summaryrefslogtreecommitdiffstats
path: root/docker
diff options
context:
space:
mode:
Diffstat (limited to 'docker')
-rw-r--r--docker/README-containers.md59
-rw-r--r--docker/deploy-steps-playbook.yaml6
-rwxr-xr-xdocker/docker-puppet.py2
-rw-r--r--docker/docker-steps.j262
-rw-r--r--docker/firstboot/setup_docker_host.yaml16
-rw-r--r--docker/services/ceilometer-agent-central.yaml6
-rw-r--r--docker/services/cinder-api.yaml26
-rw-r--r--docker/services/cinder-backup.yaml20
-rw-r--r--docker/services/cinder-volume.yaml20
-rw-r--r--docker/services/glance-api.yaml9
-rw-r--r--docker/services/gnocchi-metricd.yaml9
-rw-r--r--docker/services/haproxy.yaml2
-rw-r--r--docker/services/heat-api-cfn.yaml21
-rw-r--r--docker/services/heat-api.yaml46
-rw-r--r--docker/services/iscsid.yaml35
-rw-r--r--docker/services/keystone.yaml26
-rw-r--r--docker/services/manila-share.yaml27
-rw-r--r--docker/services/mistral-executor.yaml12
-rw-r--r--docker/services/multipathd.yaml7
-rw-r--r--docker/services/neutron-api.yaml10
-rw-r--r--docker/services/neutron-dhcp.yaml18
-rw-r--r--docker/services/neutron-l3.yaml8
-rw-r--r--docker/services/neutron-metadata.yaml18
-rw-r--r--docker/services/nova-api.yaml24
-rw-r--r--docker/services/nova-compute.yaml30
-rw-r--r--docker/services/nova-ironic.yaml6
-rw-r--r--docker/services/nova-libvirt.yaml31
-rw-r--r--docker/services/nova-migration-target.yaml124
-rw-r--r--docker/services/opendaylight-api.yaml23
-rw-r--r--docker/services/pacemaker/cinder-backup.yaml25
-rw-r--r--docker/services/pacemaker/cinder-volume.yaml28
-rw-r--r--docker/services/pacemaker/database/mysql.yaml36
-rw-r--r--docker/services/pacemaker/database/redis.yaml33
-rw-r--r--docker/services/pacemaker/haproxy.yaml22
-rw-r--r--docker/services/pacemaker/rabbitmq.yaml33
-rw-r--r--docker/services/swift-storage.yaml1
-rw-r--r--docker/services/zaqar.yaml98
37 files changed, 717 insertions, 262 deletions
diff --git a/docker/README-containers.md b/docker/README-containers.md
index 5a9f6f3c..376af3ec 100644
--- a/docker/README-containers.md
+++ b/docker/README-containers.md
@@ -1,58 +1,3 @@
-# Using Docker Containers With TripleO
+# Containers based OpenStack deployment
-## Configuring TripleO with to use a container based compute node.
-
-Steps include:
-- Adding a base OS image to glance
-- Deploy an overcloud configured to use the docker compute heat templates
-
-## Getting base OS image working.
-
-Download the fedora atomic image into glance:
-
-```
-wget https://download.fedoraproject.org/pub/fedora/linux/releases/22/Cloud/x86_64/Images/Fedora-Cloud-Atomic-22-20150521.x86_64.qcow2
-glance image-create --name atomic-image --file Fedora-Cloud-Atomic-22-20150521.x86_64.qcow2 --disk-format qcow2 --container-format bare
-```
-
-## Configuring TripleO
-
-You can use the tripleo.sh script up until the point of running the Overcloud.
-https://github.com/openstack/tripleo-common/blob/master/scripts/tripleo.sh
-
-You will want to set up the runtime puppet script delivery system described here:
-http://hardysteven.blogspot.ca/2016/08/tripleo-deploy-artifacts-and-puppet.html
-
-Create the Overcloud:
-```
-$ openstack overcloud deploy --templates=tripleo-heat-templates -e tripleo-heat-templates/environments/docker.yaml -e tripleo-heat-templates/environments/docker-network.yaml --libvirt-type=qemu
-```
-
-Using Network Isolation in the Overcloud:
-```
-$ openstack overcloud deploy --templates=tripleo-heat-templates -e tripleo-heat-templates/environments/docker.yaml -e tripleo-heat-templates/environments/docker-network-isolation.yaml --libvirt-type=qemu
-```
-
-Source the overcloudrc and then you can use the overcloud.
-
-## Debugging
-
-You can ssh into the controller/compute nodes by using the heat key, eg:
-```
-nova list
-ssh heat-admin@<compute_node_ip>
-```
-
-You can check to see what docker containers are running:
-```
-sudo docker ps -a
-```
-
-To enter a container that doesn't seem to be working right:
-```
-sudo docker exec -ti <container name> /bin/bash
-```
-
-Then you can check logs etc.
-
-You can also just do a 'docker logs' on a given container.
+https://docs.openstack.org/tripleo-docs/latest/install/containers_deployment/
diff --git a/docker/deploy-steps-playbook.yaml b/docker/deploy-steps-playbook.yaml
index 446c73a6..cd7d5b55 100644
--- a/docker/deploy-steps-playbook.yaml
+++ b/docker/deploy-steps-playbook.yaml
@@ -64,6 +64,10 @@
########################################################
# Bootstrap tasks, only performed on bootstrap_server_id
########################################################
+ - name: Check if /var/lib/docker-puppet/docker-puppet-tasks{{step}}.json exists
+ stat:
+ path: /var/lib/docker-puppet/docker-puppet-tasks{{step}}.json
+ register: docker_puppet_tasks_json
- name: Run docker-puppet tasks (bootstrap tasks)
shell: python /var/lib/docker-puppet/docker-puppet.py
environment:
@@ -71,7 +75,7 @@
NET_HOST: "true"
NO_ARCHIVE: "true"
STEP: "{{step}}"
- when: deploy_server_id == bootstrap_server_id
+ when: deploy_server_id == bootstrap_server_id and docker_puppet_tasks_json.stat.exists
changed_when: false
check_mode: no
register: outputs
diff --git a/docker/docker-puppet.py b/docker/docker-puppet.py
index 9780054b..36c63887 100755
--- a/docker/docker-puppet.py
+++ b/docker/docker-puppet.py
@@ -215,7 +215,7 @@ def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volume
# Disables archiving
if [ -z "$NO_ARCHIVE" ]; then
- archivedirs=("/etc" "/root" "/opt" "/var/lib/ironic/tftpboot" "/var/lib/ironic/httpboot" "/var/www" "/var/spool/cron")
+ archivedirs=("/etc" "/root" "/opt" "/var/lib/ironic/tftpboot" "/var/lib/ironic/httpboot" "/var/www" "/var/spool/cron" "/var/lib/nova/.ssh")
rsync_srcs=""
for d in "${archivedirs[@]}"; do
if [ -d "$d" ]; then
diff --git a/docker/docker-steps.j2 b/docker/docker-steps.j2
index 4b0c8789..05ff7945 100644
--- a/docker/docker-steps.j2
+++ b/docker/docker-steps.j2
@@ -60,23 +60,6 @@ conditions:
resources:
- # These utility tasks use docker-puppet.py to execute tasks via puppet
- # We only execute these on the first node in the primary role
- {{primary_role_name}}DockerPuppetTasks:
- type: OS::Heat::Value
- properties:
- type: json
- value:
- yaql:
- expression:
- $.data.default_tasks + dict($.data.docker_puppet_tasks.where($1 != null).selectMany($.items()).groupBy($[0], $[1]))
- data:
- docker_puppet_tasks: {get_param: [role_data, {{primary_role_name}}, docker_puppet_tasks]}
- default_tasks:
-{%- for step in range(1, deploy_steps_max) %}
- step_{{step}}: {}
-{%- endfor %}
-
RoleConfig:
type: OS::Heat::SoftwareConfig
properties:
@@ -133,6 +116,7 @@ resources:
{%- for r in roles %}
{{r.name}}: {get_param: [role_data, {{r.name}}, merged_config_settings]}
{%- endfor %}
+ evaluate_env: false
UPDATE:
workflow: { get_resource: WorkflowTasks_Step{{step}} }
