Merge "Simplify manila, memcached and logging services"
This commit is contained in:
commit
18ee787f73
|
@ -51,4 +51,3 @@ outputs:
|
||||||
state: started
|
state: started
|
||||||
name: rsyslog
|
name: rsyslog
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
||||||
|
|
|
@ -192,7 +192,6 @@ outputs:
|
||||||
- tripleo::profile::base::logging::rsyslog::elasticsearch_tls_ca_cert: {get_param: RsyslogElasticsearchTlsCACert}
|
- tripleo::profile::base::logging::rsyslog::elasticsearch_tls_ca_cert: {get_param: RsyslogElasticsearchTlsCACert}
|
||||||
tripleo::profile::base::logging::rsyslog::elasticsearch_tls_client_cert: {get_param: RsyslogElasticsearchTlsClientCert}
|
tripleo::profile::base::logging::rsyslog::elasticsearch_tls_client_cert: {get_param: RsyslogElasticsearchTlsClientCert}
|
||||||
tripleo::profile::base::logging::rsyslog::elasticsearch_tls_client_key: {get_param: RsyslogElasticsearchTlsClientKey}
|
tripleo::profile::base::logging::rsyslog::elasticsearch_tls_client_key: {get_param: RsyslogElasticsearchTlsClientKey}
|
||||||
- {}
|
|
||||||
# BEGIN DOCKER SETTINGS
|
# BEGIN DOCKER SETTINGS
|
||||||
puppet_config:
|
puppet_config:
|
||||||
config_volume: rsyslog
|
config_volume: rsyslog
|
||||||
|
@ -226,8 +225,7 @@ outputs:
|
||||||
volumes:
|
volumes:
|
||||||
list_concat:
|
list_concat:
|
||||||
- {get_attr: [ContainersCommon, volumes]}
|
- {get_attr: [ContainersCommon, volumes]}
|
||||||
-
|
- - /var/lib/kolla/config_files/rsyslog.json:/var/lib/kolla/config_files/config.json:ro
|
||||||
- /var/lib/kolla/config_files/rsyslog.json:/var/lib/kolla/config_files/config.json:ro
|
|
||||||
- /var/lib/config-data/puppet-generated/rsyslog:/var/lib/kolla/config_files/src:ro
|
- /var/lib/config-data/puppet-generated/rsyslog:/var/lib/kolla/config_files/src:ro
|
||||||
- /var/log/containers:/var/log/containers:ro
|
- /var/log/containers:/var/log/containers:ro
|
||||||
- /var/log/containers/rsyslog:/var/log/rsyslog:rw,z
|
- /var/log/containers/rsyslog:/var/log/rsyslog:rw,z
|
||||||
|
|
|
@ -32,7 +32,6 @@ parameters:
|
||||||
type: json
|
type: json
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
|
|
||||||
ContainersCommon:
|
ContainersCommon:
|
||||||
type: ../containers-common.yaml
|
type: ../containers-common.yaml
|
||||||
|
|
||||||
|
@ -41,7 +40,7 @@ outputs:
|
||||||
description: Role data for the rsyslog-sidecar role.
|
description: Role data for the rsyslog-sidecar role.
|
||||||
value:
|
value:
|
||||||
service_name: rsyslog_sidecar
|
service_name: rsyslog_sidecar
|
||||||
config_settings: null
|
config_settings: {}
|
||||||
# BEGIN DOCKER SETTINGS
|
# BEGIN DOCKER SETTINGS
|
||||||
puppet_config:
|
puppet_config:
|
||||||
config_volume: rsyslog_sidecar
|
config_volume: rsyslog_sidecar
|
||||||
|
@ -58,5 +57,5 @@ outputs:
|
||||||
merge: true
|
merge: true
|
||||||
preserve_properties: true
|
preserve_properties: true
|
||||||
docker_config: {}
|
docker_config: {}
|
||||||
host_prep_tasks: null
|
host_prep_tasks: []
|
||||||
upgrade_tasks: null
|
upgrade_tasks: []
|
||||||
|
|
|
@ -69,15 +69,10 @@ parameters:
|
||||||
type: boolean
|
type: boolean
|
||||||
default: false
|
default: false
|
||||||
|
|
||||||
conditions:
|
|
||||||
|
|
||||||
logrotatedateext_is_enabled: {equals: [{get_param: LogrotateDateExt}, true]}
|
|
||||||
|
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
|
|
||||||
ContainersCommon:
|
ContainersCommon:
|
||||||
type: ../containers-common.yaml
|
type: ../containers-common.yaml
|
||||||
|
|
||||||
outputs:
|
outputs:
|
||||||
role_data:
|
role_data:
|
||||||
description: Role data for the crond role.
|
description: Role data for the crond role.
