Browse Source

Merge "Simplify manila, memcached and logging services"

changes/27/785027/7
Zuul 2 weeks ago
committed by Gerrit Code Review
parent
commit
18ee787f73
17 changed files with 60 additions and 134 deletions
  1. +0
    -1
      deployment/logging/rsyslog-baremetal-ansible.yaml
  2. +1
    -3
      deployment/logging/rsyslog-container-puppet.yaml
  3. +3
    -4
      deployment/logging/rsyslog-sidecar-container-puppet.yaml
  4. +3
    -10
      deployment/logrotate/logrotate-crond-container-puppet.yaml
  5. +7
    -23
      deployment/manila/manila-api-container-puppet.yaml
  6. +0
    -1
      deployment/manila/manila-backend-cephfs.yaml
  7. +0
    -1
      deployment/manila/manila-backend-isilon.yaml
  8. +0
    -1
      deployment/manila/manila-backend-netapp.yaml
  9. +0
    -2
      deployment/manila/manila-backend-unity.yaml
  10. +0
    -2
      deployment/manila/manila-backend-vmax.yaml
  11. +0
    -3
      deployment/manila/manila-backend-vnx.yaml
  12. +11
    -17
      deployment/manila/manila-base.yaml
  13. +1
    -3
      deployment/manila/manila-scheduler-container-puppet.yaml
  14. +2
    -8
      deployment/manila/manila-share-common.yaml
  15. +1
    -3
      deployment/manila/manila-share-container-puppet.yaml
  16. +2
    -8
      deployment/manila/manila-share-pacemaker-puppet.yaml
  17. +29
    -44
      deployment/memcached/memcached-container-puppet.yaml

+ 0
- 1
deployment/logging/rsyslog-baremetal-ansible.yaml View File

@ -51,4 +51,3 @@ outputs:
state: started
name: rsyslog
enabled: true

+ 1
- 3
deployment/logging/rsyslog-container-puppet.yaml View File

@ -192,7 +192,6 @@ outputs:
- tripleo::profile::base::logging::rsyslog::elasticsearch_tls_ca_cert: {get_param: RsyslogElasticsearchTlsCACert}
tripleo::profile::base::logging::rsyslog::elasticsearch_tls_client_cert: {get_param: RsyslogElasticsearchTlsClientCert}
tripleo::profile::base::logging::rsyslog::elasticsearch_tls_client_key: {get_param: RsyslogElasticsearchTlsClientKey}
- {}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: rsyslog
@ -226,8 +225,7 @@ outputs:
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/rsyslog.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/kolla/config_files/rsyslog.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/rsyslog:/var/lib/kolla/config_files/src:ro
- /var/log/containers:/var/log/containers:ro
- /var/log/containers/rsyslog:/var/log/rsyslog:rw,z


+ 3
- 4
deployment/logging/rsyslog-sidecar-container-puppet.yaml View File

@ -32,7 +32,6 @@ parameters:
type: json
resources:
ContainersCommon:
type: ../containers-common.yaml
@ -41,7 +40,7 @@ outputs:
description: Role data for the rsyslog-sidecar role.
value:
service_name: rsyslog_sidecar
config_settings: null
config_settings: {}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: rsyslog_sidecar
@ -58,5 +57,5 @@ outputs:
merge: true
preserve_properties: true
docker_config: {}
host_prep_tasks: null
upgrade_tasks: null
host_prep_tasks: []
upgrade_tasks: []

+ 3
- 10
deployment/logrotate/logrotate-crond-container-puppet.yaml View File

@ -69,15 +69,10 @@ parameters:
type: boolean
default: false
conditions:
logrotatedateext_is_enabled: {equals: [{get_param: LogrotateDateExt}, true]}
resources:
ContainersCommon:
type: ../containers-common.yaml
outputs:
role_data:
description: Role data for the crond role.
@ -91,10 +86,9 @@ outputs:
tripleo::profile::base::logging::logrotate::purge_after_days: {get_param: LogrotatePurgeAfterDays}
tripleo::profile::base::logging::logrotate::dateext: {get_param: LogrotateDateExt}
- if:
- logrotatedateext_is_enabled
- {get_param: LogrotateDateExt}
- tripleo::profile::base::logging::logrotate::dateformat: {get_param: LogrotateDateFormat}
tripleo::profile::base::logging::logrotate::dateyesterday: {get_param: LogrotateDateYesterday}
- {}
host_prep_tasks:
- name: allow logrotate to read inside containers
seboolean:
@ -161,8 +155,7 @@ outputs:
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/logrotate-crond.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/kolla/config_files/logrotate-crond.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/crond:/var/lib/kolla/config_files/src:ro
- /var/log/containers:/var/log/containers:z
environment:


+ 7
- 23
deployment/manila/manila-api-container-puppet.yaml View File

@ -103,13 +103,7 @@ parameters:
Cron to purge db entries marked as deleted and older than $age - Max Delay
default: '3600'
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
manila_workers_zero: {equals : [{get_param: ManilaWorkers}, 0]}
resources:
ContainersCommon:
type: ../containers-common.yaml
@ -211,16 +205,13 @@ outputs:
manila::cron::db_purge::age: {get_param: ManilaCronDbPurgeAge}
manila::cron::db_purge::destination: {get_param: ManilaCronDbPurgeDestination}
manila::cron::db_purge::maxdelay: {get_param: ManilaCronDbPurgeMaxDelay}
- manila::wsgi::apache::servername:
manila::wsgi::apache::servername:
str_replace:
template:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, ManilaApiNetwork]}
- if:
- manila_workers_zero
- {}
- manila::wsgi::apache::workers: {get_param: ManilaWorkers}
manila::wsgi::apache::workers: {get_param: ManilaWorkers}
service_config_settings: {get_attr: [ManilaBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS #
puppet_config:
@ -285,8 +276,7 @@ outputs:
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/manila/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- - /var/lib/config-data/manila/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/manila/etc/manila/:/etc/manila/:ro
- /var/log/containers/manila:/var/log/manila:z
- /var/log/containers/httpd/manila-api:/var/log/httpd:z
@ -302,19 +292,14 @@ outputs:
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/manila_api.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/kolla/config_files/manila_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/manila:/var/lib/kolla/config_files/src:ro
- /var/log/containers/manila:/var/log/manila:z
- /var/log/containers/httpd/manila-api:/var/log/httpd:z
- if:
- internal_tls_enabled
- {get_param: EnableInternalTLS}
- - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
- []
- if:
- internal_tls_enabled
- - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
- []
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
manila_api_cron:
@ -328,8 +313,7 @@ outputs:
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/manila_api_cron.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/kolla/config_files/manila_api_cron.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/manila:/var/lib/kolla/config_files/src:ro
- /var/log/containers/manila:/var/log/manila:z
- /var/log/containers/httpd/manila-api:/var/log/httpd:z


+ 0
- 1
deployment/manila/manila-backend-cephfs.yaml View File

@ -96,4 +96,3 @@ outputs:
manila::backend::cephfs::cephfs_enable_snapshots: {get_param: ManilaCephFSCephFSEnableSnapshots}
manila::backend::cephfs::cephfs_volume_mode: {get_param: ManilaCephFSCephVolumeMode}
manila::backend::cephfs::cephfs_protocol_helper_type: {get_param: ManilaCephFSCephFSProtocolHelperType}
step_config:

+ 0
- 1
deployment/manila/manila-backend-isilon.yaml View File

@ -66,4 +66,3 @@ outputs:
manila::backend::dellemc_isilon::emc_nas_root_dir: {get_param: ManilaIsilonNasRootDir}
manila::backend::dellemc_isilon::emc_nas_server_port: {get_param: ManilaIsilonNasServerPort}
manila::backend::dellemc_isilon::emc_nas_server_secure: {get_param: ManilaIsilonNasServerSecure}
step_config:

+ 0
- 1
deployment/manila/manila-backend-netapp.yaml View File

@ -114,4 +114,3 @@ outputs:
manila::backend::netapp::netapp_enabled_share_protocols: {get_param: ManilaNetappEnabledShareProtocols}
manila::backend::netapp::netapp_volume_snapshot_reserve_percent: {get_param: ManilaNetappVolumeSnapshotReservePercent}
manila::backend::netapp::netapp_snapmirror_quiesce_timeout: {get_param: ManilaNetappSnapmirrorQuiesceTimeout}
step_config:

+ 0
- 2
deployment/manila/manila-backend-unity.yaml View File

@ -80,5 +80,3 @@ outputs:
manila::backend::dellemc_unity::network_plugin_ipv6_enabled: {get_param: ManilaIPv6}
manila::backend::dellemc_unity::emc_ssl_cert_verify: {get_param: ManilaUnityEmcSslCertVerify}
manila::backend::dellemc_unity::emc_ssl_cert_path: {get_param: ManilaUnityEmcSslCertPath}
step_config:

+ 0
- 2
deployment/manila/manila-backend-vmax.yaml View File

@ -67,5 +67,3 @@ outputs:
manila::backend::dellemc_vmax::vmax_server_container: {get_param: ManilaVMAXServerContainer}
manila::backend::dellemc_vmax::vmax_share_data_pools: {get_param: ManilaVMAXShareDataPools}
manila::backend::dellemc_vmax::vmax_ethernet_ports: {get_param: ManilaVMAXEthernetPorts}
step_config:

+ 0
- 3
deployment/manila/manila-backend-vnx.yaml View File

@ -80,6 +80,3 @@ outputs:
manila::backend::dellemc_vnx::network_plugin_ipv6_enabled: {get_param: ManilaIPv6}
manila::backend::dellemc_vnx::emc_ssl_cert_verify: {get_param: ManilaVNXEmcSslCertVerify}
manila::backend::dellemc_vnx::emc_ssl_cert_path: {get_param: ManilaVNXEmcSslCertPath}
step_config:

+ 11
- 17
deployment/manila/manila-base.yaml View File

@ -53,10 +53,6 @@ parameters:
default: 'noop'
description: Driver or drivers to handle sending notifications.
conditions:
manila_ipv6: {equals : [{get_param: ManilaIPv6}, true]}
enable_sqlalchemy_collectd: {equals : [{get_param: EnableSQLAlchemyCollectd}, true]}
outputs:
role_data:
description: Role data for the Manila Base service.
@ -79,21 +75,19 @@ outputs:
host: {get_param: [EndpointMap, MysqlInternal, host]}
path: /manila
query:
if:
- enable_sqlalchemy_collectd
-
read_default_file: /etc/my.cnf.d/tripleo.cnf
read_default_group: tripleo
plugin: collectd
collectd_program_name: manila
collectd_host: localhost
-
read_default_file: /etc/my.cnf.d/tripleo.cnf
read_default_group: tripleo
if:
- {get_param: EnableSQLAlchemyCollectd}
- read_default_file: /etc/my.cnf.d/tripleo.cnf
read_default_group: tripleo
plugin: collectd
collectd_program_name: manila
collectd_host: localhost
- read_default_file: /etc/my.cnf.d/tripleo.cnf
read_default_group: tripleo
manila::network::neutron::network_plugin_ipv6_enabled: {get_param: ManilaIPv6}
# Currently the address family parameters are mutually exclusive
manila::network::neutron::network_plugin_ipv4_enabled: {if: ["manila_ipv6", false, true]}
manila::network::neutron::network_plugin_ipv4_enabled:
if: [{get_param: ManilaIPv6}, false, true]
service_config_settings:
mysql:
manila::db::mysql::password: {get_param: ManilaPassword}


+ 1
- 3
deployment/manila/manila-scheduler-container-puppet.yaml View File

@ -38,7 +38,6 @@ parameters:
type: string
resources:
ContainersCommon:
type: ../containers-common.yaml
@ -92,8 +91,7 @@ outputs:
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/manila_scheduler.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/kolla/config_files/manila_scheduler.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/manila:/var/lib/kolla/config_files/src:ro
- /var/log/containers/manila:/var/log/manila:z
environment:


+ 2
- 8
deployment/manila/manila-share-common.yaml View File

@ -42,11 +42,9 @@ parameters:
The path where the Ceph Cluster config files are stored on the host.
conditions:
cephfs_nfs_enabled: {equals: [{get_param: ManilaCephFSCephFSProtocolHelperType}, 'NFS']}
resources:
ContainersCommon:
type: ../containers-common.yaml
@ -56,8 +54,7 @@ outputs:
value:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/manila_share.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/kolla/config_files/manila_share.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/manila:/var/lib/kolla/config_files/src:ro
- list_join:
- ':'
@ -72,11 +69,8 @@ outputs:
- /var/log/containers/manila:/var/log/manila:z
- if:
- cephfs_nfs_enabled
-
- /etc/ganesha:/etc/ganesha
- - /etc/ganesha:/etc/ganesha
- /run/dbus/system_bus_socket:/run/dbus/system_bus_socket
- null
manila_share_environment:
description: Docker environment for the manila-share container (HA or non-HA)
value:


+ 1
- 3
deployment/manila/manila-share-container-puppet.yaml View File

@ -63,7 +63,6 @@ parameters:
description: Keystone region for endpoint
resources:
ContainersCommon:
type: ../containers-common.yaml
@ -91,9 +90,8 @@ outputs:
config_settings:
map_merge:
- get_attr: [ManilaBase, role_data, config_settings]
-
# keystone_authtoken
manila::keystone::authtoken::password: {get_param: ManilaPassword}
- manila::keystone::authtoken::password: {get_param: ManilaPassword}
manila::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
manila::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
manila::keystone::authtoken::project_name: 'service'


+ 2
- 8
deployment/manila/manila-share-pacemaker-puppet.yaml View File

@ -69,13 +69,7 @@ parameters:
description: |
The path where the Ceph Cluster config files are stored on the host.
conditions:
docker_enabled: {equals: [{get_param: ContainerCli}, 'docker']}
common_tag_enabled: {equals: [{get_param: ClusterCommonTag}, true]}
common_tag_full: {equals: [{get_param: ClusterFullTag}, true]}
resources:
ContainersCommon:
type: ../containers-common.yaml
@ -104,12 +98,12 @@ outputs:
- get_attr: [ManilaShareContainerBase, role_data, config_settings]
- tripleo::profile::pacemaker::manila::share_bundle::manila_share_docker_image: &manila_share_image_pcmklatest
if:
- common_tag_full
- {get_param: ClusterFullTag}
- "cluster.common.tag/manila-share:pcmklatest"
- yaql:
data:
if:
- common_tag_enabled
- {get_param: ClusterCommonTag}
- yaql:
data: {get_param: ContainerManilaShareImage}
expression: concat("cluster.common.tag/", $.data.rightSplit(separator => "/", maxSplits => 1)[1])