params:
@@ -142,6 +126,7 @@ resources:
{%- for r in roles %}
{{r.name}}: {get_param: [role_data, {{r.name}}, merged_config_settings]}
{%- endfor %}
+ evaluate_env: false
always_update: true
# END service_workflow_tasks handling
{% endfor %}
@@ -175,11 +160,11 @@ resources:
vars:
puppet_config: {get_param: [role_data, {{role.name}}, puppet_config]}
docker_puppet_script: {get_file: docker-puppet.py}
- docker_puppet_tasks: {get_attr: [{{primary_role_name}}DockerPuppetTasks, value]}
- docker_startup_configs: {get_attr: [{{role.name}}DockerConfig, value]}
+ docker_puppet_tasks: {get_param: [role_data, {{role.name}}, docker_puppet_tasks]}
+ docker_startup_configs: {get_param: [role_data, {{role.name}}, docker_config]}
kolla_config: {get_param: [role_data, {{role.name}}, kolla_config]}
bootstrap_server_id: {get_param: [servers, {{primary_role_name}}, '0']}
- puppet_step_config: {get_attr: [{{role.name}}PuppetStepConfig, value]}
+ puppet_step_config: {get_param: [role_data, {{role.name}}, step_config]}
tasks:
# Join host_prep_tasks with the other per-host configuration
yaql:
@@ -193,10 +178,9 @@ resources:
file: path=/var/lib/tripleo-config state=directory
- name: Write the puppet step_config manifest
copy: content="{{puppet_step_config}}" dest=/var/lib/tripleo-config/puppet_step_config.pp force=yes
- # This is the docker-puppet configs end in
+ # this creates a JSON config file for our docker-puppet.py script
- name: Create /var/lib/docker-puppet
file: path=/var/lib/docker-puppet state=directory
- # this creates a JSON config file for our docker-puppet.py script
- name: Write docker-puppet-tasks json files
copy: content="{{puppet_config | to_json}}" dest=/var/lib/docker-puppet/docker-puppet.json force=yes
# FIXME: can we move docker-puppet somewhere so it's installed via a package?
@@ -220,6 +204,13 @@ resources:
########################################################
# Bootstrap tasks, only performed on bootstrap_server_id
########################################################
+ - name: Clean /var/lib/docker-puppet/docker-puppet-tasks*.json files
+ file:
+ path: "{{item}}"
+ state: absent
+ with_fileglob:
+ - /var/lib/docker-puppet/docker-puppet-tasks*.json
+ when: deploy_server_id == bootstrap_server_id
- name: Write docker-puppet-tasks json files
copy: content="{{item.value|to_json}}" dest=/var/lib/docker-puppet/docker-puppet-tasks{{item.key.replace("step_", "")}}.json force=yes
with_dict: "{{docker_puppet_tasks}}"
@@ -232,33 +223,6 @@ resources:
servers: {get_param: [servers, {{role.name}}]}
config: {get_resource: {{role.name}}HostPrepConfig}
- {{role.name}}PuppetStepConfig:
- type: OS::Heat::Value
- properties:
- type: string
- value:
- yaql:
- expression:
- # select 'step_config' only from services that do not have a docker_config
- $.data.service_names.zip($.data.step_config, $.data.docker_config).where($[2] = null).where($[1] != null).select($[1]).join("\n")
- data:
- service_names: {get_param: [role_data, {{role.name}}, service_names]}
- step_config: {get_param: [role_data, {{role.name}}, step_config]}
- docker_config: {get_param: [role_data, {{role.name}}, docker_config]}
-
- {{role.name}}DockerConfig:
- type: OS::Heat::Value
- properties:
- type: json
- value:
- yaql:
- expression:
- # select 'docker_config' only from services that have it
- $.data.service_names.zip($.data.docker_config).where($[1] != null).select($[1]).reduce($1.mergeWith($2), {})
- data:
- service_names: {get_param: [role_data, {{role.name}}, service_names]}
- docker_config: {get_param: [role_data, {{role.name}}, docker_config]}
-
# BEGIN CONFIG STEPS
{{role.name}}PreConfig:
diff --git a/docker/firstboot/setup_docker_host.yaml b/docker/firstboot/setup_docker_host.yaml
index 41b036da..ddfa8802 100644
--- a/docker/firstboot/setup_docker_host.yaml
+++ b/docker/firstboot/setup_docker_host.yaml
@@ -1,14 +1,5 @@
heat_template_version: pike
-parameters:
- DockerNamespace:
- type: string
- default: tripleoupstream
- description: namespace
- DockerNamespaceIsRegistry:
- type: boolean
- default: false
-
resources:
userdata:
@@ -21,12 +12,7 @@ resources:
type: OS::Heat::SoftwareConfig
properties:
group: script
- config:
- str_replace:
- params:
- $docker_registry: {get_param: DockerNamespace}
- $docker_namespace_is_registry: {get_param: DockerNamespaceIsRegistry}
- template: {get_file: ./setup_docker_host.sh}
+ config: {get_file: ./setup_docker_host.sh}
outputs:
OS::stack_id:
diff --git a/docker/services/ceilometer-agent-central.yaml b/docker/services/ceilometer-agent-central.yaml
index f8ba4eea..6caffd15 100644
--- a/docker/services/ceilometer-agent-central.yaml
+++ b/docker/services/ceilometer-agent-central.yaml
@@ -105,13 +105,17 @@ outputs:
net: host
detach: false
privileged: false
+ user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro
- /var/log/containers/ceilometer:/var/log/ceilometer
- command: ["/usr/bin/ceilometer-upgrade", "--skip-metering-database"]
+ command:
+ - '/usr/bin/bootstrap_host_exec'
+ - 'ceilometer_agent_central'
+ - "su ceilometer -s /bin/bash -c '/usr/bin/ceilometer-upgrade --skip-metering-database'"
upgrade_tasks:
- name: Stop and disable ceilometer agent central service
tags: step2
diff --git a/docker/services/cinder-api.yaml b/docker/services/cinder-api.yaml
index 0cd1dd7b..7804fdb2 100644
--- a/docker/services/cinder-api.yaml
+++ b/docker/services/cinder-api.yaml
@@ -86,6 +86,17 @@ outputs:
- path: /var/log/cinder
owner: cinder:cinder
recurse: true
+ /var/lib/kolla/config_files/cinder_api_cron.json:
+ command: /usr/sbin/crond -n
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
+ permissions:
+ - path: /var/log/cinder
+ owner: cinder:cinder
+ recurse: true
docker_config:
step_2:
cinder_api_init_logs:
@@ -140,6 +151,21 @@ outputs:
- ''
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ cinder_api_cron:
+ image: *cinder_api_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/cinder_api_cron.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro
+ - /var/log/containers/cinder:/var/log/cinder
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+
host_prep_tasks:
- name: create persistent logs directory
file:
diff --git a/docker/services/cinder-backup.yaml b/docker/services/cinder-backup.yaml
index 46dbea1d..de637f3b 100644
--- a/docker/services/cinder-backup.yaml
+++ b/docker/services/cinder-backup.yaml
@@ -72,15 +72,15 @@ outputs:
/var/lib/kolla/config_files/cinder_backup.json:
command: /usr/bin/cinder-backup --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf
config_files:
- # NOTE(mandre): the copy of ceph conf will need to go once we
- # generate a ceph.conf for cinder in puppet
- # Copy ceph config files before cinder ones as a precaution, for
- # the later one to take precendence in case of duplicate files.
- - source: "/var/lib/kolla/config_files/src-ceph/*"
+ - source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
- - source: "/var/lib/kolla/config_files/src/*"
+ - source: "/var/lib/kolla/config_files/src-ceph/"
+ dest: "/etc/ceph/"
+ merge: true
+ preserve_properties: true
+ - source: "/var/lib/kolla/config_files/src-iscsid/*"
dest: "/"
merge: true
preserve_properties: true
@@ -113,13 +113,13 @@ outputs:
-
- /var/lib/kolla/config_files/cinder_backup.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro
- # FIXME: we need to generate a ceph.conf with puppet for this
+ - /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro
- /var/lib/config-data/puppet-generated/ceph/:/var/lib/kolla/config_files/src-ceph:ro
+ - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
- /dev/:/dev/
- /run/:/run/
- /sys:/sys
- /lib/modules:/lib/modules:ro
- - /etc/iscsi:/etc/iscsi
- /var/lib/cinder:/var/lib/cinder
- /var/log/containers/cinder:/var/log/cinder
environment:
@@ -132,6 +132,10 @@ outputs:
with_items:
- /var/lib/cinder
- /var/log/containers/cinder
+ - name: ensure ceph configurations exist
+ file:
+ path: /etc/ceph
+ state: directory
upgrade_tasks:
- name: Stop and disable cinder_backup service
tags: step2
diff --git a/docker/services/cinder-volume.yaml b/docker/services/cinder-volume.yaml
index 2ecc7adc..ce81fbf8 100644
--- a/docker/services/cinder-volume.yaml
+++ b/docker/services/cinder-volume.yaml
@@ -86,15 +86,15 @@ outputs:
/var/lib/kolla/config_files/cinder_volume.json:
command: /usr/bin/cinder-volume --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf
config_files:
- # NOTE(mandre): the copy of ceph conf will need to go once we
- # generate a ceph.conf for cinder in puppet
- # Copy ceph config files before cinder ones as a precaution, for
- # the later one to take precendence in case of duplicate files.
- - source: "/var/lib/kolla/config_files/src-ceph/*"
+ - source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
- - source: "/var/lib/kolla/config_files/src/*"
+ - source: "/var/lib/kolla/config_files/src-ceph/"
+ dest: "/etc/ceph/"
+ merge: true
+ preserve_properties: true
+ - source: "/var/lib/kolla/config_files/src-iscsid/*"
dest: "/"
merge: true
preserve_properties: true
@@ -124,13 +124,13 @@ outputs:
-
- /var/lib/kolla/config_files/cinder_volume.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro
- # FIXME: we need to generate a ceph.conf with puppet for this
+ - /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro
- /var/lib/config-data/puppet-generated/ceph/:/var/lib/kolla/config_files/src-ceph:ro
+ - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
- /lib/modules:/lib/modules:ro
- /dev/:/dev/
- /run/:/run/
- /sys:/sys
- - /etc/iscsi:/etc/iscsi
- /var/lib/cinder:/var/lib/cinder
- /var/log/containers/cinder:/var/log/cinder
environment:
@@ -143,6 +143,10 @@ outputs:
with_items:
- /var/log/containers/cinder
- /var/lib/cinder
+ - name: ensure ceph configurations exist
+ file:
+ path: /etc/ceph
+ state: directory
- name: cinder_enable_iscsi_backend fact
set_fact:
cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend}
diff --git a/docker/services/glance-api.yaml b/docker/services/glance-api.yaml
index d88c64b5..f4c724b0 100644
--- a/docker/services/glance-api.yaml
+++ b/docker/services/glance-api.yaml
@@ -86,6 +86,10 @@ outputs:
dest: "/"
merge: true
preserve_properties: true
+ - source: "/var/lib/kolla/config_files/src-ceph/"
+ dest: "/etc/ceph/"
+ merge: true
+ preserve_properties: true
/var/lib/kolla/config_files/glance_api_tls_proxy.json:
command: /usr/sbin/httpd -DFOREGROUND
config_files:
@@ -117,6 +121,7 @@ outputs:
- /var/lib/kolla/config_files/glance_api.json:/var/lib/kolla/config_files/config.json
- /var/lib/config-data/puppet-generated/glance_api/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/glance:/var/log/glance
+ - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
environment:
- KOLLA_BOOTSTRAP=True
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
@@ -156,6 +161,10 @@ outputs:
file:
path: /var/log/containers/glance
state: directory
+ - name: ensure ceph configurations exist
+ file:
+ path: /etc/ceph
+ state: directory
upgrade_tasks:
- name: Stop and disable glance_api service
tags: step2
diff --git a/docker/services/gnocchi-metricd.yaml b/docker/services/gnocchi-metricd.yaml
index 1a0a1ddb..6778543b 100644
--- a/docker/services/gnocchi-metricd.yaml
+++ b/docker/services/gnocchi-metricd.yaml
@@ -75,6 +75,10 @@ outputs:
dest: "/"
merge: true
preserve_properties: true
+ - source: "/var/lib/kolla/config_files/src-ceph/"
+ dest: "/etc/ceph/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/gnocchi
owner: gnocchi:gnocchi
@@ -93,6 +97,7 @@ outputs:
- /var/lib/kolla/config_files/gnocchi_metricd.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/gnocchi/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/gnocchi:/var/log/gnocchi
+ - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
@@ -100,6 +105,10 @@ outputs:
file:
path: /var/log/containers/gnocchi
state: directory
+ - name: ensure ceph configurations exist
+ file:
+ path: /etc/ceph
+ state: directory
upgrade_tasks:
- name: Stop and disable openstack-gnocchi-metricd service
tags: step2
diff --git a/docker/services/haproxy.yaml b/docker/services/haproxy.yaml
index 21baf5c6..f080dcb2 100644
--- a/docker/services/haproxy.yaml
+++ b/docker/services/haproxy.yaml
@@ -46,7 +46,7 @@ parameters:
The filepath of the certificate as it will be stored in the controller.
type: string
RedisPassword:
- description: The password for Redis
+ description: The password for the redis service account.
type: string
hidden: true
MonitoringSubscriptionHaproxy:
diff --git a/docker/services/heat-api-cfn.yaml b/docker/services/heat-api-cfn.yaml
index aff0f1a1..70612899 100644
--- a/docker/services/heat-api-cfn.yaml
+++ b/docker/services/heat-api-cfn.yaml
@@ -125,8 +125,25 @@ outputs:
path: /var/log/containers/heat
state: directory
upgrade_tasks:
- - name: Stop and disable heat_api_cfn service
+ - name: Check if heat_api_cfn is deployed
+ command: systemctl is-enabled openstack-heat-api-cfn
+ tags: common
+ ignore_errors: True
+ register: heat_api_cfn_enabled
+ - name: check for heat_api_cfn running under apache (post upgrade)
tags: step2
- service: name=httpd state=stopped enabled=no
+ shell: "httpd -t -D DUMP_VHOSTS | grep -q heat_api_cfn_wsgi"
+ register: heat_api_cfn_apache
+ ignore_errors: true
+ changed_when: false
+ check_mode: no
+ - name: Stop heat_api_cfn service (running under httpd)
+ tags: step2
+ service: name=httpd state=stopped
+ when: heat_api_cfn_apache.rc == 0
+ - name: Stop and disable heat_api_cfn service (pre-upgrade not under httpd)
+ tags: step2
+ service: name=openstack-heat-api-cfn state=stopped enabled=no
+ when: heat_api_cfn_enabled.rc == 0
metadata_settings:
get_attr: [HeatBase, role_data, metadata_settings]
diff --git a/docker/services/heat-api.yaml b/docker/services/heat-api.yaml
index d09230fe..0bc331ca 100644
--- a/docker/services/heat-api.yaml
+++ b/docker/services/heat-api.yaml
@@ -90,6 +90,17 @@ outputs:
- path: /var/log/heat
owner: heat:heat
recurse: true
+ /var/lib/kolla/config_files/heat_api_cron.json:
+ command: /usr/sbin/crond -n
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
+ permissions:
+ - path: /var/log/heat
+ owner: heat:heat
+ recurse: true
docker_config:
step_4:
heat_api:
@@ -119,14 +130,45 @@ outputs:
- ''
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ heat_api_cron:
+ image: {get_param: DockerHeatApiImage}
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/heat_api_cron.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/puppet-generated/heat_api/:/var/lib/kolla/config_files/src:ro
+ - /var/log/containers/heat:/var/log/heat
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent logs directory
file:
path: /var/log/containers/heat
state: directory
upgrade_tasks:
- - name: Stop and disable heat_api service
+ - name: Check is heat_api is deployed
+ command: systemctl is-enabled openstack-heat-api
+ tags: common
+ ignore_errors: True
+ register: heat_api_enabled
+ - name: check for heat_api running under apache (post upgrade)
+ tags: step2
+ shell: "httpd -t -D DUMP_VHOSTS | grep -q heat_api_wsgi"
+ register: heat_api_apache
+ ignore_errors: true
+ changed_when: false
+ check_mode: no
+ - name: Stop heat_api service (running under httpd)
+ tags: step2
+ service: name=httpd state=stopped
+ when: heat_api_apache.rc == 0
+ - name: Stop and disable heat_api service (pre-upgrade not under httpd)
tags: step2
- service: name=httpd state=stopped enabled=no
+ service: name=openstack-heat-api state=stopped enabled=no
+ when: heat_api_enabled.rc == 0
metadata_settings:
get_attr: [HeatBase, role_data, metadata_settings]
diff --git a/docker/services/iscsid.yaml b/docker/services/iscsid.yaml
index b39b72e2..f6b348c7 100644
--- a/docker/services/iscsid.yaml
+++ b/docker/services/iscsid.yaml
@@ -42,23 +42,38 @@ resources:
ContainersCommon:
type: ./containers-common.yaml
+ IscsidBase:
+ type: ../../puppet/services/iscsid.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
outputs:
role_data:
- description: Role data for the Iscsid API role.
+ description: Role data for the Iscsid role.
value:
- service_name: iscsid
- config_settings: {}
- step_config: ''
- service_config_settings: {}
+ service_name: {get_attr: [IscsidBase, role_data, service_name]}
+ config_settings: {get_attr: [IscsidBase, role_data, config_settings]}
+ step_config: &step_config
+ {get_attr: [IscsidBase, role_data, step_config]}
+ service_config_settings: {get_attr: [IscsidBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: iscsid
- #puppet_tags: file
- step_config: ''
+ puppet_tags: iscsid_config
+ step_config: *step_config
config_image: {get_param: DockerIscsidConfigImage}
kolla_config:
/var/lib/kolla/config_files/iscsid.json:
command: /usr/sbin/iscsid -f
+ config_files:
+ - source: "/var/lib/kolla/config_files/src-iscsid/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
docker_config:
step_3:
iscsid:
@@ -76,14 +91,10 @@ outputs:
- /run/:/run/
- /sys:/sys
- /lib/modules:/lib/modules:ro
- - /etc/iscsi:/etc/iscsi
+ - /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- - name: create /etc/iscsi
- file:
- path: /etc/iscsi
- state: directory
- name: stat /lib/systemd/system/iscsid.socket
stat: path=/lib/systemd/system/iscsid.socket
register: stat_iscsid_socket
diff --git a/docker/services/keystone.yaml b/docker/services/keystone.yaml
index da04682e..7ecfc329 100644
--- a/docker/services/keystone.yaml
+++ b/docker/services/keystone.yaml
@@ -98,6 +98,17 @@ outputs:
dest: "/"
merge: true
preserve_properties: true
+ /var/lib/kolla/config_files/keystone_cron.json:
+ command: /usr/sbin/cron -n
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
+ permissions:
+ - path: /var/log/keystone
+ owner: keystone:keystone
+ recurse: true
docker_config:
# Kolla_bootstrap/db sync runs before permissions set by kolla_config
step_2:
@@ -150,6 +161,21 @@ outputs:
user: root
command:
[ 'keystone', '/usr/bin/bootstrap_host_exec', 'keystone' ,'keystone-manage', 'bootstrap', '--bootstrap-password', {get_param: AdminPassword} ]
+ keystone_cron:
+ start_order: 4
+ image: *keystone_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/keystone_cron.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/puppet-generated/keystone/:/var/lib/kolla/config_files/src:ro
+ - /var/log/containers/keystone:/var/log/keystone
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
docker_puppet_tasks:
# Keystone endpoint creation occurs only on single node
step_3:
diff --git a/docker/services/manila-share.yaml b/docker/services/manila-share.yaml
index 9733b6f9..b4278155 100644
--- a/docker/services/manila-share.yaml
+++ b/docker/services/manila-share.yaml
@@ -4,17 +4,11 @@ description: >
OpenStack containerized Manila Share service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerManilaShareImage:
description: image
- default: 'centos-binary-manila-share:latest'
type: string
DockerManilaConfigImage:
description: image
- default: 'centos-binary-manila-base:latest'
type: string
EndpointMap:
default: {}
@@ -72,10 +66,7 @@ outputs:
config_volume: manila
puppet_tags: manila_config
step_config: *step_config
- config_image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerManilaConfigImage} ]
+ config_image: {get_param: DockerManilaConfigImage}
kolla_config:
/var/lib/kolla/config_files/manila_share.json:
command: /usr/bin/manila-share --config-file /usr/share/manila/manila-dist.conf --config-file /etc/manila/manila.conf
@@ -84,9 +75,8 @@ outputs:
dest: "/"
merge: true
preserve_properties: true
- # NOTE(gfidente): ceph-ansible generated
- - source: "/var/lib/kolla/config_files/src-ceph/*"
- dest: "/etc/ceph"
+ - source: "/var/lib/kolla/config_files/src-ceph/"
+ dest: "/etc/ceph/"
merge: true
preserve_properties: true
permissions:
@@ -96,10 +86,7 @@ outputs:
docker_config:
step_4:
manila_share:
- image: &manila_share_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerManilaShareImage} ]
+ image: &manila_share_image {get_param: DockerManilaShareImage}
net: host
restart: always
volumes:
@@ -109,7 +96,7 @@ outputs:
- /var/lib/kolla/config_files/manila_share.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/manila/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/manila:/var/log/manila
- - /etc/ceph/:/var/lib/kolla/config_files/src-ceph:ro
+ - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
@@ -117,6 +104,10 @@ outputs:
file:
path: /var/log/containers/manila
state: directory
+ - name: ensure ceph configurations exist
+ file:
+ path: /etc/ceph
+ state: directory
upgrade_tasks:
- name: Stop and disable manila_share service
tags: step2
diff --git a/docker/services/mistral-executor.yaml b/docker/services/mistral-executor.yaml
index 3346a049..ea54c574 100644
--- a/docker/services/mistral-executor.yaml
+++ b/docker/services/mistral-executor.yaml
@@ -109,6 +109,18 @@ outputs:
path: /var/log/containers/mistral
state: directory
upgrade_tasks:
+ - name: Check if mistral executor is deployed
+ command: systemctl is-enabled openstack-mistral-executor
+ tags: common
+ ignore_errors: True
+ register: mistral_executor_enabled
+ - name: "PreUpgrade step0,validation: Check if openstack-mistral-executor is running"
+ shell: >
+ /usr/bin/systemctl show 'openstack-mistral-executor' --property ActiveState |
+ grep '\bactive\b'
+ when: mistral_executor_enabled.rc == 0
+ tags: step0,validation
- name: Stop and disable mistral_executor service
tags: step2
+ when: mistral_executor_enabled.rc == 0
service: name=openstack-mistral-executor state=stopped enabled=no
diff --git a/docker/services/multipathd.yaml b/docker/services/multipathd.yaml
index 51b93029..a0c02f30 100644
--- a/docker/services/multipathd.yaml
+++ b/docker/services/multipathd.yaml
@@ -59,6 +59,11 @@ outputs:
kolla_config:
/var/lib/kolla/config_files/multipathd.json:
command: /usr/sbin/multipathd -d
+ config_files:
+ - source: "/var/lib/kolla/config_files/src-iscsid/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
docker_config:
step_3:
multipathd:
@@ -72,11 +77,11 @@ outputs:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/multipathd.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro
- /dev/:/dev/
- /run/:/run/
- /sys:/sys
- /lib/modules:/lib/modules:ro
- - /etc/iscsi:/etc/iscsi
- /var/lib/cinder:/var/lib/cinder
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/neutron-api.yaml b/docker/services/neutron-api.yaml
index 547deaf0..a9125c8c 100644
--- a/docker/services/neutron-api.yaml
+++ b/docker/services/neutron-api.yaml
@@ -163,8 +163,18 @@ outputs:
path: /var/log/containers/neutron
state: directory
upgrade_tasks:
+ - name: Check if neutron_server is deployed
+ command: systemctl is-enabled neutron-server
+ tags: common
+ ignore_errors: True
+ register: neutron_server_enabled
+ - name: "PreUpgrade step0,validation: Check service neutron-server is running"
+ shell: /usr/bin/systemctl show 'neutron-server' --property ActiveState | grep '\bactive\b'
+ when: neutron_server_enabled.rc == 0
+ tags: step0,validation
- name: Stop and disable neutron_api service
tags: step2
+ when: neutron_server_enabled.rc == 0
service: name=neutron-server state=stopped enabled=no
metadata_settings:
get_attr: [NeutronBase, role_data, metadata_settings]
diff --git a/docker/services/neutron-dhcp.yaml b/docker/services/neutron-dhcp.yaml
index c7444070..4b75d542 100644
--- a/docker/services/neutron-dhcp.yaml
+++ b/docker/services/neutron-dhcp.yaml
@@ -81,6 +81,9 @@ outputs:
- path: /var/log/neutron
owner: neutron:neutron
recurse: true
+ - path: /var/lib/neutron
+ owner: neutron:neutron
+ recurse: true
docker_config:
step_4:
neutron_dhcp:
@@ -97,15 +100,30 @@ outputs:
- /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro
- /lib/modules:/lib/modules:ro
- /run/:/run
+ - /var/lib/neutron:/var/lib/neutron
- /var/log/containers/neutron:/var/log/neutron
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
+ - name: create /var/lib/neutron
+ file:
+ path: /var/lib/neutron
+ state: directory
- name: create persistent logs directory
file:
path: /var/log/containers/neutron
state: directory
upgrade_tasks:
+ - name: Check if neutron_dhcp_agent is deployed
+ command: systemctl is-enabled neutron-dhcp-agent
+ tags: common
+ ignore_errors: True
+ register: neutron_dhcp_agent_enabled
+ - name: "PreUpgrade step0,validation: Check service neutron-dhcp-agent is running"
+ shell: /usr/bin/systemctl show 'neutron-dhcp-agent' --property ActiveState | grep '\bactive\b'
+ when: neutron_dhcp_agent_enabled.rc == 0
+ tags: step0,validation
- name: Stop and disable neutron_dhcp service
tags: step2
+ when: neutron_dhcp_agent_enabled.rc == 0
service: name=neutron-dhcp-agent state=stopped enabled=no
diff --git a/docker/services/neutron-l3.yaml b/docker/services/neutron-l3.yaml
index c3a4d27f..06470c05 100644
--- a/docker/services/neutron-l3.yaml
+++ b/docker/services/neutron-l3.yaml
@@ -77,6 +77,9 @@ outputs:
- path: /var/log/neutron
owner: neutron:neutron
recurse: true
+ - path: /var/lib/neutron
+ owner: neutron:neutron
+ recurse: true
docker_config:
step_4:
neutron_l3_agent:
@@ -93,10 +96,15 @@ outputs:
- /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro
- /lib/modules:/lib/modules:ro
- /run:/run
+ - /var/lib/neutron:/var/lib/neutron
- /var/log/containers/neutron:/var/log/neutron
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
+ - name: create /var/lib/neutron
+ file:
+ path: /var/lib/neutron
+ state: directory
- name: create persistent logs directory
file:
path: /var/log/containers/neutron
diff --git a/docker/services/neutron-metadata.yaml b/docker/services/neutron-metadata.yaml
index f030faef..a5a7c34b 100644
--- a/docker/services/neutron-metadata.yaml
+++ b/docker/services/neutron-metadata.yaml
@@ -77,6 +77,9 @@ outputs:
- path: /var/log/neutron
owner: neutron:neutron
recurse: true
+ - path: /var/lib/neutron
+ owner: neutron:neutron
+ recurse: true
docker_config:
step_4:
neutron_metadata_agent:
@@ -93,15 +96,30 @@ outputs:
- /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro
- /lib/modules:/lib/modules:ro
- /run:/run
+ - /var/lib/neutron:/var/lib/neutron
- /var/log/containers/neutron:/var/log/neutron
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
+ - name: create /var/lib/neutron
+ file:
+ path: /var/lib/neutron
+ state: directory
- name: create persistent logs directory
file:
path: /var/log/containers/neutron
state: directory
upgrade_tasks:
+ - name: Check if neutron_metadata_agent is deployed
+ command: systemctl is-enabled neutron-metadata-agent
+ tags: common
+ ignore_errors: True
+ register: neutron_metadata_agent_enabled
+ - name: "PreUpgrade step0,validation: Check service neutron-metadata-agent is running"
+ shell: /usr/bin/systemctl show 'neutron-metadata-agent' --property ActiveState | grep '\bactive\b'
+ when: neutron_metadata_agent_enabled.rc == 0
+ tags: step0,validation
- name: Stop and disable neutron_metadata service
tags: step2
+ when: neutron_metadata_agent_enabled.rc == 0
service: name=neutron-metadata-agent state=stopped enabled=no
diff --git a/docker/services/nova-api.yaml b/docker/services/nova-api.yaml
index 1d73a538..4bec8035 100644
--- a/docker/services/nova-api.yaml
+++ b/docker/services/nova-api.yaml
@@ -88,6 +88,17 @@ outputs:
- path: /var/log/nova
owner: nova:nova
recurse: true
+ /var/lib/kolla/config_files/nova_api_cron.json:
+ command: /usr/sbin/crond -n
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
+ permissions:
+ - path: /var/log/nova
+ owner: nova:nova
+ recurse: true
docker_config:
# db sync runs before permissions set by kolla_config
step_2:
@@ -151,7 +162,7 @@ outputs:
user: nova
privileged: true
restart: always
- volumes: &nova_api_volumes
+ volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
@@ -164,12 +175,17 @@ outputs:
image: *nova_api_image
net: host
user: root
- privileged: true
+ privileged: false
restart: always
- volumes: *nova_api_volumes
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/nova_api_cron.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro
+ - /var/log/containers/nova:/var/log/nova
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
- command: "/usr/sbin/crond -n"
step_5:
nova_api_discover_hosts:
start_order: 1
diff --git a/docker/services/nova-compute.yaml b/docker/services/nova-compute.yaml
index d8e76925..6b8ebace 100644
--- a/docker/services/nova-compute.yaml
+++ b/docker/services/nova-compute.yaml
@@ -36,6 +36,11 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ DockerNovaMigrationSshdPort:
+ default: 2022
+ description: Port that dockerized nova migration target sshd service
+ binds to.
+ type: number
resources:
@@ -51,6 +56,7 @@ resources:
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
+ MigrationSshPort: {get_param: DockerNovaMigrationSshdPort}
outputs:
role_data:
@@ -58,14 +64,7 @@ outputs:
value:
service_name: {get_attr: [NovaComputeBase, role_data, service_name]}
config_settings:
- map_merge:
- - get_attr: [NovaComputeBase, role_data, config_settings]
- # FIXME: we need to disable migration for now as the
- # hieradata is common for all services, and this means nova
- # and nova_placement puppet runs also try to configure
- # libvirt, and they fail. We can remove this override when
- # we have hieradata separation between containers.
- - tripleo::profile::base::nova::manage_migration: false
+ get_attr: [NovaComputeBase, role_data, config_settings]
step_config: &step_config
get_attr: [NovaComputeBase, role_data, step_config]
puppet_config:
@@ -81,6 +80,14 @@ outputs:
dest: "/"
merge: true
preserve_properties: true
+ - source: "/var/lib/kolla/config_files/src-iscsid/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
+ - source: "/var/lib/kolla/config_files/src-ceph/"
+ dest: "/etc/ceph/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/nova
owner: nova:nova
@@ -103,8 +110,9 @@ outputs:
-
- /var/lib/kolla/config_files/nova_compute.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/nova_libvirt/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro
+ - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
- /dev:/dev
- - /etc/iscsi:/etc/iscsi
- /lib/modules:/lib/modules:ro
- /run:/run
- /var/lib/nova:/var/lib/nova
@@ -121,6 +129,10 @@ outputs:
- /var/log/containers/nova
- /var/lib/nova
- /var/lib/libvirt
+ - name: ensure ceph configurations exist
+ file:
+ path: /etc/ceph
+ state: directory
upgrade_tasks:
- name: Stop and disable nova-compute service
tags: step2
diff --git a/docker/services/nova-ironic.yaml b/docker/services/nova-ironic.yaml
index 89ef95ea..17068b41 100644
--- a/docker/services/nova-ironic.yaml
+++ b/docker/services/nova-ironic.yaml
@@ -73,6 +73,10 @@ outputs:
dest: "/"
merge: true
preserve_properties: true
+ - source: "/var/lib/kolla/config_files/src-iscsid/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/nova
owner: nova:nova
@@ -94,9 +98,9 @@ outputs:
-
- /var/lib/kolla/config_files/nova_ironic.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro
+ - /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro
- /run:/run
- /dev:/dev
- - /etc/iscsi:/etc/iscsi
- /var/lib/nova/:/var/lib/nova
- /var/log/containers/nova:/var/log/nova
environment:
diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml
index a5527747..7344508e 100644
--- a/docker/services/nova-libvirt.yaml
+++ b/docker/services/nova-libvirt.yaml
@@ -14,7 +14,7 @@ parameters:
type: string
EnablePackageInstall:
default: 'false'
- description: Set to true to enable package installation
+ description: Set to true to enable package installation at deploy time
type: boolean
ServiceData:
default: {}
@@ -51,6 +51,12 @@ parameters:
description: If set to true and if EnableInternalTLS is enabled, it will
set the libvirt URI's transport to tls and configure the
relevant keys for libvirt.
+ DockerNovaMigrationSshdPort:
+ default: 2022
+ description: Port that dockerized nova migration target sshd service
+ binds to.
+ type: number
+
conditions:
@@ -77,6 +83,7 @@ resources:
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
+ MigrationSshPort: {get_param: DockerNovaMigrationSshdPort}
outputs:
role_data:
@@ -84,19 +91,12 @@ outputs:
value:
service_name: {get_attr: [NovaLibvirtBase, role_data, service_name]}
config_settings:
- map_merge:
- - get_attr: [NovaLibvirtBase, role_data, config_settings]
- # FIXME: we need to disable migration for now as the
- # hieradata is common for all services, and this means nova
- # and nova_placement puppet runs also try to configure
- # libvirt, and they fail. We can remove this override when
- # we have hieradata separation between containers.
- - tripleo::profile::base::nova::manage_migration: false
+ get_attr: [NovaLibvirtBase, role_data, config_settings]
step_config: &step_config
get_attr: [NovaLibvirtBase, role_data, step_config]
puppet_config:
config_volume: nova_libvirt
- puppet_tags: nova_config
+ puppet_tags: nova_config,file,exec
step_config: *step_config
config_image: {get_param: DockerNovaLibvirtConfigImage}
kolla_config:
@@ -111,6 +111,10 @@ outputs:
dest: "/"
merge: true
preserve_properties: true
+ - source: "/var/lib/kolla/config_files/src-ceph/"
+ dest: "/etc/ceph/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/nova
owner: nova:nova
@@ -129,11 +133,13 @@ outputs:
-
- /var/lib/kolla/config_files/nova_libvirt.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/nova_libvirt/:/var/lib/kolla/config_files/src:ro
+ - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
- /lib/modules:/lib/modules:ro
- /dev:/dev
- /run:/run
- /sys/fs/cgroup:/sys/fs/cgroup
- /var/lib/nova:/var/lib/nova
+ - /etc/libvirt/secrets:/etc/libvirt/secrets
# Needed to use host's virtlogd
- /var/run/libvirt:/var/run/libvirt
- /var/lib/libvirt:/var/lib/libvirt
@@ -148,9 +154,14 @@ outputs:
path: "{{ item }}"
state: directory
with_items:
+ - /etc/libvirt/secrets
- /etc/libvirt/qemu
- /var/lib/libvirt
- /var/log/containers/nova
+ - name: ensure ceph configurations exist
+ file:
+ path: /etc/ceph
+ state: directory
- name: set enable_package_install fact
set_fact:
enable_package_install: {get_param: EnablePackageInstall}
diff --git a/docker/services/nova-migration-target.yaml b/docker/services/nova-migration-target.yaml
new file mode 100644
index 00000000..385343a0
--- /dev/null
+++ b/docker/services/nova-migration-target.yaml
@@ -0,0 +1,124 @@
+heat_template_version: pike
+
+description: >
+ OpenStack containerized Nova Migration Target service
+
+parameters:
+ DockerNovaComputeImage:
+ description: image
+ type: string
+ DockerNovaLibvirtConfigImage:
+ description: The container image to use for the nova_libvirt config_volume
+ type: string
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ DockerNovaMigrationSshdPort:
+ default: 2022
+ description: Port that dockerized nova migration target sshd service
+ binds to.
+ type: number
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+ SshdBase:
+ type: ../../puppet/services/sshd.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+ NovaMigrationTargetBase:
+ type: ../../puppet/services/nova-migration-target.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Nova Migration Target service.
