summaryrefslogtreecommitdiffstats
path: root/docker
diff options
context:
space:
mode:
Diffstat (limited to 'docker')
-rw-r--r--docker/services/ceph-ansible/ceph-base.yaml29
-rw-r--r--docker/services/ceph-ansible/ceph-external.yaml66
-rw-r--r--docker/services/ceph-ansible/ceph-rgw.yaml87
-rw-r--r--docker/services/database/mongodb.yaml1
-rw-r--r--docker/services/nova-libvirt.yaml25
-rw-r--r--docker/services/pacemaker/ovn-dbs.yaml140
6 files changed, 348 insertions, 0 deletions
diff --git a/docker/services/ceph-ansible/ceph-base.yaml b/docker/services/ceph-ansible/ceph-base.yaml
index 2a592869..18d3e6a3 100644
--- a/docker/services/ceph-ansible/ceph-base.yaml
+++ b/docker/services/ceph-ansible/ceph-base.yaml
@@ -100,6 +100,14 @@ parameters:
CephClientUserName:
default: openstack
type: string
+ CephRgwClientName:
+ default: radosgw
+ type: string
+ CephRgwKey:
+ description: The cephx key for the radosgw client. Can be created
+ with ceph-authtool --gen-print-key.
+ type: string
+ hidden: true
CephPoolDefaultSize:
description: default minimum replication for RBD copies
type: number
@@ -115,6 +123,10 @@ parameters:
CephIPv6:
default: False
type: boolean
+ SwiftPassword:
+ description: The password for the swift service account
+ type: string
+ hidden: true
DockerCephDaemonImage:
description: image
type: string
@@ -244,12 +256,29 @@ outputs:
mds_cap: "allow *"
osd_cap: "allow rw"
mode: "0644"
+ - name:
+ list_join:
+ - '.'
+ - - client
+ - {get_param: CephRgwClientName}
+ key: {get_param: CephRgwKey}
+ mon_cap: "allow rw"
+ osd_cap: "allow rwx"
+ mode: "0644"
keys: *openstack_keys
pools: []
ceph_conf_overrides:
global:
osd_pool_default_size: {get_param: CephPoolDefaultSize}
osd_pool_default_pg_num: {get_param: CephPoolDefaultPgNum}
+ rgw_keystone_api_version: 3
+ rgw_keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
+ rgw_keystone_accepted_roles: 'Member, _member_, admin'
+ rgw_keystone_admin_domain: default
+ rgw_keystone_admin_project: service
+ rgw_keystone_admin_user: swift
+ rgw_keystone_admin_password: {get_param: SwiftPassword}
+ rgw_s3_auth_use_keystone: 'true'
ntp_service_enabled: false
generate_fsid: false
ip_version:
diff --git a/docker/services/ceph-ansible/ceph-external.yaml b/docker/services/ceph-ansible/ceph-external.yaml
new file mode 100644
index 00000000..f93dd566
--- /dev/null
+++ b/docker/services/ceph-ansible/ceph-external.yaml
@@ -0,0 +1,66 @@
+heat_template_version: pike
+
+description: >
+ Ceph External service.
+
+parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ CephExternalMonHost:
+ default: ''
+ type: string
+ description: List of externally managed Ceph Mon Host IPs. Only used for external Ceph deployments.
+
+resources:
+ CephBase:
+ type: ./ceph-base.yaml
+ properties:
+ ServiceData: {get_param: ServiceData}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Ceph External service.
+ value:
+ service_name: ceph_client
+ upgrade_tasks: []
+ step_config: ''
+ puppet_config:
+ config_image: ''
+ config_volume: ''
+ step_config: ''
+ docker_config: {}
+ service_workflow_tasks: {get_attr: [CephBase, role_data, service_workflow_tasks]}
+ config_settings:
+ ceph_client_ansible_vars:
+ map_merge:
+ - {get_attr: [CephBase, role_data, config_settings, ceph_common_ansible_vars]}
+ - external_cluster_mon_ips: {get_param: CephExternalMonHost} \ No newline at end of file
diff --git a/docker/services/ceph-ansible/ceph-rgw.yaml b/docker/services/ceph-ansible/ceph-rgw.yaml
new file mode 100644
index 00000000..4bed9b46
--- /dev/null
+++ b/docker/services/ceph-ansible/ceph-rgw.yaml
@@ -0,0 +1,87 @@
+heat_template_version: pike
+
+description: >
+ Ceph RadosGW service.
+
+parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ SwiftPassword:
+ description: The password for the swift service account
+ type: string
+ hidden: true
+ KeystoneRegion:
+ type: string
+ default: 'regionOne'
+ description: Keystone region for endpoint
+
+resources:
+ CephBase:
+ type: ./ceph-base.yaml
+ properties:
+ ServiceData: {get_param: ServiceData}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Ceph RadosGW service.
+ value:
+ service_name: ceph_rgw
+ upgrade_tasks: []
+ step_config: ''
+ puppet_config:
+ config_image: ''
+ config_volume: ''
+ step_config: ''
+ docker_config: {}
+ service_workflow_tasks: {get_attr: [CephBase, role_data, service_workflow_tasks]}
+ config_settings:
+ map_merge:
+ - tripleo.ceph_rgw.firewall_rules:
+ '122 ceph rgw':
+ dport: {get_param: [EndpointMap, CephRgwInternal, port]}
+ - ceph_rgw_ansible_vars:
+ map_merge:
+ - {get_attr: [CephBase, role_data, config_settings, ceph_common_ansible_vars]}
+ - radosgw_keystone: true
+ radosgw_keystone_ssl: false
+ radosgw_address_block: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephRgwNetwork]}]}
+ radosgw_civetweb_port: {get_param: [EndpointMap, CephRgwInternal, port]}
+ service_config_settings:
+ keystone:
+ ceph::rgw::keystone::auth::public_url: {get_param: [EndpointMap, CephRgwPublic, uri]}
+ ceph::rgw::keystone::auth::internal_url: {get_param: [EndpointMap, CephRgwInternal, uri]}
+ ceph::rgw::keystone::auth::admin_url: {get_param: [EndpointMap, CephRgwAdmin, uri]}
+ ceph::rgw::keystone::auth::region: {get_param: KeystoneRegion}
+ ceph::rgw::keystone::auth::roles: [ 'admin', 'Member', '_member_' ]
+ ceph::rgw::keystone::auth::tenant: service
+ ceph::rgw::keystone::auth::user: swift
+ ceph::rgw::keystone::auth::password: {get_param: SwiftPassword}
diff --git a/docker/services/database/mongodb.yaml b/docker/services/database/mongodb.yaml
index d6bba20b..5cf6f925 100644
--- a/docker/services/database/mongodb.yaml
+++ b/docker/services/database/mongodb.yaml
@@ -159,6 +159,7 @@ outputs:
upgrade_tasks:
- name: Check for mongodb service
stat: path=/usr/lib/systemd/system/mongod.service
+ tags: common
register: mongod_service
- name: Stop and disable mongodb service
tags: step2
diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml
index 8f151cfe..d20c093d 100644
--- a/docker/services/nova-libvirt.yaml
+++ b/docker/services/nova-libvirt.yaml
@@ -204,6 +204,7 @@ outputs:
- /var/lib/libvirt:/var/lib/libvirt
- /var/log/libvirt/qemu:/var/log/libvirt/qemu:ro
- /var/log/containers/nova:/var/log/nova
+ - /var/lib/vhost_sockets:/var/lib/vhost_sockets
-
if:
- use_tls_for_live_migration
@@ -252,6 +253,30 @@ outputs:
- /etc/libvirt/qemu
- /var/lib/libvirt
- /var/log/containers/nova
+ # qemu user on host will be cretaed by libvirt package install, ensure
+ # the qemu user created with same uid/gid as like libvirt package.
+ # These specific values are required since ovs is running on host.
+ # Once ovs with DPDK is containerized, we could modify this uid/gid
+ # to match with kolla config values.
