summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--docker/services/cinder-volume.yaml8
-rw-r--r--docker/services/containers-common.yaml69
-rw-r--r--docker/services/pacemaker/cinder-volume.yaml170
-rw-r--r--environments/services/ironic.yaml1
-rw-r--r--puppet/all-nodes-config.yaml13
5 files changed, 237 insertions, 24 deletions
diff --git a/docker/services/cinder-volume.yaml b/docker/services/cinder-volume.yaml
index 4ee1996c..26eb10e7 100644
--- a/docker/services/cinder-volume.yaml
+++ b/docker/services/cinder-volume.yaml
@@ -130,10 +130,12 @@ outputs:
with_items:
- /var/log/containers/cinder
- /var/lib/cinder
- #FIXME: all of this should be conditional on the CinderEnableIscsiBackend value being set to true
+ - name: cinder_enable_iscsi_backend fact
+ set_fact:
+ cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend}
- name: cinder create LVM volume group dd
command:
- list_join:
+ list_join:
- ''
- - 'dd if=/dev/zero of=/var/lib/cinder/cinder-volumes bs=1 count=0 seek='
- str_replace:
@@ -143,6 +145,7 @@ outputs:
- 'M'
args:
creates: /var/lib/cinder/cinder-volumes
+ when: cinder_enable_iscsi_backend
- name: cinder create LVM volume group
shell: |
if ! losetup /dev/loop2; then
@@ -157,6 +160,7 @@ outputs:
args:
executable: /bin/bash
creates: /dev/loop2
+ when: cinder_enable_iscsi_backend
upgrade_tasks:
- name: Stop and disable cinder_volume service
tags: step2
diff --git a/docker/services/containers-common.yaml b/docker/services/containers-common.yaml
index 973d9994..d104853f 100644
--- a/docker/services/containers-common.yaml
+++ b/docker/services/containers-common.yaml
@@ -3,19 +3,64 @@ heat_template_version: pike
description: >
Contains a static list of common things necessary for containers
+parameters:
+
+ # Required parameters
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+
+ EnableInternalTLS:
+ type: boolean
+ default: false
+ InternalTLSCAFile:
+ default: '/etc/ipa/ca.crt'
+ type: string
+ description: Specifies the default CA cert to use if TLS is used for
+ services in the internal network.
+
+conditions:
+
+ internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
+
outputs:
volumes:
description: Common volumes for the containers.
value:
- - /etc/hosts:/etc/hosts:ro
- - /etc/localtime:/etc/localtime:ro
- # required for bootstrap_host_exec
- - /etc/puppet:/etc/puppet:ro
- # OpenSSL trusted CAs
- - /etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:ro
- - /etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro
- - /etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro
- - /etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro
- # Syslog socket
- - /dev/log:/dev/log
- - /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro
+ list_concat:
+ - - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ # required for bootstrap_host_exec
+ - /etc/puppet:/etc/puppet:ro
+ # OpenSSL trusted CAs
+ - /etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:ro
+ - /etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro
+ - /etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro
+ - /etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro
+ # Syslog socket
+ - /dev/log:/dev/log
+ - /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro
+ - if:
+ - internal_tls_enabled
+ - - {get_param: InternalTLSCAFile}
+ - null
diff --git a/docker/services/pacemaker/cinder-volume.yaml b/docker/services/pacemaker/cinder-volume.yaml
new file mode 100644
index 00000000..987ebaf0
--- /dev/null
+++ b/docker/services/pacemaker/cinder-volume.yaml
@@ -0,0 +1,170 @@
+heat_template_version: pike
+
+description: >
+ OpenStack containerized Cinder Volume service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerCinderVolumeImage:
+ description: image
+ default: 'centos-binary-cinder-volume:latest'
+ type: string
+ # we configure all cinder services in the same cinder base container
+ DockerCinderConfigImage:
+ description: image
+ default: 'centos-binary-cinder-api:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ # custom parameters for the Cinder volume role
+ CinderEnableIscsiBackend:
+ default: true
+ description: Whether to enable or not the Iscsi backend for Cinder
+ type: boolean
+ CinderLVMLoopDeviceSize:
+ default: 10280
+ description: The size of the loopback file used by the cinder LVM driver.
+ type: number
+
+resources:
+
+ CinderBase:
+ type: ../../../puppet/services/cinder-volume.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Cinder Volume role.
+ value:
+ service_name: {get_attr: [CinderBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [CinderBase, role_data, config_settings]
+ - tripleo::profile::pacemaker::cinder::volume_bundle::cinder_volume_docker_image: &cinder_volume_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerCinderVolumeImage} ]
+ cinder::volume::manage_service: false
+ cinder::volume::enabled: false
+ cinder::host: hostgroup
+ step_config: ""
+ service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ config_volume: cinder
+ puppet_tags: cinder_config,file,concat,file_line
+ step_config: {get_attr: [CinderBase, role_data, step_config]}
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerCinderConfigImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/cinder_volume.json:
+ command: /usr/bin/cinder-volume --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf
+ permissions:
+ - path: /var/log/cinder
+ owner: cinder:cinder
+ recurse: true
+ docker_config:
+ step_3:
+ cinder_volume_init_logs:
+ start_order: 0
+ image: *cinder_volume_image
+ privileged: false
+ user: root
+ volumes:
+ - /var/log/containers/cinder:/var/log/cinder
+ command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder']
+ step_5:
+ cinder_volume_init_bundle:
+ start_order: 0
+ detach: false
+ net: host
+ user: root
+ command:
+ - '/bin/bash'
+ - '-c'
+ - str_replace:
+ template:
+ list_join:
+ - '; '
+ - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 5}' > /etc/puppet/hieradata/docker.json"
+ - "FACTER_uuid=docker puppet apply --tags file_line,concat,augeas,TAGS --debug -v -e 'CONFIG'"
+ params:
+ TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::constraint::location'
+ CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::cinder::volume_bundle'
+ image: *cinder_volume_image
+ volumes:
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /etc/puppet:/tmp/puppet-etc:ro
+ - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
+ - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro
+ - /dev/shm:/dev/shm:rw
+ host_prep_tasks:
+ - name: create persistent directories
+ file:
+ path: "{{ item }}"
+ state: directory
+ with_items:
+ - /var/log/containers/cinder
+ - /var/lib/cinder
+ #FIXME: all of this should be conditional on the CinderEnableIscsiBackend value being set to true
+ - name: cinder create LVM volume group dd
+ command:
+ list_join:
+ - ''
+ - - 'dd if=/dev/zero of=/var/lib/cinder/cinder-volumes bs=1 count=0 seek='
+ - str_replace:
+ template: VALUE
+ params:
+ VALUE: {get_param: CinderLVMLoopDeviceSize}
+ - 'M'
+ args:
+ creates: /var/lib/cinder/cinder-volumes
+ - name: cinder create LVM volume group
+ shell: |
+ if ! losetup /dev/loop2; then
+ losetup /dev/loop2 /var/lib/cinder/cinder-volumes
+ fi
+ if ! pvdisplay | grep cinder-volumes; then
+ pvcreate /dev/loop2
+ fi
+ if ! vgdisplay | grep cinder-volumes; then
+ vgcreate cinder-volumes /dev/loop2
+ fi
+ args:
+ executable: /bin/bash
+ creates: /dev/loop2
+ upgrade_tasks:
+ - name: Stop and disable cinder_volume service
+ tags: step2
+ service: name=openstack-cinder-volume state=stopped enabled=no
diff --git a/environments/services/ironic.yaml b/environments/services/ironic.yaml
index b1317382..8359f4a7 100644
--- a/environments/services/ironic.yaml
+++ b/environments/services/ironic.yaml
@@ -1,5 +1,4 @@
resource_registry:
OS::TripleO::Services::IronicApi: ../../puppet/services/ironic-api.yaml
OS::TripleO::Services::IronicConductor: ../../puppet/services/ironic-conductor.yaml
- OS::TripleO::Services::IronicPxe: ../../puppet/services/ironic-pxe.yaml
OS::TripleO::Services::NovaIronic: ../../puppet/services/nova-ironic.yaml
diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml
index baafe03d..081ebb4c 100644
--- a/puppet/all-nodes-config.yaml
+++ b/puppet/all-nodes-config.yaml
@@ -12,10 +12,8 @@ parameters:
type: string
cloud_name_ctlplane:
type: string
- # FIXME(shardy) this can be comma_delimited_list when
- # https://bugs.launchpad.net/heat/+bug/1617019 is fixed
enabled_services:
- type: string
+ type: comma_delimited_list
controller_ips:
type: comma_delimited_list
logging_groups:
@@ -129,8 +127,7 @@ resources:
# https://bugs.launchpad.net/heat/+bug/1617203
SERVICE_enabled: 'true'
for_each:
- SERVICE:
- str_split: [',', {get_param: enabled_services}]
+ SERVICE: {get_param: enabled_services}
# Dynamically generate per-service network data
# This works as follows (outer->inner functions)
# yaql - filters services where no mapping exists in ServiceNetMap
@@ -150,8 +147,7 @@ resources:
template:
SERVICE_network: SERVICE_network
for_each:
- SERVICE:
- str_split: [',', {get_param: enabled_services}]
+ SERVICE: {get_param: enabled_services}
- values: {get_param: ServiceNetMap}
# Keystone doesn't provide separate entries for the public
# and admin endpoints, so we need to add them here manually
@@ -203,8 +199,7 @@ resources:
template:
SERVICE_vip: SERVICE_network
for_each:
- SERVICE:
- str_split: [',', {get_param: enabled_services}]
+ SERVICE: {get_param: enabled_services}
- values: {get_param: ServiceNetMap}
- values: {get_param: NetVipMap}
- keystone_admin_api_vip: