 04737f5dbd
			
		
	
	04737f5dbd
	
	
	
		
			
			This patch implements upgrading keystone with zero downtime as the default installation process. Handlers have been modified to ensure that the first keystone node is stopped, facilitates the database migrations, and that it is started and available before restarting any other keystone nodes. Migrations also now only occur when there is a change within the installed keystone venv. This process is documented at http://docs.openstack.org/developer/keystone/upgrading.html#upgrading-without-downtime A new test scenario has been added for testing basic upgradability between releases. Implements: blueprint upgrade-testing Change-Id: I0d3cfcb80b64d005d60f4c8445f991855f844796
		
			
				
	
	
		
			56 lines
		
	
	
		
			2.0 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
			
		
		
	
	
			56 lines
		
	
	
		
			2.0 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
| ---
 | |
| # Copyright 2015, Rackspace US, Inc.
 | |
| #
 | |
| # Licensed under the Apache License, Version 2.0 (the "License");
 | |
| # you may not use this file except in compliance with the License.
 | |
| # You may obtain a copy of the License at
 | |
| #
 | |
| #     http://www.apache.org/licenses/LICENSE-2.0
 | |
| #
 | |
| # Unless required by applicable law or agreed to in writing, software
 | |
| # distributed under the License is distributed on an "AS IS" BASIS,
 | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 | |
| # See the License for the specific language governing permissions and
 | |
| # limitations under the License.
 | |
| 
 | |
| 
 | |
| - name: Create Keystone LDAP domains
 | |
|   keystone:
 | |
|     command: ensure_domain
 | |
|     domain_name: "{{ item.key }}"
 | |
|     login_user: "{{ keystone_admin_user_name }}"
 | |
|     login_password: "{{ keystone_auth_admin_password }}"
 | |
|     login_project_name: "{{ keystone_admin_tenant_name }}"
 | |
|     endpoint: "{{ keystone_service_adminurl }}"
 | |
|     insecure: "{{ keystone_service_adminuri_insecure }}"
 | |
|   with_dict: "{{ keystone_ldap }}"
 | |
|   run_once: true
 | |
| 
 | |
| - name: Create Keystone LDAP domain configs
 | |
|   template:
 | |
|     src: keystone.domain.conf.j2
 | |
|     dest: "{{ keystone_ldap_domain_config_dir }}/keystone.{{ item.key }}.conf"
 | |
|     owner: "{{ keystone_system_user_name }}"
 | |
|     group: "{{ keystone_system_group_name }}"
 | |
|     mode: "0644"
 | |
|   with_dict: "{{ keystone_ldap }}"
 | |
|   notify:
 | |
|     - Restart Keystone APIs on first node
 | |
|     - Restart Keystone APIs on other nodes
 | |
|     - Restart service on first node
 | |
|     - Restart service on other nodes
 | |
| 
 | |
| # Bug 1547542 - Older versions of the keystone role would deploy a blank
 | |
| # keystone.Default.conf and this will cause errors when adding LDAP-backed
 | |
| # domains.
 | |
| - name: Remove Keystone Default domain configuration file if not needed
 | |
|   file:
 | |
|     path: "{{ keystone_ldap_domain_config_dir }}/keystone.Default.conf"
 | |
|     state: absent
 | |
|   when: keystone_ldap.Default is not defined
 | |
|   notify:
 | |
|     - Restart Keystone APIs on first node
 | |
|     - Restart Keystone APIs on other nodes
 | |
|     - Restart service on first node
 | |
|     - Restart service on other nodes
 |