diff options
Diffstat (limited to 'docker')
| -rw-r--r-- | docker/services/ceph-ansible/ceph-base.yaml | 29 | ||||
| -rw-r--r-- | docker/services/ceph-ansible/ceph-external.yaml | 66 | ||||
| -rw-r--r-- | docker/services/ceph-ansible/ceph-rgw.yaml | 87 | ||||
| -rw-r--r-- | docker/services/database/mongodb.yaml | 1 | ||||
| -rw-r--r-- | docker/services/nova-libvirt.yaml | 25 | ||||
| -rw-r--r-- | docker/services/pacemaker/ovn-dbs.yaml | 140 |
6 files changed, 348 insertions, 0 deletions
diff --git a/docker/services/ceph-ansible/ceph-base.yaml b/docker/services/ceph-ansible/ceph-base.yaml index 2a592869..18d3e6a3 100644 --- a/docker/services/ceph-ansible/ceph-base.yaml +++ b/docker/services/ceph-ansible/ceph-base.yaml @@ -100,6 +100,14 @@ parameters: CephClientUserName: default: openstack type: string + CephRgwClientName: + default: radosgw + type: string + CephRgwKey: + description: The cephx key for the radosgw client. Can be created + with ceph-authtool --gen-print-key. + type: string + hidden: true CephPoolDefaultSize: description: default minimum replication for RBD copies type: number @@ -115,6 +123,10 @@ parameters: CephIPv6: default: False type: boolean + SwiftPassword: + description: The password for the swift service account + type: string + hidden: true DockerCephDaemonImage: description: image type: string @@ -244,12 +256,29 @@ outputs: mds_cap: "allow *" osd_cap: "allow rw" mode: "0644" + - name: + list_join: + - '.' + - - client + - {get_param: CephRgwClientName} + key: {get_param: CephRgwKey} + mon_cap: "allow rw" + osd_cap: "allow rwx" + mode: "0644" keys: *openstack_keys pools: [] ceph_conf_overrides: global: osd_pool_default_size: {get_param: CephPoolDefaultSize} osd_pool_default_pg_num: {get_param: CephPoolDefaultPgNum} + rgw_keystone_api_version: 3 + rgw_keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} + rgw_keystone_accepted_roles: 'Member, _member_, admin' + rgw_keystone_admin_domain: default + rgw_keystone_admin_project: service + rgw_keystone_admin_user: swift + rgw_keystone_admin_password: {get_param: SwiftPassword} + rgw_s3_auth_use_keystone: 'true' ntp_service_enabled: false generate_fsid: false ip_version: diff --git a/docker/services/ceph-ansible/ceph-external.yaml b/docker/services/ceph-ansible/ceph-external.yaml new file mode 100644 index 00000000..f93dd566 --- /dev/null +++ b/docker/services/ceph-ansible/ceph-external.yaml @@ -0,0 +1,66 @@ +heat_template_version: pike + +description: > + Ceph External service. + +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + CephExternalMonHost: + default: '' + type: string + description: List of externally managed Ceph Mon Host IPs. Only used for external Ceph deployments. + +resources: + CephBase: + type: ./ceph-base.yaml + properties: + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Ceph External service. + value: + service_name: ceph_client + upgrade_tasks: [] + step_config: '' + puppet_config: + config_image: '' + config_volume: '' + step_config: '' + docker_config: {} + service_workflow_tasks: {get_attr: [CephBase, role_data, service_workflow_tasks]} + config_settings: + ceph_client_ansible_vars: + map_merge: + - {get_attr: [CephBase, role_data, config_settings, ceph_common_ansible_vars]} + - external_cluster_mon_ips: {get_param: CephExternalMonHost}
\ No newline at end of file diff --git a/docker/services/ceph-ansible/ceph-rgw.yaml b/docker/services/ceph-ansible/ceph-rgw.yaml new file mode 100644 index 00000000..4bed9b46 --- /dev/null +++ b/docker/services/ceph-ansible/ceph-rgw.yaml @@ -0,0 +1,87 @@ +heat_template_version: pike + +description: > + Ceph RadosGW service. + +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + SwiftPassword: + description: The password for the swift service account + type: string + hidden: true + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + +resources: + CephBase: + type: ./ceph-base.yaml + properties: + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Ceph RadosGW service. + value: + service_name: ceph_rgw + upgrade_tasks: [] + step_config: '' + puppet_config: + config_image: '' + config_volume: '' + step_config: '' + docker_config: {} + service_workflow_tasks: {get_attr: [CephBase, role_data, service_workflow_tasks]} + config_settings: + map_merge: + - tripleo.ceph_rgw.firewall_rules: + '122 ceph rgw': + dport: {get_param: [EndpointMap, CephRgwInternal, port]} + - ceph_rgw_ansible_vars: + map_merge: + - {get_attr: [CephBase, role_data, config_settings, ceph_common_ansible_vars]} + - radosgw_keystone: true + radosgw_keystone_ssl: false + radosgw_address_block: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephRgwNetwork]}]} + radosgw_civetweb_port: {get_param: [EndpointMap, CephRgwInternal, port]} + service_config_settings: + keystone: + ceph::rgw::keystone::auth::public_url: {get_param: [EndpointMap, CephRgwPublic, uri]} + ceph::rgw::keystone::auth::internal_url: {get_param: [EndpointMap, CephRgwInternal, uri]} + ceph::rgw::keystone::auth::admin_url: {get_param: [EndpointMap, CephRgwAdmin, uri]} + ceph::rgw::keystone::auth::region: {get_param: KeystoneRegion} + ceph::rgw::keystone::auth::roles: [ 'admin', 'Member', '_member_' ] + ceph::rgw::keystone::auth::tenant: service + ceph::rgw::keystone::auth::user: swift + ceph::rgw::keystone::auth::password: {get_param: SwiftPassword} diff --git a/docker/services/database/mongodb.yaml b/docker/services/database/mongodb.yaml index d6bba20b..5cf6f925 100644 --- a/docker/services/database/mongodb.yaml +++ b/docker/services/database/mongodb.yaml @@ -159,6 +159,7 @@ outputs: upgrade_tasks: - name: Check for mongodb service stat: path=/usr/lib/systemd/system/mongod.service + tags: common register: mongod_service - name: Stop and disable mongodb service tags: step2 diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml index 8f151cfe..d20c093d 100644 --- a/docker/services/nova-libvirt.yaml +++ b/docker/services/nova-libvirt.yaml @@ -204,6 +204,7 @@ outputs: - /var/lib/libvirt:/var/lib/libvirt - /var/log/libvirt/qemu:/var/log/libvirt/qemu:ro - /var/log/containers/nova:/var/log/nova + - /var/lib/vhost_sockets:/var/lib/vhost_sockets - if: - use_tls_for_live_migration @@ -252,6 +253,30 @@ outputs: - /etc/libvirt/qemu - /var/lib/libvirt - /var/log/containers/nova + # qemu user on host will be cretaed by libvirt package install, ensure + # the qemu user created with same uid/gid as like libvirt package. + # These specific values are required since ovs is running on host. + # Once ovs with DPDK is containerized, we could modify this uid/gid + # to match with kolla config values. + - name: ensure qemu group is present on the host + group: + name: qemu + gid: 107 + state: present + - name: ensure qemu user is present on the host + user: + name: qemu + uid: 107 + group: qemu + state: present + shell: /sbin/nologin + comment: qemu user + - name: create directory for vhost-user sockets with qemu ownership + file: + path: /var/lib/vhost_sockets + state: directory + owner: qemu + group: qemu - name: ensure ceph configurations exist file: path: /etc/ceph diff --git a/docker/services/pacemaker/ovn-dbs.yaml b/docker/services/pacemaker/ovn-dbs.yaml new file mode 100644 index 00000000..03c5a397 --- /dev/null +++ b/docker/services/pacemaker/ovn-dbs.yaml @@ -0,0 +1,140 @@ +heat_template_version: pike + +description: > + OpenStack containerized OVN DBs service managed by pacemaker + +parameters: + DockerOvnDbsImage: + description: image + type: string + DockerOvnDbsConfigImage: + description: image + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + OVNNorthboundServerPort: + description: Port of the OVN Northbound DB server + type: number + default: 6641 + OVNSouthboundServerPort: + description: Port of the OVN Southbound DB server + type: number + default: 6642 + +resources: + + ContainersCommon: + type: ./../containers-common.yaml + + OVNDbsBase: + type: ../../../puppet/services/pacemaker/ovn-dbs.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + OVNNorthboundServerPort: {get_param: OVNNorthboundServerPort} + OVNSouthboundServerPort: {get_param: OVNSouthboundServerPort} + +outputs: + role_data: + description: Role data for the OVN Dbs HA role. + value: + service_name: {get_attr: [OVNDbsBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [OVNDbsBase, role_data, config_settings] + - tripleo::profile::pacemaker::ovn_dbs_bundle::ovn_dbs_docker_image: {get_param: DockerOvnDbsImage} + - tripleo::profile::pacemaker::ovn_dbs_bundle::nb_db_port: {get_param: OVNNorthboundServerPort} + - tripleo::profile::pacemaker::ovn_dbs_bundle::sb_db_port: {get_param: OVNSouthboundServerPort} + step_config: '' + service_config_settings: {get_attr: [OVNDbsBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: 'ovn_dbs' + puppet_tags: 'exec' + step_config: '' + config_image: &ovn_dbs_config_image {get_param: DockerOvnDbsConfigImage} + kolla_config: + /var/lib/kolla/config_files/ovn_dbs.json: + command: /usr/sbin/pacemaker_remoted + config_files: + - dest: /etc/libqb/force-filesystem-sockets + source: /dev/null + owner: root + perm: '0644' + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + optional: true + docker_config: + step_3: + ovn_dbs_init_bundle: + start_order: 1 + detach: false + net: host + user: root + config_volume: 'ovn_dbs_init_bundle' + command: + - '/bin/bash' + - '-c' + - str_replace: + template: + list_join: + - '; ' + - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 3}' > /etc/puppet/hieradata/docker.json" + - "FACTER_uuid=docker puppet apply --tags file,file_line,concat,augeas,TAGS -v -e 'CONFIG'" + params: + TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ip,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation' + CONFIG: + list_join: + - ';' + - - 'include ::tripleo::profile::base::pacemaker' + - 'include ::tripleo::profile::pacemaker::ovn_dbs_bundle' + image: *ovn_dbs_config_image + volumes: + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /etc/puppet:/tmp/puppet-etc:ro + - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro + - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro + - /dev/shm:/dev/shm:rw + host_prep_tasks: + - name: create persistent directories + file: + path: "{{ item }}" + state: directory + with_items: + - /var/log/containers/openvswitch + - /var/lib/openvswitch/ovn + upgrade_tasks: + - name: Stop and disable ovn-northd service + tags: step2 + service: name=ovn-northd state=stopped enabled=no |