In I12a02f636f31985bc1b71bff5b744d346286a95f cell_v2 discovery was
originally moved from the nova-api container to the
nova-compute|nova-ironic containers in order to run cell
discovery during a scale up where the controllers are omitted
(e.g to exclude the controllers from a maintenance window).
This requires api database credentials on the compute node, which is
forbidden, so it must move back to a nova-api host as a pre-requisite
for removing these credentials in a follow-up patch.
Scale-up while omitting the controllers will no longer work out of the
box. Either a manual cell_v2 discovery can be run after scale up, or an
additional node can be deployed using the NovaManager tripleo role.
Related-bug: #1786961
Related-bug: #1871482
Change-Id: I47b95ad46e2d4e5b1f370a2f840826e87da2d703
(cherry picked from commit 629485dde5
)
changes/38/769138/1
parent
75d3d8d21f
commit
03697234fd
@ -0,0 +1,105 @@
|
||||
heat_template_version: rocky
|
||||
|
||||
description: >
|
||||
OpenStack containerized nova-manage runner service
|
||||
|
||||
parameters:
|
||||
ContainerNovaConductorImage:
|
||||
description: image
|
||||
type: string
|
||||
EndpointMap:
|
||||
default: {}
|
||||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
type: json
|
||||
ServiceData:
|
||||
default: {}
|
||||
description: Dictionary packing service data
|
||||
type: json
|
||||
ServiceNetMap:
|
||||
default: {}
|
||||
description: Mapping of service_name -> network name. Typically set
|
||||
via parameter_defaults in the resource registry. This
|
||||
mapping overrides those in ServiceNetMapDefaults.
|
||||
type: json
|
||||
DefaultPasswords:
|
||||
default: {}
|
||||
type: json
|
||||
RoleName:
|
||||
default: ''
|
||||
description: Role name on which the service is applied
|
||||
type: string
|
||||
RoleParameters:
|
||||
default: {}
|
||||
description: Parameters specific to the role
|
||||
type: json
|
||||
|
||||
|
||||
resources:
|
||||
|
||||
# Cannot control nova-manage logging so expect it to log to file
|
||||
NovaLogging:
|
||||
type: ../logging/files/nova-common.yaml
|
||||
properties:
|
||||
ContainerNovaImage: &nova_conductor_image {get_param: ContainerNovaConductorImage}
|
||||
NovaServiceName: 'manager'
|
||||
|
||||
ContainersCommon:
|
||||
type: ../containers-common.yaml
|
||||
|
||||
NovaConductorBase:
|
||||
type: ./nova-conductor-container-puppet.yaml
|
||||
properties:
|
||||
ServiceData: {get_param: ServiceData}
|
||||
ServiceNetMap: {get_param: ServiceNetMap}
|
||||
DefaultPasswords: {get_param: DefaultPasswords}
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
RoleName: {get_param: RoleName}
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
description: Role data for the nova-manage runner service.
|
||||
value:
|
||||
service_name: nova_manager
|
||||
config_settings:
|
||||
get_attr: [NovaConductorBase, role_data, config_settings]
|
||||
service_config_settings:
|
||||
mysql:
|
||||
get_attr: [NovaConductorBase, role_data, service_config_settings, mysql]
|
||||
# BEGIN DOCKER SETTINGS
|
||||
puppet_config:
|
||||
get_attr: [NovaConductorBase, role_data, puppet_config]
|
||||
kolla_config:
|
||||
/var/lib/kolla/config_files/nova_manager.json:
|
||||
command: "/bin/sleep infinity"
|
||||
config_files:
|
||||
- source: "/var/lib/kolla/config_files/src/*"
|
||||
dest: "/"
|
||||
merge: true
|
||||
preserve_properties: true
|
||||
permissions:
|
||||
- path: /var/log/nova
|
||||
owner: nova:nova
|
||||
recurse: true
|
||||
docker_config:
|
||||
step_2:
|
||||
get_attr: [NovaLogging, docker_config, step_2]
|
||||
step_4:
|
||||
nova_manager:
|
||||
image: *nova_conductor_image
|
||||
net: host
|
||||
privileged: false
|
||||
restart: always
|
||||
volumes:
|
||||
list_concat:
|
||||
- {get_attr: [ContainersCommon, volumes]}
|
||||
- {get_attr: [NovaLogging, volumes]}
|
||||
-
|
||||
- /var/lib/kolla/config_files/nova_manager.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- /var/lib/config-data/puppet-generated/nova:/var/lib/kolla/config_files/src:ro
|
||||
environment:
|
||||
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
|
||||
host_prep_tasks:
|
||||
get_attr: [NovaLogging, host_prep_tasks]
|
@ -0,0 +1,13 @@
|
||||
---
|
||||
issues:
|
||||
- |
|
||||
Cell_v2 discovery has been moved from the nova-compute|nova-ironic
|
||||
containers as this requires nova api database credentials which must
|
||||
not be configured for the nova-compute service.
|
||||
As a result scale-up deployments which explicitly omit the Controller
|
||||
nodes will need to make alternative arrangements to run cell_v2 discovery.
|
||||
Either the nova-manage command can be run manually after scale-up, or
|
||||
an additional helper node using the NovaManage role can be deployed that
|
||||
will be used for this task instead of a Controller node. See Bug:
|
||||
`1786961 <https://launchpad.net/bugs/1786961>`_ and Bug:
|
||||
`1871482 <https://launchpad.net/bugs/1871482>`_.
|
@ -0,0 +1,37 @@
|
||||
###############################################################################
|
||||
# Role: NovaManager
|
||||
###############################################################################
|
||||
- name: NovaManager
|
||||
description: |
|
||||
Role to run nova-manage runner container on a separate host
|
||||
networks:
|
||||
InternalApi:
|
||||
subnet: internal_api_subnet
|
||||
HostnameFormatDefault: '%stackname%-novamanager-%index%'
|
||||
update_serial: 25
|
||||
ServicesDefault:
|
||||
- OS::TripleO::Services::Aide
|
||||
- OS::TripleO::Services::AuditD
|
||||
- OS::TripleO::Services::BootParams
|
||||
- OS::TripleO::Services::CACerts
|
||||
- OS::TripleO::Services::CertmongerUser
|
||||
- OS::TripleO::Services::Collectd
|
||||
- OS::TripleO::Services::IpaClient
|
||||
- OS::TripleO::Services::Ipsec
|
||||
- OS::TripleO::Services::Kernel
|
||||
- OS::TripleO::Services::LoginDefs
|
||||
- OS::TripleO::Services::MetricsQdr
|
||||
- OS::TripleO::Services::MySQLClient
|
||||
- OS::TripleO::Services::NovaManager
|
||||
- OS::TripleO::Services::ContainersLogrotateCrond
|
||||
- OS::TripleO::Services::Podman
|
||||
- OS::TripleO::Services::Rhsm
|
||||
- OS::TripleO::Services::Rsyslog
|
||||
- OS::TripleO::Services::Securetty
|
||||
- OS::TripleO::Services::Snmp
|
||||
- OS::TripleO::Services::Sshd
|
||||
- OS::TripleO::Services::Timesync
|
||||
- OS::TripleO::Services::Timezone
|
||||
- OS::TripleO::Services::TripleoFirewall
|
||||
- OS::TripleO::Services::TripleoPackages
|
||||
- OS::TripleO::Services::Tuned
|
Loading…
Reference in new issue