+ value:
+ service_name: nova_migration_target
+ config_settings:
+ map_merge:
+ - get_attr: [SshdBase, role_data, config_settings]
+ - get_attr: [NovaMigrationTargetBase, role_data, config_settings]
+ - tripleo.nova_migration_target.firewall_rules:
+ '113 nova_migration_target':
+ dport:
+ - {get_param: DockerNovaMigrationSshdPort}
+ step_config: &step_config
+ list_join:
+ - "\n"
+ - - get_attr: [SshdBase, role_data, step_config]
+ - get_attr: [NovaMigrationTargetBase, role_data, step_config]
+ puppet_config:
+ config_volume: nova_libvirt
+ step_config: *step_config
+ config_image: {get_param: DockerNovaLibvirtConfigImage}
+ kolla_config:
+ /var/lib/kolla/config_files/nova-migration-target.json:
+ command:
+ str_replace:
+ template: "/usr/sbin/sshd -D -p SSHDPORT"
+ params:
+ SSHDPORT: {get_param: DockerNovaMigrationSshdPort}
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
+ - source: /host-ssh/ssh_host_*_key
+ dest: /etc/ssh/
+ owner: "root"
+ perm: "0600"
+ docker_config:
+ step_4:
+ nova_migration_target:
+ image: {get_param: DockerNovaComputeImage}
+ net: host
+ privileged: true
+ user: root
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/nova-migration-target.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/puppet-generated/nova_libvirt/:/var/lib/kolla/config_files/src:ro
+ - /etc/ssh/:/host-ssh/:ro
+ - /run:/run
+ - /var/lib/nova:/var/lib/nova
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/opendaylight-api.yaml b/docker/services/opendaylight-api.yaml
index 7d7892dd..6a62f65e 100644
--- a/docker/services/opendaylight-api.yaml
+++ b/docker/services/opendaylight-api.yaml
@@ -4,17 +4,11 @@ description: >
OpenStack containerized OpenDaylight API service
parameters:
- DockerNamespace:
- description: namespace
- default: 'tripleoupstream'
- type: string
DockerOpendaylightApiImage:
description: image
- default: 'centos-binary-opendaylight:latest'
type: string
DockerOpendaylightConfigImage:
description: image
- default: 'centos-binary-opendaylight:latest'
type: string
EndpointMap:
default: {}
@@ -67,20 +61,14 @@ outputs:
map_merge:
- get_attr: [OpenDaylightBase, role_data, config_settings]
step_config: &step_config
- list_join:
- - "\n"
- - - get_attr: [OpenDaylightBase, role_data, step_config]
- - "include tripleo::profile::base::neutron::opendaylight::create_cluster"
+ get_attr: [OpenDaylightBase, role_data, step_config]
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: opendaylight
# 'file,concat,file_line,augeas' are included by default
- puppet_tags: odl_user,tripleo::profile::base::neutron::opendaylight::configure_cluster
+ puppet_tags: odl_user
step_config: *step_config
- config_image:
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerOpendaylightConfigImage} ]
+ config_image: {get_param: DockerOpendaylightConfigImage}
kolla_config:
/var/lib/kolla/config_files/opendaylight_api.json:
command: /opt/opendaylight/bin/karaf
@@ -97,10 +85,7 @@ outputs:
step_1:
opendaylight_api:
start_order: 0
- image: &odl_api_image
- list_join:
- - '/'
- - [ {get_param: DockerNamespace}, {get_param: DockerOpendaylightApiImage} ]
+ image: &odl_api_image {get_param: DockerOpendaylightApiImage}
privileged: false
net: host
detach: true
diff --git a/docker/services/pacemaker/cinder-backup.yaml b/docker/services/pacemaker/cinder-backup.yaml
index ee8ee124..26ae9bca 100644
--- a/docker/services/pacemaker/cinder-backup.yaml
+++ b/docker/services/pacemaker/cinder-backup.yaml
@@ -139,6 +139,27 @@ outputs:
- /var/lib/cinder
- /var/log/containers/cinder
upgrade_tasks:
- - name: Stop and disable cinder_backup service
+ - name: get bootstrap nodeid
+ tags: common
+ command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid
+ register: bootstrap_node
+ - name: set is_bootstrap_node fact
+ tags: common
+ set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}}
+ - name: Disable the openstack-cinder-backup cluster resource
tags: step2
- service: name=openstack-cinder-backup state=stopped enabled=no
+ pacemaker_resource:
+ resource: openstack-cinder-backup
+ state: disable
+ wait_for_resource: true
+ when: is_bootstrap_node
+ - name: Delete the stopped openstack-cinder-backup cluster resource.
+ tags: step2
+ pacemaker_resource:
+ resource: openstack-cinder-backup
+ state: delete
+ wait_for_resource: true
+ when: is_bootstrap_node
+ - name: Disable cinder_backup service
+ tags: step2
+ service: name=openstack-cinder-backup enabled=no
diff --git a/docker/services/pacemaker/cinder-volume.yaml b/docker/services/pacemaker/cinder-volume.yaml
index d016cf83..262e999d 100644
--- a/docker/services/pacemaker/cinder-volume.yaml
+++ b/docker/services/pacemaker/cinder-volume.yaml
@@ -157,6 +157,30 @@ outputs:
executable: /bin/bash
creates: /dev/loop2
upgrade_tasks:
- - name: Stop and disable cinder_volume service
+ - name: get bootstrap nodeid
+ tags: common
+ command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid
+ register: bootstrap_node
+ - name: set is_bootstrap_node fact
+ tags: common
+ set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}}
+ - name: Disable the openstack-cinder-volume cluster resource
tags: step2
- service: name=openstack-cinder-volume state=stopped enabled=no
+ pacemaker_resource:
+ resource: openstack-cinder-volume
+ state: disable
+ wait_for_resource: true
+ when: is_bootstrap_node
+ - name: Delete the stopped openstack-cinder-volume cluster resource.
+ tags: step2
+ pacemaker_resource:
+ resource: openstack-cinder-volume
+ state: delete
+ wait_for_resource: true
+ when: is_bootstrap_node
+ - name: Disable cinder_volume service from boot
+ tags: step2
+ service: name=openstack-cinder-volume enabled=no
+
+
+
diff --git a/docker/services/pacemaker/database/mysql.yaml b/docker/services/pacemaker/database/mysql.yaml
index f38cccfc..f12852f8 100644
--- a/docker/services/pacemaker/database/mysql.yaml
+++ b/docker/services/pacemaker/database/mysql.yaml
@@ -65,6 +65,17 @@ outputs:
map_merge:
- {get_attr: [MysqlPuppetBase, role_data, config_settings]}
- tripleo::profile::pacemaker::database::mysql_bundle::mysql_docker_image: &mysql_image {get_param: DockerMysqlImage}
+ tripleo::profile::pacemaker::database::mysql_bundle::control_port: 3123
+ tripleo.mysql.firewall_rules:
+ '104 mysql galera-bundle':
+ dport:
+ - 873
+ - 3123
+ - 3306
+ - 4444
+ - 4567
+ - 4568
+ - 9200
step_config: ""
# BEGIN DOCKER SETTINGS #
puppet_config:
@@ -164,6 +175,27 @@ outputs:
path: /var/lib/mysql
state: directory
upgrade_tasks:
- - name: Stop and disable mysql service
+ - name: get bootstrap nodeid
+ tags: common
+ command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid
+ register: bootstrap_node
+ - name: set is_bootstrap_node fact
+ tags: common
+ set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}}
+ - name: Disable the galera cluster resource
tags: step2
- service: name=mariadb state=stopped enabled=no
+ pacemaker_resource:
+ resource: galera
+ state: disable
+ wait_for_resource: true
+ when: is_bootstrap_node
+ - name: Delete the stopped galera cluster resource.
+ tags: step2
+ pacemaker_resource:
+ resource: galera
+ state: delete
+ wait_for_resource: true
+ when: is_bootstrap_node
+ - name: Disable mysql service
+ tags: step2
+ service: name=mariadb enabled=no
diff --git a/docker/services/pacemaker/database/redis.yaml b/docker/services/pacemaker/database/redis.yaml
index e124b045..75b6d650 100644
--- a/docker/services/pacemaker/database/redis.yaml
+++ b/docker/services/pacemaker/database/redis.yaml
@@ -61,7 +61,13 @@ outputs:
redis::notify_service: false
redis::managed_by_cluster_manager: true
tripleo::profile::pacemaker::database::redis_bundle::redis_docker_image: &redis_image {get_param: DockerRedisImage}
-
+ tripleo::profile::pacemaker::database::redis_bundle::control_port: 3124
+ tripleo.redis.firewall_rules:
+ '108 redis-bundle':
+ dport:
+ - 3124
+ - 6379
+ - 26379
step_config: ""
service_config_settings: {get_attr: [RedisBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
@@ -139,6 +145,27 @@ outputs:
path: /var/lib/redis
state: directory
upgrade_tasks:
- - name: Stop and disable redis service
+ - name: get bootstrap nodeid
+ tags: common
+ command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid
+ register: bootstrap_node
+ - name: set is_bootstrap_node fact
+ tags: common
+ set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}}
+ - name: Disable the redis cluster resource
+ tags: step2
+ pacemaker_resource:
+ resource: {get_attr: [RedisBase, role_data, service_name]}
+ state: disable
+ wait_for_resource: true
+ when: is_bootstrap_node
+ - name: Delete the stopped redis cluster resource.
+ tags: step2
+ pacemaker_resource:
+ resource: {get_attr: [RedisBase, role_data, service_name]}
+ state: delete
+ wait_for_resource: true
+ when: is_bootstrap_node
+ - name: Disable redis service
tags: step2
- service: name=redis state=stopped enabled=no
+ service: name=redis enabled=no
diff --git a/docker/services/pacemaker/haproxy.yaml b/docker/services/pacemaker/haproxy.yaml
index 86c460fa..24155912 100644
--- a/docker/services/pacemaker/haproxy.yaml
+++ b/docker/services/pacemaker/haproxy.yaml
@@ -137,3 +137,25 @@ outputs:
- /dev/shm:/dev/shm:rw
metadata_settings:
get_attr: [HAProxyBase, role_data, metadata_settings]
+ upgrade_tasks:
+ - name: get bootstrap nodeid
+ tags: common
+ command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid
+ register: bootstrap_node
+ - name: set is_bootstrap_node fact
+ tags: common
+ set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}}
+ - name: Disable the haproxy cluster resource.
+ tags: step2
+ pacemaker_resource:
+ resource: {get_attr: [HAProxyBase, role_data, service_name]}
+ state: disable
+ wait_for_resource: true
+ when: is_bootstrap_node
+ - name: Delete the stopped haproxy cluster resource.
+ tags: step2
+ pacemaker_resource:
+ resource: {get_attr: [HAProxyBase, role_data, service_name]}
+ state: delete
+ wait_for_resource: true
+ when: is_bootstrap_node
diff --git a/docker/services/pacemaker/rabbitmq.yaml b/docker/services/pacemaker/rabbitmq.yaml
index 19af94b2..de53ceee 100644
--- a/docker/services/pacemaker/rabbitmq.yaml
+++ b/docker/services/pacemaker/rabbitmq.yaml
@@ -63,6 +63,14 @@ outputs:
- {get_attr: [RabbitmqBase, role_data, config_settings]}
- rabbitmq::service_manage: false
tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image: &rabbitmq_image {get_param: DockerRabbitmqImage}
+ tripleo::profile::pacemaker::rabbitmq_bundle::control_port: 3122
+ tripleo.rabbitmq.firewall_rules:
+ '109 rabbitmq-bundle':
+ dport:
+ - 3122
+ - 4369
+ - 5672
+ - 25672
step_config: &step_config
get_attr: [RabbitmqBase, role_data, step_config]
service_config_settings: {get_attr: [RabbitmqBase, role_data, service_config_settings]}
@@ -157,6 +165,27 @@ outputs:
echo 'export ERL_EPMD_PORT=4370' >> /etc/rabbitmq/rabbitmq-env.conf
for pid in $(pgrep epmd); do if [ "$(lsns -o NS -p $pid)" == "$(lsns -o NS -p 1)" ]; then kill $pid; break; fi; done
upgrade_tasks:
- - name: Stop and disable rabbitmq service
+ - name: get bootstrap nodeid
+ tags: common
+ command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid
+ register: bootstrap_node
+ - name: set is_bootstrap_node fact
+ tags: common
+ set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}}
+ - name: Disable the rabbitmq cluster resource.
tags: step2
- service: name=rabbitmq-server state=stopped enabled=no
+ pacemaker_resource:
+ resource: {get_attr: [RabbitmqBase, role_data, service_name]}
+ state: disable
+ wait_for_resource: true
+ when: is_bootstrap_node
+ - name: Delete the stopped rabbitmq cluster resource.
+ tags: step2
+ pacemaker_resource:
+ resource: {get_attr: [RabbitmqBase, role_data, service_name]}
+ state: delete
+ wait_for_resource: true
+ when: is_bootstrap_node
+ - name: Disable rabbitmq service
+ tags: step2
+ service: name=rabbitmq-server enabled=no
diff --git a/docker/services/swift-storage.yaml b/docker/services/swift-storage.yaml
index 04e58b4a..e879b25d 100644
--- a/docker/services/swift-storage.yaml
+++ b/docker/services/swift-storage.yaml
@@ -462,6 +462,7 @@ outputs:
- openstack-swift-container-updater
- openstack-swift-container
- openstack-swift-object-auditor
+ - openstack-swift-object-expirer
- openstack-swift-object-replicator
- openstack-swift-object-updater
- openstack-swift-object
diff --git a/docker/services/zaqar.yaml b/docker/services/zaqar.yaml
index 85a84550..061a4a70 100644
--- a/docker/services/zaqar.yaml
+++ b/docker/services/zaqar.yaml
@@ -10,6 +10,10 @@ parameters:
DockerZaqarConfigImage:
description: The container image to use for the zaqar config_volume
type: string
+ ZaqarManagementStore:
+ type: string
+ description: The management store for Zaqar
+ default: mongodb
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -37,6 +41,9 @@ parameters:
description: Parameters specific to the role
type: json
+conditions:
+ zaqar_management_store_sqlalchemy: {equals : [{get_param: ZaqarManagementStore}, 'sqlalchemy']}
+
resources:
ContainersCommon:
@@ -87,38 +94,65 @@ outputs:
owner: zaqar:zaqar
recurse: true
docker_config:
- step_4:
- zaqar:
- image: &zaqar_image {get_param: DockerZaqarImage}
- net: host
- privileged: false
- restart: always
- # NOTE(mandre) kolla image changes the user to 'zaqar', we need it
- # to be root to run httpd
- user: root
- volumes:
- list_concat:
- - {get_attr: [ContainersCommon, volumes]}
- -
- - /var/lib/kolla/config_files/zaqar.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/puppet-generated/zaqar/:/var/lib/kolla/config_files/src:ro
- - /var/log/containers/zaqar:/var/log/zaqar
- environment:
- - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
- zaqar_websocket:
- image: *zaqar_image
- net: host
- privileged: false
- restart: always
- volumes:
- list_concat:
- - {get_attr: [ContainersCommon, volumes]}
- -
- - /var/lib/kolla/config_files/zaqar_websocket.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/puppet-generated/zaqar/:/var/lib/kolla/config_files/src:ro
- - /var/log/containers/zaqar:/var/log/zaqar
- environment:
- - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ map_merge:
+ -
+ if:
+ - zaqar_management_store_sqlalchemy
+ -
+ step_2:
+ zaqar_init_log:
+ image: &zaqar_image {get_param: DockerZaqarImage}
+ user: root
+ volumes:
+ - /var/log/containers/zaqar:/var/log/zaqar
+ command: ['/bin/bash', '-c', 'chown -R zaqar:zaqar /var/log/zaqar']
+ step_3:
+ zaqar_db_sync:
+ image: *zaqar_image
+ net: host
+ privileged: false
+ detach: false
+ user: root
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/config-data/zaqar/etc/zaqar/:/etc/zaqar/:ro
+ - /var/log/containers/zaqar:/var/log/zaqar
+ command: "/usr/bin/bootstrap_host_exec zaqar su zaqar -s /bin/bash -c 'zaqar-sql-db-manage upgrade head'"
+ - {}
+ - step_4:
+ zaqar:
+ image: *zaqar_image
+ net: host
+ privileged: false
+ restart: always
+ # NOTE(mandre) kolla image changes the user to 'zaqar', we need it
+ # to be root to run httpd
+ user: root
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/zaqar.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/puppet-generated/zaqar/:/var/lib/kolla/config_files/src:ro
+ - /var/log/containers/zaqar:/var/log/zaqar
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ zaqar_websocket:
+ image: *zaqar_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/zaqar_websocket.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/puppet-generated/zaqar/:/var/lib/kolla/config_files/src:ro
+ - /var/log/containers/zaqar:/var/log/zaqar
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent logs directory
file: