Browse Source
Move cell_v2 discovery off compute hosts
In I12a02f636f31985bc1b71bff5b744d346286a95f cell_v2 discovery was
originally moved from the nova-api container to the
nova-compute|nova-ironic containers in order to run cell
discovery during a scale up where the controllers are omitted
(e.g to exclude the controllers from a maintenance window).
This requires api database credentials on the compute node, which is
forbidden, so it must move back to a nova-api host as a pre-requisite
for removing these credentials in a follow-up patch.
Scale-up while omitting the controllers will no longer work out of the
box. Either a manual cell_v2 discovery can be run after scale up, or an
additional node can be deployed using the NovaManager tripleo role.
Related-bug: #1786961
Related-bug: #1871482
Change-Id: I47b95ad46e2d4e5b1f370a2f840826e87da2d703
(cherry picked from commit 629485dde5)
changes/38/769138/1
Oliver Walsh
7 months ago
committed by
David Vallee Delisle
David Vallee Delisle
7 changed files with 178 additions and 8 deletions
Split View
Diff Options
-
+1 -0ci/environments/multinode-containers.yaml
-
+15 -7deployment/nova/nova-compute-common-container-puppet.yaml
-
+105 -0deployment/nova/nova-manager-container-puppet.yaml
-
+1 -0overcloud-resource-registry-puppet.j2.yaml
-
+13 -0releasenotes/notes/cell_v2_discovery_off_computes-2b977c6b9a01cde2.yaml
-
+37 -0roles/NovaManager.yaml
-
+6 -1tools/yaml-validate.py
+ 1
- 0
ci/environments/multinode-containers.yaml
View File
+ 15
- 7
deployment/nova/nova-compute-common-container-puppet.yaml
View File
+ 105
- 0
deployment/nova/nova-manager-container-puppet.yaml
View File
| @ -0,0 +1,105 @@ | |||
| heat_template_version: rocky | |||
| description: > | |||
| OpenStack containerized nova-manage runner service | |||
| parameters: | |||
| ContainerNovaConductorImage: | |||
| description: image | |||
| type: string | |||
| EndpointMap: | |||
| default: {} | |||
| description: Mapping of service endpoint -> protocol. Typically set | |||
| via parameter_defaults in the resource registry. | |||
| type: json | |||
| ServiceData: | |||
| default: {} | |||
| description: Dictionary packing service data | |||
| type: json | |||
| ServiceNetMap: | |||
| default: {} | |||
| description: Mapping of service_name -> network name. Typically set | |||
| via parameter_defaults in the resource registry. This | |||
| mapping overrides those in ServiceNetMapDefaults. | |||
| type: json | |||
| DefaultPasswords: | |||
| default: {} | |||
| type: json | |||
| RoleName: | |||
| default: '' | |||
| description: Role name on which the service is applied | |||
| type: string | |||
| RoleParameters: | |||
| default: {} | |||
| description: Parameters specific to the role | |||
| type: json | |||
| resources: | |||
| # Cannot control nova-manage logging so expect it to log to file | |||
| NovaLogging: | |||
| type: ../logging/files/nova-common.yaml | |||
| properties: | |||
| ContainerNovaImage: &nova_conductor_image {get_param: ContainerNovaConductorImage} | |||
| NovaServiceName: 'manager' | |||
| ContainersCommon: | |||
| type: ../containers-common.yaml | |||
| NovaConductorBase: | |||
| type: ./nova-conductor-container-puppet.yaml | |||
| properties: | |||
| ServiceData: {get_param: ServiceData} | |||
| ServiceNetMap: {get_param: ServiceNetMap} | |||
| DefaultPasswords: {get_param: DefaultPasswords} | |||
| EndpointMap: {get_param: EndpointMap} | |||
| RoleName: {get_param: RoleName} | |||
| RoleParameters: {get_param: RoleParameters} | |||
| outputs: | |||
| role_data: | |||
| description: Role data for the nova-manage runner service. | |||
| value: | |||
| service_name: nova_manager | |||
| config_settings: | |||
| get_attr: [NovaConductorBase, role_data, config_settings] | |||
| service_config_settings: | |||
| mysql: | |||
| get_attr: [NovaConductorBase, role_data, service_config_settings, mysql] | |||
| # BEGIN DOCKER SETTINGS | |||
| puppet_config: | |||
| get_attr: [NovaConductorBase, role_data, puppet_config] | |||
| kolla_config: | |||
| /var/lib/kolla/config_files/nova_manager.json: | |||
| command: "/bin/sleep infinity" | |||
| config_files: | |||
| - source: "/var/lib/kolla/config_files/src/*" | |||
| dest: "/" | |||
| merge: true | |||
| preserve_properties: true | |||
| permissions: | |||
| - path: /var/log/nova | |||
| owner: nova:nova | |||
| recurse: true | |||
| docker_config: | |||
| step_2: | |||
| get_attr: [NovaLogging, docker_config, step_2] | |||
| step_4: | |||
| nova_manager: | |||
| image: *nova_conductor_image | |||
| net: host | |||
| privileged: false | |||
| restart: always | |||
| volumes: | |||
| list_concat: | |||
| - {get_attr: [ContainersCommon, volumes]} | |||
| - {get_attr: [NovaLogging, volumes]} | |||
| - | |||
| - /var/lib/kolla/config_files/nova_manager.json:/var/lib/kolla/config_files/config.json:ro | |||
| - /var/lib/config-data/puppet-generated/nova:/var/lib/kolla/config_files/src:ro | |||
| environment: | |||
| KOLLA_CONFIG_STRATEGY: COPY_ALWAYS | |||
| host_prep_tasks: | |||
| get_attr: [NovaLogging, host_prep_tasks] | |||
+ 1
- 0
overcloud-resource-registry-puppet.j2.yaml
View File
+ 13
- 0
releasenotes/notes/cell_v2_discovery_off_computes-2b977c6b9a01cde2.yaml
View File
| @ -0,0 +1,13 @@ | |||
| --- | |||
| issues: | |||
| - | | |||
| Cell_v2 discovery has been moved from the nova-compute|nova-ironic | |||
| containers as this requires nova api database credentials which must | |||
| not be configured for the nova-compute service. | |||
| As a result scale-up deployments which explicitly omit the Controller | |||
| nodes will need to make alternative arrangements to run cell_v2 discovery. | |||
| Either the nova-manage command can be run manually after scale-up, or | |||
| an additional helper node using the NovaManage role can be deployed that | |||
| will be used for this task instead of a Controller node. See Bug: | |||
| `1786961 <https://launchpad.net/bugs/1786961>`_ and Bug: | |||
| `1871482 <https://launchpad.net/bugs/1871482>`_. | |||
+ 37
- 0
roles/NovaManager.yaml
View File
| @ -0,0 +1,37 @@ | |||
| ############################################################################### | |||
| # Role: NovaManager | |||
| ############################################################################### | |||
| - name: NovaManager | |||
| description: | | |||
| Role to run nova-manage runner container on a separate host | |||
| networks: | |||
| InternalApi: | |||
| subnet: internal_api_subnet | |||
| HostnameFormatDefault: '%stackname%-novamanager-%index%' | |||
| update_serial: 25 | |||
| ServicesDefault: | |||
| - OS::TripleO::Services::Aide | |||
| - OS::TripleO::Services::AuditD | |||
| - OS::TripleO::Services::BootParams | |||
| - OS::TripleO::Services::CACerts | |||
| - OS::TripleO::Services::CertmongerUser | |||
| - OS::TripleO::Services::Collectd | |||
| - OS::TripleO::Services::IpaClient | |||
| - OS::TripleO::Services::Ipsec | |||
| - OS::TripleO::Services::Kernel | |||
| - OS::TripleO::Services::LoginDefs | |||
| - OS::TripleO::Services::MetricsQdr | |||
| - OS::TripleO::Services::MySQLClient | |||
| - OS::TripleO::Services::NovaManager | |||
| - OS::TripleO::Services::ContainersLogrotateCrond | |||
| - OS::TripleO::Services::Podman | |||
| - OS::TripleO::Services::Rhsm | |||
| - OS::TripleO::Services::Rsyslog | |||
| - OS::TripleO::Services::Securetty | |||
| - OS::TripleO::Services::Snmp | |||
| - OS::TripleO::Services::Sshd | |||
| - OS::TripleO::Services::Timesync | |||
| - OS::TripleO::Services::Timezone | |||
| - OS::TripleO::Services::TripleoFirewall | |||
| - OS::TripleO::Services::TripleoPackages | |||
| - OS::TripleO::Services::Tuned | |||