diff options
Diffstat (limited to 'docker/services')
58 files changed, 989 insertions, 146 deletions
diff --git a/docker/services/aodh-api.yaml b/docker/services/aodh-api.yaml index 70b43eb1..8afb6d28 100644 --- a/docker/services/aodh-api.yaml +++ b/docker/services/aodh-api.yaml @@ -49,6 +49,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + AodhApiPuppetBase: type: ../../puppet/services/aodh-api.yaml properties: @@ -68,7 +71,10 @@ outputs: - get_attr: [AodhApiPuppetBase, role_data, config_settings] - apache::default_vhost: false step_config: &step_config - get_attr: [AodhApiPuppetBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [AodhApiPuppetBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [AodhApiPuppetBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/aodh-evaluator.yaml b/docker/services/aodh-evaluator.yaml index f75c57b3..86bdfdf9 100644 --- a/docker/services/aodh-evaluator.yaml +++ b/docker/services/aodh-evaluator.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + AodhEvaluatorBase: type: ../../puppet/services/aodh-evaluator.yaml properties: @@ -61,7 +64,10 @@ outputs: map_merge: - get_attr: [AodhEvaluatorBase, role_data, config_settings] step_config: &step_config - get_attr: [AodhEvaluatorBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [AodhEvaluatorBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [AodhEvaluatorBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/aodh-listener.yaml b/docker/services/aodh-listener.yaml index 9db2ffbe..3f986ab2 100644 --- a/docker/services/aodh-listener.yaml +++ b/docker/services/aodh-listener.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + AodhListenerBase: type: ../../puppet/services/aodh-listener.yaml properties: @@ -61,7 +64,10 @@ outputs: map_merge: - get_attr: [AodhListenerBase, role_data, config_settings] step_config: &step_config - get_attr: [AodhListenerBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [AodhListenerBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [AodhListenerBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/aodh-notifier.yaml b/docker/services/aodh-notifier.yaml index c16c0161..852120c9 100644 --- a/docker/services/aodh-notifier.yaml +++ b/docker/services/aodh-notifier.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + AodhNotifierBase: type: ../../puppet/services/aodh-notifier.yaml properties: @@ -61,7 +64,10 @@ outputs: map_merge: - get_attr: [AodhNotifierBase, role_data, config_settings] step_config: &step_config - get_attr: [AodhNotifierBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [AodhNotifierBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [AodhNotifierBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/ceph-ansible/ceph-base.yaml b/docker/services/ceph-ansible/ceph-base.yaml new file mode 100644 index 00000000..1468415e --- /dev/null +++ b/docker/services/ceph-ansible/ceph-base.yaml @@ -0,0 +1,205 @@ +heat_template_version: pike + +description: > + Ceph base service. Shared by all Ceph services. + +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + CephAnsibleWorkflowName: + type: string + description: Name of the Mistral workflow to execute + default: tripleo.storage.v1.ceph-install + CephAnsiblePlaybook: + type: string + description: Path to the ceph-ansible playbook to execute + default: /usr/share/ceph-ansible/site-docker.yml.sample + CephAnsibleExtraConfig: + type: json + description: Extra vars for the ceph-ansible playbook + default: {} + CephClusterFSID: + type: string + description: The Ceph cluster FSID. Must be a UUID. + CephPoolDefaultPgNum: + description: default pg_num to use for the RBD pools + type: number + default: 32 + CephPools: + description: > + It can be used to override settings for one of the predefined pools, or to create + additional ones. Example: + { + "volumes": { + "size": 5, + "pg_num": 128, + "pgp_num": 128 + } + } + default: {} + type: json + CinderRbdPoolName: + default: volumes + type: string + CinderBackupRbdPoolName: + default: backups + type: string + GlanceRbdPoolName: + default: images + type: string + GnocchiRbdPoolName: + default: metrics + type: string + NovaRbdPoolName: + default: vms + type: string + CephClientKey: + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + type: string + hidden: true + CephClientUserName: + default: openstack + type: string + CephPoolDefaultSize: + description: default minimum replication for RBD copies + type: number + default: 3 + CephIPv6: + default: False + type: boolean + DockerCephDaemonImage: + description: image + type: string + default: 'ceph/daemon:tag-build-master-jewel-centos-7' + +conditions: + custom_registry_host: + yaql: + data: {get_param: DockerCephDaemonImage} + expression: $.data.split('/')[0].matches('(\.|:)') + +outputs: + role_data: + description: Role data for the Ceph base service. + value: + service_name: ceph_base + upgrade_tasks: [] + step_config: '' + puppet_config: + config_image: '' + config_volume: '' + step_config: '' + docker_config: {} + service_workflow_tasks: + step2: + - name: ceph_base_ansible_workflow + workflow: { get_param: CephAnsibleWorkflowName } + input: + ceph_ansible_extra_vars: {get_param: CephAnsibleExtraConfig} + ceph_ansible_playbook: {get_param: CephAnsiblePlaybook} + config_settings: + ceph_common_ansible_vars: + fsid: { get_param: CephClusterFSID } + docker: true + ceph_docker_registry: + if: + - custom_registry_host + - yaql: + expression: regex('(?:https?://)?(.*)/').split($.data)[1] + data: {str_split: [':', {get_param: DockerCephDaemonImage}, 0]} + - docker.io + ceph_docker_image: + if: + - custom_registry_host + - yaql: + expression: regex('(?:https?://)?(.*)/').split($.data)[2] + data: {str_split: [':', {get_param: DockerCephDaemonImage}, 0]} + - {str_split: [':', {get_param: DockerCephDaemonImage}, 0]} + ceph_docker_image_tag: {str_split: [':', {get_param: DockerCephDaemonImage}, 1]} + containerized_deployment: true + public_network: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephMonNetwork]}]} + cluster_network: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]} + user_config: true + ceph_stable: true + ceph_origin: distro + openstack_config: true + openstack_pools: + list_concat: + - repeat: + template: + name: <%pool%> + pg_num: {get_param: CephPoolDefaultPgNum} + rule_name: "" + for_each: + <%pool%>: + - {get_param: CinderRbdPoolName} + - {get_param: CinderBackupRbdPoolName} + - {get_param: NovaRbdPoolName} + - {get_param: GlanceRbdPoolName} + - {get_param: GnocchiRbdPoolName} + - repeat: + template: + name: <%pool%> + pg_num: {get_param: CephPoolDefaultPgNum} + rule_name: "" + for_each: + <%pool%>: {get_param: CephPools} + openstack_keys: &openstack_keys + - name: + list_join: + - '.' + - - client + - {get_param: CephClientUserName} + key: {get_param: CephClientKey} + mon_cap: "allow r" + osd_cap: + str_replace: + template: "allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=CINDERBACKUP_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL, allow rwx pool=GNOCCHI_POOL" + params: + NOVA_POOL: {get_param: NovaRbdPoolName} + CINDER_POOL: {get_param: CinderRbdPoolName} + CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName} + GLANCE_POOL: {get_param: GlanceRbdPoolName} + GNOCCHI_POOL: {get_param: GnocchiRbdPoolName} + acls: + - "u:glance:r--" + - "u:nova:r--" + - "u:cinder:r--" + - "u:gnocchi:r--" + keys: *openstack_keys + pools: [] + ceph_conf_overrides: + global: + osd_pool_default_size: {get_param: CephPoolDefaultSize} + osd_pool_default_pg_num: {get_param: CephPoolDefaultPgNum} + ntp_service_enabled: false + generate_fsid: false + ip_version: + if: + - {get_param: CephIPv6} + - ipv6 + - ipv4 diff --git a/docker/services/ceph-ansible/ceph-client.yaml b/docker/services/ceph-ansible/ceph-client.yaml new file mode 100644 index 00000000..55d8d9da --- /dev/null +++ b/docker/services/ceph-ansible/ceph-client.yaml @@ -0,0 +1,58 @@ +heat_template_version: pike + +description: > + Ceph Client service. + +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + CephBase: + type: ./ceph-base.yaml + properties: + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Ceph Client service. + value: + service_name: ceph_client + upgrade_tasks: [] + step_config: '' + puppet_config: + config_image: '' + config_volume: '' + step_config: '' + docker_config: {} + service_workflow_tasks: {get_attr: [CephBase, role_data, service_workflow_tasks]} + config_settings: {} diff --git a/docker/services/ceph-ansible/ceph-mon.yaml b/docker/services/ceph-ansible/ceph-mon.yaml new file mode 100644 index 00000000..90149d1e --- /dev/null +++ b/docker/services/ceph-ansible/ceph-mon.yaml @@ -0,0 +1,86 @@ +heat_template_version: pike + +description: > + Ceph Monitor service. + +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + CephMonKey: + description: The Ceph monitors key. Can be created with ceph-authtool --gen-print-key. + type: string + hidden: true + CephAdminKey: + default: '' + description: The Ceph admin client key. Can be created with ceph-authtool --gen-print-key. + type: string + hidden: true + CephValidationRetries: + type: number + default: 40 + description: Number of retry attempts for Ceph validation + CephValidationDelay: + type: number + default: 30 + description: Interval (in seconds) in between validation checks + +resources: + CephBase: + type: ./ceph-base.yaml + properties: + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Ceph Monitor service. + value: + service_name: ceph_mon + upgrade_tasks: [] + step_config: '' + puppet_config: + config_image: '' + config_volume: '' + step_config: '' + docker_config: {} + service_workflow_tasks: {get_attr: [CephBase, role_data, service_workflow_tasks]} + config_settings: + map_merge: + - tripleo.ceph_mon.firewall_rules: + '110 ceph_mon': + dport: + - 6789 + - ceph_mon_ansible_vars: + map_merge: + - {get_attr: [CephBase, role_data, config_settings, ceph_common_ansible_vars]} + - monitor_secret: {get_param: CephMonKey} + admin_secret: {get_param: CephAdminKey} + monitor_interface: br_ex diff --git a/docker/services/ceph-ansible/ceph-osd.yaml b/docker/services/ceph-ansible/ceph-osd.yaml new file mode 100644 index 00000000..6e0f4a60 --- /dev/null +++ b/docker/services/ceph-ansible/ceph-osd.yaml @@ -0,0 +1,75 @@ +heat_template_version: pike + +description: > + Ceph OSD service. + +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + CephAnsibleDisksConfig: + type: json + description: Disks config settings for ceph-ansible + default: + devices: + - /dev/vdb + journal_size: 512 + journal_collocation: true + +resources: + CephBase: + type: ./ceph-base.yaml + properties: + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Ceph OSD service. + value: + service_name: ceph_osd + upgrade_tasks: [] + step_config: '' + puppet_config: + config_image: '' + config_volume: '' + step_config: '' + docker_config: {} + service_workflow_tasks: {get_attr: [CephBase, role_data, service_workflow_tasks]} + config_settings: + map_merge: + - tripleo.ceph_osd.firewall_rules: + '111 ceph_osd': + dport: + - '6800-7300' + - ceph_osd_ansible_vars: + map_merge: + - {get_attr: [CephBase, role_data, config_settings, ceph_common_ansible_vars]} + - {get_param: CephAnsibleDisksConfig}
\ No newline at end of file diff --git a/docker/services/cinder-api.yaml b/docker/services/cinder-api.yaml index 7804fdb2..900131c9 100644 --- a/docker/services/cinder-api.yaml +++ b/docker/services/cinder-api.yaml @@ -49,6 +49,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + CinderBase: type: ../../puppet/services/cinder-api.yaml properties: @@ -66,7 +69,10 @@ outputs: service_name: {get_attr: [CinderBase, role_data, service_name]} config_settings: {get_attr: [CinderBase, role_data, config_settings]} step_config: &step_config - get_attr: [CinderBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [CinderBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: @@ -154,6 +160,7 @@ outputs: cinder_api_cron: image: *cinder_api_image net: host + user: root privileged: false restart: always volumes: @@ -166,6 +173,8 @@ outputs: environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + metadata_settings: + get_attr: [CinderBase, role_data, metadata_settings] host_prep_tasks: - name: create persistent logs directory file: diff --git a/docker/services/cinder-backup.yaml b/docker/services/cinder-backup.yaml index dc7580a3..ad3b43c2 100644 --- a/docker/services/cinder-backup.yaml +++ b/docker/services/cinder-backup.yaml @@ -43,6 +43,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + CinderBase: type: ../../puppet/services/cinder-backup.yaml properties: @@ -60,7 +63,10 @@ outputs: service_name: {get_attr: [CinderBase, role_data, service_name]} config_settings: {get_attr: [CinderBase, role_data, config_settings]} step_config: &step_config - get_attr: [CinderBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [CinderBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: @@ -72,16 +78,12 @@ outputs: /var/lib/kolla/config_files/cinder_backup.json: command: /usr/bin/cinder-backup --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf config_files: - # NOTE(mandre): the copy of ceph conf will need to go once we - # generate a ceph.conf for cinder in puppet - # Copy ceph config files before cinder ones as a precaution, for - # the later one to take precendence in case of duplicate files. - - source: "/var/lib/kolla/config_files/src-ceph/*" + - source: "/var/lib/kolla/config_files/src/*" dest: "/" merge: true preserve_properties: true - - source: "/var/lib/kolla/config_files/src/*" - dest: "/" + - source: "/var/lib/kolla/config_files/src-ceph/" + dest: "/etc/ceph/" merge: true preserve_properties: true - source: "/var/lib/kolla/config_files/src-iscsid/*" @@ -118,8 +120,7 @@ outputs: - /var/lib/kolla/config_files/cinder_backup.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro - /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro - # FIXME: we need to generate a ceph.conf with puppet for this - - /var/lib/config-data/puppet-generated/ceph/:/var/lib/kolla/config_files/src-ceph:ro + - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro - /dev/:/dev/ - /run/:/run/ - /sys:/sys @@ -136,6 +137,10 @@ outputs: with_items: - /var/lib/cinder - /var/log/containers/cinder + - name: ensure ceph configurations exist + file: + path: /etc/ceph + state: directory upgrade_tasks: - name: Stop and disable cinder_backup service tags: step2 diff --git a/docker/services/cinder-scheduler.yaml b/docker/services/cinder-scheduler.yaml index 1bae005c..1ac31874 100644 --- a/docker/services/cinder-scheduler.yaml +++ b/docker/services/cinder-scheduler.yaml @@ -43,6 +43,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + CinderBase: type: ../../puppet/services/cinder-scheduler.yaml properties: @@ -60,7 +63,10 @@ outputs: service_name: {get_attr: [CinderBase, role_data, service_name]} config_settings: {get_attr: [CinderBase, role_data, config_settings]} step_config: &step_config - get_attr: [CinderBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [CinderBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/cinder-volume.yaml b/docker/services/cinder-volume.yaml index 3030019c..eb904c0b 100644 --- a/docker/services/cinder-volume.yaml +++ b/docker/services/cinder-volume.yaml @@ -51,6 +51,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + CinderBase: type: ../../puppet/services/cinder-volume.yaml properties: @@ -75,6 +78,7 @@ outputs: - "\n" - - "include ::tripleo::profile::base::lvm" - get_attr: [CinderBase, role_data, step_config] + - get_attr: [MySQLClient, role_data, step_config] service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: @@ -86,16 +90,12 @@ outputs: /var/lib/kolla/config_files/cinder_volume.json: command: /usr/bin/cinder-volume --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf config_files: - # NOTE(mandre): the copy of ceph conf will need to go once we - # generate a ceph.conf for cinder in puppet - # Copy ceph config files before cinder ones as a precaution, for - # the later one to take precendence in case of duplicate files. - - source: "/var/lib/kolla/config_files/src-ceph/*" + - source: "/var/lib/kolla/config_files/src/*" dest: "/" merge: true preserve_properties: true - - source: "/var/lib/kolla/config_files/src/*" - dest: "/" + - source: "/var/lib/kolla/config_files/src-ceph/" + dest: "/etc/ceph/" merge: true preserve_properties: true - source: "/var/lib/kolla/config_files/src-iscsid/*" @@ -129,8 +129,7 @@ outputs: - /var/lib/kolla/config_files/cinder_volume.