From 51a9a07810b7bfb4a064d43ec1796aa764600477 Mon Sep 17 00:00:00 2001 From: Alan Bishop Date: Wed, 3 Feb 2021 08:50:21 -0800 Subject: [PATCH] Unify cinder's volume and backup kolla_config settings Define a common set of kolla config_files and permissions for use by cinder's volume and backup services (both pcmk and non-pcmk variants). Previously, there were four different sets and some of them contained subtle errors. Change-Id: Id6a1ab51041a3cd870449399b6793c10bbb1fdca (cherry picked from commit 8d38363a784cfaafddda9e4702dc2289324aea4f) --- .../cinder-backup-container-puppet.yaml | 51 +----------------- .../cinder-backup-pacemaker-puppet.yaml | 31 +---------- .../cinder-common-container-puppet.yaml | 52 +++++++++++++++++++ .../cinder-volume-container-puppet.yaml | 36 +------------ .../cinder-volume-pacemaker-puppet.yaml | 23 +------- 5 files changed, 60 insertions(+), 133 deletions(-) diff --git a/deployment/cinder/cinder-backup-container-puppet.yaml b/deployment/cinder/cinder-backup-container-puppet.yaml index f9435ea39d..136ac8c2f8 100644 --- a/deployment/cinder/cinder-backup-container-puppet.yaml +++ b/deployment/cinder/cinder-backup-container-puppet.yaml @@ -62,18 +62,6 @@ parameters: CinderBackupRbdPoolName: default: backups type: string - CephClusterName: - type: string - default: ceph - description: The Ceph cluster name. - constraints: - - allowed_pattern: "[a-zA-Z0-9]+" - description: > - The Ceph cluster name must be at least 1 character and contain only - letters and numbers. - CephClientUserName: - default: openstack - type: string CinderBackupNfsShare: default: '' description: NFS share to be mounted @@ -153,43 +141,8 @@ outputs: kolla_config: /var/lib/kolla/config_files/cinder_backup.json: command: /usr/bin/cinder-backup --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf - config_files: - - source: "/var/lib/kolla/config_files/src/*" - dest: "/" - merge: true - preserve_properties: true - - source: "/var/lib/kolla/config_files/src-ceph/" - dest: "/etc/ceph/" - merge: true - preserve_properties: true - - source: "/var/lib/kolla/config_files/src-iscsid/*" - dest: "/etc/iscsi/" - merge: true - preserve_properties: true - - source: "/var/lib/kolla/config_files/src-tls/*" - dest: "/" - merge: true - preserve_properties: true - optional: true - permissions: - - path: /var/lib/cinder - owner: cinder:cinder - recurse: true - - path: /var/log/cinder - owner: cinder:cinder - recurse: true - - path: - str_replace: - template: /etc/ceph/CLUSTER.client.USER.keyring - params: - CLUSTER: {get_param: CephClusterName} - USER: {get_param: CephClientUserName} - owner: cinder:cinder - perm: '0600' - - path: /etc/pki/tls/certs/etcd.crt - owner: cinder:cinder - - path: /etc/pki/tls/private/etcd.key - owner: cinder:cinder + config_files: {get_attr: [CinderCommon, cinder_common_kolla_config_files]} + permissions: {get_attr: [CinderCommon, cinder_common_kolla_permissions]} docker_config: step_3: cinder_backup_init_logs: diff --git a/deployment/cinder/cinder-backup-pacemaker-puppet.yaml b/deployment/cinder/cinder-backup-pacemaker-puppet.yaml index 8d62f940e0..273926c4d7 100644 --- a/deployment/cinder/cinder-backup-pacemaker-puppet.yaml +++ b/deployment/cinder/cinder-backup-pacemaker-puppet.yaml @@ -159,35 +159,8 @@ outputs: kolla_config: /var/lib/kolla/config_files/cinder_backup.json: command: /usr/bin/cinder-backup --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf - config_files: - - source: "/var/lib/kolla/config_files/src/*" - dest: "/" - merge: true - preserve_properties: true - - source: "/var/lib/kolla/config_files/src-ceph/" - dest: "/etc/ceph/" - merge: true - preserve_properties: true - - source: "/var/lib/kolla/config_files/src-iscsid/*" - dest: "/etc/iscsi/" - merge: true - preserve_properties: true - - source: "/var/lib/kolla/config_files/src-tls/*" - dest: "/" - merge: true - preserve_properties: true - optional: true - permissions: - - path: /var/lib/cinder - owner: cinder:cinder - recurse: true - - path: /var/log/cinder - owner: cinder:cinder - recurse: true - - path: /etc/pki/tls/certs/etcd.crt - owner: cinder:cinder - - path: /etc/pki/tls/private/etcd.key - owner: cinder:cinder + config_files: {get_attr: [CinderCommon, cinder_common_kolla_config_files]} + permissions: {get_attr: [CinderCommon, cinder_common_kolla_permissions]} container_config_scripts: {get_attr: [ContainersCommon, container_config_scripts]} docker_config: step_3: diff --git a/deployment/cinder/cinder-common-container-puppet.yaml b/deployment/cinder/cinder-common-container-puppet.yaml index d7f9c6c541..e81b3f7c98 100644 --- a/deployment/cinder/cinder-common-container-puppet.yaml +++ b/deployment/cinder/cinder-common-container-puppet.yaml @@ -73,6 +73,18 @@ parameters: API network is using TLS. type: boolean default: false + CephClientUserName: + default: openstack + type: string + CephClusterName: + type: string + default: ceph + description: The Ceph cluster name. + constraints: + - allowed_pattern: "[a-zA-Z0-9]+" + description: > + The Ceph cluster name must be at least 1 character and contain only + letters and numbers. conditions: @@ -123,6 +135,46 @@ outputs: - /etc/pki/tls/private/etcd.