diff options
Diffstat (limited to 'docker/services')
-rw-r--r-- | docker/services/ceilometer-agent-central.yaml | 2 | ||||
-rw-r--r-- | docker/services/ceph-ansible/ceph-base.yaml | 1 | ||||
-rw-r--r-- | docker/services/cinder-api.yaml | 1 | ||||
-rw-r--r-- | docker/services/cinder-backup.yaml | 1 | ||||
-rw-r--r-- | docker/services/cinder-volume.yaml | 1 | ||||
-rw-r--r-- | docker/services/containers-common.yaml | 6 | ||||
-rw-r--r-- | docker/services/database/mongodb.yaml | 2 | ||||
-rw-r--r-- | docker/services/gnocchi-api.yaml | 24 | ||||
-rw-r--r-- | docker/services/heat-api.yaml | 1 | ||||
-rw-r--r-- | docker/services/keystone.yaml | 6 | ||||
-rw-r--r-- | docker/services/multipathd.yaml | 10 | ||||
-rw-r--r-- | docker/services/nova-api.yaml | 26 | ||||
-rw-r--r-- | docker/services/nova-libvirt.yaml | 56 | ||||
-rw-r--r-- | docker/services/nova-placement.yaml | 17 | ||||
-rw-r--r-- | docker/services/pacemaker/database/mysql.yaml | 23 |
15 files changed, 153 insertions, 24 deletions
diff --git a/docker/services/ceilometer-agent-central.yaml b/docker/services/ceilometer-agent-central.yaml index 6caffd15..424c316f 100644 --- a/docker/services/ceilometer-agent-central.yaml +++ b/docker/services/ceilometer-agent-central.yaml @@ -115,7 +115,7 @@ outputs: command: - '/usr/bin/bootstrap_host_exec' - 'ceilometer_agent_central' - - "su ceilometer -s /bin/bash -c '/usr/bin/ceilometer-upgrade --skip-metering-database'" + - "su ceilometer -s /bin/bash -c 'for n in {1..10}; do /usr/bin/ceilometer-upgrade --skip-metering-database && exit 0 || sleep 5; done; exit 1'" upgrade_tasks: - name: Stop and disable ceilometer agent central service tags: step2 diff --git a/docker/services/ceph-ansible/ceph-base.yaml b/docker/services/ceph-ansible/ceph-base.yaml index 1468415e..85fe0608 100644 --- a/docker/services/ceph-ansible/ceph-base.yaml +++ b/docker/services/ceph-ansible/ceph-base.yaml @@ -142,6 +142,7 @@ outputs: ceph_docker_image_tag: {str_split: [':', {get_param: DockerCephDaemonImage}, 1]} containerized_deployment: true public_network: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephMonNetwork]}]} + monitor_address_block: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephMonNetwork]}]} cluster_network: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]} user_config: true ceph_stable: true diff --git a/docker/services/cinder-api.yaml b/docker/services/cinder-api.yaml index 48faaf9c..900131c9 100644 --- a/docker/services/cinder-api.yaml +++ b/docker/services/cinder-api.yaml @@ -160,6 +160,7 @@ outputs: cinder_api_cron: image: *cinder_api_image net: host + user: root privileged: false restart: always volumes: diff --git a/docker/services/cinder-backup.yaml b/docker/services/cinder-backup.yaml index 33147d27..ad3b43c2 100644 --- a/docker/services/cinder-backup.yaml +++ b/docker/services/cinder-backup.yaml @@ -120,7 +120,6 @@ outputs: - /var/lib/kolla/config_files/cinder_backup.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro - /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro - - /var/lib/config-data/puppet-generated/ceph/:/var/lib/kolla/config_files/src-ceph:ro - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro - /dev/:/dev/ - /run/:/run/ diff --git a/docker/services/cinder-volume.yaml b/docker/services/cinder-volume.yaml index 2ead0d50..eb904c0b 100644 --- a/docker/services/cinder-volume.yaml +++ b/docker/services/cinder-volume.yaml @@ -129,7 +129,6 @@ outputs: - /var/lib/kolla/config_files/cinder_volume.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro - /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro - - /var/lib/config-data/puppet-generated/ceph/:/var/lib/kolla/config_files/src-ceph:ro - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro - /lib/modules:/lib/modules:ro - /dev/:/dev/ diff --git a/docker/services/containers-common.yaml b/docker/services/containers-common.yaml index 71ea8d1f..2c894da5 100644 --- a/docker/services/containers-common.yaml +++ b/docker/services/containers-common.yaml @@ -66,5 +66,9 @@ outputs: - /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro - if: - internal_tls_enabled - - - {get_param: InternalTLSCAFile} + - - list_join: + - ':' + - - {get_param: InternalTLSCAFile} + - {get_param: InternalTLSCAFile} + - 'ro' - null diff --git a/docker/services/database/mongodb.yaml b/docker/services/database/mongodb.yaml index 5ba79b31..86bb6d54 100644 --- a/docker/services/database/mongodb.yaml +++ b/docker/services/database/mongodb.yaml @@ -116,6 +116,8 @@ outputs: with_items: - /var/log/containers/mongodb - /var/lib/mongodb + metadata_settings: + get_attr: [MongodbPuppetBase, role_data, metadata_settings] upgrade_tasks: - name: Stop and disable mongodb service tags: step2 diff --git a/docker/services/gnocchi-api.yaml b/docker/services/gnocchi-api.yaml index 5129b89f..7c6b6766 100644 --- a/docker/services/gnocchi-api.yaml +++ b/docker/services/gnocchi-api.yaml @@ -39,6 +39,10 @@ parameters: EnableInternalTLS: type: boolean default: false + NumberOfStorageSacks: + default: 128 + description: Number of storage sacks to create. + type: number conditions: @@ -84,6 +88,10 @@ outputs: dest: "/" merge: true preserve_properties: true + - source: "/var/lib/kolla/config_files/src-ceph/" + dest: "/etc/ceph/" + merge: true + preserve_properties: true permissions: - path: /var/log/gnocchi owner: gnocchi:gnocchi @@ -97,7 +105,7 @@ outputs: volumes: - /var/log/containers/gnocchi:/var/log/gnocchi command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R gnocchi:gnocchi /var/log/gnocchi'] - step_3: + step_4: gnocchi_db_sync: image: *gnocchi_api_image net: host @@ -110,8 +118,13 @@ outputs: - - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro - /var/log/containers/gnocchi:/var/log/gnocchi - command: "/usr/bin/bootstrap_host_exec gnocchi_api su gnocchi -s /bin/bash -c '/usr/bin/gnocchi-upgrade --skip-storage'" - step_4: + - /etc/ceph:/etc/ceph:ro + command: + str_replace: + template: /usr/bin/bootstrap_host_exec gnocchi_api su gnocchi -s /bin/bash -c '/usr/bin/gnocchi-upgrade --sacks-number=SACK_NUM' + params: + SACK_NUM: {get_param: NumberOfStorageSacks} + step_5: gnocchi_api: image: *gnocchi_api_image net: host @@ -124,6 +137,7 @@ outputs: - /var/lib/kolla/config_files/gnocchi_api.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/gnocchi/:/var/lib/kolla/config_files/src:ro - /var/log/containers/gnocchi:/var/log/gnocchi + - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro - if: - internal_tls_enabled @@ -141,6 +155,10 @@ outputs: file: path: /var/log/containers/gnocchi state: directory + - name: ensure ceph configurations exist + file: + path: /etc/ceph + state: directory upgrade_tasks: - name: Stop and disable httpd service tags: step2 diff --git a/docker/services/heat-api.yaml b/docker/services/heat-api.yaml index 0bc331ca..9e38b060 100644 --- a/docker/services/heat-api.yaml +++ b/docker/services/heat-api.yaml @@ -133,6 +133,7 @@ outputs: heat_api_cron: image: {get_param: DockerHeatApiImage} net: host + user: root privileged: false restart: always volumes: diff --git a/docker/services/keystone.yaml b/docker/services/keystone.yaml index c461f976..fcc458a2 100644 --- a/docker/services/keystone.yaml +++ b/docker/services/keystone.yaml @@ -103,7 +103,9 @@ outputs: merge: true preserve_properties: true /var/lib/kolla/config_files/keystone_cron.json: - command: /usr/sbin/cron -n + # FIXME(dprince): this is unused ATM because Kolla hardcodes the + # args for the keystone container to -DFOREGROUND + command: /usr/sbin/crond -n config_files: - source: "/var/lib/kolla/config_files/src/*" dest: "/" @@ -168,9 +170,11 @@ outputs: keystone_cron: start_order: 4 image: *keystone_image + user: root net: host privileged: false restart: always + command: ['/bin/bash', '-c', '/usr/local/bin/kolla_set_configs && /usr/sbin/crond -n'] volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} diff --git a/docker/services/multipathd.yaml b/docker/services/multipathd.yaml index fc749f37..5e01558a 100644 --- a/docker/services/multipathd.yaml +++ b/docker/services/multipathd.yaml @@ -59,11 +59,11 @@ outputs: kolla_config: /var/lib/kolla/config_files/multipathd.json: command: /usr/sbin/multipathd -d - config_files: - - source: "/var/lib/kolla/config_files/src-iscsid/*" - dest: "/" - merge: true - preserve_properties: true + config_files: + - source: "/var/lib/kolla/config_files/src-iscsid/*" + dest: "/" + merge: true + preserve_properties: true docker_config: step_3: multipathd: diff --git a/docker/services/nova-api.yaml b/docker/services/nova-api.yaml index da461049..45de265e 100644 --- a/docker/services/nova-api.yaml +++ b/docker/services/nova-api.yaml @@ -36,6 +36,13 @@ parameters: default: {} description: Parameters specific to the role type: json + EnableInternalTLS: + type: boolean + default: false + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} resources: @@ -64,9 +71,6 @@ outputs: map_merge: - get_attr: [NovaApiBase, role_data, config_settings] - apache::default_vhost: false - nova_wsgi_enabled: false - nova::api::service_name: '%{::nova::params::api_service_name}' - nova::wsgi::apache_api::ssl: false step_config: &step_config list_join: - "\n" @@ -82,7 +86,7 @@ outputs: config_image: {get_param: DockerNovaConfigImage} kolla_config: /var/lib/kolla/config_files/nova_api.json: - command: /usr/bin/nova-api + command: /usr/sbin/httpd -DFOREGROUND config_files: - source: "/var/lib/kolla/config_files/src/*" dest: "/" @@ -112,7 +116,7 @@ outputs: user: root volumes: - /var/log/containers/nova:/var/log/nova - command: ['/bin/bash', '-c', 'chown -R nova:nova /var/log/nova'] + command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R nova:nova /var/log/nova'] step_3: nova_api_db_sync: start_order: 0 @@ -163,7 +167,7 @@ outputs: start_order: 2 image: *nova_api_image net: host - user: nova + user: root privileged: true restart: always volumes: @@ -173,6 +177,16 @@ outputs: - /var/lib/kolla/config_files/nova_api.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro - /var/log/containers/nova:/var/log/nova + - + if: + - internal_tls_enabled + - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro + - '' + - + if: + - internal_tls_enabled + - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro + - '' environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS nova_api_cron: diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml index 2f3851a5..916b057e 100644 --- a/docker/services/nova-libvirt.yaml +++ b/docker/services/nova-libvirt.yaml @@ -56,7 +56,21 @@ parameters: description: Port that dockerized nova migration target sshd service binds to. type: number - + NovaEnableRbdBackend: + default: false + description: Whether to enable or not the Rbd backend for Nova + type: boolean + CinderEnableRbdBackend: + default: false + description: Whether to enable or not the Rbd backend for Cinder + type: boolean + CephClientKey: + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + type: string + hidden: true + CephClusterFSID: + type: string + description: The Ceph cluster FSID. Must be a UUID. conditions: @@ -69,6 +83,15 @@ conditions: - {get_param: UseTLSTransportForLiveMigration} - true + need_libvirt_secret: + or: + - equals: + - {get_param: NovaEnableRbdBackend} + - true + - equals: + - {get_param: CinderEnableRbdBackend} + - true + resources: ContainersCommon: @@ -102,7 +125,7 @@ outputs: - {get_attr: [MySQLClient, role_data, step_config]} puppet_config: config_volume: nova_libvirt - puppet_tags: libvirtd_config,nova_config,file,exec + puppet_tags: libvirtd_config,nova_config,file step_config: *step_config config_image: {get_param: DockerNovaLibvirtConfigImage} kolla_config: @@ -145,21 +168,46 @@ outputs: - /run:/run - /sys/fs/cgroup:/sys/fs/cgroup - /var/lib/nova:/var/lib/nova - - /etc/libvirt/secrets:/etc/libvirt/secrets + - /etc/libvirt:/etc/libvirt # Needed to use host's virtlogd - /var/run/libvirt:/var/run/libvirt - /var/lib/libvirt:/var/lib/libvirt - - /etc/libvirt/qemu:/etc/libvirt/qemu - /var/log/libvirt/qemu:/var/log/libvirt/qemu:ro - /var/log/containers/nova:/var/log/nova environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + step_4: + if: + - need_libvirt_secret + - nova_libvirt_init_secret: + detach: false + image: {get_param: DockerNovaLibvirtImage} + privileged: false + user: root + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/config-data/puppet-generated/nova_libvirt/etc/nova:/etc/nova:ro + - /etc/libvirt:/etc/libvirt + - /var/run/libvirt:/var/run/libvirt + - /var/lib/libvirt:/var/lib/libvirt + command: + - /bin/bash + - -c + - str_replace: + template: /usr/bin/virsh secret-define --file /etc/nova/secret.xml && /usr/bin/virsh secret-set-value --secret 'SECRET_UUID' --base64 'SECRET_KEY' + params: + SECRET_UUID: {get_param: CephClusterFSID} + SECRET_KEY: {get_param: CephClientKey} + - {} host_prep_tasks: - name: create libvirt persistent data directories file: path: "{{ item }}" state: directory with_items: + - /etc/libvirt - /etc/libvirt/secrets - /etc/libvirt/qemu - /var/lib/libvirt diff --git a/docker/services/nova-placement.yaml b/docker/services/nova-placement.yaml index d784ace3..26d17560 100644 --- a/docker/services/nova-placement.yaml +++ b/docker/services/nova-placement.yaml @@ -36,6 +36,13 @@ parameters: default: {} description: Parameters specific to the role type: json + EnableInternalTLS: + type: boolean + default: false + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} resources: @@ -104,6 +111,16 @@ outputs: - /var/lib/kolla/config_files/nova_placement.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/nova_placement/:/var/lib/kolla/config_files/src:ro - /var/log/containers/nova:/var/log/nova + - + if: + - internal_tls_enabled + - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro + - '' + - + if: + - internal_tls_enabled + - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro + - '' environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS metadata_settings: diff --git a/docker/services/pacemaker/database/mysql.yaml b/docker/services/pacemaker/database/mysql.yaml index 5042b438..a9e49b28 100644 --- a/docker/services/pacemaker/database/mysql.yaml +++ b/docker/services/pacemaker/database/mysql.yaml @@ -32,6 +32,9 @@ parameters: type: string hidden: true default: '' + MysqlClustercheckPassword: + type: string + hidden: true RoleName: default: '' description: Role name on which the service is applied @@ -151,7 +154,19 @@ outputs: image: *mysql_image net: host # Kolla bootstraps aren't idempotent, explicitly checking if bootstrap was done - command: ['bash', '-c', 'test -e /var/lib/mysql/mysql || kolla_start'] + command: + - 'bash' + - '-ec' + - + list_join: + - "\n" + - - 'if [ -e /var/lib/mysql/mysql ]; then exit 0; fi' + - 'kolla_start' + - 'mysqld_safe --skip-networking --wsrep-on=OFF &' + - 'timeout ${DB_MAX_TIMEOUT} /bin/bash -c ''until mysqladmin -uroot -p"${DB_ROOT_PASSWORD}" ping 2>/dev/null; do sleep 1; done''' + - 'mysql -uroot -p"${DB_ROOT_PASSWORD}" -e "CREATE USER ''clustercheck''@''localhost'' IDENTIFIED BY ''${DB_CLUSTERCHECK_PASSWORD}'';"' + - 'mysql -uroot -p"${DB_ROOT_PASSWORD}" -e "GRANT PROCESS ON *.* TO ''clustercheck''@''localhost'' WITH GRANT OPTION;"' + - 'timeout ${DB_MAX_TIMEOUT} mysqladmin -uroot -p"${DB_ROOT_PASSWORD}" shutdown' volumes: &mysql_volumes list_concat: - {get_attr: [ContainersCommon, volumes]} @@ -164,6 +179,12 @@ outputs: - KOLLA_BOOTSTRAP=True # NOTE(mandre) skip wsrep cluster status check - KOLLA_KUBERNETES=True + - DB_MAX_TIMEOUT=60 + - + list_join: + - '=' + - - 'DB_CLUSTERCHECK_PASSWORD' + - {get_param: MysqlClustercheckPassword} - list_join: - '=' |