X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;f=puppet%2Fservices%2Fhaproxy.yaml;h=619cf131ca20792ea7b0379a5c32f47ad831cfec;hb=7ec9860c77148130c78db65ba0897755355d2f8c;hp=358698dd17b602a39c885982af35915c391dd537;hpb=18d34793852603125a520a84959d87314a915184;p=apex-tripleo-heat-templates.git diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml index 358698dd..619cf131 100644 --- a/puppet/services/haproxy.yaml +++ b/puppet/services/haproxy.yaml @@ -1,4 +1,4 @@ -heat_template_version: ocata +heat_template_version: pike description: > HAproxy service configured with Puppet @@ -13,6 +13,14 @@ parameters: DefaultPasswords: default: {} type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -37,6 +45,16 @@ parameters: MonitoringSubscriptionHaproxy: default: 'overcloud-haproxy' type: string + InternalTLSCAFile: + default: '/etc/ipa/ca.crt' + type: string + description: Specifies the default CA cert to use if TLS is used for + services in the internal network. + InternalTLSCRLPEMFile: + default: '/etc/pki/CA/crl/overcloud-crl.pem' + type: string + description: Specifies the default CRL PEM file to use for revocation if + TLS is used for services in the internal network. resources: @@ -46,6 +64,8 @@ resources: ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} HAProxyInternalTLS: type: OS::TripleO::Services::HAProxyInternalTLS @@ -53,6 +73,8 @@ resources: ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} outputs: role_data: @@ -71,6 +93,8 @@ outputs: tripleo::haproxy::haproxy_stats_user: {get_param: HAProxyStatsUser} tripleo::haproxy::haproxy_stats_password: {get_param: HAProxyStatsPassword} tripleo::haproxy::redis_password: {get_param: RedisPassword} + tripleo::haproxy::ca_bundle: {get_param: InternalTLSCAFile} + tripleo::haproxy::crl_file: {get_param: InternalTLSCRLPEMFile} tripleo::profile::base::haproxy::certificates_specs: map_merge: - get_attr: [HAProxyPublicTLS, role_data, certificates_specs] @@ -78,18 +102,24 @@ outputs: step_config: | include ::tripleo::profile::base::haproxy upgrade_tasks: + - name: Check if haproxy is deployed + command: systemctl is-enabled haproxy + tags: common + ignore_errors: True + register: haproxy_enabled - name: "PreUpgrade step0,validation: Check service haproxy is running" shell: /usr/bin/systemctl show 'haproxy' --property ActiveState | grep '\bactive\b' + when: haproxy_enabled.rc == 0 tags: step0,validation - name: Stop haproxy service - tags: step1 + tags: step2 + when: haproxy_enabled.rc == 0 service: name=haproxy state=stopped - name: Start haproxy service tags: step4 # Needed at step 4 for mysql + when: haproxy_enabled.rc == 0 service: name=haproxy state=started metadata_settings: - yaql: - expression: '[].concat(coalesce($.data.internal, []), coalesce($.data.public, []))' - data: - public: {get_attr: [HAProxyPublicTLS, role_data, metadata_settings]} - internal: {get_attr: [HAProxyInternalTLS, role_data, metadata_settings]} + list_concat: + - {get_attr: [HAProxyPublicTLS, role_data, metadata_settings]} + - {get_attr: [HAProxyInternalTLS, role_data, metadata_settings]}