|
||||||
|
@ -91,10 +86,9 @@ outputs:
|
||||||
tripleo::profile::base::logging::logrotate::purge_after_days: {get_param: LogrotatePurgeAfterDays}
|
tripleo::profile::base::logging::logrotate::purge_after_days: {get_param: LogrotatePurgeAfterDays}
|
||||||
tripleo::profile::base::logging::logrotate::dateext: {get_param: LogrotateDateExt}
|
tripleo::profile::base::logging::logrotate::dateext: {get_param: LogrotateDateExt}
|
||||||
- if:
|
- if:
|
||||||
- logrotatedateext_is_enabled
|
- {get_param: LogrotateDateExt}
|
||||||
- tripleo::profile::base::logging::logrotate::dateformat: {get_param: LogrotateDateFormat}
|
- tripleo::profile::base::logging::logrotate::dateformat: {get_param: LogrotateDateFormat}
|
||||||
tripleo::profile::base::logging::logrotate::dateyesterday: {get_param: LogrotateDateYesterday}
|
tripleo::profile::base::logging::logrotate::dateyesterday: {get_param: LogrotateDateYesterday}
|
||||||
- {}
|
|
||||||
host_prep_tasks:
|
host_prep_tasks:
|
||||||
- name: allow logrotate to read inside containers
|
- name: allow logrotate to read inside containers
|
||||||
seboolean:
|
seboolean:
|
||||||
|
@ -161,8 +155,7 @@ outputs:
|
||||||
volumes:
|
volumes:
|
||||||
list_concat:
|
list_concat:
|
||||||
- {get_attr: [ContainersCommon, volumes]}
|
- {get_attr: [ContainersCommon, volumes]}
|
||||||
-
|
- - /var/lib/kolla/config_files/logrotate-crond.json:/var/lib/kolla/config_files/config.json:ro
|
||||||
- /var/lib/kolla/config_files/logrotate-crond.json:/var/lib/kolla/config_files/config.json:ro
|
|
||||||
- /var/lib/config-data/puppet-generated/crond:/var/lib/kolla/config_files/src:ro
|
- /var/lib/config-data/puppet-generated/crond:/var/lib/kolla/config_files/src:ro
|
||||||
- /var/log/containers:/var/log/containers:z
|
- /var/log/containers:/var/log/containers:z
|
||||||
environment:
|
environment:
|
||||||
|
|
|
@ -103,13 +103,7 @@ parameters:
|
||||||
Cron to purge db entries marked as deleted and older than $age - Max Delay
|
Cron to purge db entries marked as deleted and older than $age - Max Delay
|
||||||
default: '3600'
|
default: '3600'
|
||||||
|
|
||||||
conditions:
|
|
||||||
|
|
||||||
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
|
||||||
manila_workers_zero: {equals : [{get_param: ManilaWorkers}, 0]}
|
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
|
|
||||||
ContainersCommon:
|
ContainersCommon:
|
||||||
type: ../containers-common.yaml
|
type: ../containers-common.yaml
|
||||||
|
|
||||||
|
@ -211,16 +205,13 @@ outputs:
|
||||||
manila::cron::db_purge::age: {get_param: ManilaCronDbPurgeAge}
|
manila::cron::db_purge::age: {get_param: ManilaCronDbPurgeAge}
|
||||||
manila::cron::db_purge::destination: {get_param: ManilaCronDbPurgeDestination}
|
manila::cron::db_purge::destination: {get_param: ManilaCronDbPurgeDestination}
|
||||||
manila::cron::db_purge::maxdelay: {get_param: ManilaCronDbPurgeMaxDelay}
|
manila::cron::db_purge::maxdelay: {get_param: ManilaCronDbPurgeMaxDelay}
|
||||||
- manila::wsgi::apache::servername:
|
manila::wsgi::apache::servername:
|
||||||
str_replace:
|
str_replace:
|
||||||
template:
|
template:
|
||||||
"%{hiera('fqdn_$NETWORK')}"
|
"%{hiera('fqdn_$NETWORK')}"
|
||||||
params:
|
params:
|
||||||
$NETWORK: {get_param: [ServiceNetMap, ManilaApiNetwork]}
|
$NETWORK: {get_param: [ServiceNetMap, ManilaApiNetwork]}
|
||||||
- if:
|
manila::wsgi::apache::workers: {get_param: ManilaWorkers}
|
||||||
- manila_workers_zero
|
|
||||||
- {}
|
|
||||||
- manila::wsgi::apache::workers: {get_param: ManilaWorkers}
|
|
||||||
service_config_settings: {get_attr: [ManilaBase, role_data, service_config_settings]}
|
service_config_settings: {get_attr: [ManilaBase, role_data, service_config_settings]}
|
||||||
# BEGIN DOCKER SETTINGS #
|
# BEGIN DOCKER SETTINGS #
|
||||||
puppet_config:
|
puppet_config:
|
||||||
|
@ -285,8 +276,7 @@ outputs:
|
||||||
volumes:
|
volumes:
|
||||||
list_concat:
|
list_concat:
|
||||||
- {get_attr: [ContainersCommon, volumes]}
|
- {get_attr: [ContainersCommon, volumes]}
|
||||||
-
|
- - /var/lib/config-data/manila/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
|
||||||
- /var/lib/config-data/manila/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
|
|
||||||
- /var/lib/config-data/manila/etc/manila/:/etc/manila/:ro
|
- /var/lib/config-data/manila/etc/manila/:/etc/manila/:ro
|
||||||
- /var/log/containers/manila:/var/log/manila:z
|
- /var/log/containers/manila:/var/log/manila:z
|
||||||
- /var/log/containers/httpd/manila-api:/var/log/httpd:z
|
- /var/log/containers/httpd/manila-api:/var/log/httpd:z
|
||||||
|
@ -302,19 +292,14 @@ outputs:
|
||||||
volumes:
|
volumes:
|
||||||
list_concat:
|
list_concat:
|
||||||
- {get_attr: [ContainersCommon, volumes]}
|
- {get_attr: [ContainersCommon, volumes]}
|
||||||
-
|
- - /var/lib/kolla/config_files/manila_api.json:/var/lib/kolla/config_files/config.json:ro
|
||||||
- /var/lib/kolla/config_files/manila_api.json:/var/lib/kolla/config_files/config.json:ro
|
|
||||||
- /var/lib/config-data/puppet-generated/manila:/var/lib/kolla/config_files/src:ro
|
- /var/lib/config-data/puppet-generated/manila:/var/lib/kolla/config_files/src:ro
|
||||||
- /var/log/containers/manila:/var/log/manila:z
|
- /var/log/containers/manila:/var/log/manila:z
|
||||||
- /var/log/containers/httpd/manila-api:/var/log/httpd:z
|
- /var/log/containers/httpd/manila-api:/var/log/httpd:z
|
||||||
- if:
|
- if:
|
||||||
- internal_tls_enabled
|
- {get_param: EnableInternalTLS}
|
||||||
- - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
|
- - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
|
||||||
- []
|
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
|
||||||
- if:
|
|
||||||
- internal_tls_enabled
|
|
||||||
- - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
|
|
||||||
- []
|
|
||||||
environment:
|
environment:
|
||||||
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
|
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
|
||||||
manila_api_cron:
|
manila_api_cron:
|
||||||
|
@ -328,8 +313,7 @@ outputs:
|
||||||
volumes:
|
volumes:
|
||||||
list_concat:
|
list_concat:
|
||||||
- {get_attr: [ContainersCommon, volumes]}
|
- {get_attr: [ContainersCommon, volumes]}
|
||||||
-
|
- - /var/lib/kolla/config_files/manila_api_cron.json:/var/lib/kolla/config_files/config.json:ro
|
||||||
- /var/lib/kolla/config_files/manila_api_cron.json:/var/lib/kolla/config_files/config.json:ro
|
|
||||||
- /var/lib/config-data/puppet-generated/manila:/var/lib/kolla/config_files/src:ro
|
- /var/lib/config-data/puppet-generated/manila:/var/lib/kolla/config_files/src:ro
|
||||||
- /var/log/containers/manila:/var/log/manila:z
|
- /var/log/containers/manila:/var/log/manila:z
|
||||||
- /var/log/containers/httpd/manila-api:/var/log/httpd:z
|
- /var/log/containers/httpd/manila-api:/var/log/httpd:z
|
||||||
|
|
|
@ -96,4 +96,3 @@ outputs:
|
||||||
manila::backend::cephfs::cephfs_enable_snapshots: {get_param: ManilaCephFSCephFSEnableSnapshots}
|
manila::backend::cephfs::cephfs_enable_snapshots: {get_param: ManilaCephFSCephFSEnableSnapshots}
|
||||||
manila::backend::cephfs::cephfs_volume_mode: {get_param: ManilaCephFSCephVolumeMode}
|
manila::backend::cephfs::cephfs_volume_mode: {get_param: ManilaCephFSCephVolumeMode}
|
||||||
manila::backend::cephfs::cephfs_protocol_helper_type: {get_param: ManilaCephFSCephFSProtocolHelperType}
|
manila::backend::cephfs::cephfs_protocol_helper_type: {get_param: ManilaCephFSCephFSProtocolHelperType}
|
||||||
step_config:
|
|
||||||
|
|
|
@ -66,4 +66,3 @@ outputs:
|
||||||
manila::backend::dellemc_isilon::emc_nas_root_dir: {get_param: ManilaIsilonNasRootDir}
|
manila::backend::dellemc_isilon::emc_nas_root_dir: {get_param: ManilaIsilonNasRootDir}
|
||||||
manila::backend::dellemc_isilon::emc_nas_server_port: {get_param: ManilaIsilonNasServerPort}
|
manila::backend::dellemc_isilon::emc_nas_server_port: {get_param: ManilaIsilonNasServerPort}
|
||||||
manila::backend::dellemc_isilon::emc_nas_server_secure: {get_param: ManilaIsilonNasServerSecure}
|
manila::backend::dellemc_isilon::emc_nas_server_secure: {get_param: ManilaIsilonNasServerSecure}
|
||||||
step_config:
|
|
||||||
|
|
|
@ -114,4 +114,3 @@ outputs:
|
||||||
manila::backend::netapp::netapp_enabled_share_protocols: {get_param: ManilaNetappEnabledShareProtocols}
|
manila::backend::netapp::netapp_enabled_share_protocols: {get_param: ManilaNetappEnabledShareProtocols}
|
||||||
manila::backend::netapp::netapp_volume_snapshot_reserve_percent: {get_param: ManilaNetappVolumeSnapshotReservePercent}
|
manila::backend::netapp::netapp_volume_snapshot_reserve_percent: {get_param: ManilaNetappVolumeSnapshotReservePercent}
|
||||||
manila::backend::netapp::netapp_snapmirror_quiesce_timeout: {get_param: ManilaNetappSnapmirrorQuiesceTimeout}
|
manila::backend::netapp::netapp_snapmirror_quiesce_timeout: {get_param: ManilaNetappSnapmirrorQuiesceTimeout}
|
||||||
step_config:
|
|
||||||
|
|
|
@ -80,5 +80,3 @@ outputs:
|
||||||
manila::backend::dellemc_unity::network_plugin_ipv6_enabled: {get_param: ManilaIPv6}
|
manila::backend::dellemc_unity::network_plugin_ipv6_enabled: {get_param: ManilaIPv6}
|
||||||
manila::backend::dellemc_unity::emc_ssl_cert_verify: {get_param: ManilaUnityEmcSslCertVerify}
|
manila::backend::dellemc_unity::emc_ssl_cert_verify: {get_param: ManilaUnityEmcSslCertVerify}
|
||||||
manila::backend::dellemc_unity::emc_ssl_cert_path: {get_param: ManilaUnityEmcSslCertPath}
|
manila::backend::dellemc_unity::emc_ssl_cert_path: {get_param: ManilaUnityEmcSslCertPath}
|
||||||
step_config:
|
|
||||||
|
|
||||||
|
|
|
@ -67,5 +67,3 @@ outputs:
|
||||||
manila::backend::dellemc_vmax::vmax_server_container: {get_param: ManilaVMAXServerContainer}
|
manila::backend::dellemc_vmax::vmax_server_container: {get_param: ManilaVMAXServerContainer}
|
||||||
manila::backend::dellemc_vmax::vmax_share_data_pools: {get_param: ManilaVMAXShareDataPools}
|
manila::backend::dellemc_vmax::vmax_share_data_pools: {get_param: ManilaVMAXShareDataPools}
|
||||||
manila::backend::dellemc_vmax::vmax_ethernet_ports: {get_param: ManilaVMAXEthernetPorts}
|
manila::backend::dellemc_vmax::vmax_ethernet_ports: {get_param: ManilaVMAXEthernetPorts}
|
||||||
step_config:
|
|
||||||
|
|
||||||
|
|
|
@ -80,6 +80,3 @@ outputs:
|
||||||
manila::backend::dellemc_vnx::network_plugin_ipv6_enabled: {get_param: ManilaIPv6}
|
manila::backend::dellemc_vnx::network_plugin_ipv6_enabled: {get_param: ManilaIPv6}
|
||||||
manila::backend::dellemc_vnx::emc_ssl_cert_verify: {get_param: ManilaVNXEmcSslCertVerify}
|
manila::backend::dellemc_vnx::emc_ssl_cert_verify: {get_param: ManilaVNXEmcSslCertVerify}
|
||||||
manila::backend::dellemc_vnx::emc_ssl_cert_path: {get_param: ManilaVNXEmcSslCertPath}
|
manila::backend::dellemc_vnx::emc_ssl_cert_path: {get_param: ManilaVNXEmcSslCertPath}
|
||||||
step_config:
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -53,10 +53,6 @@ parameters:
|
||||||
default: 'noop'
|
default: 'noop'
|
||||||
description: Driver or drivers to handle sending notifications.
|
description: Driver or drivers to handle sending notifications.
|
||||||
|
|
||||||
conditions:
|
|
||||||
manila_ipv6: {equals : [{get_param: ManilaIPv6}, true]}
|
|
||||||
enable_sqlalchemy_collectd: {equals : [{get_param: EnableSQLAlchemyCollectd}, true]}
|
|
||||||
|
|
||||||
outputs:
|
outputs:
|
||||||
role_data:
|
role_data:
|
||||||
description: Role data for the Manila Base service.
|
description: Role data for the Manila Base service.