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/etcd.key:ro - [] + cinder_common_kolla_config_files: + description: Common kolla config_files for cinder-volume and cinder-backup services + value: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + - source: "/var/lib/kolla/config_files/src-ceph/" + dest: "/etc/ceph/" + merge: true + preserve_properties: true + - source: "/var/lib/kolla/config_files/src-iscsid/*" + dest: "/etc/iscsi/" + merge: true + preserve_properties: true + - source: "/var/lib/kolla/config_files/src-tls/*" + dest: "/" + merge: true + preserve_properties: true + optional: true + + cinder_common_kolla_permissions: + description: Common kolla permissions for cinder-volume and cinder-backup services + value: + - path: /var/log/cinder + owner: cinder:cinder + recurse: true + - path: + str_replace: + template: /etc/ceph/CLUSTER.client.USER.keyring + params: + CLUSTER: {get_param: CephClusterName} + USER: {get_param: CephClientUserName} + owner: cinder:cinder + perm: '0600' + - path: /etc/pki/tls/certs/etcd.crt + owner: cinder:cinder + - path: /etc/pki/tls/private/etcd.key + owner: cinder:cinder + cinder_volume_host_prep_tasks: description: Host prep tasks for the cinder-volume service (HA or non-HA) value: diff --git a/deployment/cinder/cinder-volume-container-puppet.yaml b/deployment/cinder/cinder-volume-container-puppet.yaml index 18a26aa7c8..21641549d4 100644 --- a/deployment/cinder/cinder-volume-container-puppet.yaml +++ b/deployment/cinder/cinder-volume-container-puppet.yaml @@ -297,40 +297,8 @@ outputs: kolla_config: /var/lib/kolla/config_files/cinder_volume.json: command: /usr/bin/cinder-volume --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf - config_files: - - source: "/var/lib/kolla/config_files/src/*" - dest: "/" - merge: true - preserve_properties: true - - source: "/var/lib/kolla/config_files/src-ceph/" - dest: "/etc/ceph/" - merge: true - preserve_properties: true - - source: "/var/lib/kolla/config_files/src-iscsid/*" - dest: "/etc/iscsi/" - merge: true - preserve_properties: true - - source: "/var/lib/kolla/config_files/src-tls/*" - dest: "/" - merge: true - preserve_properties: true - optional: true - permissions: - - path: /var/log/cinder - owner: cinder:cinder - recurse: true - - path: - str_replace: - template: /etc/ceph/CLUSTER.client.USER.keyring - params: - CLUSTER: {get_param: CephClusterName} - USER: {get_param: CephClientUserName} - owner: cinder:cinder - perm: '0600' - - path: /etc/pki/tls/certs/etcd.crt - owner: cinder:cinder - - path: /etc/pki/tls/private/etcd.key - owner: cinder:cinder + config_files: {get_attr: [CinderCommon, cinder_common_kolla_config_files]} + permissions: {get_attr: [CinderCommon, cinder_common_kolla_permissions]} docker_config: step_3: cinder_volume_init_logs: diff --git a/deployment/cinder/cinder-volume-pacemaker-puppet.yaml b/deployment/cinder/cinder-volume-pacemaker-puppet.yaml index 6e32323b3f..fcd12750f5 100644 --- a/deployment/cinder/cinder-volume-pacemaker-puppet.yaml +++ b/deployment/cinder/cinder-volume-pacemaker-puppet.yaml @@ -148,27 +148,8 @@ outputs: kolla_config: /var/lib/kolla/config_files/cinder_volume.json: command: /usr/bin/cinder-volume --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf - config_files: - - source: "/var/lib/kolla/config_files/src/*" - dest: "/" - merge: true - preserve_properties: true - - source: "/var/lib/kolla/config_files/src-ceph/" - dest: "/etc/ceph/" - merge: true - preserve_properties: true - - source: "/var/lib/kolla/config_files/src-iscsid/*" - dest: "/etc/iscsi/" - merge: true - preserve_properties: true - # NOTE(abishop): no need to copy any src-tls/* files or set ownership - # of etcd's TLS certificate and key. The etcd service is only used by - # cinder-volume when it's running active/active, and *not* when it's - # under pcmk control. - permissions: - - path: /var/log/cinder - owner: cinder:cinder - recurse: true + config_files: {get_attr: [CinderCommon, cinder_common_kolla_config_files]} + permissions: {get_attr: [CinderCommon, cinder_common_kolla_permissions]} container_config_scripts: {get_attr: [ContainersCommon, container_config_scripts]} docker_config: step_3: