diff options
Diffstat (limited to 'docker/services/pacemaker')
-rw-r--r-- | docker/services/pacemaker/cinder-backup.yaml | 49 | ||||
-rw-r--r-- | docker/services/pacemaker/cinder-volume.yaml | 52 | ||||
-rw-r--r-- | docker/services/pacemaker/clustercheck.yaml | 38 | ||||
-rw-r--r-- | docker/services/pacemaker/database/mysql.yaml | 85 | ||||
-rw-r--r-- | docker/services/pacemaker/database/redis.yaml | 61 | ||||
-rw-r--r-- | docker/services/pacemaker/haproxy.yaml | 86 | ||||
-rw-r--r-- | docker/services/pacemaker/rabbitmq.yaml | 60 |
7 files changed, 289 insertions, 142 deletions
diff --git a/docker/services/pacemaker/cinder-backup.yaml b/docker/services/pacemaker/cinder-backup.yaml index 7cac9d48..26ae9bca 100644 --- a/docker/services/pacemaker/cinder-backup.yaml +++ b/docker/services/pacemaker/cinder-backup.yaml @@ -4,18 +4,11 @@ description: > OpenStack containerized Cinder Backup service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerCinderBackupImage: description: image - default: 'centos-binary-cinder-backup:latest' type: string - # we configure all cinder services in the same cinder base container DockerCinderConfigImage: - description: image - default: 'centos-binary-cinder-api:latest' + description: The container image to use for the cinder config_volume type: string CinderBackupBackend: default: swift @@ -34,6 +27,10 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -59,6 +56,7 @@ resources: type: ../../../puppet/services/cinder-backup.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -75,10 +73,7 @@ outputs: config_settings: map_merge: - get_attr: [CinderBackupBase, role_data, config_settings] - - tripleo::profile::pacemaker::cinder::backup_bundle::cinder_backup_docker_image: &cinder_backup_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCinderBackupImage} ] + - tripleo::profile::pacemaker::cinder::backup_bundle::cinder_backup_docker_image: &cinder_backup_image {get_param: DockerCinderBackupImage} cinder::backup::manage_service: false cinder::backup::enabled: false step_config: "" @@ -88,10 +83,7 @@ outputs: config_volume: cinder puppet_tags: cinder_config,file,concat,file_line step_config: {get_attr: [CinderBackupBase, role_data, step_config]} - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCinderConfigImage} ] + config_image: {get_param: DockerCinderConfigImage} kolla_config: /var/lib/kolla/config_files/cinder_backup.json: command: /usr/bin/cinder-backup --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf @@ -147,6 +139,27 @@ outputs: - /var/lib/cinder - /var/log/containers/cinder upgrade_tasks: - - name: Stop and disable cinder_backup service + - name: get bootstrap nodeid + tags: common + command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid + register: bootstrap_node + - name: set is_bootstrap_node fact + tags: common + set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}} + - name: Disable the openstack-cinder-backup cluster resource + tags: step2 + pacemaker_resource: + resource: openstack-cinder-backup + state: disable + wait_for_resource: true + when: is_bootstrap_node + - name: Delete the stopped openstack-cinder-backup cluster resource. + tags: step2 + pacemaker_resource: + resource: openstack-cinder-backup + state: delete + wait_for_resource: true + when: is_bootstrap_node + - name: Disable cinder_backup service tags: step2 - service: name=openstack-cinder-backup state=stopped enabled=no + service: name=openstack-cinder-backup enabled=no diff --git a/docker/services/pacemaker/cinder-volume.yaml b/docker/services/pacemaker/cinder-volume.yaml index 987ebaf0..262e999d 100644 --- a/docker/services/pacemaker/cinder-volume.yaml +++ b/docker/services/pacemaker/cinder-volume.yaml @@ -4,24 +4,21 @@ description: > OpenStack containerized Cinder Volume service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerCinderVolumeImage: description: image - default: 'centos-binary-cinder-volume:latest' type: string - # we configure all cinder services in the same cinder base container DockerCinderConfigImage: - description: image - default: 'centos-binary-cinder-api:latest' + description: The container image to use for the cinder config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -55,6 +52,7 @@ resources: type: ../../../puppet/services/cinder-volume.