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro - /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro - # FIXME: we need to generate a ceph.conf with puppet for this - - /var/lib/config-data/puppet-generated/ceph/:/var/lib/kolla/config_files/src-ceph:ro + - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro - /lib/modules:/lib/modules:ro - /dev/:/dev/ - /run/:/run/ @@ -147,6 +146,10 @@ outputs: with_items: - /var/log/containers/cinder - /var/lib/cinder + - name: ensure ceph configurations exist + file: + path: /etc/ceph + state: directory - name: cinder_enable_iscsi_backend fact set_fact: cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend} diff --git a/docker/services/collectd.yaml b/docker/services/collectd.yaml index 2989729c..3c0ba09b 100644 --- a/docker/services/collectd.yaml +++ b/docker/services/collectd.yaml @@ -89,15 +89,17 @@ outputs: collectd: image: {get_param: DockerCollectdImage} net: host + pid: host privileged: true + user: root restart: always volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/run/docker.sock:/var/run/docker.sock:rw - /var/lib/kolla/config_files/collectd.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/collectd/:/var/lib/kolla/config_files/src:ro + - /var/log/containers/collectd:/var/log/collectd:rw environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: diff --git a/docker/services/congress.yaml b/docker/services/congress.yaml index e49682f9..08170cef 100644 --- a/docker/services/congress.yaml +++ b/docker/services/congress.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + CongressBase: type: ../../puppet/services/congress.yaml properties: @@ -61,7 +64,10 @@ outputs: map_merge: - get_attr: [CongressBase, role_data, config_settings] step_config: &step_config - get_attr: [CongressBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [CongressBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [CongressBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/containers-common.yaml b/docker/services/containers-common.yaml index 71ea8d1f..2c894da5 100644 --- a/docker/services/containers-common.yaml +++ b/docker/services/containers-common.yaml @@ -66,5 +66,9 @@ outputs: - /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro - if: - internal_tls_enabled - - - {get_param: InternalTLSCAFile} + - - list_join: + - ':' + - - {get_param: InternalTLSCAFile} + - {get_param: InternalTLSCAFile} + - 'ro' - null diff --git a/docker/services/database/mysql-client.yaml b/docker/services/database/mysql-client.yaml deleted file mode 100644 index d45d58e1..00000000 --- a/docker/services/database/mysql-client.yaml +++ /dev/null @@ -1,62 +0,0 @@ -heat_template_version: pike - -description: > - Configuration for containerized MySQL clients - -parameters: - DockerMysqlClientConfigImage: - description: The container image to use for the mysql_client config_volume - type: string - ServiceData: - default: {} - description: Dictionary packing service data - type: json - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - RoleName: - default: '' - description: Role name on which the service is applied - type: string - RoleParameters: - default: {} - description: Parameters specific to the role - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - EnableInternalTLS: - type: boolean - default: false - InternalTLSCAFile: - default: '/etc/ipa/ca.crt' - type: string - description: Specifies the default CA cert to use if TLS is used for - services in the internal network. - -outputs: - role_data: - description: Role for setting mysql client parameters - value: - service_name: mysql_client - config_settings: - tripleo::profile::base::database::mysql::client::mysql_client_bind_address: {get_param: [ServiceNetMap, MysqlNetwork]} - tripleo::profile::base::database::mysql::client::enable_ssl: {get_param: EnableInternalTLS} - tripleo::profile::base::database::mysql::client::ssl_ca: {get_param: InternalTLSCAFile} - # BEGIN DOCKER SETTINGS # - step_config: "" - puppet_config: - config_volume: mysql_client - puppet_tags: file # set this even though file is the default - step_config: "include ::tripleo::profile::base::database::mysql::client" - config_image: {get_param: DockerMysqlClientConfigImage} - # no need for a docker config, this service only generates configuration files - docker_config: {} diff --git a/docker/services/ec2-api.yaml b/docker/services/ec2-api.yaml index 9f1ecbc1..1d4ddd38 100644 --- a/docker/services/ec2-api.yaml +++ b/docker/services/ec2-api.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + Ec2ApiPuppetBase: type: ../../puppet/services/ec2-api.yaml properties: @@ -58,7 +61,10 @@ outputs: service_name: {get_attr: [Ec2ApiPuppetBase, role_data, service_name]} config_settings: {get_attr: [Ec2ApiPuppetBase, role_data, config_settings]} step_config: &step_config - get_attr: [Ec2ApiPuppetBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [Ec2ApiPuppetBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [Ec2ApiPuppetBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/glance-api.yaml b/docker/services/glance-api.yaml index d88c64b5..044eb283 100644 --- a/docker/services/glance-api.yaml +++ b/docker/services/glance-api.yaml @@ -50,6 +50,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + GlanceApiPuppetBase: type: ../../puppet/services/glance-api.yaml properties: @@ -70,7 +73,10 @@ outputs: - get_attr: [GlanceApiPuppetBase, role_data, config_settings] - glance::api::sync_db: false step_config: &step_config - get_attr: [GlanceApiPuppetBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [GlanceApiPuppetBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [GlanceApiPuppetBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS # puppet_config: @@ -86,6 +92,10 @@ outputs: dest: "/" merge: true preserve_properties: true + - source: "/var/lib/kolla/config_files/src-ceph/" + dest: "/etc/ceph/" + merge: true + preserve_properties: true /var/lib/kolla/config_files/glance_api_tls_proxy.json: command: /usr/sbin/httpd -DFOREGROUND config_files: @@ -117,6 +127,7 @@ outputs: - /var/lib/kolla/config_files/glance_api.json:/var/lib/kolla/config_files/config.json - /var/lib/config-data/puppet-generated/glance_api/:/var/lib/kolla/config_files/src:ro - /var/log/containers/glance:/var/log/glance + - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro environment: - KOLLA_BOOTSTRAP=True - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS @@ -156,6 +167,10 @@ outputs: file: path: /var/log/containers/glance state: directory + - name: ensure ceph configurations exist + file: + path: /etc/ceph + state: directory upgrade_tasks: - name: Stop and disable glance_api service tags: step2 diff --git a/docker/services/gnocchi-api.yaml b/docker/services/gnocchi-api.yaml index 5129b89f..41fe197b 100644 --- a/docker/services/gnocchi-api.yaml +++ b/docker/services/gnocchi-api.yaml @@ -39,6 +39,10 @@ parameters: EnableInternalTLS: type: boolean default: false + NumberOfStorageSacks: + default: 128 + description: Number of storage sacks to create. + type: number conditions: @@ -110,7 +114,11 @@ outputs: - - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro - /var/log/containers/gnocchi:/var/log/gnocchi - command: "/usr/bin/bootstrap_host_exec gnocchi_api su gnocchi -s /bin/bash -c '/usr/bin/gnocchi-upgrade --skip-storage'" + command: + str_replace: + template: "/usr/bin/bootstrap_host_exec gnocchi_api su gnocchi -s /bin/bash -c /usr/bin/gnocchi-upgrade --sacks-number=SACK_NUM" + params: + SACK_NUM: {get_param: NumberOfStorageSacks} step_4: gnocchi_api: image: *gnocchi_api_image diff --git a/docker/services/gnocchi-metricd.yaml b/docker/services/gnocchi-metricd.yaml index 1a0a1ddb..5a6958a0 100644 --- a/docker/services/gnocchi-metricd.yaml +++ b/docker/services/gnocchi-metricd.