-log' => {
'cinder-volume-pki-extracted' => {
'source-dir' => '/etc/pki/ca-trust/extracted',
'target-dir' => '/etc/pki/ca-trust/extracted',
'options' => 'ro',
},
'cinder-volume-pki-ca-bundle-crt' => {
'source-dir' => '/etc/pki/tls/certs/ca-bundle.crt',
'target-dir' => '/etc/pki/tls/certs/ca-bundle.crt',
'options' => 'ro',
},
'cinder-volume-pki-ca-bundle-trust-crt' => {
'source-dir' => '/etc/pki/tls/certs/ca-bundle.trust.crt',
'target-dir' => '/etc/pki/tls/certs/ca-bundle.trust.crt',
'options' => 'ro',
},
'cinder-volume-pki-cert' => {
'source-dir' => '/etc/pki/tls/cert.pem',
'target-dir' => '/etc/pki/tls/cert.pem',
'options' => 'ro',
},
'cinder-volume-var-log' => {
'source-dir' => '/var/log/containers/cinder',
'target-dir' => '/var/log/cinder',
'options' => 'rw',
},
'cinder-volume-ceph-cfg-dir' => {
'cinder-volume-ceph-cfg-dir' => {
'source-dir' => '/etc/ceph',
'target-dir' => '/var/lib/kolla/config_files/src-ceph/',
'options' => 'ro',