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -68,10 +66,7 @@ outputs: config_settings: map_merge: - get_attr: [CinderBase, role_data, config_settings] - - tripleo::profile::pacemaker::cinder::volume_bundle::cinder_volume_docker_image: &cinder_volume_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCinderVolumeImage} ] + - tripleo::profile::pacemaker::cinder::volume_bundle::cinder_volume_docker_image: &cinder_volume_image {get_param: DockerCinderVolumeImage} cinder::volume::manage_service: false cinder::volume::enabled: false cinder::host: hostgroup @@ -82,10 +77,7 @@ outputs: config_volume: cinder puppet_tags: cinder_config,file,concat,file_line step_config: {get_attr: [CinderBase, role_data, step_config]} - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCinderConfigImage} ] + config_image: {get_param: DockerCinderConfigImage} kolla_config: /var/lib/kolla/config_files/cinder_volume.json: command: /usr/bin/cinder-volume --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf @@ -165,6 +157,30 @@ outputs: executable: /bin/bash creates: /dev/loop2 upgrade_tasks: - - name: Stop and disable cinder_volume service + - name: get bootstrap nodeid + tags: common + command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid + register: bootstrap_node + - name: set is_bootstrap_node fact + tags: common + set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}} + - name: Disable the openstack-cinder-volume cluster resource + tags: step2 + pacemaker_resource: + resource: openstack-cinder-volume + state: disable + wait_for_resource: true + when: is_bootstrap_node + - name: Delete the stopped openstack-cinder-volume cluster resource. tags: step2 - service: name=openstack-cinder-volume state=stopped enabled=no + pacemaker_resource: + resource: openstack-cinder-volume + state: delete + wait_for_resource: true + when: is_bootstrap_node + - name: Disable cinder_volume service from boot + tags: step2 + service: name=openstack-cinder-volume enabled=no + + + diff --git a/docker/services/pacemaker/clustercheck.yaml b/docker/services/pacemaker/clustercheck.yaml index bad2acf6..c7c316a4 100644 --- a/docker/services/pacemaker/clustercheck.yaml +++ b/docker/services/pacemaker/clustercheck.yaml @@ -6,19 +6,21 @@ description: > the local galera node is synced parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerClustercheckImage: description: image - default: 'centos-binary-mariadb:latest' + type: string + DockerClustercheckConfigImage: + description: The container image to use for the clustercheck config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -46,6 +48,7 @@ resources: type: ../../../puppet/services/pacemaker/database/mysql.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -63,31 +66,20 @@ outputs: config_volume: clustercheck puppet_tags: file # set this even though file is the default step_config: "include ::tripleo::profile::pacemaker::clustercheck" - config_image: &clustercheck_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerClustercheckImage} ] + config_image: {get_param: DockerClustercheckConfigImage} kolla_config: /var/lib/kolla/config_files/clustercheck.json: command: /usr/sbin/xinetd -dontfork config_files: - - dest: /etc/xinetd.conf - source: /var/lib/kolla/config_files/src/etc/xinetd.conf - owner: mysql - perm: '0644' - - dest: /etc/xinetd.d/galera-monitor - source: /var/lib/kolla/config_files/src/etc/xinetd.d/galera-monitor - owner: mysql - perm: '0644' - - dest: /etc/sysconfig/clustercheck - source: /var/lib/kolla/config_files/src/etc/sysconfig/clustercheck - owner: mysql - perm: '0600' + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true docker_config: step_2: clustercheck: start_order: 1 - image: *clustercheck_image + image: {get_param: DockerClustercheckImage} restart: always net: host volumes: @@ -95,7 +87,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/clustercheck.json:/var/lib/kolla/config_files/config.json - - /var/lib/config-data/clustercheck/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/puppet-generated/clustercheck/:/var/lib/kolla/config_files/src:ro - /var/lib/mysql:/var/lib/mysql environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/pacemaker/database/mysql.yaml b/docker/services/pacemaker/database/mysql.yaml index d64845f2..f12852f8 100644 --- a/docker/services/pacemaker/database/mysql.yaml +++ b/docker/services/pacemaker/database/mysql.yaml @@ -4,19 +4,21 @@ description: > MySQL service deployment with pacemaker bundle parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerMysqlImage: description: image - default: 'centos-binary-mariadb:latest' + type: string + DockerMysqlConfigImage: + description: The container image to use for the mysql config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -48,6 +50,7 @@ resources: type: ../../../../puppet/services/pacemaker/database/mysql.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -61,11 +64,18 @@ outputs: config_settings: map_merge: - {get_attr: [MysqlPuppetBase, role_data, config_settings]} - - tripleo::profile::pacemaker::database::mysql_bundle::mysql_docker_image: &mysql_image - list_join: - - '/' - - - {get_param: DockerNamespace} - - {get_param: DockerMysqlImage} + - tripleo::profile::pacemaker::database::mysql_bundle::mysql_docker_image: &mysql_image {get_param: DockerMysqlImage} + tripleo::profile::pacemaker::database::mysql_bundle::control_port: 3123 + tripleo.mysql.firewall_rules: + '104 mysql galera-bundle': + dport: + - 873 + - 3123 + - 3306 + - 4444 + - 4567 + - 4568 + - 9200 step_config: "" # BEGIN DOCKER SETTINGS # puppet_config: @@ -77,27 +87,19 @@ outputs: - - "['Mysql_datadir', 'Mysql_user', 'Mysql_database', 'Mysql_grant', 'Mysql_plugin'].each |String $val| { noop_resource($val) }" - "exec {'wait-for-settle': command => '/bin/true' }" - "include ::tripleo::profile::pacemaker::database::mysql_bundle" - config_image: *mysql_image + config_image: {get_param: DockerMysqlConfigImage} kolla_config: /var/lib/kolla/config_files/mysql.json: command: /usr/sbin/pacemaker_remoted config_files: - - dest: /etc/libqb/force-filesystem-sockets - source: /dev/null - owner: root - perm: '0644' - - dest: /etc/my.cnf - source: /var/lib/kolla/config_files/src/etc/my.cnf - owner: mysql - perm: '0644' - - dest: /etc/my.cnf.d/galera.cnf - source: /var/lib/kolla/config_files/src/etc/my.cnf.d/galera.cnf - owner: mysql - perm: '0644' - - dest: /etc/sysconfig/clustercheck - source: /var/lib/kolla/config_files/src/etc/sysconfig/clustercheck - owner: root - perm: '0600' + - dest: /etc/libqb/force-filesystem-sockets + source: /dev/null + owner: root + perm: '0644' + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true docker_config: step_1: mysql_data_ownership: @@ -122,7 +124,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/mysql.json:/var/lib/kolla/config_files/config.json - - /var/lib/config-data/mysql/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/puppet-generated/mysql/:/var/lib/kolla/config_files/src:ro - /var/lib/mysql:/var/lib/mysql environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS @@ -166,8 +168,6 @@ outputs: - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro - /dev/shm:/dev/shm:rw - - /var/lib/config-data/mysql/etc/my.cnf:/etc/my.cnf:ro - - /var/lib/config-data/mysql/etc/my.cnf.d:/etc/my.cnf.d:ro - /var/lib/mysql:/var/lib/mysql:rw host_prep_tasks: - name: create /var/lib/mysql @@ -175,6 +175,27 @@ outputs: path: /var/lib/mysql state: directory upgrade_tasks: - - name: Stop and disable mysql service + - name: get bootstrap nodeid + tags: common + command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid + register: bootstrap_node + - name: set is_bootstrap_node fact + tags: common + set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}} + - name: Disable the galera cluster resource + tags: step2 + pacemaker_resource: + resource: galera + state: disable + wait_for_resource: true + when: is_bootstrap_node + - name: Delete the stopped galera cluster resource. + tags: step2 + pacemaker_resource: + resource: galera + state: delete + wait_for_resource: true + when: is_bootstrap_node + - name: Disable mysql service tags: step2 - service: name=mariadb state=stopped enabled=no + service: name=mariadb enabled=no diff --git a/docker/services/pacemaker/database/redis.yaml b/docker/services/pacemaker/database/redis.yaml index ef27f7e9..75b6d650 100644 --- a/docker/services/pacemaker/database/redis.yaml +++ b/docker/services/pacemaker/database/redis.yaml @@ -4,19 +4,21 @@ description: > OpenStack containerized Redis services parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerRedisImage: description: image - default: 'centos-binary-redis:latest' + type: string + DockerRedisConfigImage: + description: The container image to use for the redis config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -41,6 +43,7 @@ resources: type: ../../../../puppet/services/database/redis.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -57,12 +60,14 @@ outputs: - redis::service_manage: false redis::notify_service: false redis::managed_by_cluster_manager: true - tripleo::profile::pacemaker::database::redis_bundle::redis_docker_image: &redis_image - list_join: - - '/' - - - {get_param: DockerNamespace} - - {get_param: DockerRedisImage} - + tripleo::profile::pacemaker::database::redis_bundle::redis_docker_image: &redis_image {get_param: DockerRedisImage} + tripleo::profile::pacemaker::database::redis_bundle::control_port: 3124 + tripleo.redis.firewall_rules: + '108 redis-bundle': + dport: + - 3124 + - 6379 + - 26379 step_config: "" service_config_settings: {get_attr: [RedisBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS @@ -74,7 +79,7 @@ outputs: puppet_tags: 'exec' step_config: get_attr: [RedisBase, role_data, step_config] - config_image: *redis_image + config_image: &redis_config_image {get_param: DockerRedisConfigImage} kolla_config: /var/lib/kolla/config_files/redis.json: command: /usr/sbin/pacemaker_remoted @@ -83,6 +88,11 @@ outputs: source: /dev/null owner: root perm: '0644' + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + optional: true permissions: - path: /var/run/redis owner: redis:redis @@ -113,7 +123,7 @@ outputs: params: TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation' CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::database::redis_bundle' - image: *redis_image + image: *redis_config_image volumes: - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro @@ -135,6 +145,27 @@ outputs: path: /var/lib/redis state: directory upgrade_tasks: - - name: Stop and disable redis service + - name: get bootstrap nodeid + tags: common + command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid + register: bootstrap_node + - name: set is_bootstrap_node fact + tags: common + set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}} + - name: Disable the redis cluster resource + tags: step2 + pacemaker_resource: + resource: {get_attr: [RedisBase, role_data, service_name]} + state: disable + wait_for_resource: true + when: is_bootstrap_node + - name: Delete the stopped redis cluster resource. + tags: step2 + pacemaker_resource: + resource: {get_attr: [RedisBase, role_data, service_name]} + state: delete + wait_for_resource: true + when: is_bootstrap_node + - name: Disable redis service tags: step2 - service: name=redis state=stopped enabled=no + service: name=redis enabled=no diff --git a/docker/services/pacemaker/haproxy.yaml b/docker/services/pacemaker/haproxy.yaml index 7557afd6..24155912 100644 --- a/docker/services/pacemaker/haproxy.yaml +++ b/docker/services/pacemaker/haproxy.yaml @@ -4,14 +4,16 @@ description: > OpenStack containerized HAproxy service for pacemaker parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerHAProxyImage: description: image - default: 'centos-binary-haproxy:latest' type: string + DockerHAProxyConfigImage: + description: The container image to use for the haproxy config_volume + type: string + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -26,6 +28,11 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + DeployedSSLCertificatePath: + default: '/etc/pki/tls/private/overcloud_endpoint.pem' + description: > + The filepath of the certificate as it will be stored in the controller. + type: string RoleName: default: '' description: Role name on which the service is applied @@ -41,6 +48,7 @@ resources: type: ../../../puppet/services/pacemaker/haproxy.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -56,10 +64,7 @@ outputs: - get_attr: [HAProxyBase, role_data, config_settings] - tripleo::haproxy::haproxy_daemon: false haproxy_docker: true - tripleo::profile::pacemaker::haproxy_bundle::haproxy_docker_image: &haproxy_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerHAProxyImage} ] + tripleo::profile::pacemaker::haproxy_bundle::haproxy_docker_image: &haproxy_image {get_param: DockerHAProxyImage} step_config: "" service_config_settings: {get_attr: [HAProxyBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS @@ -73,10 +78,22 @@ outputs: - "class tripleo::firewall(){}; define tripleo::firewall::rule( $port = undef, $dport = undef, $sport = undef, $proto = undef, $action = undef, $state = undef, $source = undef, $iniface = undef, $chain = undef, $destination = undef, $extras = undef){}" - "['pcmk_bundle', 'pcmk_resource', 'pcmk_property', 'pcmk_constraint', 'pcmk_resource_default'].each |String $val| { noop_resource($val) }" - 'include ::tripleo::profile::pacemaker::haproxy_bundle' - config_image: *haproxy_image + config_image: {get_param: DockerHAProxyConfigImage} + volumes: &deployed_cert_mount + - list_join: + - ':' + - - {get_param: DeployedSSLCertificatePath} + - {get_param: DeployedSSLCertificatePath} + - 'ro' kolla_config: /var/lib/kolla/config_files/haproxy.json: command: haproxy -f /etc/haproxy/haproxy.cfg + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + optional: true docker_config: step_2: haproxy_init_bundle: @@ -103,17 +120,42 @@ outputs: - 'include ::tripleo::profile::pacemaker::haproxy_bundle' image: *haproxy_image volumes: - # puppet saves iptables rules in /etc/sysconfig - - /etc/sysconfig:/etc/sysconfig:rw - # saving rules require accessing /usr/libexec/iptables/iptables.init, just bind-mount - # the necessary bit and prevent systemd to try to reload the service in the container - - /usr/libexec/iptables:/usr/libexec/iptables:ro - - /usr/libexec/initscripts/legacy-actions:/usr/libexec/initscripts/legacy-actions:ro - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro - - /etc/puppet:/tmp/puppet-etc:ro - - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro - - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro - - /dev/shm:/dev/shm:rw + list_concat: + - *deployed_cert_mount + - + # puppet saves iptables rules in /etc/sysconfig + - /etc/sysconfig:/etc/sysconfig:rw + # saving rules require accessing /usr/libexec/iptables/iptables.init, just bind-mount + # the necessary bit and prevent systemd to try to reload the service in the container + - /usr/libexec/iptables:/usr/libexec/iptables:ro + - /usr/libexec/initscripts/legacy-actions:/usr/libexec/initscripts/legacy-actions:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /etc/puppet:/tmp/puppet-etc:ro + - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro + - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro + - /dev/shm:/dev/shm:rw metadata_settings: get_attr: [HAProxyBase, role_data, metadata_settings] + upgrade_tasks: + - name: get bootstrap nodeid + tags: common + command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid + register: bootstrap_node + - name: set is_bootstrap_node fact + tags: common + set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}} + - name: Disable the haproxy cluster resource. + tags: step2 + pacemaker_resource: + resource: {get_attr: [HAProxyBase, role_data, service_name]} + state: disable + wait_for_resource: true + when: is_bootstrap_node + - name: Delete the stopped haproxy cluster resource. + tags: step2 + pacemaker_resource: + resource: {get_attr: [HAProxyBase, role_data, service_name]} + state: delete + wait_for_resource: true + when: is_bootstrap_node diff --git a/docker/services/pacemaker/rabbitmq.yaml b/docker/services/pacemaker/rabbitmq.yaml index 7f6ac701..de53ceee 100644 --- a/docker/services/pacemaker/rabbitmq.yaml +++ b/docker/services/pacemaker/rabbitmq.yaml @@ -4,19 +4,21 @@ description: > OpenStack containerized Rabbitmq service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerRabbitmqImage: description: image - default: 'centos-binary-rabbitmq:latest' + type: string + DockerRabbitmqConfigImage: + description: The container image to use for the rabbitmq config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -45,6 +47,7 @@ resources: type: ../../../puppet/services/rabbitmq.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -59,11 +62,15 @@ outputs: map_merge: - {get_attr: [RabbitmqBase, role_data, config_settings]} - rabbitmq::service_manage: false - tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image: &rabbitmq_image - list_join: - - '/' - - - {get_param: DockerNamespace} - - {get_param: DockerRabbitmqImage} + tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image: &rabbitmq_image {get_param: DockerRabbitmqImage} + tripleo::profile::pacemaker::rabbitmq_bundle::control_port: 3122 + tripleo.rabbitmq.firewall_rules: + '109 rabbitmq-bundle': + dport: + - 3122 + - 4369 + - 5672 + - 25672 step_config: &step_config get_attr: [RabbitmqBase, role_data, step_config] service_config_settings: {get_attr: [RabbitmqBase, role_data, service_config_settings]} @@ -72,7 +79,7 @@ outputs: config_volume: rabbitmq puppet_tags: file step_config: *step_config - config_image: *rabbitmq_image + config_image: {get_param: DockerRabbitmqConfigImage} kolla_config: /var/lib/kolla/config_files/rabbitmq.json: command: /usr/sbin/pacemaker_remoted @@ -81,6 +88,10 @@ outputs: source: /dev/null owner: root perm: '0644' + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/lib/rabbitmq owner: rabbitmq:rabbitmq @@ -99,7 +110,7 @@ outputs: privileged: false volumes: - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/rabbitmq/etc/rabbitmq:/etc/rabbitmq:ro + - /var/lib/config-data/puppet-generated/rabbitmq/:/var/lib/kolla/config_files/src:ro - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - /var/lib/rabbitmq:/var/lib/rabbitmq @@ -154,6 +165,27 @@ outputs: echo 'export ERL_EPMD_PORT=4370' >> /etc/rabbitmq/rabbitmq-env.conf for pid in $(pgrep epmd); do if [ "$(lsns -o NS -p $pid)" == "$(lsns -o NS -p 1)" ]; then kill $pid; break; fi; done upgrade_tasks: - - name: Stop and disable rabbitmq service + - name: get bootstrap nodeid + tags: common + command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid + register: bootstrap_node + - name: set is_bootstrap_node fact + tags: common + set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}} + - name: Disable the rabbitmq cluster resource. + tags: step2 + pacemaker_resource: + resource: {get_attr: [RabbitmqBase, role_data, service_name]} + state: disable + wait_for_resource: true + when: is_bootstrap_node + - name: Delete the stopped rabbitmq cluster resource. + tags: step2 + pacemaker_resource: + resource: {get_attr: [RabbitmqBase, role_data, service_name]} + state: delete + wait_for_resource: true + when: is_bootstrap_node + - name: Disable rabbitmq service tags: step2 - service: name=rabbitmq-server state=stopped enabled=no + service: name=rabbitmq-server enabled=no |