|
||||||
|
@ -79,21 +75,19 @@ outputs:
|
||||||
host: {get_param: [EndpointMap, MysqlInternal, host]}
|
host: {get_param: [EndpointMap, MysqlInternal, host]}
|
||||||
path: /manila
|
path: /manila
|
||||||
query:
|
query:
|
||||||
if:
|
if:
|
||||||
- enable_sqlalchemy_collectd
|
- {get_param: EnableSQLAlchemyCollectd}
|
||||||
-
|
- read_default_file: /etc/my.cnf.d/tripleo.cnf
|
||||||
read_default_file: /etc/my.cnf.d/tripleo.cnf
|
read_default_group: tripleo
|
||||||
read_default_group: tripleo
|
plugin: collectd
|
||||||
plugin: collectd
|
collectd_program_name: manila
|
||||||
collectd_program_name: manila
|
collectd_host: localhost
|
||||||
collectd_host: localhost
|
- read_default_file: /etc/my.cnf.d/tripleo.cnf
|
||||||
-
|
read_default_group: tripleo
|
||||||
read_default_file: /etc/my.cnf.d/tripleo.cnf
|
|
||||||
read_default_group: tripleo
|
|
||||||
|
|
||||||
manila::network::neutron::network_plugin_ipv6_enabled: {get_param: ManilaIPv6}
|
manila::network::neutron::network_plugin_ipv6_enabled: {get_param: ManilaIPv6}
|
||||||
# Currently the address family parameters are mutually exclusive
|
# Currently the address family parameters are mutually exclusive
|
||||||
manila::network::neutron::network_plugin_ipv4_enabled: {if: ["manila_ipv6", false, true]}
|
manila::network::neutron::network_plugin_ipv4_enabled:
|
||||||
|
if: [{get_param: ManilaIPv6}, false, true]
|
||||||
service_config_settings:
|
service_config_settings:
|
||||||
mysql:
|
mysql:
|
||||||
manila::db::mysql::password: {get_param: ManilaPassword}
|
manila::db::mysql::password: {get_param: ManilaPassword}
|
||||||
|
|
|
@ -38,7 +38,6 @@ parameters:
|
||||||
type: string
|
type: string
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
|
|
||||||
ContainersCommon:
|
ContainersCommon:
|
||||||
type: ../containers-common.yaml
|
type: ../containers-common.yaml
|
||||||
|
|
||||||
|
@ -92,8 +91,7 @@ outputs:
|
||||||
volumes:
|
volumes:
|
||||||
list_concat:
|
list_concat:
|
||||||
- {get_attr: [ContainersCommon, volumes]}
|
- {get_attr: [ContainersCommon, volumes]}
|
||||||
-
|
- - /var/lib/kolla/config_files/manila_scheduler.json:/var/lib/kolla/config_files/config.json:ro
|
||||||
- /var/lib/kolla/config_files/manila_scheduler.json:/var/lib/kolla/config_files/config.json:ro
|
|
||||||
- /var/lib/config-data/puppet-generated/manila:/var/lib/kolla/config_files/src:ro
|
- /var/lib/config-data/puppet-generated/manila:/var/lib/kolla/config_files/src:ro
|
||||||
- /var/log/containers/manila:/var/log/manila:z
|
- /var/log/containers/manila:/var/log/manila:z
|
||||||
environment:
|
environment:
|
||||||
|
|
|
@ -42,11 +42,9 @@ parameters:
|
||||||
The path where the Ceph Cluster config files are stored on the host.
|
The path where the Ceph Cluster config files are stored on the host.
|
||||||
|
|
||||||
conditions:
|
conditions:
|
||||||
|
|
||||||
cephfs_nfs_enabled: {equals: [{get_param: ManilaCephFSCephFSProtocolHelperType}, 'NFS']}
|
cephfs_nfs_enabled: {equals: [{get_param: ManilaCephFSCephFSProtocolHelperType}, 'NFS']}
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
|
|
||||||
ContainersCommon:
|
ContainersCommon:
|
||||||
type: ../containers-common.yaml
|
type: ../containers-common.yaml
|
||||||
|
|
||||||
|
@ -56,8 +54,7 @@ outputs:
|
||||||
value:
|
value:
|
||||||
list_concat:
|
list_concat:
|
||||||
- {get_attr: [ContainersCommon, volumes]}
|
- {get_attr: [ContainersCommon, volumes]}
|
||||||
-
|
- - /var/lib/kolla/config_files/manila_share.json:/var/lib/kolla/config_files/config.json:ro
|
||||||
- /var/lib/kolla/config_files/manila_share.json:/var/lib/kolla/config_files/config.json:ro
|
|
||||||
- /var/lib/config-data/puppet-generated/manila:/var/lib/kolla/config_files/src:ro
|
- /var/lib/config-data/puppet-generated/manila:/var/lib/kolla/config_files/src:ro
|
||||||
