Avoid hard-coded settings in Manila HA containers

Add parameters for controlling the docker container settings used to
create the manila-share pacemaker bundle. The parameters eliminate the
need to hard-code the list of docker volumes and environment variables,
making it possible to control the values using hiera data.

For backward compatibility, the previous hard-coded values are used
when no parameter inputs are supplied.

Partial-Bug: #1749752
Change-Id: Ia81602f8a3454fcb0be2eaa9126021331d37b147
This commit is contained in:
Alan Bishop 2018-07-05 09:31:53 -04:00
parent 1d836c24fe
commit a33f0c1f21
3 changed files with 266 additions and 74 deletions

View File

@ -26,6 +26,18 @@
# (Optional) The docker image to use for creating the pacemaker bundle # (Optional) The docker image to use for creating the pacemaker bundle
# Defaults to hiera('tripleo::profile::pacemaker::manila::share_bundle::manila_docker_image', undef) # Defaults to hiera('tripleo::profile::pacemaker::manila::share_bundle::manila_docker_image', undef)
# #
# [*docker_volumes*]
# (Optional) The list of volumes to be mounted in the docker container
# Defaults to []
#
# [*docker_environment*]
# (Optional) The list of environment variables set in the docker container
# Defaults to ['KOLLA_CONFIG_STRATEGY=COPY_ALWAYS']
#
# [*backend_cephfs_enabled*]
# (Optional) Whether the CephFS Manila backend is enabled
# Defaults to hiera('manila_backend_cephfs_enabled', false)
#
# [*pcs_tries*] # [*pcs_tries*]
# (Optional) The number of times pcs commands should be retried. # (Optional) The number of times pcs commands should be retried.
# Defaults to hiera('pcs_tries', 20) # Defaults to hiera('pcs_tries', 20)
@ -43,6 +55,8 @@
class tripleo::profile::pacemaker::manila::share_bundle ( class tripleo::profile::pacemaker::manila::share_bundle (
$bootstrap_node = hiera('manila_share_short_bootstrap_node_name'), $bootstrap_node = hiera('manila_share_short_bootstrap_node_name'),
$manila_share_docker_image = hiera('tripleo::profile::pacemaker::manila::share_bundle::manila_share_docker_image', undef), $manila_share_docker_image = hiera('tripleo::profile::pacemaker::manila::share_bundle::manila_share_docker_image', undef),
$docker_volumes = [],
$docker_environment = ['KOLLA_CONFIG_STRATEGY=COPY_ALWAYS'],
$backend_cephfs_enabled = hiera('manila_backend_cephfs_enabled', false), $backend_cephfs_enabled = hiera('manila_backend_cephfs_enabled', false),
$pcs_tries = hiera('pcs_tries', 20), $pcs_tries = hiera('pcs_tries', 20),
$step = Integer(hiera('step')), $step = Integer(hiera('step')),
@ -72,6 +86,15 @@ class tripleo::profile::pacemaker::manila::share_bundle (
if $pacemaker_master { if $pacemaker_master {
$manila_share_nodes_count = count(hiera('manila_share_short_node_names', [])) $manila_share_nodes_count = count(hiera('manila_share_short_node_names', []))
$manila_cephfs_protocol_helper_type = hiera('manila::backend::cephfs::cephfs_protocol_helper_type', '')
$nfs_ganesha = ($backend_cephfs_enabled and $manila_cephfs_protocol_helper_type == 'NFS')
$docker_vol_arr = delete(any2array($docker_volumes), '').flatten()
unless empty($docker_vol_arr) {
$storage_maps = docker_volumes_to_storage_maps($docker_vol_arr, 'manila-share')
} else {
notice('Using fixed list of docker volumes for manila-share bundle')
# Default to previous hard-coded list
$default_storage_maps = { $default_storage_maps = {
'manila-share-cfg-files' => { 'manila-share-cfg-files' => {
'source-dir' => '/var/lib/kolla/config_files/manila_share.json', 'source-dir' => '/var/lib/kolla/config_files/manila_share.json',
@ -118,12 +141,32 @@ class tripleo::profile::pacemaker::manila::share_bundle (
'target-dir' => '/var/lib/manila', 'target-dir' => '/var/lib/manila',
'options' => 'rw', 'options' => 'rw',
}, },
'manila-share-pki-extracted' => {
'source-dir' => '/etc/pki/ca-trust/extracted',
'target-dir' => '/etc/pki/ca-trust/extracted',
'options' => 'ro',
},
'manila-share-pki-ca-bundle-crt' => {
'source-dir' => '/etc/pki/tls/certs/ca-bundle.crt',
'target-dir' => '/etc/pki/tls/certs/ca-bundle.crt',
'options' => 'ro',
},
'manila-share-pki-ca-bundle-trust-crt' => {
'source-dir' => '/etc/pki/tls/certs/ca-bundle.trust.crt',
'target-dir' => '/etc/pki/tls/certs/ca-bundle.trust.crt',
'options' => 'ro',
},
'manila-share-pki-cert' => {
'source-dir' => '/etc/pki/tls/cert.pem',
'target-dir' => '/etc/pki/tls/cert.pem',
'options' => 'ro',
},
'manila-share-var-log' => { 'manila-share-var-log' => {
'source-dir' => '/var/log/containers/manila', 'source-dir' => '/var/log/containers/manila',
'target-dir' => '/var/log/manila', 'target-dir' => '/var/log/manila',
'options' => 'rw', 'options' => 'rw',
}, },
'ceph-cfg-dir' => { 'manila-share-ceph-cfg-dir' => {
'source-dir' => '/etc/ceph', 'source-dir' => '/etc/ceph',
'target-dir' => '/etc/ceph', 'target-dir' => '/etc/ceph',
'options' => 'ro', 'options' => 'ro',
@ -134,16 +177,14 @@ class tripleo::profile::pacemaker::manila::share_bundle (
# creation of NFS exports and DBus socket has to be mounted # creation of NFS exports and DBus socket has to be mounted
# both to manila-share and ganesha containers so they can talk # both to manila-share and ganesha containers so they can talk
# to each other # to each other
$manila_cephfs_protocol_helper_type = hiera('manila::backend::cephfs::cephfs_protocol_helper_type', '')
$nfs_ganesha = ($backend_cephfs_enabled and $manila_cephfs_protocol_helper_type == 'NFS')
if $nfs_ganesha { if $nfs_ganesha {
$extra_storage_maps = { $extra_storage_maps = {
'dbus-docker' => { 'manila-share-dbus-docker' => {
'source-dir' => '/var/run/dbus/system_bus_socket', 'source-dir' => '/var/run/dbus/system_bus_socket',
'target-dir' => '/var/run/dbus/system_bus_socket', 'target-dir' => '/var/run/dbus/system_bus_socket',
'options' => 'rw', 'options' => 'rw',
}, },
'etc-ganesha' => { 'manila-share-etc-ganesha' => {
'source-dir' => '/etc/ganesha', 'source-dir' => '/etc/ganesha',
'target-dir' => '/etc/ganesha', 'target-dir' => '/etc/ganesha',
'options' => 'rw', 'options' => 'rw',
@ -154,6 +195,10 @@ class tripleo::profile::pacemaker::manila::share_bundle (
} }
$storage_maps = merge($default_storage_maps, $extra_storage_maps) $storage_maps = merge($default_storage_maps, $extra_storage_maps)
}
$docker_env_arr = delete(any2array($docker_environment), '').flatten()
$docker_env = join($docker_env_arr.map |$var| { "-e ${var}" }, ' ')
pacemaker::resource::bundle { $::manila::params::share_service: pacemaker::resource::bundle { $::manila::params::share_service:
image => $manila_share_docker_image, image => $manila_share_docker_image,
@ -164,7 +209,7 @@ class tripleo::profile::pacemaker::manila::share_bundle (
expression => ['manila-share-role eq true'], expression => ['manila-share-role eq true'],
}, },
container_options => 'network=host', container_options => 'network=host',
options => '--ipc=host --privileged=true --user=root --log-driver=journald -e KOLLA_CONFIG_STRATEGY=COPY_ALWAYS', options => "--ipc=host --privileged=true --user=root --log-driver=journald ${docker_env}",
run_command => '/bin/bash /usr/local/bin/kolla_start', run_command => '/bin/bash /usr/local/bin/kolla_start',
storage_maps => $storage_maps, storage_maps => $storage_maps,
} }

View File

@ -0,0 +1,140 @@
#
# Copyright (C) 2018 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
require 'spec_helper'
describe 'tripleo::profile::pacemaker::manila::share_bundle' do
shared_examples_for 'tripleo::profile::pacemaker::manila::share_bundle' do
before :each do
facts.merge!({ :step => params[:step] })
end
context 'with step less than 2' do
let(:params) { { :step => 1 } }
it 'should do nothing' do
is_expected.to contain_class('tripleo::profile::base::manila::share')
end
end
context 'with step 2 on bootstrap node' do
let(:params) { {
:step => 2,
} }
it 'should create pacemaker properties' do
is_expected.to contain_pacemaker__property('manila-share-role-manila-1')
is_expected.to contain_pacemaker__property('manila-share-role-manila-2')
end
end
context 'with step 2 not on bootstrap node' do
let(:params) { {
:step => 2,
:bootstrap_node => 'other.example.com',
} }
it 'should not create pacemaker properties' do
is_expected.to_not contain_pacemaker__property('manila-share-role-manila-1')
is_expected.to_not contain_pacemaker__property('manila-share-role-manila-2')
end
end
context 'with step 5' do
let(:params) { {
:step => 5,
:manila_share_docker_image => 'manila-share-image',
} }
context 'with default inputs' do
it 'should create default manila-share resource bundle' do
is_expected.to contain_pacemaker__resource__bundle('openstack-manila-share').with(
:image => 'manila-share-image',
:options => '--ipc=host --privileged=true --user=root --log-driver=journald -e KOLLA_CONFIG_STRATEGY=COPY_ALWAYS',
)
# The default list of storage_maps is rather long, and this
# just does a spot-check of a few key entries. The point is
# to verify the default list is used when the docker_volumes
# input parameter isn't specified.
storage_maps = catalogue.resource(
'Pacemaker::Resource::Bundle', 'openstack-manila-share').send(:parameters)[:storage_maps]
expect(storage_maps).to include('manila-share-cfg-files', 'manila-share-cfg-data')
# CephFS is disabled by default, so ensure no resources are created.
is_expected.to_not contain_pacemaker__constraint__order('ceph-nfs-then-manila-share')
is_expected.to_not contain_pacemaker__constraint__colocation('openstack-manila-share-with-ceph-nfs')
expect(storage_maps).to_not include('manila-share-dbus-docker', 'manila-share-etc-ganesha')
end
end
context 'with cephfs backend enabled' do
before :each do
params.merge!({
:backend_cephfs_enabled => true,
})
end
it 'should include cephfs docker volumes and pacemaker constraints' do
is_expected.to contain_pacemaker__constraint__order('ceph-nfs-then-manila-share')
is_expected.to contain_pacemaker__constraint__colocation('openstack-manila-share-with-ceph-nfs')
storage_maps = catalogue.resource(
'Pacemaker::Resource::Bundle', 'openstack-manila-share').send(:parameters)[:storage_maps]
expect(storage_maps).to include('manila-share-dbus-docker', 'manila-share-etc-ganesha')
end
end
context 'with docker volumes and environment inputs' do
before :each do
params.merge!({
:docker_volumes => ['/src/1:/tgt/1', '/src/2:/tgt/2:ro', '/src/3:/tgt/3:ro,z'],
:docker_environment => ['RIGHT=LEFT', 'UP=DOWN'],
})
end
it 'should create custom manila-share resource bundle' do
is_expected.to contain_pacemaker__resource__bundle('openstack-manila-share').with(
:image => 'manila-share-image',
:options => '--ipc=host --privileged=true --user=root --log-driver=journald -e RIGHT=LEFT -e UP=DOWN',
:storage_maps => {
'manila-share-src-1' => {
'source-dir' => '/src/1',
'target-dir' => '/tgt/1',
'options' => 'rw',
},
'manila-share-src-2' => {
'source-dir' => '/src/2',
'target-dir' => '/tgt/2',
'options' => 'ro',
},
'manila-share-src-3' => {
'source-dir' => '/src/3',
'target-dir' => '/tgt/3',
'options' => 'ro,z',
},
},
)
end
end
end
end
on_supported_os.each do |os, facts|
context "on #{os}" do
let(:facts) do
facts.merge({ :hostname => 'node.example.com' })
end
it_behaves_like 'tripleo::profile::pacemaker::manila::share_bundle'
end
end
end

View File

@ -44,6 +44,13 @@ gnocchi::storage::ceph::ceph_secret: 'password'
# haproxy related items # haproxy related items
mysql_enabled: true mysql_enabled: true
controller_node_ips: '10.1.0.1,10.1.0.2' controller_node_ips: '10.1.0.1,10.1.0.2'
# manila related items
manila::rabbit_password: 'password'
manila::backend::cephfs::cephfs_protocol_helper_type: 'NFS'
manila_share_short_bootstrap_node_name: 'node.example.com'
manila_share_short_node_names:
- 'manila-1'
- 'manila-2'
# nova related items # nova related items
nova::rabbit_password: 'password' nova::rabbit_password: 'password'
nova::keystone::authtoken::password: 'password' nova::keystone::authtoken::password: 'password'