+ 29
- 44
deployment/memcached/memcached-container-puppet.yaml View File

@ -87,24 +87,24 @@ parameters:
certificate for this service
conditions:
internal_tls_enabled: {get_param: MemcachedTLS}
# NOTE: A non-tls port is necessary while there are still services
# consuming Memcached that do not support TLS. Once all services
# do support TLS, this config should be dropped.
enable_non_tls_port:
and:
- internal_tls_enabled
- {get_param: MemcachedTLS}
- not: {equals: [{get_param: MemcachedPort}, 11211]}
memcached_network_unset: {equals : [{get_param: MemcachedIpSubnet}, '']}
memcached_network_set:
not: {equals : [{get_param: MemcachedIpSubnet}, '']}
service_debug: {get_param: MemcachedDebug}
is_ipv6:
equals:
- {get_param: [ServiceData, net_ip_version_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
- 6
key_size_override_unset: {equals: [{get_param: MemcachedCertificateKeySize}, '']}
key_size_override_set:
not: {equals: [{get_param: MemcachedCertificateKeySize}, '']}
resources:
ContainersCommon:
type: ../containers-common.yaml
@ -120,7 +120,16 @@ outputs:
# Even if binding is configured on internal_api network, enforce it
# via firewall as well.
if:
- memcached_network_unset
- memcached_network_set
- '121 memcached':
dport:
list_concat:
- - {get_param: MemcachedPort}
- if:
- enable_non_tls_port
- [11211]
proto: 'tcp'
source: {get_param: MemcachedIpSubnet}
- map_merge:
repeat:
for_each:
@ -137,29 +146,17 @@ outputs:
- if:
- enable_non_tls_port
- [11211]
- []
proto: 'tcp'
source: <%net_cidr%>
- '121 memcached':
dport:
list_concat:
- - {get_param: MemcachedPort}
- if:
- enable_non_tls_port
- [11211]
- []
proto: 'tcp'
source: {get_param: MemcachedIpSubnet}
monitoring_subscription: {get_param: MonitoringSubscriptionMemcached}
config_settings:
map_merge:
-
- memcached::listen:
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
memcached::listen:
list_concat:
- - if:
- is_ipv6
@ -181,7 +178,6 @@ outputs:
- is_ipv6
- 'notls:[::1]:11211'
- 'notls:127.0.0.1:11211'
- []
# NOTE(xek): the IP addresses are configured with:
# memcached::listen - the new way
# memcached::listen_ip - will be deprecated
@ -223,25 +219,21 @@ outputs:
memcached::disable_cachedump: true
memcached::logstdout: true
tripleo::profile::base::memcached::enable_internal_memcached_tls: {get_param: MemcachedTLS}
-
- if:
# NOTE: This config is necessary while there are still services
# consuming Memcached that do not support TLS. Once all services
# do support TLS, this config should be dropped.
if:
- enable_non_tls_port
- memcached_port: {get_param: MemcachedPort}
memcached_authtoken_port: 11211
- memcached_port: {get_param: MemcachedPort}
memcached_authtoken_port: {get_param: MemcachedPort}
-
if:
- internal_tls_enabled
-
tripleo::memcached::service_certificate: '/etc/pki/tls/certs/memcached.crt'
- if:
- {get_param: MemcachedTLS}
- tripleo::memcached::service_certificate: '/etc/pki/tls/certs/memcached.crt'
tripleo::profile::base::memcached::certificate_specs:
service_certificate: '/etc/pki/tls/certs/memcached.crt'
service_key: '/etc/pki/tls/private/memcached.key'
- {}
service_config_settings:
collectd:
tripleo.collectd.plugins.memcached:
@ -297,31 +289,25 @@ outputs:
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/memcached.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/kolla/config_files/memcached.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/memcached:/var/lib/kolla/config_files/src:rw,z
- /var/log/containers/memcached:/var/log/memcached:rw
- if:
- internal_tls_enabled
-
- /etc/pki/tls/certs/memcached.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/memcached.crt:ro
- {get_param: MemcachedTLS}
- - /etc/pki/tls/certs/memcached.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/memcached.crt:ro
- /etc/pki/tls/private/memcached.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/memcached.key:ro
- null
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
metadata_settings:
if:
- internal_tls_enabled
-
- service: memcached
- {get_param: MemcachedTLS}
- - service: memcached
network: {get_param: [ServiceNetMap, MemcachedNetwork]}
type: node
- null
deploy_steps_tasks:
if:
- internal_tls_enabled
-
- name: Certificate generation
- {get_param: MemcachedTLS}
- - name: Certificate generation
when: step|int == 1
block:
- include_role:
@ -356,11 +342,10 @@ outputs:
echo refresh_certs | openssl s_client -connect $memcached_ip:$memcached_port
key_size:
if:
- key_size_override_unset
- {get_param: CertificateKeySize}
- key_size_override_set
- {get_param: MemcachedCertificateKeySize}
- {get_param: CertificateKeySize}
ca: ipa
- null
host_prep_tasks:
- name: create persistent directories
file:


Loading…
Cancel
Save