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + GnocchiMetricdBase: type: ../../puppet/services/gnocchi-metricd.yaml properties: @@ -59,7 +62,10 @@ outputs: service_name: {get_attr: [GnocchiMetricdBase, role_data, service_name]} config_settings: {get_attr: [GnocchiMetricdBase, role_data, config_settings]} step_config: &step_config - get_attr: [GnocchiMetricdBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [GnocchiMetricdBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [GnocchiMetricdBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: @@ -75,6 +81,10 @@ outputs: dest: "/" merge: true preserve_properties: true + - source: "/var/lib/kolla/config_files/src-ceph/" + dest: "/etc/ceph/" + merge: true + preserve_properties: true permissions: - path: /var/log/gnocchi owner: gnocchi:gnocchi @@ -93,6 +103,7 @@ outputs: - /var/lib/kolla/config_files/gnocchi_metricd.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/gnocchi/:/var/lib/kolla/config_files/src:ro - /var/log/containers/gnocchi:/var/log/gnocchi + - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: @@ -100,6 +111,10 @@ outputs: file: path: /var/log/containers/gnocchi state: directory + - name: ensure ceph configurations exist + file: + path: /etc/ceph + state: directory upgrade_tasks: - name: Stop and disable openstack-gnocchi-metricd service tags: step2 diff --git a/docker/services/gnocchi-statsd.yaml b/docker/services/gnocchi-statsd.yaml index 00d218d2..19e658cd 100644 --- a/docker/services/gnocchi-statsd.yaml +++ b/docker/services/gnocchi-statsd.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + GnocchiStatsdBase: type: ../../puppet/services/gnocchi-statsd.yaml properties: @@ -59,7 +62,10 @@ outputs: service_name: {get_attr: [GnocchiStatsdBase, role_data, service_name]} config_settings: {get_attr: [GnocchiStatsdBase, role_data, config_settings]} step_config: &step_config - get_attr: [GnocchiStatsdBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [GnocchiStatsdBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [GnocchiStatsdBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/haproxy.yaml b/docker/services/haproxy.yaml index 21baf5c6..2f0584ea 100644 --- a/docker/services/haproxy.yaml +++ b/docker/services/haproxy.yaml @@ -46,7 +46,7 @@ parameters: The filepath of the certificate as it will be stored in the controller. type: string RedisPassword: - description: The password for Redis + description: The password for the redis service account. type: string hidden: true MonitoringSubscriptionHaproxy: @@ -85,6 +85,7 @@ outputs: map_merge: - get_attr: [HAProxyBase, role_data, config_settings] - tripleo::haproxy::haproxy_daemon: false + tripleo::haproxy::haproxy_service_manage: false step_config: &step_config get_attr: [HAProxyBase, role_data, step_config] service_config_settings: {get_attr: [HAProxyBase, role_data, service_config_settings]} @@ -92,7 +93,8 @@ outputs: puppet_config: config_volume: haproxy puppet_tags: haproxy_config - step_config: *step_config + step_config: + "class {'::tripleo::profile::base::haproxy': manage_firewall => false}" config_image: {get_param: DockerHAProxyConfigImage} volumes: &deployed_cert_mount - list_join: @@ -110,10 +112,44 @@ outputs: preserve_properties: true docker_config: step_1: + haproxy_firewall: + detach: false + image: {get_param: DockerHAProxyImage} + net: host + user: root + privileged: true + command: + - '/bin/bash' + - '-c' + - str_replace: + template: + list_join: + - '; ' + - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 1}' > /etc/puppet/hieradata/docker.json" + - "FACTER_uuid=docker puppet apply --tags TAGS -v -e 'CONFIG'" + params: + TAGS: 'tripleo::firewall::rule' + CONFIG: *step_config + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - *deployed_cert_mount + - + - /var/lib/kolla/config_files/haproxy.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/haproxy/:/var/lib/kolla/config_files/src:ro + # puppet saves iptables rules in /etc/sysconfig + - /etc/sysconfig:/etc/sysconfig:rw + # saving rules require accessing /usr/libexec/iptables/iptables.init, just bind-mount + # the necessary bit and prevent systemd to try to reload the service in the container + - /usr/libexec/iptables:/usr/libexec/iptables:ro + - /usr/libexec/initscripts/legacy-actions:/usr/libexec/initscripts/legacy-actions:ro + - /etc/puppet:/tmp/puppet-etc:ro + - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS haproxy: image: {get_param: DockerHAProxyImage} net: host - privileged: false restart: always volumes: list_concat: diff --git a/docker/services/heat-api-cfn.yaml b/docker/services/heat-api-cfn.yaml index aff0f1a1..70612899 100644 --- a/docker/services/heat-api-cfn.yaml +++ b/docker/services/heat-api-cfn.yaml @@ -125,8 +125,25 @@ outputs: path: /var/log/containers/heat state: directory upgrade_tasks: - - name: Stop and disable heat_api_cfn service + - name: Check if heat_api_cfn is deployed + command: systemctl is-enabled openstack-heat-api-cfn + tags: common + ignore_errors: True + register: heat_api_cfn_enabled + - name: check for heat_api_cfn running under apache (post upgrade) tags: step2 - service: name=httpd state=stopped enabled=no + shell: "httpd -t -D DUMP_VHOSTS | grep -q heat_api_cfn_wsgi" + register: heat_api_cfn_apache + ignore_errors: true + changed_when: false + check_mode: no + - name: Stop heat_api_cfn service (running under httpd) + tags: step2 + service: name=httpd state=stopped + when: heat_api_cfn_apache.rc == 0 + - name: Stop and disable heat_api_cfn service (pre-upgrade not under httpd) + tags: step2 + service: name=openstack-heat-api-cfn state=stopped enabled=no + when: heat_api_cfn_enabled.rc == 0 metadata_settings: get_attr: [HeatBase, role_data, metadata_settings] diff --git a/docker/services/heat-api.yaml b/docker/services/heat-api.yaml index ba8fc75f..9e38b060 100644 --- a/docker/services/heat-api.yaml +++ b/docker/services/heat-api.yaml @@ -133,6 +133,7 @@ outputs: heat_api_cron: image: {get_param: DockerHeatApiImage} net: host + user: root privileged: false restart: always volumes: @@ -150,8 +151,25 @@ outputs: path: /var/log/containers/heat state: directory upgrade_tasks: - - name: Stop and disable heat_api service + - name: Check is heat_api is deployed + command: systemctl is-enabled openstack-heat-api + tags: common + ignore_errors: True + register: heat_api_enabled + - name: check for heat_api running under apache (post upgrade) + tags: step2 + shell: "httpd -t -D DUMP_VHOSTS | grep -q heat_api_wsgi" + register: heat_api_apache + ignore_errors: true + changed_when: false + check_mode: no + - name: Stop heat_api service (running under httpd) + tags: step2 + service: name=httpd state=stopped + when: heat_api_apache.rc == 0 + - name: Stop and disable heat_api service (pre-upgrade not under httpd) tags: step2 - service: name=httpd state=stopped enabled=no + service: name=openstack-heat-api state=stopped enabled=no + when: heat_api_enabled.rc == 0 metadata_settings: get_attr: [HeatBase, role_data, metadata_settings] diff --git a/docker/services/heat-engine.yaml b/docker/services/heat-engine.yaml index 789f3f9d..a20dc131 100644 --- a/docker/services/heat-engine.yaml +++ b/docker/services/heat-engine.yaml @@ -43,6 +43,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + HeatBase: type: ../../puppet/services/heat-engine.yaml properties: @@ -63,7 +66,10 @@ outputs: - get_attr: [HeatBase, role_data, config_settings] - apache::default_vhost: false step_config: &step_config - get_attr: [HeatBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [HeatBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [HeatBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/ironic-api.yaml b/docker/services/ironic-api.yaml index 90978f3e..2a9735b5 100644 --- a/docker/services/ironic-api.yaml +++ b/docker/services/ironic-api.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + IronicApiBase: type: ../../puppet/services/ironic-api.yaml properties: @@ -62,7 +65,10 @@ outputs: - get_attr: [IronicApiBase, role_data, config_settings] - apache::default_vhost: false step_config: &step_config - get_attr: [IronicApiBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [IronicApiBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [IronicApiBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/ironic-conductor.yaml b/docker/services/ironic-conductor.yaml index 6368bd23..37f4d46e 100644 --- a/docker/services/ironic-conductor.yaml +++ b/docker/services/ironic-conductor.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + IronicConductorBase: type: ../../puppet/services/ironic-conductor.yaml properties: @@ -69,7 +72,10 @@ outputs: - ironic::pxe::http_root: /var/lib/ironic/httpboot - ironic::conductor::http_root: /var/lib/ironic/httpboot step_config: &step_config - get_attr: [IronicConductorBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [IronicConductorBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [IronicConductorBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/iscsid.yaml b/docker/services/iscsid.yaml index f6b348c7..80519800 100644 --- a/docker/services/iscsid.yaml +++ b/docker/services/iscsid.yaml @@ -118,4 +118,3 @@ outputs: tags: step2 service: name=iscsid.socket state=stopped enabled=no when: stat_iscsid_socket.stat.exists - metadata_settings: {} diff --git a/docker/services/keystone.yaml b/docker/services/keystone.yaml index da04682e..fcc458a2 100644 --- a/docker/services/keystone.yaml +++ b/docker/services/keystone.yaml @@ -55,6 +55,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + KeystoneBase: type: ../../puppet/services/keystone.yaml properties: @@ -83,6 +86,7 @@ outputs: - "\n" - - "['Keystone_user', 'Keystone_endpoint', 'Keystone_domain', 'Keystone_tenant', 'Keystone_user_role', 'Keystone_role', 'Keystone_service'].each |String $val| { noop_resource($val) }" - {get_attr: [KeystoneBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [KeystoneBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: @@ -98,6 +102,19 @@ outputs: dest: "/" merge: true preserve_properties: true + /var/lib/kolla/config_files/keystone_cron.json: + # FIXME(dprince): this is unused ATM because Kolla hardcodes the + # args for the keystone container to -DFOREGROUND + command: /usr/sbin/crond -n + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + permissions: + - path: /var/log/keystone + owner: keystone:keystone + recurse: true docker_config: # Kolla_bootstrap/db sync runs before permissions set by kolla_config step_2: @@ -150,6 +167,23 @@ outputs: user: root command: [ 'keystone', '/usr/bin/bootstrap_host_exec', 'keystone' ,'keystone-manage', 'bootstrap', '--bootstrap-password', {get_param: AdminPassword} ] + keystone_cron: + start_order: 4 + image: *keystone_image + user: root + net: host + privileged: false + restart: always + command: ['/bin/bash', '-c', '/usr/local/bin/kolla_set_configs && /usr/sbin/crond -n'] + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/keystone_cron.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/keystone/:/var/lib/kolla/config_files/src:ro + - /var/log/containers/keystone:/var/log/keystone + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS docker_puppet_tasks: # Keystone endpoint creation occurs only on single node step_3: diff --git a/docker/services/manila-api.yaml b/docker/services/manila-api.yaml index c33f4094..7b2dbfaf 100644 --- a/docker/services/manila-api.yaml +++ b/docker/services/manila-api.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + ManilaApiPuppetBase: type: ../../puppet/services/manila-api.yaml properties: @@ -57,7 +60,10 @@ outputs: service_name: {get_attr: [ManilaApiPuppetBase, role_data, service_name]} config_settings: {get_attr: [ManilaApiPuppetBase, role_data, config_settings]} step_config: &step_config - {get_attr: [ManilaApiPuppetBase, role_data, step_config]} + list_join: + - "\n" + - - {get_attr: [ManilaApiPuppetBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [ManilaApiPuppetBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS # puppet_config: diff --git a/docker/services/manila-scheduler.yaml b/docker/services/manila-scheduler.yaml index 730d33f6..7b5dfec3 100644 --- a/docker/services/manila-scheduler.yaml +++ b/docker/services/manila-scheduler.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + ManilaSchedulerPuppetBase: type: ../../puppet/services/manila-scheduler.yaml properties: @@ -57,7 +60,10 @@ outputs: service_name: {get_attr: [ManilaSchedulerPuppetBase, role_data, service_name]} config_settings: {get_attr: [ManilaSchedulerPuppetBase, role_data, config_settings]} step_config: &step_config - {get_attr: [ManilaSchedulerPuppetBase, role_data, step_config]} + list_join: + - "\n" + - - {get_attr: [ManilaSchedulerPuppetBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [ManilaSchedulerPuppetBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS # puppet_config: diff --git a/docker/services/manila-share.yaml b/docker/services/manila-share.yaml index 09d1a574..332ba864 100644 --- a/docker/services/manila-share.yaml +++ b/docker/services/manila-share.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + ManilaBase: type: ../../puppet/services/manila-share.yaml properties: @@ -59,7 +62,10 @@ outputs: service_name: {get_attr: [ManilaBase, role_data, service_name]} config_settings: {get_attr: [ManilaBase, role_data, config_settings]} step_config: &step_config - get_attr: [ManilaBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [ManilaBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [ManilaBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: @@ -75,9 +81,8 @@ outputs: dest: "/" merge: true preserve_properties: true - # NOTE(gfidente): ceph-ansible generated - - source: "/var/lib/kolla/config_files/src-ceph/*" - dest: "/etc/ceph" + - source: "/var/lib/kolla/config_files/src-ceph/" + dest: "/etc/ceph/" merge: true preserve_properties: true permissions: @@ -97,7 +102,7 @@ outputs: - /var/lib/kolla/config_files/manila_share.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/manila/:/var/lib/kolla/config_files/src:ro - /var/log/containers/manila:/var/log/manila - - /etc/ceph/:/var/lib/kolla/config_files/src-ceph:ro + - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: @@ -105,6 +110,10 @@ outputs: file: path: /var/log/containers/manila state: directory + - name: ensure ceph configurations exist + file: + path: /etc/ceph + state: directory upgrade_tasks: - name: Stop and disable manila_share service tags: step2 diff --git a/docker/services/mistral-api.yaml b/docker/services/mistral-api.yaml index 73db3742..38b97aef 100644 --- a/docker/services/mistral-api.yaml +++ b/docker/services/mistral-api.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + MistralApiBase: type: ../../puppet/services/mistral-api.yaml properties: @@ -61,7 +64,10 @@ outputs: map_merge: - get_attr: [MistralApiBase, role_data, config_settings] step_config: &step_config - get_attr: [MistralApiBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [MistralApiBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [MistralApiBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/mistral-engine.yaml b/docker/services/mistral-engine.yaml index 4c6b300d..2b498be3 100644 --- a/docker/services/mistral-engine.yaml +++ b/docker/services/mistral-engine.yaml @@ -43,6 +43,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + MistralBase: type: ../../puppet/services/mistral-engine.yaml properties: @@ -62,7 +65,10 @@ outputs: map_merge: - get_attr: [MistralBase, role_data, config_settings] step_config: &step_config - get_attr: [MistralBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [MistralBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [MistralBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/mistral-executor.yaml b/docker/services/mistral-executor.yaml index ea54c574..e106fe47 100644 --- a/docker/services/mistral-executor.yaml +++ b/docker/services/mistral-executor.yaml @@ -43,6 +43,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + MistralBase: type: ../../puppet/services/mistral-executor.yaml properties: @@ -62,7 +65,10 @@ outputs: map_merge: - get_attr: [MistralBase, role_data, config_settings] step_config: &step_config - get_attr: [MistralBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [MistralBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [MistralBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/multipathd.yaml b/docker/services/multipathd.yaml index a0c02f30..5e01558a 100644 --- a/docker/services/multipathd.yaml +++ b/docker/services/multipathd.yaml @@ -59,11 +59,11 @@ outputs: kolla_config: /var/lib/kolla/config_files/multipathd.json: command: /usr/sbin/multipathd -d - config_files: - - source: "/var/lib/kolla/config_files/src-iscsid/*" - dest: "/" - merge: true - preserve_properties: true + config_files: + - source: "/var/lib/kolla/config_files/src-iscsid/*" + dest: "/" + merge: true + preserve_properties: true docker_config: step_3: multipathd: @@ -90,4 +90,3 @@ outputs: - name: Stop and disable multipathd service tags: step2 service: name=multipathd state=stopped enabled=no - metadata_settings: {} diff --git a/docker/services/neutron-api.yaml b/docker/services/neutron-api.yaml index a9125c8c..b4fce226 100644 --- a/docker/services/neutron-api.yaml +++ b/docker/services/neutron-api.yaml @@ -49,6 +49,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + NeutronBase: type: ../../puppet/services/neutron-api.yaml properties: @@ -68,7 +71,10 @@ outputs: map_merge: - get_attr: [NeutronBase, role_data, config_settings] step_config: &step_config - get_attr: [NeutronBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [NeutronBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [NeutronBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/nova-api.yaml b/docker/services/nova-api.yaml index 1d73a538..da461049 100644 --- a/docker/services/nova-api.yaml +++ b/docker/services/nova-api.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + NovaApiBase: type: ../../puppet/services/nova-api.yaml properties: @@ -69,6 +72,7 @@ outputs: - "\n" - - "['Nova_cell_v2'].each |String $val| { noop_resource($val) }" - {get_attr: [NovaApiBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [NovaApiBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: @@ -88,6 +92,17 @@ outputs: - path: /var/log/nova owner: nova:nova recurse: true + /var/lib/kolla/config_files/nova_api_cron.json: + command: /usr/sbin/crond -n + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + permissions: + - path: /var/log/nova + owner: nova:nova + recurse: true docker_config: # db sync runs before permissions set by kolla_config step_2: @@ -151,7 +166,7 @@ outputs: user: nova privileged: true restart: always - volumes: &nova_api_volumes + volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} - @@ -164,12 +179,17 @@ outputs: image: *nova_api_image net: host user: root - privileged: true + privileged: false restart: always - volumes: *nova_api_volumes + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/nova_api_cron.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro + - /var/log/containers/nova:/var/log/nova environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - command: "/usr/sbin/crond -n" step_5: nova_api_discover_hosts: start_order: 1 @@ -179,6 +199,8 @@ outputs: volumes: *nova_api_bootstrap_volumes user: root command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 discover_hosts'" + metadata_settings: + get_attr: [NovaApiBase, role_data, metadata_settings] host_prep_tasks: - name: create persistent logs directory file: diff --git a/docker/services/nova-compute.yaml b/docker/services/nova-compute.yaml index 0426eaec..39d1740c 100644 --- a/docker/services/nova-compute.yaml +++ b/docker/services/nova-compute.yaml @@ -47,6 +47,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + NovaComputeBase: type: ../../puppet/services/nova-compute.yaml properties: @@ -66,7 +69,10 @@ outputs: config_settings: get_attr: [NovaComputeBase, role_data, config_settings] step_config: &step_config - get_attr: [NovaComputeBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [NovaComputeBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} puppet_config: config_volume: nova_libvirt puppet_tags: nova_config,nova_paste_api_ini @@ -84,6 +90,10 @@ outputs: dest: "/" merge: true preserve_properties: true + - source: "/var/lib/kolla/config_files/src-ceph/" + dest: "/etc/ceph/" + merge: true + preserve_properties: true permissions: - path: /var/log/nova owner: nova:nova @@ -107,12 +117,15 @@ outputs: - /var/lib/kolla/config_files/nova_compute.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/nova_libvirt/:/var/lib/kolla/config_files/src:ro - /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro + - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro - /dev:/dev - /lib/modules:/lib/modules:ro - /run:/run - /var/lib/nova:/var/lib/nova - /var/lib/libvirt:/var/lib/libvirt - /var/log/containers/nova:/var/log/nova + - /sys/class/net:/sys/class/net + - /sys/bus/pci:/sys/bus/pci environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: @@ -124,6 +137,10 @@ outputs: - /var/log/containers/nova - /var/lib/nova - /var/lib/libvirt + - name: ensure ceph configurations exist + file: + path: /etc/ceph + state: directory upgrade_tasks: - name: Stop and disable nova-compute service tags: step2 diff --git a/docker/services/nova-conductor.yaml b/docker/services/nova-conductor.yaml index 9f666577..ae737056 100644 --- a/docker/services/nova-conductor.yaml +++ b/docker/services/nova-conductor.yaml @@ -43,6 +43,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + NovaConductorBase: type: ../../puppet/services/nova-conductor.yaml properties: @@ -60,7 +63,10 @@ outputs: service_name: {get_attr: [NovaConductorBase, role_data, service_name]} config_settings: {get_attr: [NovaConductorBase, role_data, config_settings]} step_config: &step_config - get_attr: [NovaConductorBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [NovaConductorBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [NovaConductorBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/nova-consoleauth.yaml b/docker/services/nova-consoleauth.yaml index 0d3d1ec9..715a861b 100644 --- a/docker/services/nova-consoleauth.yaml +++ b/docker/services/nova-consoleauth.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + NovaConsoleauthPuppetBase: type: ../../puppet/services/nova-consoleauth.yaml properties: @@ -59,7 +62,10 @@ outputs: service_name: {get_attr: [NovaConsoleauthPuppetBase, role_data, service_name]} config_settings: {get_attr: [NovaConsoleauthPuppetBase, role_data, config_settings]} step_config: &step_config - get_attr: [NovaConsoleauthPuppetBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [NovaConsoleauthPuppetBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [NovaConsoleauthPuppetBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/nova-ironic.yaml b/docker/services/nova-ironic.yaml index 17068b41..543758a1 100644 --- a/docker/services/nova-ironic.yaml +++ b/docker/services/nova-ironic.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + NovaIronicBase: type: ../../puppet/services/nova-ironic.yaml properties: @@ -59,7 +62,10 @@ outputs: service_name: {get_attr: [NovaIronicBase, role_data, service_name]} config_settings: {get_attr: [NovaIronicBase, role_data, config_settings]} step_config: &step_config - get_attr: [NovaIronicBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [NovaIronicBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} puppet_config: config_volume: nova puppet_tags: nova_config,nova_paste_api_ini diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml index 5fc7939a..2f3851a5 100644 --- a/docker/services/nova-libvirt.yaml +++ b/docker/services/nova-libvirt.yaml @@ -74,6 +74,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + NovaLibvirtBase: type: ../../puppet/services/nova-libvirt.yaml properties: @@ -93,10 +96,13 @@ outputs: config_settings: get_attr: [NovaLibvirtBase, role_data, config_settings] step_config: &step_config - get_attr: [NovaLibvirtBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [NovaLibvirtBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} puppet_config: config_volume: nova_libvirt - puppet_tags: nova_config,file,exec + puppet_tags: libvirtd_config,nova_config,file,exec step_config: *step_config config_image: {get_param: DockerNovaLibvirtConfigImage} kolla_config: @@ -111,6 +117,10 @@ outputs: dest: "/" merge: true preserve_properties: true + - source: "/var/lib/kolla/config_files/src-ceph/" + dest: "/etc/ceph/" + merge: true + preserve_properties: true permissions: - path: /var/log/nova owner: nova:nova @@ -129,6 +139,7 @@ outputs: - - /var/lib/kolla/config_files/nova_libvirt.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/nova_libvirt/:/var/lib/kolla/config_files/src:ro + - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro - /lib/modules:/lib/modules:ro - /dev:/dev - /run:/run @@ -153,6 +164,10 @@ outputs: - /etc/libvirt/qemu - /var/lib/libvirt - /var/log/containers/nova + - name: ensure ceph configurations exist + file: + path: /etc/ceph + state: directory - name: set enable_package_install fact set_fact: enable_package_install: {get_param: EnablePackageInstall} diff --git a/docker/services/nova-placement.yaml b/docker/services/nova-placement.yaml index 7350db20..d784ace3 100644 --- a/docker/services/nova-placement.yaml +++ b/docker/services/nova-placement.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + NovaPlacementBase: type: ../../puppet/services/nova-placement.yaml properties: @@ -62,7 +65,10 @@ outputs: - get_attr: [NovaPlacementBase, role_data, config_settings] - apache::default_vhost: false step_config: &step_config - get_attr: [NovaPlacementBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [NovaPlacementBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [NovaPlacementBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: @@ -100,6 +106,8 @@ outputs: - /var/log/containers/nova:/var/log/nova environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + metadata_settings: + get_attr: [NovaPlacementBase, role_data, metadata_settings] host_prep_tasks: - name: create persistent logs directory file: diff --git a/docker/services/nova-scheduler.yaml b/docker/services/nova-scheduler.yaml index 5c1aa308..8d8a6358 100644 --- a/docker/services/nova-scheduler.yaml +++ b/docker/services/nova-scheduler.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + NovaSchedulerBase: type: ../../puppet/services/nova-scheduler.yaml properties: @@ -59,7 +62,10 @@ outputs: service_name: {get_attr: [NovaSchedulerBase, role_data, service_name]} config_settings: {get_attr: [NovaSchedulerBase, role_data, config_settings]} step_config: &step_config - get_attr: [NovaSchedulerBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [NovaSchedulerBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [NovaSchedulerBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/nova-vnc-proxy.yaml b/docker/services/nova-vnc-proxy.yaml index 37831ff7..c5f651d2 100644 --- a/docker/services/nova-vnc-proxy.yaml +++ b/docker/services/nova-vnc-proxy.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + NovaVncProxyPuppetBase: type: ../../puppet/services/nova-vnc-proxy.yaml properties: @@ -59,7 +62,10 @@ outputs: service_name: {get_attr: [NovaVncProxyPuppetBase, role_data, service_name]} config_settings: {get_attr: [NovaVncProxyPuppetBase, role_data, config_settings]} step_config: &step_config - get_attr: [NovaVncProxyPuppetBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [NovaVncProxyPuppetBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [NovaVncProxyPuppetBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/octavia-api.yaml b/docker/services/octavia-api.yaml index f5b4baec..86730ebc 100644 --- a/docker/services/octavia-api.yaml +++ b/docker/services/octavia-api.yaml @@ -50,6 +50,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + OctaviaApiPuppetBase: type: ../../puppet/services/octavia-api.yaml properties: @@ -67,7 +70,10 @@ outputs: service_name: {get_attr: [OctaviaApiPuppetBase, role_data, service_name]} config_settings: {get_attr: [OctaviaApiPuppetBase, role_data, config_settings]} step_config: &step_config - get_attr: [OctaviaApiPuppetBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [OctaviaApiPuppetBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [OctaviaApiPuppetBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS # puppet_config: diff --git a/docker/services/pacemaker/cinder-backup.yaml b/docker/services/pacemaker/cinder-backup.yaml index 26ae9bca..c6a80efa 100644 --- a/docker/services/pacemaker/cinder-backup.yaml +++ b/docker/services/pacemaker/cinder-backup.yaml @@ -52,6 +52,9 @@ parameters: resources: + MySQLClient: + type: ../../../puppet/services/database/mysql-client.yaml + CinderBackupBase: type: ../../../puppet/services/cinder-backup.yaml properties: @@ -82,7 +85,11 @@ outputs: puppet_config: config_volume: cinder puppet_tags: cinder_config,file,concat,file_line - step_config: {get_attr: [CinderBackupBase, role_data, step_config]} + step_config: + list_join: + - "\n" + - - {get_attr: [CinderBackupBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} config_image: {get_param: DockerCinderConfigImage} kolla_config: /var/lib/kolla/config_files/cinder_backup.json: diff --git a/docker/services/pacemaker/cinder-volume.yaml b/docker/services/pacemaker/cinder-volume.yaml index 262e999d..3c1b7a74 100644 --- a/docker/services/pacemaker/cinder-volume.yaml +++ b/docker/services/pacemaker/cinder-volume.yaml @@ -48,6 +48,9 @@ parameters: resources: + MySQLClient: + type: ../../../puppet/services/database/mysql-client.yaml + CinderBase: type: ../../../puppet/services/cinder-volume.yaml properties: @@ -76,7 +79,11 @@ outputs: puppet_config: config_volume: cinder puppet_tags: cinder_config,file,concat,file_line - step_config: {get_attr: [CinderBase, role_data, step_config]} + step_config: + list_join: + - "\n" + - - {get_attr: [CinderBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} config_image: {get_param: DockerCinderConfigImage} kolla_config: /var/lib/kolla/config_files/cinder_volume.json: diff --git a/docker/services/pacemaker/database/mysql.yaml b/docker/services/pacemaker/database/mysql.yaml index 22c29b29..3fb38349 100644 --- a/docker/services/pacemaker/database/mysql.yaml +++ b/docker/services/pacemaker/database/mysql.yaml @@ -32,6 +32,9 @@ parameters: type: string hidden: true default: '' + MysqlClustercheckPassword: + type: string + hidden: true RoleName: default: '' description: Role name on which the service is applied @@ -65,6 +68,17 @@ outputs: map_merge: - {get_attr: [MysqlPuppetBase, role_data, config_settings]} - tripleo::profile::pacemaker::database::mysql_bundle::mysql_docker_image: &mysql_image {get_param: DockerMysqlImage} + tripleo::profile::pacemaker::database::mysql_bundle::control_port: 3123 + tripleo.mysql.firewall_rules: + '104 mysql galera-bundle': + dport: + - 873 + - 3123 + - 3306 + - 4444 + - 4567 + - 4568 + - 9200 step_config: "" # BEGIN DOCKER SETTINGS # puppet_config: @@ -107,7 +121,19 @@ outputs: image: *mysql_image net: host # Kolla bootstraps aren't idempotent, explicitly checking if bootstrap was done - command: ['bash', '-c', 'test -e /var/lib/mysql/mysql || kolla_start'] + command: + - 'bash' + - '-ec' + - + list_join: + - "\n" + - - 'if [ -e /var/lib/mysql/mysql ]; then exit 0; fi' + - 'kolla_start' + - 'mysqld_safe --skip-networking --wsrep-on=OFF &' + - 'timeout ${DB_MAX_TIMEOUT} /bin/bash -c ''until mysqladmin -uroot -p"${DB_ROOT_PASSWORD}" ping 2>/dev/null; do sleep 1; done''' + - 'mysql -uroot -p"${DB_ROOT_PASSWORD}" -e "CREATE USER ''clustercheck''@''localhost'' IDENTIFIED BY ''${DB_CLUSTERCHECK_PASSWORD}'';"' + - 'mysql -uroot -p"${DB_ROOT_PASSWORD}" -e "GRANT PROCESS ON *.* TO ''clustercheck''@''localhost'' WITH GRANT OPTION;"' + - 'timeout ${DB_MAX_TIMEOUT} mysqladmin -uroot -p"${DB_ROOT_PASSWORD}" shutdown' volumes: &mysql_volumes list_concat: - {get_attr: [ContainersCommon, volumes]} @@ -120,6 +146,12 @@ outputs: - KOLLA_BOOTSTRAP=True # NOTE(mandre) skip wsrep cluster status check - KOLLA_KUBERNETES=True + - DB_MAX_TIMEOUT=60 + - + list_join: + - '=' + - - 'DB_CLUSTERCHECK_PASSWORD' + - {get_param: MysqlClustercheckPassword} - list_join: - '=' diff --git a/docker/services/pacemaker/database/redis.yaml b/docker/services/pacemaker/database/redis.yaml index df7ae7f4..75b6d650 100644 --- a/docker/services/pacemaker/database/redis.yaml +++ b/docker/services/pacemaker/database/redis.yaml @@ -61,7 +61,13 @@ outputs: redis::notify_service: false redis::managed_by_cluster_manager: true tripleo::profile::pacemaker::database::redis_bundle::redis_docker_image: &redis_image {get_param: DockerRedisImage} - + tripleo::profile::pacemaker::database::redis_bundle::control_port: 3124 + tripleo.redis.firewall_rules: + '108 redis-bundle': + dport: + - 3124 + - 6379 + - 26379 step_config: "" service_config_settings: {get_attr: [RedisBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS diff --git a/docker/services/pacemaker/rabbitmq.yaml b/docker/services/pacemaker/rabbitmq.yaml index dc56bcce..de53ceee 100644 --- a/docker/services/pacemaker/rabbitmq.yaml +++ b/docker/services/pacemaker/rabbitmq.yaml @@ -63,6 +63,14 @@ outputs: - {get_attr: [RabbitmqBase, role_data, config_settings]} - rabbitmq::service_manage: false tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image: &rabbitmq_image {get_param: DockerRabbitmqImage} + tripleo::profile::pacemaker::rabbitmq_bundle::control_port: 3122 + tripleo.rabbitmq.firewall_rules: + '109 rabbitmq-bundle': + dport: + - 3122 + - 4369 + - 5672 + - 25672 step_config: &step_config get_attr: [RabbitmqBase, role_data, step_config] service_config_settings: {get_attr: [RabbitmqBase, role_data, service_config_settings]} diff --git a/docker/services/panko-api.yaml b/docker/services/panko-api.yaml index ad2fa0f6..01c17388 100644 --- a/docker/services/panko-api.yaml +++ b/docker/services/panko-api.yaml @@ -51,6 +51,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + PankoApiPuppetBase: type: ../../puppet/services/panko-api.yaml properties: @@ -71,7 +74,10 @@ outputs: - get_attr: [PankoApiPuppetBase, role_data, config_settings] - apache::default_vhost: false step_config: &step_config - get_attr: [PankoApiPuppetBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [PankoApiPuppetBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [PankoApiPuppetBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS # puppet_config: diff --git a/docker/services/sahara-api.yaml b/docker/services/sahara-api.yaml index bff2fdac..b0c3736c 100644 --- a/docker/services/sahara-api.yaml +++ b/docker/services/sahara-api.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + SaharaApiPuppetBase: type: ../../puppet/services/sahara-api.yaml properties: @@ -60,7 +63,10 @@ outputs: - get_attr: [SaharaApiPuppetBase, role_data, config_settings] - sahara::sync_db: false step_config: &step_config - get_attr: [SaharaApiPuppetBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [SaharaApiPuppetBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [SaharaApiPuppetBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS # puppet_config: diff --git a/docker/services/sahara-engine.yaml b/docker/services/sahara-engine.yaml index 01d4bb9c..b1660296 100644 --- a/docker/services/sahara-engine.yaml +++ b/docker/services/sahara-engine.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + SaharaEnginePuppetBase: type: ../../puppet/services/sahara-engine.yaml properties: @@ -60,7 +63,10 @@ outputs: - get_attr: [SaharaEnginePuppetBase, role_data, config_settings] - sahara::sync_db: false step_config: &step_config - get_attr: [SaharaEnginePuppetBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [SaharaEnginePuppetBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [SaharaEnginePuppetBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS # puppet_config: diff --git a/docker/services/swift-storage.yaml b/docker/services/swift-storage.yaml index 04e58b4a..e879b25d 100644 --- a/docker/services/swift-storage.yaml +++ b/docker/services/swift-storage.yaml @@ -462,6 +462,7 @@ outputs: - openstack-swift-container-updater - openstack-swift-container - openstack-swift-object-auditor + - openstack-swift-object-expirer - openstack-swift-object-replicator - openstack-swift-object-updater - openstack-swift-object diff --git a/docker/services/tacker.yaml b/docker/services/tacker.yaml index cdcb4d2a..1b7d78ca 100644 --- a/docker/services/tacker.yaml +++ b/docker/services/tacker.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + TackerBase: type: ../../puppet/services/tacker.yaml properties: @@ -61,7 +64,10 @@ outputs: map_merge: - get_attr: [TackerBase, role_data, config_settings] step_config: &step_config - get_attr: [TackerBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [TackerBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [TackerBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/zaqar.yaml b/docker/services/zaqar.yaml index 061a4a70..072c6759 100644 --- a/docker/services/zaqar.yaml +++ b/docker/services/zaqar.yaml @@ -40,15 +40,22 @@ parameters: default: {} description: Parameters specific to the role type: json + EnableInternalTLS: + type: boolean + default: false conditions: zaqar_management_store_sqlalchemy: {equals : [{get_param: ZaqarManagementStore}, 'sqlalchemy']} + internal_tls_enabled: {get_param: EnableInternalTLS} resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + ZaqarBase: type: ../../puppet/services/zaqar.yaml properties: @@ -58,6 +65,7 @@ resources: DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} + EnableInternalTLS: {get_param: EnableInternalTLS} outputs: role_data: @@ -66,7 +74,10 @@ outputs: service_name: {get_attr: [ZaqarBase, role_data, service_name]} config_settings: {get_attr: [ZaqarBase, role_data, config_settings]} step_config: &step_config - get_attr: [ZaqarBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [ZaqarBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [ZaqarBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: @@ -137,6 +148,16 @@ outputs: - /var/lib/kolla/config_files/zaqar.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/zaqar/:/var/lib/kolla/config_files/src:ro - /var/log/containers/zaqar:/var/log/zaqar + - + if: + - internal_tls_enabled + - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro + - '' + - + if: + - internal_tls_enabled + - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro + - '' environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS zaqar_websocket: @@ -162,3 +183,5 @@ outputs: - name: Stop and disable zaqar service tags: step2 service: name=httpd state=stopped enabled=no + metadata_settings: + get_attr: [ZaqarBase, role_data, metadata_settings] |