+ - name: ensure qemu group is present on the host
+ group:
+ name: qemu
+ gid: 107
+ state: present
+ - name: ensure qemu user is present on the host
+ user:
+ name: qemu
+ uid: 107
+ group: qemu
+ state: present
+ shell: /sbin/nologin
+ comment: qemu user
+ - name: create directory for vhost-user sockets with qemu ownership
+ file:
+ path: /var/lib/vhost_sockets
+ state: directory
+ owner: qemu
+ group: qemu
- name: ensure ceph configurations exist
file:
path: /etc/ceph
diff --git a/docker/services/pacemaker/ovn-dbs.yaml b/docker/services/pacemaker/ovn-dbs.yaml
new file mode 100644
index 00000000..03c5a397
--- /dev/null
+++ b/docker/services/pacemaker/ovn-dbs.yaml
@@ -0,0 +1,140 @@
+heat_template_version: pike
+
+description: >
+ OpenStack containerized OVN DBs service managed by pacemaker
+
+parameters:
+ DockerOvnDbsImage:
+ description: image
+ type: string
+ DockerOvnDbsConfigImage:
+ description: image
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ OVNNorthboundServerPort:
+ description: Port of the OVN Northbound DB server
+ type: number
+ default: 6641
+ OVNSouthboundServerPort:
+ description: Port of the OVN Southbound DB server
+ type: number
+ default: 6642
+
+resources:
+
+ ContainersCommon:
+ type: ./../containers-common.yaml
+
+ OVNDbsBase:
+ type: ../../../puppet/services/pacemaker/ovn-dbs.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+ OVNNorthboundServerPort: {get_param: OVNNorthboundServerPort}
+ OVNSouthboundServerPort: {get_param: OVNSouthboundServerPort}
+
+outputs:
+ role_data:
+ description: Role data for the OVN Dbs HA role.
+ value:
+ service_name: {get_attr: [OVNDbsBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [OVNDbsBase, role_data, config_settings]
+ - tripleo::profile::pacemaker::ovn_dbs_bundle::ovn_dbs_docker_image: {get_param: DockerOvnDbsImage}
+ - tripleo::profile::pacemaker::ovn_dbs_bundle::nb_db_port: {get_param: OVNNorthboundServerPort}
+ - tripleo::profile::pacemaker::ovn_dbs_bundle::sb_db_port: {get_param: OVNSouthboundServerPort}
+ step_config: ''
+ service_config_settings: {get_attr: [OVNDbsBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ config_volume: 'ovn_dbs'
+ puppet_tags: 'exec'
+ step_config: ''
+ config_image: &ovn_dbs_config_image {get_param: DockerOvnDbsConfigImage}
+ kolla_config:
+ /var/lib/kolla/config_files/ovn_dbs.json:
+ command: /usr/sbin/pacemaker_remoted
+ config_files:
+ - dest: /etc/libqb/force-filesystem-sockets
+ source: /dev/null
+ owner: root
+ perm: '0644'
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
+ optional: true
+ docker_config:
+ step_3:
+ ovn_dbs_init_bundle:
+ start_order: 1
+ detach: false
+ net: host
+ user: root
+ config_volume: 'ovn_dbs_init_bundle'
+ command:
+ - '/bin/bash'
+ - '-c'
+ - str_replace:
+ template:
+ list_join:
+ - '; '
+ - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 3}' > /etc/puppet/hieradata/docker.json"
+ - "FACTER_uuid=docker puppet apply --tags file,file_line,concat,augeas,TAGS -v -e 'CONFIG'"
+ params:
+ TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ip,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation'
+ CONFIG:
+ list_join:
+ - ';'
+ - - 'include ::tripleo::profile::base::pacemaker'
+ - 'include ::tripleo::profile::pacemaker::ovn_dbs_bundle'
+ image: *ovn_dbs_config_image
+ volumes:
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /etc/puppet:/tmp/puppet-etc:ro
+ - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
+ - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro
+ - /dev/shm:/dev/shm:rw
+ host_prep_tasks:
+ - name: create persistent directories
+ file:
+ path: "{{ item }}"
+ state: directory
+ with_items:
+ - /var/log/containers/openvswitch
+ - /var/lib/openvswitch/ovn
+ upgrade_tasks:
+ - name: Stop and disable ovn-northd service
+ tags: step2
+ service: name=ovn-northd state=stopped enabled=no