- list_join:
|
- list_join:
|
||||||
- ':'
|
- ':'
|
||||||
|
@ -72,11 +69,8 @@ outputs:
|
||||||
- /var/log/containers/manila:/var/log/manila:z
|
- /var/log/containers/manila:/var/log/manila:z
|
||||||
- if:
|
- if:
|
||||||
- cephfs_nfs_enabled
|
- cephfs_nfs_enabled
|
||||||
-
|
- - /etc/ganesha:/etc/ganesha
|
||||||
- /etc/ganesha:/etc/ganesha
|
|
||||||
- /run/dbus/system_bus_socket:/run/dbus/system_bus_socket
|
- /run/dbus/system_bus_socket:/run/dbus/system_bus_socket
|
||||||
- null
|
|
||||||
|
|
||||||
manila_share_environment:
|
manila_share_environment:
|
||||||
description: Docker environment for the manila-share container (HA or non-HA)
|
description: Docker environment for the manila-share container (HA or non-HA)
|
||||||
value:
|
value:
|
||||||
|
|
|
@ -63,7 +63,6 @@ parameters:
|
||||||
description: Keystone region for endpoint
|
description: Keystone region for endpoint
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
|
|
||||||
ContainersCommon:
|
ContainersCommon:
|
||||||
type: ../containers-common.yaml
|
type: ../containers-common.yaml
|
||||||
|
|
||||||
|
@ -91,9 +90,8 @@ outputs:
|
||||||
config_settings:
|
config_settings:
|
||||||
map_merge:
|
map_merge:
|
||||||
- get_attr: [ManilaBase, role_data, config_settings]
|
- get_attr: [ManilaBase, role_data, config_settings]
|
||||||
-
|
|
||||||
# keystone_authtoken
|
# keystone_authtoken
|
||||||
manila::keystone::authtoken::password: {get_param: ManilaPassword}
|
- manila::keystone::authtoken::password: {get_param: ManilaPassword}
|
||||||
manila::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
|
manila::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
|
||||||
manila::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
manila::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||||
manila::keystone::authtoken::project_name: 'service'
|
manila::keystone::authtoken::project_name: 'service'
|
||||||
|
|
|
@ -69,13 +69,7 @@ parameters:
|
||||||
description: |
|
description: |
|
||||||
The path where the Ceph Cluster config files are stored on the host.
|
The path where the Ceph Cluster config files are stored on the host.
|
||||||
|
|
||||||
conditions:
|
|
||||||
docker_enabled: {equals: [{get_param: ContainerCli}, 'docker']}
|
|
||||||
common_tag_enabled: {equals: [{get_param: ClusterCommonTag}, true]}
|
|
||||||
common_tag_full: {equals: [{get_param: ClusterFullTag}, true]}
|
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
|
|
||||||
ContainersCommon:
|
ContainersCommon:
|
||||||
type: ../containers-common.yaml
|
type: ../containers-common.yaml
|
||||||
|
|
||||||
|
@ -104,12 +98,12 @@ outputs:
|
||||||
- get_attr: [ManilaShareContainerBase, role_data, config_settings]
|
- get_attr: [ManilaShareContainerBase, role_data, config_settings]
|
||||||
- tripleo::profile::pacemaker::manila::share_bundle::manila_share_docker_image: &manila_share_image_pcmklatest
|
- tripleo::profile::pacemaker::manila::share_bundle::manila_share_docker_image: &manila_share_image_pcmklatest
|
||||||
if:
|
if:
|
||||||
- common_tag_full
|
- {get_param: ClusterFullTag}
|
||||||
- "cluster.common.tag/manila-share:pcmklatest"
|
- "cluster.common.tag/manila-share:pcmklatest"
|
||||||
- yaql:
|
- yaql:
|
||||||
data:
|
data:
|
||||||
if:
|
if:
|
||||||
- common_tag_enabled
|
- {get_param: ClusterCommonTag}
|
||||||
- yaql:
|
- yaql:
|
||||||
data: {get_param: ContainerManilaShareImage}
|
data: {get_param: ContainerManilaShareImage}
|
||||||
expression: concat("cluster.common.tag/", $.data.rightSplit(separator => "/", maxSplits => 1)[1])
|
expression: concat("cluster.common.tag/", $.data.rightSplit(separator => "/", maxSplits => 1)[1])
|
||||||
|
|
|
@ -87,24 +87,24 @@ parameters:
|
||||||
certificate for this service
|
certificate for this service
|
||||||
|
|
||||||
conditions:
|
conditions:
|
||||||
internal_tls_enabled: {get_param: MemcachedTLS}
|
|
||||||
# NOTE: A non-tls port is necessary while there are still services
|
# NOTE: A non-tls port is necessary while there are still services
|
||||||
# consuming Memcached that do not support TLS. Once all services
|
# consuming Memcached that do not support TLS. Once all services
|
||||||
# do support TLS, this config should be dropped.
|
# do support TLS, this config should be dropped.
|
||||||
enable_non_tls_port:
|
enable_non_tls_port:
|
||||||
and:
|
and:
|
||||||
- internal_tls_enabled
|
- {get_param: MemcachedTLS}
|
||||||
- not: {equals: [{get_param: MemcachedPort}, 11211]}
|
- not: {equals: [{get_param: MemcachedPort}, 11211]}
|
||||||
memcached_network_unset: {equals : [{get_param: MemcachedIpSubnet}, '']}
|
memcached_network_set:
|
||||||
|
not: {equals : [{get_param: MemcachedIpSubnet}, '']}
|
||||||
service_debug: {get_param: MemcachedDebug}
|
service_debug: {get_param: MemcachedDebug}
|
||||||
is_ipv6:
|
is_ipv6:
|
||||||
equals:
|
equals:
|
||||||
- {get_param: [ServiceData, net_ip_version_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
|
- {get_param: [ServiceData, net_ip_version_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
|
||||||
- 6
|
- 6
|
||||||
key_size_override_unset: {equals: [{get_param: MemcachedCertificateKeySize}, '']}
|
key_size_override_set:
|
||||||
|
not: {equals: [{get_param: MemcachedCertificateKeySize}, '']}
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
|
|
||||||
ContainersCommon:
|
ContainersCommon:
|
||||||
type: ../containers-common.yaml
|
type: ../containers-common.yaml
|
||||||
|
|
||||||
|
@ -120,7 +120,16 @@ outputs:
|
||||||
# Even if binding is configured on internal_api network, enforce it
|
# Even if binding is configured on internal_api network, enforce it
|
||||||
# via firewall as well.
|
# via firewall as well.
|
||||||
if:
|
if:
|
||||||
- memcached_network_unset
|
- memcached_network_set
|
||||||
|
- '121 memcached':
|
||||||
|
dport:
|
||||||
|
list_concat:
|
||||||
|
- - {get_param: MemcachedPort}
|
||||||
|
- if:
|
||||||
|
- enable_non_tls_port
|
||||||
|
- [11211]
|
||||||
|
proto: 'tcp'
|
||||||
|
source: {get_param: MemcachedIpSubnet}
|
||||||
- map_merge:
|
- map_merge:
|
||||||
repeat:
|
repeat:
|
||||||
for_each:
|
for_each:
|
||||||
|
@ -137,29 +146,17 @@ outputs:
|
||||||
- if:
|
- if:
|
||||||
- enable_non_tls_port
|
- enable_non_tls_port
|
||||||
- [11211]
|
- [11211]
|
||||||
- []
|
|
||||||
proto: 'tcp'
|
proto: 'tcp'
|
||||||
source: <%net_cidr%>
|
source: <%net_cidr%>
|
||||||
- '121 memcached':
|
|
||||||
dport:
|
|
||||||
list_concat:
|
|
||||||
- - {get_param: MemcachedPort}
|
|
||||||
- if:
|
|
||||||
- enable_non_tls_port
|
|
||||||
- [11211]
|
|
||||||
- []
|
|
||||||
proto: 'tcp'
|
|
||||||
source: {get_param: MemcachedIpSubnet}
|
|
||||||
monitoring_subscription: {get_param: MonitoringSubscriptionMemcached}
|
monitoring_subscription: {get_param: MonitoringSubscriptionMemcached}
|
||||||
config_settings:
|
config_settings:
|
||||||
map_merge:
|
map_merge:
|
||||||
-
|
- memcached::listen:
|
||||||
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
|
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
|
||||||
# for the given network; replacement examples (eg. for internal_api):
|
# for the given network; replacement examples (eg. for internal_api):
|
||||||
# internal_api -> IP
|
# internal_api -> IP
|
||||||
# internal_api_uri -> [IP]
|
# internal_api_uri -> [IP]
|
||||||
# internal_api_subnet - > IP/CIDR
|
# internal_api_subnet - > IP/CIDR
|
||||||
memcached::listen:
|
|
||||||
list_concat:
|
list_concat:
|
||||||
- - if:
|
- - if:
|
||||||
- is_ipv6
|
- is_ipv6
|
||||||
|
@ -181,7 +178,6 @@ outputs:
|
||||||
- is_ipv6
|
- is_ipv6
|
||||||
- 'notls:[::1]:11211'
|
- 'notls:[::1]:11211'
|
||||||
- 'notls:127.0.0.1:11211'
|
- 'notls:127.0.0.1:11211'
|
||||||
- []
|
|
||||||
# NOTE(xek): the IP addresses are configured with:
|
# NOTE(xek): the IP addresses are configured with:
|
||||||
# memcached::listen - the new way
|
# memcached::listen - the new way
|
||||||
# memcached::listen_ip - will be deprecated
|
# memcached::listen_ip - will be deprecated
|
||||||
|
@ -223,25 +219,21 @@ outputs:
|
||||||
memcached::disable_cachedump: true
|
memcached::disable_cachedump: true
|
||||||
memcached::logstdout: true
|
memcached::logstdout: true
|
||||||
tripleo::profile::base::memcached::enable_internal_memcached_tls: {get_param: MemcachedTLS}
|
tripleo::profile::base::memcached::enable_internal_memcached_tls: {get_param: MemcachedTLS}
|
||||||
-
|
- if:
|
||||||
# NOTE: This config is necessary while there are still services
|
# NOTE: This config is necessary while there are still services
|
||||||
# consuming Memcached that do not support TLS. Once all services
|
# consuming Memcached that do not support TLS. Once all services
|
||||||
# do support TLS, this config should be dropped.
|
# do support TLS, this config should be dropped.
|
||||||
if:
|
|
||||||
- enable_non_tls_port
|
- enable_non_tls_port
|
||||||
- memcached_port: {get_param: MemcachedPort}
|
- memcached_port: {get_param: MemcachedPort}
|
||||||
memcached_authtoken_port: 11211
|
memcached_authtoken_port: 11211
|
||||||
- memcached_port: {get_param: MemcachedPort}
|
- memcached_port: {get_param: MemcachedPort}
|
||||||
memcached_authtoken_port: {get_param: MemcachedPort}
|
memcached_authtoken_port: {get_param: MemcachedPort}
|
||||||
-
|
- if:
|
||||||
if:
|
- {get_param: MemcachedTLS}
|
||||||
- internal_tls_enabled
|
- tripleo::memcached::service_certificate: '/etc/pki/tls/certs/memcached.crt'
|
||||||
-
|
|
||||||
tripleo::memcached::service_certificate: '/etc/pki/tls/certs/memcached.crt'
|
|
||||||
tripleo::profile::base::memcached::certificate_specs:
|
tripleo::profile::base::memcached::certificate_specs:
|
||||||
service_certificate: '/etc/pki/tls/certs/memcached.crt'
|
service_certificate: '/etc/pki/tls/certs/memcached.crt'
|
||||||
service_key: '/etc/pki/tls/private/memcached.key'
|
service_key: '/etc/pki/tls/private/memcached.key'
|
||||||
- {}
|
|
||||||
service_config_settings:
|
service_config_settings:
|
||||||
collectd:
|
collectd:
|
||||||
tripleo.collectd.plugins.memcached:
|
tripleo.collectd.plugins.memcached:
|
||||||
|
@ -297,31 +289,25 @@ outputs:
|
||||||
volumes:
|
volumes:
|
||||||
list_concat:
|
list_concat:
|
||||||
- {get_attr: [ContainersCommon, volumes]}
|
- {get_attr: [ContainersCommon, volumes]}
|
||||||
-
|
- - /var/lib/kolla/config_files/memcached.json:/var/lib/kolla/config_files/config.json:ro
|
||||||
- /var/lib/kolla/config_files/memcached.json:/var/lib/kolla/config_files/config.json:ro
|
|
||||||
- /var/lib/config-data/puppet-generated/memcached:/var/lib/kolla/config_files/src:rw,z
|
- /var/lib/config-data/puppet-generated/memcached:/var/lib/kolla/config_files/src:rw,z
|
||||||
- /var/log/containers/memcached:/var/log/memcached:rw
|
- /var/log/containers/memcached:/var/log/memcached:rw
|
||||||
- if:
|
- if:
|
||||||
- internal_tls_enabled
|
- {get_param: MemcachedTLS}
|
||||||
-
|
- - /etc/pki/tls/certs/memcached.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/memcached.crt:ro
|
||||||
- /etc/pki/tls/certs/memcached.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/memcached.crt:ro
|
|
||||||
- /etc/pki/tls/private/memcached.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/memcached.key:ro
|
- /etc/pki/tls/private/memcached.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/memcached.key:ro
|
||||||
- null
|
|
||||||
environment:
|
environment:
|
||||||
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
|
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
|
||||||
metadata_settings:
|
metadata_settings:
|
||||||
if:
|
if:
|
||||||
- internal_tls_enabled
|
- {get_param: MemcachedTLS}
|
||||||
-
|
- - service: memcached
|
||||||
- service: memcached
|
|
||||||
network: {get_param: [ServiceNetMap, MemcachedNetwork]}
|
network: {get_param: [ServiceNetMap, MemcachedNetwork]}
|
||||||
type: node
|
type: node
|
||||||
- null
|
|
||||||
deploy_steps_tasks:
|
deploy_steps_tasks:
|
||||||
if:
|
if:
|
||||||
- internal_tls_enabled
|
- {get_param: MemcachedTLS}
|
||||||
-
|
- - name: Certificate generation
|
||||||
- name: Certificate generation
|
|
||||||
when: step|int == 1
|
when: step|int == 1
|
||||||
block:
|
block:
|
||||||
- include_role:
|
- include_role:
|
||||||
|
@ -356,11 +342,10 @@ outputs:
|
||||||
echo refresh_certs | openssl s_client -connect $memcached_ip:$memcached_port
|
echo refresh_certs | openssl s_client -connect $memcached_ip:$memcached_port
|
||||||
key_size:
|
key_size:
|
||||||
if:
|
if:
|
||||||
- key_size_override_unset
|
- key_size_override_set
|
||||||
- {get_param: CertificateKeySize}
|
|
||||||
- {get_param: MemcachedCertificateKeySize}
|
- {get_param: MemcachedCertificateKeySize}
|
||||||
|
- {get_param: CertificateKeySize}
|
||||||
ca: ipa
|
ca: ipa
|
||||||
- null
|
|
||||||
host_prep_tasks:
|
host_prep_tasks:
|
||||||
- name: create persistent directories
|
- name: create persistent directories
|
||||||
file:
|
file:
|
||||||
|
|
Loading…
Reference in New Issue