diff options
31 files changed, 219 insertions, 54 deletions
diff --git a/ci/environments/scenario001-multinode-containers.yaml b/ci/environments/scenario001-multinode-containers.yaml index 79d5a280..e061c0a5 100644 --- a/ci/environments/scenario001-multinode-containers.yaml +++ b/ci/environments/scenario001-multinode-containers.yaml @@ -106,6 +106,7 @@ parameter_defaults: - /dev/loop3 journal_size: 512 journal_collocation: true + osd_scenario: collocated CephAnsibleExtraConfig: ceph_conf_overrides: global: diff --git a/common/deploy-steps.j2 b/common/deploy-steps.j2 index 1119fb60..2b004af1 100644 --- a/common/deploy-steps.j2 +++ b/common/deploy-steps.j2 @@ -1,7 +1,12 @@ # certain initialization steps (run in a container) will occur # on the role marked as primary controller or the first role listed -{%- set primary_role = [roles[0]] -%} -{%- for role in roles -%} +{%- if enabled_roles is not defined -%} + # On upgrade certain roles can be disabled for operator driven upgrades + # See major_upgrade_steps.j2.yaml and post-upgrade.j2.yaml + {%- set enabled_roles = roles -%} +{%- endif -%} +{%- set primary_role = [enabled_roles[0]] -%} +{%- for role in enabled_roles -%} {%- if 'primary' in role.tags and 'controller' in role.tags -%} {%- set _ = primary_role.pop() -%} {%- set _ = primary_role.append(role) -%} @@ -55,7 +60,7 @@ conditions: {% for step in range(1, deploy_steps_max) %} WorkflowTasks_Step{{step}}_Enabled: or: - {%- for role in roles %} + {%- for role in enabled_roles %} - not: equals: - get_param: [role_data, {{role.name}}, service_workflow_tasks, step{{step}}] @@ -96,12 +101,12 @@ resources: condition: WorkflowTasks_Step{{step}}_Enabled depends_on: {%- if step == 1 %} - {%- for dep in roles %} + {%- for dep in enabled_roles %} - {{dep.name}}PreConfig - {{dep.name}}ArtifactsDeploy {%- endfor %} {%- else %} - {%- for dep in roles %} + {%- for dep in enabled_roles %} - {{dep.name}}Deployment_Step{{step -1}} {%- endfor %} {%- endif %} @@ -112,7 +117,7 @@ resources: yaql: expression: $.data.where($ != '').select($.get('step{{step}}')).where($ != null).flatten() data: - {%- for role in roles %} + {%- for role in enabled_roles %} - get_param: [role_data, {{role.name}}, service_workflow_tasks] {%- endfor %} @@ -146,10 +151,11 @@ resources: # END service_workflow_tasks handling {% endfor %} +# Artifacts config and HostPrepConfig is done on all roles, not only +# enabled_roles, because on upgrade we need to write the json files +# for the operator driven upgrade scripts (the ansible steps consume them) {% for role in roles %} - # Post deployment steps for all roles - # A single config is re-applied with an incrementing step number - # {{role.name}} Role steps + # Prepare host tasks for {{role.name}} {{role.name}}ArtifactsConfig: type: ../puppet/deploy-artifacts.yaml @@ -235,9 +241,10 @@ resources: properties: servers: {get_param: [servers, {{role.name}}]} config: {get_resource: {{role.name}}HostPrepConfig} +{% endfor %} - # BEGIN CONFIG STEPS - + # BEGIN CONFIG STEPS, only on enabled_roles +{%- for role in enabled_roles %} {{role.name}}PreConfig: type: OS::TripleO::Tasks::{{role.name}}PreConfig depends_on: {{role.name}}HostPrepDeployment @@ -246,6 +253,8 @@ resources: input_values: update_identifier: {get_param: DeployIdentifier} + # Deployment steps for {{role.name}} + # A single config is re-applied with an incrementing step number {% for step in range(1, deploy_steps_max) %} {{role.name}}Deployment_Step{{step}}: type: OS::TripleO::DeploymentSteps @@ -257,12 +266,12 @@ resources: # if https://bugs.launchpad.net/heat/+bug/1700569 # is fixed. {%- if step == 1 %} - {%- for dep in roles %} + {%- for dep in enabled_roles %} - {{dep.name}}PreConfig - {{dep.name}}ArtifactsDeploy {%- endfor %} {%- else %} - {%- for dep in roles %} + {%- for dep in enabled_roles %} - {{dep.name}}Deployment_Step{{step -1}} {%- endfor %} {%- endif %} @@ -285,7 +294,7 @@ resources: # after all the previous deployment steps. {{role.name}}ExtraConfigPost: depends_on: - {%- for dep in roles %} + {%- for dep in enabled_roles %} - {{dep.name}}Deployment_Step5 {%- endfor %} type: OS::TripleO::NodeExtraConfigPost @@ -298,7 +307,7 @@ resources: {{role.name}}PostConfig: type: OS::TripleO::Tasks::{{role.name}}PostConfig depends_on: - {%- for dep in roles %} + {%- for dep in enabled_roles %} - {{dep.name}}ExtraConfigPost {%- endfor %} properties: diff --git a/common/major_upgrade_steps.j2.yaml b/common/major_upgrade_steps.j2.yaml index 7fc91153..5eb93d39 100644 --- a/common/major_upgrade_steps.j2.yaml +++ b/common/major_upgrade_steps.j2.yaml @@ -196,3 +196,7 @@ outputs: {% for role in roles %} {{role.name.lower()}}: {get_attr: [{{role.name}}UpgradeConfig_Step1, upgrade_config]} {% endfor %} + RoleConfig: + description: Mapping of config data for all roles + value: {get_attr: [AllNodesPostUpgradeSteps, RoleConfig]} + diff --git a/common/post-upgrade.j2.yaml b/common/post-upgrade.j2.yaml index 7cd6abdf..af47c6ea 100644 --- a/common/post-upgrade.j2.yaml +++ b/common/post-upgrade.j2.yaml @@ -1,4 +1,4 @@ # Note the include here is the same as post.j2.yaml but the data used at # # the time of rendering is different if any roles disable upgrades -{% set roles = roles|rejectattr('disable_upgrade_deployment')|list -%} +{% set enabled_roles = roles|rejectattr('disable_upgrade_deployment')|list -%} {% include 'deploy-steps.j2' %} diff --git a/docker/docker-puppet.py b/docker/docker-puppet.py index 0451ed51..cc247031 100755 --- a/docker/docker-puppet.py +++ b/docker/docker-puppet.py @@ -26,6 +26,7 @@ import sys import subprocess import sys import tempfile +import time import multiprocessing logger = None @@ -59,10 +60,23 @@ def short_hostname(): def pull_image(name): log.info('Pulling image: %s' % name) - subproc = subprocess.Popen(['/usr/bin/docker', 'pull', name], - stdout=subprocess.PIPE, - stderr=subprocess.PIPE) - cmd_stdout, cmd_stderr = subproc.communicate() + retval = -1 + count = 0 + while retval != 0: + count += 1 + subproc = subprocess.Popen(['/usr/bin/docker', 'pull', name], + stdout=subprocess.PIPE, + stderr=subprocess.PIPE) + + cmd_stdout, cmd_stderr = subproc.communicate() + retval = subproc.returncode + if retval != 0: + time.sleep(3) + log.warning('docker pull failed: %s' % cmd_stderr) + log.warning('retrying pulling image: %s' % name) + if count >= 5: + log.error('Failed to pull image: %s' % name) + break if cmd_stdout: log.debug(cmd_stdout) if cmd_stderr: diff --git a/docker/services/aodh-api.yaml b/docker/services/aodh-api.yaml index da4b981c..49c5f9c5 100644 --- a/docker/services/aodh-api.yaml +++ b/docker/services/aodh-api.yaml @@ -102,7 +102,8 @@ outputs: user: root volumes: - /var/log/containers/aodh:/var/log/aodh - command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R aodh:aodh /var/log/aodh'] + - /var/log/containers/httpd/aodh-api:/var/log/httpd + command: ['/bin/bash', '-c', 'chown -R aodh:aodh /var/log/aodh'] step_3: aodh_db_sync: image: *aodh_api_image @@ -117,6 +118,7 @@ outputs: - /var/lib/config-data/aodh/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro - /var/log/containers/aodh:/var/log/aodh + - /var/log/containers/httpd/aodh-api:/var/log/httpd command: "/usr/bin/bootstrap_host_exec aodh_api su aodh -s /bin/bash -c /usr/bin/aodh-dbsync" step_4: aodh_api: @@ -131,6 +133,7 @@ outputs: - /var/lib/kolla/config_files/aodh_api.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/aodh/:/var/lib/kolla/config_files/src:ro - /var/log/containers/aodh:/var/log/aodh + - /var/log/containers/httpd/aodh-api:/var/log/httpd - if: - internal_tls_enabled @@ -146,8 +149,11 @@ outputs: host_prep_tasks: - name: create persistent logs directory file: - path: /var/log/containers/aodh + path: "{{ item }}" state: directory + with_items: + - /var/log/containers/aodh + - /var/log/containers/httpd/aodh-api upgrade_tasks: - name: Stop and disable aodh service (running under httpd) tags: step2 diff --git a/docker/services/ceilometer-agent-notification.yaml b/docker/services/ceilometer-agent-notification.yaml index d8afe695..891750ad 100644 --- a/docker/services/ceilometer-agent-notification.yaml +++ b/docker/services/ceilometer-agent-notification.yaml @@ -75,6 +75,14 @@ outputs: dest: "/" merge: true preserve_properties: true + - source: "/var/lib/kolla/config_files/src-panko/*" + dest: "/" + merge: true + preserve_properties: true + permissions: + - path: /etc/panko + owner: root:ceilometer + recurse: true docker_config: step_3: ceilometer_init_log: @@ -96,6 +104,7 @@ outputs: - - /var/lib/kolla/config_files/ceilometer_agent_notification.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/ceilometer/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/puppet-generated/panko/:/var/lib/kolla/config_files/src-panko:ro - /var/log/containers/ceilometer:/var/log/ceilometer environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/ceph-ansible/ceph-base.yaml b/docker/services/ceph-ansible/ceph-base.yaml index 18d3e6a3..99412341 100644 --- a/docker/services/ceph-ansible/ceph-base.yaml +++ b/docker/services/ceph-ansible/ceph-base.yaml @@ -58,6 +58,10 @@ parameters: type: string description: List of ceph-ansible tags to skip default: 'package-install,with_pkg' + CephConfigOverrides: + type: json + description: Extra config settings to dump into ceph.conf + default: {} CephClusterFSID: type: string description: The Ceph cluster FSID. Must be a UUID. @@ -268,17 +272,19 @@ outputs: keys: *openstack_keys pools: [] ceph_conf_overrides: - global: - osd_pool_default_size: {get_param: CephPoolDefaultSize} - osd_pool_default_pg_num: {get_param: CephPoolDefaultPgNum} - rgw_keystone_api_version: 3 - rgw_keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} - rgw_keystone_accepted_roles: 'Member, _member_, admin' - rgw_keystone_admin_domain: default - rgw_keystone_admin_project: service - rgw_keystone_admin_user: swift - rgw_keystone_admin_password: {get_param: SwiftPassword} - rgw_s3_auth_use_keystone: 'true' + map_merge: + - global: + osd_pool_default_size: {get_param: CephPoolDefaultSize} + osd_pool_default_pg_num: {get_param: CephPoolDefaultPgNum} + rgw_keystone_api_version: 3 + rgw_keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} + rgw_keystone_accepted_roles: 'Member, _member_, admin' + rgw_keystone_admin_domain: default + rgw_keystone_admin_project: service + rgw_keystone_admin_user: swift + rgw_keystone_admin_password: {get_param: SwiftPassword} + rgw_s3_auth_use_keystone: 'true' + - {get_param: CephConfigOverrides} ntp_service_enabled: false generate_fsid: false ip_version: diff --git a/docker/services/ceph-ansible/ceph-osd.yaml b/docker/services/ceph-ansible/ceph-osd.yaml index 6e0f4a60..fe7d311d 100644 --- a/docker/services/ceph-ansible/ceph-osd.yaml +++ b/docker/services/ceph-ansible/ceph-osd.yaml @@ -38,6 +38,7 @@ parameters: - /dev/vdb journal_size: 512 journal_collocation: true + osd_scenario: collocated resources: CephBase: @@ -72,4 +73,5 @@ outputs: - ceph_osd_ansible_vars: map_merge: - {get_attr: [CephBase, role_data, config_settings, ceph_common_ansible_vars]} + - osd_objectstore: filestore - {get_param: CephAnsibleDisksConfig}
\ No newline at end of file diff --git a/docker/services/cinder-api.yaml b/docker/services/cinder-api.yaml index 93d09ca0..06705309 100644 --- a/docker/services/cinder-api.yaml +++ b/docker/services/cinder-api.yaml @@ -111,6 +111,7 @@ outputs: user: root volumes: - /var/log/containers/cinder:/var/log/cinder + - /var/log/containers/httpd/cinder-api:/var/log/httpd command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder'] step_3: cinder_api_db_sync: @@ -125,6 +126,7 @@ outputs: - - /var/lib/config-data/cinder/etc/cinder/:/etc/cinder/:ro - /var/log/containers/cinder:/var/log/cinder + - /var/log/containers/httpd/cinder-api:/var/log/httpd command: - '/usr/bin/bootstrap_host_exec' - 'cinder_api' @@ -145,6 +147,7 @@ outputs: - /var/lib/kolla/config_files/cinder_api.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro - /var/log/containers/cinder:/var/log/cinder + - /var/log/containers/httpd/cinder-api:/var/log/httpd - if: - internal_tls_enabled @@ -172,6 +175,7 @@ outputs: - /var/lib/kolla/config_files/cinder_api_cron.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro - /var/log/containers/cinder:/var/log/cinder + - /var/log/containers/httpd/cinder-api:/var/log/httpd environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS @@ -180,8 +184,11 @@ outputs: host_prep_tasks: - name: create persistent logs directory file: - path: /var/log/containers/cinder + path: "{{ item }}" state: directory + with_items: + - /var/log/containers/cinder + - /var/log/containers/httpd/cinder-api upgrade_tasks: - name: Stop and disable cinder_api service tags: step2 diff --git a/docker/services/containers-common.yaml b/docker/services/containers-common.yaml index 2c894da5..9f982f8b 100644 --- a/docker/services/containers-common.yaml +++ b/docker/services/containers-common.yaml @@ -64,6 +64,7 @@ outputs: # Syslog socket - /dev/log:/dev/log - /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro + - /sys/fs/selinux:/sys/fs/selinux - if: - internal_tls_enabled - - list_join: diff --git a/docker/services/glance-api.yaml b/docker/services/glance-api.yaml index df226b15..8f2bd604 100644 --- a/docker/services/glance-api.yaml +++ b/docker/services/glance-api.yaml @@ -118,6 +118,7 @@ outputs: user: root volumes: - /var/log/containers/glance:/var/log/glance + - /var/log/containers/httpd/glance-api:/var/log/httpd command: ['/bin/bash', '-c', 'chown -R glance:glance /var/log/glance'] step_3: glance_api_db_sync: @@ -133,6 +134,7 @@ outputs: - /var/lib/kolla/config_files/glance_api.json:/var/lib/kolla/config_files/config.json - /var/lib/config-data/puppet-generated/glance_api/:/var/lib/kolla/config_files/src:ro - /var/log/containers/glance:/var/log/glance + - /var/log/containers/httpd/glance-api:/var/log/httpd - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro - if: @@ -176,8 +178,11 @@ outputs: host_prep_tasks: - name: create persistent logs directory file: - path: /var/log/containers/glance + path: "{{ item }}" state: directory + with_items: + - /var/log/containers/glance + - /var/log/containers/httpd/glance-api - name: ensure ceph configurations exist file: path: /etc/ceph diff --git a/docker/services/gnocchi-api.yaml b/docker/services/gnocchi-api.yaml index 1443da40..47b3b811 100644 --- a/docker/services/gnocchi-api.yaml +++ b/docker/services/gnocchi-api.yaml @@ -104,7 +104,8 @@ outputs: user: root volumes: - /var/log/containers/gnocchi:/var/log/gnocchi - command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R gnocchi:gnocchi /var/log/gnocchi'] + - /var/log/containers/httpd/gnocchi-api:/var/log/httpd + command: ['/bin/bash', '-c', 'chown -R gnocchi:gnocchi /var/log/gnocchi'] step_4: gnocchi_db_sync: image: *gnocchi_api_image @@ -119,6 +120,7 @@ outputs: - /var/lib/config-data/gnocchi/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro - /var/log/containers/gnocchi:/var/log/gnocchi + - /var/log/containers/httpd/gnocchi-api:/var/log/httpd - /etc/ceph:/etc/ceph:ro command: str_replace: @@ -138,6 +140,7 @@ outputs: - /var/lib/kolla/config_files/gnocchi_api.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/gnocchi/:/var/lib/kolla/config_files/src:ro - /var/log/containers/gnocchi:/var/log/gnocchi + - /var/log/containers/httpd/gnocchi-api:/var/log/httpd - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro - if: @@ -154,8 +157,11 @@ outputs: host_prep_tasks: - name: create persistent logs directory file: - path: /var/log/containers/gnocchi + path: "{{ item }}" state: directory + with_items: + - /var/log/containers/gnocchi + - /var/log/containers/httpd/gnocchi-api - name: ensure ceph configurations exist file: path: /etc/ceph diff --git a/docker/services/heat-api-cfn.yaml b/docker/services/heat-api-cfn.yaml index 70612899..cfe11cd6 100644 --- a/docker/services/heat-api-cfn.yaml +++ b/docker/services/heat-api-cfn.yaml @@ -107,6 +107,7 @@ outputs: - /var/lib/kolla/config_files/heat_api_cfn.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/heat_api_cfn/:/var/lib/kolla/config_files/src:ro - /var/log/containers/heat:/var/log/heat + - /var/log/containers/httpd/heat-api-cfn:/var/log/httpd - if: - internal_tls_enabled @@ -122,8 +123,11 @@ outputs: host_prep_tasks: - name: create persistent logs directory file: - path: /var/log/containers/heat + path: "{{ item }}" state: directory + with_items: + - /var/log/containers/heat + - /var/log/containers/httpd/heat-api-cfn upgrade_tasks: - name: Check if heat_api_cfn is deployed command: systemctl is-enabled openstack-heat-api-cfn diff --git a/docker/services/heat-api.yaml b/docker/services/heat-api.yaml index 6c1621f1..2bb588de 100644 --- a/docker/services/heat-api.yaml +++ b/docker/services/heat-api.yaml @@ -118,6 +118,7 @@ outputs: - /var/lib/kolla/config_files/heat_api.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/heat_api/:/var/lib/kolla/config_files/src:ro - /var/log/containers/heat:/var/log/heat + - /var/log/containers/httpd/heat-api:/var/log/httpd - if: - internal_tls_enabled @@ -145,13 +146,17 @@ outputs: - /var/lib/kolla/config_files/heat_api_cron.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/heat_api/:/var/lib/kolla/config_files/src:ro - /var/log/containers/heat:/var/log/heat + - /var/log/containers/httpd/heat-api:/var/log/httpd environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: - name: create persistent logs directory file: - path: /var/log/containers/heat + path: "{{ item }}" state: directory + with_items: + - /var/log/containers/heat + - /var/log/containers/httpd/heat-api upgrade_tasks: - name: Check is heat_api is deployed command: systemctl is-enabled openstack-heat-api diff --git a/docker/services/horizon.yaml b/docker/services/horizon.yaml index f2f2b8dc..9a2c8bad 100644 --- a/docker/services/horizon.yaml +++ b/docker/services/horizon.yaml @@ -110,6 +110,7 @@ outputs: command: ['/bin/bash', '-c', 'touch /var/log/horizon/horizon.log && chown -R apache:apache /var/log/horizon && chmod -R a+rx /etc/openstack-dashboard'] volumes: - /var/log/containers/horizon:/var/log/horizon + - /var/log/containers/httpd/horizon:/var/log/httpd - /var/lib/config-data/horizon/etc/:/etc/ step_3: horizon: @@ -124,6 +125,7 @@ outputs: - /var/lib/kolla/config_files/horizon.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/horizon/:/var/lib/kolla/config_files/src:ro - /var/log/containers/horizon:/var/log/horizon + - /var/log/containers/httpd/horizon:/var/log/httpd - if: - internal_tls_enabled @@ -139,8 +141,11 @@ outputs: host_prep_tasks: - name: create persistent logs directory file: - path: /var/log/containers/horizon + path: "{{ item }}" state: directory + with_items: + - /var/log/containers/horizon + - /var/log/containers/httpd/horizon upgrade_tasks: - name: Stop and disable horizon service (running under httpd) tags: step2 diff --git a/docker/services/ironic-api.yaml b/docker/services/ironic-api.yaml index 2a9735b5..38710f3b 100644 --- a/docker/services/ironic-api.yaml +++ b/docker/services/ironic-api.yaml @@ -97,6 +97,7 @@ outputs: user: root volumes: - /var/log/containers/ironic:/var/log/ironic + - /var/log/containers/httpd/ironic-api:/var/log/httpd command: ['/bin/bash', '-c', 'chown -R ironic:ironic /var/log/ironic'] step_3: ironic_db_sync: @@ -112,6 +113,7 @@ outputs: - - /var/lib/config-data/ironic_api/etc/ironic:/etc/ironic:ro - /var/log/containers/ironic:/var/log/ironic + - /var/log/containers/httpd/ironic-api:/var/log/httpd command: "/usr/bin/bootstrap_host_exec ironic_api su ironic -s /bin/bash -c 'ironic-dbsync --config-file /etc/ironic/ironic.conf'" step_4: ironic_api: @@ -127,13 +129,17 @@ outputs: - /var/lib/kolla/config_files/ironic_api.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/ironic_api/:/var/lib/kolla/config_files/src:ro - /var/log/containers/ironic:/var/log/ironic + - /var/log/containers/httpd/ironic-api:/var/log/httpd environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: - name: create persistent logs directory file: - path: /var/log/containers/ironic + path: "{{ item }}" state: directory + with_items: + - /var/log/containers/ironic + - /var/log/containers/httpd/ironic-api upgrade_tasks: - name: Stop and disable ironic_api service tags: step2 diff --git a/docker/services/ironic-pxe.yaml b/docker/services/ironic-pxe.yaml index 48d2e1ee..878eef63 100644 --- a/docker/services/ironic-pxe.yaml +++ b/docker/services/ironic-pxe.yaml @@ -92,6 +92,7 @@ outputs: - /var/lib/ironic:/var/lib/ironic/ - /dev/log:/dev/log - /var/log/containers/ironic:/var/log/ironic + - /var/log/containers/httpd/ironic-pxe:/var/log/httpd environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS ironic_pxe_http: @@ -108,6 +109,7 @@ outputs: - /var/lib/config-data/puppet-generated/ironic/:/var/lib/kolla/config_files/src:ro - /var/lib/ironic:/var/lib/ironic/ - /var/log/containers/ironic:/var/log/ironic + - /var/log/containers/httpd/ironic-pxe:/var/log/httpd environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: @@ -118,3 +120,4 @@ outputs: with_items: - /var/lib/ironic - /var/log/containers/ironic + - /var/log/containers/httpd/ironic-pxe diff --git a/docker/services/keystone.yaml b/docker/services/keystone.yaml index 97b4c5d5..8f4a2014 100644 --- a/docker/services/keystone.yaml +++ b/docker/services/keystone.yaml @@ -121,9 +121,10 @@ outputs: keystone_init_log: image: &keystone_image {get_param: DockerKeystoneImage} user: root - command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R keystone:keystone /var/log/keystone'] + command: ['/bin/bash', '-c', 'chown -R keystone:keystone /var/log/keystone'] volumes: - /var/log/containers/keystone:/var/log/keystone + - /var/log/containers/httpd/keystone:/var/log/httpd step_3: keystone_db_sync: image: *keystone_image @@ -138,6 +139,7 @@ outputs: - /var/lib/kolla/config_files/keystone.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/keystone/:/var/lib/kolla/config_files/src:ro - /var/log/containers/keystone:/var/log/keystone + - /var/log/containers/httpd/keystone:/var/log/httpd - if: - internal_tls_enabled @@ -184,6 +186,7 @@ outputs: - /var/lib/kolla/config_files/keystone_cron.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/keystone/:/var/lib/kolla/config_files/src:ro - /var/log/containers/keystone:/var/log/keystone + - /var/log/containers/httpd/keystone:/var/log/httpd environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS docker_puppet_tasks: @@ -196,8 +199,11 @@ outputs: host_prep_tasks: - name: create persistent logs directory file: - path: /var/log/containers/keystone + path: "{{ item }}" state: directory + with_items: + - /var/log/containers/keystone + - /var/log/containers/httpd/keystone upgrade_tasks: - name: Stop and disable keystone service (running under httpd) tags: step2 diff --git a/docker/services/manila-api.yaml b/docker/services/manila-api.yaml index 7b2dbfaf..a0e501ec 100644 --- a/docker/services/manila-api.yaml +++ b/docker/services/manila-api.yaml @@ -90,7 +90,8 @@ outputs: user: root volumes: - /var/log/containers/manila:/var/log/manila - command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R manila:manila /var/log/manila'] + - /var/log/containers/httpd/manila-api:/var/log/httpd + command: ['/bin/bash', '-c', 'chown -R manila:manila /var/log/manila'] step_3: manila_api_db_sync: user: root @@ -103,6 +104,7 @@ outputs: - - /var/lib/config-data/manila/etc/manila/:/etc/manila/:ro - /var/log/containers/manila:/var/log/manila + - /var/log/containers/httpd/manila-api:/var/log/httpd command: "/usr/bin/bootstrap_host_exec manila_api su manila -s /bin/bash -c '/usr/bin/manila-manage db sync'" step_4: manila_api: @@ -116,13 +118,17 @@ outputs: - /var/lib/kolla/config_files/manila_api.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/manila/:/var/lib/kolla/config_files/src:ro - /var/log/containers/manila:/var/log/manila + - /var/log/containers/httpd/manila-api:/var/log/httpd environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: - name: Create persistent manila logs directory file: - path: /var/log/containers/manila + path: "{{ item }}" state: directory + with_items: + - /var/log/containers/manila + - /var/log/containers/httpd/manila-api upgrade_tasks: - name: Stop and disable manila_api service tags: step2 diff --git a/docker/services/neutron-api.yaml b/docker/services/neutron-api.yaml index 85a07128..c028fc28 100644 --- a/docker/services/neutron-api.yaml +++ b/docker/services/neutron-api.yaml @@ -110,6 +110,7 @@ outputs: user: root volumes: - /var/log/containers/neutron:/var/log/neutron + - /var/log/containers/httpd/neutron-api:/var/log/httpd command: ['/bin/bash', '-c', 'chown -R neutron:neutron /var/log/neutron'] step_3: neutron_db_sync: @@ -126,6 +127,7 @@ outputs: - /var/lib/config-data/neutron/etc/neutron:/etc/neutron:ro - /var/lib/config-data/neutron/usr/share/neutron:/usr/share/neutron:ro - /var/log/containers/neutron:/var/log/neutron + - /var/log/containers/httpd/neutron-api:/var/log/httpd command: ['/usr/bin/bootstrap_host_exec', 'neutron_api', 'neutron-db-manage', 'upgrade', 'heads'] # FIXME: we should make config file permissions right # and run as neutron user @@ -144,6 +146,7 @@ outputs: - /var/lib/kolla/config_files/neutron_api.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro - /var/log/containers/neutron:/var/log/neutron + - /var/log/containers/httpd/neutron-api:/var/log/httpd environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - if: @@ -167,8 +170,11 @@ outputs: host_prep_tasks: - name: create persistent logs directory file: - path: /var/log/containers/neutron + path: "{{ item }}" state: directory + with_items: + - /var/log/containers/neutron + - /var/log/containers/httpd/neutron-api upgrade_tasks: - name: Check if neutron_server is deployed command: systemctl is-enabled neutron-server diff --git a/docker/services/nova-api.yaml b/docker/services/nova-api.yaml index 7142b70e..9f1ae865 100644 --- a/docker/services/nova-api.yaml +++ b/docker/services/nova-api.yaml @@ -116,7 +116,8 @@ outputs: user: root volumes: - /var/log/containers/nova:/var/log/nova - command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R nova:nova /var/log/nova'] + - /var/log/containers/httpd/nova-api:/var/log/httpd + command: ['/bin/bash', '-c', 'chown -R nova:nova /var/log/nova'] step_3: nova_api_db_sync: start_order: 0 @@ -131,6 +132,7 @@ outputs: - /var/lib/config-data/nova/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro - /var/log/containers/nova:/var/log/nova + - /var/log/containers/httpd/nova-api:/var/log/httpd command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage api_db sync'" # FIXME: we probably want to wait on the 'cell_v2 update' in order for this # to be capable of upgrading a baremetal setup. This is to ensure the name @@ -178,6 +180,7 @@ outputs: - /var/lib/kolla/config_files/nova_api.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro - /var/log/containers/nova:/var/log/nova + - /var/log/containers/httpd/nova-api:/var/log/httpd - if: - internal_tls_enabled @@ -205,6 +208,7 @@ outputs: - /var/lib/kolla/config_files/nova_api_cron.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro - /var/log/containers/nova:/var/log/nova + - /var/log/containers/httpd/nova-api:/var/log/httpd environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS step_5: @@ -215,14 +219,17 @@ outputs: detach: false volumes: *nova_api_bootstrap_volumes user: root - command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 discover_hosts'" + command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 discover_hosts --verbose'" metadata_settings: get_attr: [NovaApiBase, role_data, metadata_settings] host_prep_tasks: - name: create persistent logs directory file: - path: /var/log/containers/nova + path: "{{ item }}" state: directory + with_items: + - /var/log/containers/nova + - /var/log/containers/httpd/nova-api upgrade_tasks: - name: Stop and disable nova_api service tags: step2 diff --git a/docker/services/nova-placement.yaml b/docker/services/nova-placement.yaml index 26d17560..d66a6fb8 100644 --- a/docker/services/nova-placement.yaml +++ b/docker/services/nova-placement.yaml @@ -111,6 +111,7 @@ outputs: - /var/lib/kolla/config_files/nova_placement.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/nova_placement/:/var/lib/kolla/config_files/src:ro - /var/log/containers/nova:/var/log/nova + - /var/log/containers/httpd/nova-placement:/var/log/httpd - if: - internal_tls_enabled @@ -128,8 +129,11 @@ outputs: host_prep_tasks: - name: create persistent logs directory file: - path: /var/log/containers/nova + path: "{{ item }}" state: directory + with_items: + - /var/log/containers/nova + - /var/log/containers/httpd/nova-placement upgrade_tasks: - name: Stop and disable nova_placement service (running under httpd) tags: step2 diff --git a/docker/services/octavia-api.yaml b/docker/services/octavia-api.yaml index 86730ebc..da698991 100644 --- a/docker/services/octavia-api.yaml +++ b/docker/services/octavia-api.yaml @@ -111,6 +111,7 @@ outputs: # configuration. - /var/lib/config-data/puppet-generated/octavia/etc/octavia:/etc/octavia/ - /var/log/containers/octavia:/var/log/octavia + - /var/log/containers/httpd/octavia-api:/var/log/httpd command: ['/bin/bash', '-c', 'mkdir -p /etc/octavia/conf.d/octavia-api; chown -R octavia:octavia /etc/octavia/conf.d/octavia-api; chown -R octavia:octavia /var/log/octavia'] step_3: octavia_db_sync: @@ -126,6 +127,7 @@ outputs: - - /var/lib/config-data/octavia/etc/octavia/:/etc/octavia/:ro - /var/log/containers/octavia:/var/log/octavia + - /var/log/containers/httpd/octavia-api:/var/log/httpd command: "/usr/bin/bootstrap_host_exec octavia_api su octavia -s /bin/bash -c '/usr/bin/octavia-db-manage upgrade head'" step_4: map_merge: @@ -142,6 +144,7 @@ outputs: - /var/lib/kolla/config_files/octavia_api.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/octavia/:/var/lib/kolla/config_files/src:ro - /var/log/containers/octavia:/var/log/octavia + - /var/log/containers/httpd/octavia-api:/var/log/httpd environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - if: @@ -166,8 +169,11 @@ outputs: host_prep_tasks: - name: create persistent logs directory file: - path: /var/log/containers/octavia + path: "{{ item }}" state: directory + with_items: + - /var/log/containers/octavia + - /var/log/containers/httpd/octavia-api upgrade_tasks: - name: Stop and disable octavia_api service tags: step2 diff --git a/docker/services/panko-api.yaml b/docker/services/panko-api.yaml index 626d9176..3edd9049 100644 --- a/docker/services/panko-api.yaml +++ b/docker/services/panko-api.yaml @@ -104,7 +104,8 @@ outputs: user: root volumes: - /var/log/containers/panko:/var/log/panko - command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R panko:panko /var/log/panko'] + - /var/log/containers/httpd/panko-api:/var/log/httpd + command: ['/bin/bash', '-c', 'chown -R panko:panko /var/log/panko'] step_3: panko_db_sync: image: *panko_api_image @@ -119,6 +120,7 @@ outputs: - /var/lib/config-data/panko/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro - /var/lib/config-data/panko/etc/panko:/etc/panko:ro - /var/log/containers/panko:/var/log/panko + - /var/log/containers/httpd/panko-api:/var/log/httpd command: "/usr/bin/bootstrap_host_exec panko_api su panko -s /bin/bash -c '/usr/bin/panko-dbsync'" step_4: panko_api: @@ -134,6 +136,7 @@ outputs: - /var/lib/kolla/config_files/panko_api.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/panko/:/var/lib/kolla/config_files/src:ro - /var/log/containers/panko:/var/log/panko + - /var/log/containers/httpd/panko-api:/var/log/httpd - if: - internal_tls_enabled @@ -149,7 +152,10 @@ outputs: host_prep_tasks: - name: create persistent logs directory file: - path: /var/log/containers/panko + path: "{{ item }}" state: directory + with_items: + - /var/log/containers/panko + - /var/log/containers/httpd/panko-api metadata_settings: get_attr: [PankoApiPuppetBase, role_data, metadata_settings] diff --git a/docker/services/swift-proxy.yaml b/docker/services/swift-proxy.yaml index 374db250..86871210 100644 --- a/docker/services/swift-proxy.yaml +++ b/docker/services/swift-proxy.yaml @@ -111,6 +111,7 @@ outputs: - /srv/node:/srv/node - /dev:/dev - /var/log/containers/swift:/var/log/swift + - /var/log/containers/httpd/swift-proxy:/var/log/httpd environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - if: @@ -138,6 +139,7 @@ outputs: state: directory with_items: - /var/log/containers/swift + - /var/log/containers/httpd/swift-proxy - /srv/node upgrade_tasks: - name: Stop and disable swift_proxy service diff --git a/docker/services/zaqar.yaml b/docker/services/zaqar.yaml index 34f2e439..ab30ab5a 100644 --- a/docker/services/zaqar.yaml +++ b/docker/services/zaqar.yaml @@ -116,6 +116,7 @@ outputs: user: root volumes: - /var/log/containers/zaqar:/var/log/zaqar + - /var/log/containers/httpd/zaqar:/var/log/httpd command: ['/bin/bash', '-c', 'chown -R zaqar:zaqar /var/log/zaqar'] step_3: zaqar_db_sync: @@ -149,6 +150,7 @@ outputs: - /var/lib/kolla/config_files/zaqar.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/zaqar/:/var/lib/kolla/config_files/src:ro - /var/log/containers/zaqar:/var/log/zaqar + - /var/log/containers/httpd/zaqar:/var/log/httpd - if: - internal_tls_enabled @@ -173,13 +175,17 @@ outputs: - /var/lib/kolla/config_files/zaqar_websocket.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/zaqar/:/var/lib/kolla/config_files/src:ro - /var/log/containers/zaqar:/var/log/zaqar + - /var/log/containers/httpd/zaqar:/var/log/httpd environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: - name: create persistent logs directory file: - path: /var/log/containers/zaqar + path: "{{ item }}" state: directory + with_items: + - /var/log/containers/zaqar + - /var/log/containers/httpd/zaqar upgrade_tasks: - name: Stop and disable zaqar service tags: step2 diff --git a/puppet/services/neutron-base.yaml b/puppet/services/neutron-base.yaml index b6980045..af3f8637 100644 --- a/puppet/services/neutron-base.yaml +++ b/puppet/services/neutron-base.yaml @@ -30,6 +30,10 @@ parameters: type: number default: 0 description: The number of neutron dhcp agents to schedule per network + DhcpAgentNotification: + default: true + description: Whether or not to enable DHCP agent notifications. + type: string NeutronDnsDomain: type: string default: openstacklocal @@ -133,6 +137,7 @@ outputs: - {get_param: NeutronDebug } neutron::purge_config: {get_param: EnableConfigPurge} neutron::allow_overlapping_ips: true + neutron::dhcp_agent_notification: {get_param: DhcpAgentNotification} neutron::dns_domain: {get_param: NeutronDnsDomain} neutron::rabbit_heartbeat_timeout_threshold: 60 neutron::host: '%{::fqdn}' diff --git a/puppet/services/opendaylight-api.yaml b/puppet/services/opendaylight-api.yaml index 71536ff3..1feb62b2 100644 --- a/puppet/services/opendaylight-api.yaml +++ b/puppet/services/opendaylight-api.yaml @@ -92,6 +92,7 @@ outputs: - 6640 - 6653 - 2550 + - 8185 opendaylight::snat_mechanism: {get_param: OpenDaylightSNATMechanism} step_config: | include tripleo::profile::base::neutron::opendaylight diff --git a/releasenotes/notes/containerized-services-logs-0dc652513870f46d.yaml b/releasenotes/notes/containerized-services-logs-0dc652513870f46d.yaml new file mode 100644 index 00000000..5ce8b7df --- /dev/null +++ b/releasenotes/notes/containerized-services-logs-0dc652513870f46d.yaml @@ -0,0 +1,11 @@ +--- +upgrade: + - | + Containerized services logs can be found under updated paths. + Pacemaker-managed resources write logs to `/var/log/pacemaker/bundles/*`. + Docker-daemon managed openstack services bind-mount their log files to the + `/var/log/containers/<foo>/*` sub-directories. Services running under + Apache2 WSGI use the `/var/log/containers/httpd/<foo-api>/*` destinations. + Additional tools or commands that log to syslog, end up placing log records + into the hosts journalctl and `/var/log/messages`. + diff --git a/releasenotes/notes/fix-odl-websocket-firewall-9e2f78ebaa39313f.yaml b/releasenotes/notes/fix-odl-websocket-firewall-9e2f78ebaa39313f.yaml new file mode 100644 index 00000000..63919dad --- /dev/null +++ b/releasenotes/notes/fix-odl-websocket-firewall-9e2f78ebaa39313f.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + Fixes bug where neutron port status was not updated with OpenDaylight + deployments due to firewall blocking the websocket port used to send the + update (port 8185). |