diff --git a/devstack/files/apache-ironic-api-redirect.template b/devstack/files/apache-ironic-api-redirect.template new file mode 100644 index 0000000000..a4dfcbbac5 --- /dev/null +++ b/devstack/files/apache-ironic-api-redirect.template @@ -0,0 +1,21 @@ +# Licensed under the Apache License, Version 1.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# This is an example Apache2 configuration file for using the +# Ironic API through mod_wsgi. This version assumes you are +# running devstack to configure the software. + +Listen %IRONIC_SERVICE_PORT% + + + Redirect 307 / %IRONIC_SERVICE_PROTOCOL%://%IRONIC_SERVICE_HOST%:%IRONIC_SERVICE_PORT%/ + diff --git a/devstack/lib/ironic b/devstack/lib/ironic index 737934de8f..17b6d7cf60 100644 --- a/devstack/lib/ironic +++ b/devstack/lib/ironic @@ -1705,6 +1705,10 @@ function configure_iptables { # To use named /baremetal endpoint we should open default apache port if [[ "$IRONIC_USE_MOD_WSGI" == "False" ]]; then sudo iptables -I INPUT -d $HOST_IP -p tcp --dport $IRONIC_SERVICE_PORT -j ACCEPT || true + # open ironic API on baremetal network + sudo iptables -I INPUT -d $IRONIC_HTTP_SERVER -p tcp --dport $IRONIC_SERVICE_PORT -j ACCEPT || true + # allow IPA to connect to ironic API on subnode + sudo iptables -I FORWARD -p tcp --dport $IRONIC_SERVICE_PORT -j ACCEPT || true else sudo iptables -I INPUT -d $HOST_IP -p tcp --dport 80 -j ACCEPT || true fi diff --git a/devstack/upgrade/upgrade.sh b/devstack/upgrade/upgrade.sh index a40f645982..156f3e5703 100755 --- a/devstack/upgrade/upgrade.sh +++ b/devstack/upgrade/upgrade.sh @@ -71,9 +71,35 @@ stack_install_service ironic # calls upgrade-ironic for specific release upgrade_project ironic $RUN_DIR $BASE_DEVSTACK_BRANCH $TARGET_DEVSTACK_BRANCH - $IRONIC_BIN_DIR/ironic-dbsync --config-file=$IRONIC_CONF_FILE +iniset $IRONIC_CONF_FILE DEFAULT pin_release_version ${BASE_DEVSTACK_BRANCH#*/} + +ensure_started='ironic-conductor nova-compute ' +ensure_stopped='' +# Don't succeed unless the services come up +logs_exist="ir-cond" +# Multinode grenade is designed to upgrade services only on primary node. And there is no way to manipulate +# subnode during grenade phases. With this after upgrade we can have upgraded (new) services on primary +# node and not upgraded (old) services on subnode. +# According to Ironic upgrade procedure, we shouldn't have upgraded (new) ironic-api and not upgraded (old) +# ironic-conductor. By setting redirect of API requests from primary node to subnode during upgrade +# allow to satisfy ironic upgrade requirements. +if [[ "$HOST_TOPOLOGY_ROLE" == 'primary' ]]; then + disable_service ir-api + ensure_stopped+='ironic-api' + ironic_apache_conf=$(apache_site_config_for ironic-api-redirect) + sudo cp $IRONIC_DEVSTACK_FILES_DIR/apache-ironic-api-redirect.template $ironic_apache_conf + sudo sed -e " + s|%IRONIC_SERVICE_PORT%|$IRONIC_SERVICE_PORT|g; + s|%IRONIC_SERVICE_PROTOCOL%|$IRONIC_SERVICE_PROTOCOL|g; + s|%IRONIC_SERVICE_HOST%|$IRONIC_PROVISION_SUBNET_SUBNODE_IP|g; + " -i $ironic_apache_conf + enable_apache_site ironic-api-redirect +else + ensure_started+='ironic-api ' +fi + start_ironic # NOTE(vsaienko) installing ironic service triggers apache restart, that @@ -82,14 +108,11 @@ stop_nova_compute || true wait_for_keystone start_nova_compute -# Don't succeed unless the services come up -logs_exist="ir-cond" - -if [[ "$IRONIC_USE_MOD_WSGI" != "True" ]]; then - logs_exist+=" ir-api" +if [[ -n "$ensure_stopped" ]]; then + ensure_services_stopped $ensure_stopped fi -ensure_services_started ironic-api ironic-conductor +ensure_services_started $ensure_started ensure_logs_exist $logs_exist # We need these steps only in case of flat-network