openstack
/
tripleo-heat-templates
Code Issues Proposed changes

Merge "Simplify manila, memcached and logging services"

This commit is contained in:
Zuul 2021-04-28 23:28:22 +00:00 committed by Gerrit Code Review
parent c12de120c0 9fcd76ac47
commit 18ee787f73
17 changed files with 60 additions and 134 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
deployment/logging/rsyslog-baremetal-ansible.yaml
View File

@ -51,4 +51,3 @@ outputs:
state: started
name: rsyslog
enabled: true

4
deployment/logging/rsyslog-container-puppet.yaml
View File

@ -192,7 +192,6 @@ outputs:
- tripleo::profile::base::logging::rsyslog::elasticsearch_tls_ca_cert: {get_param: RsyslogElasticsearchTlsCACert}
tripleo::profile::base::logging::rsyslog::elasticsearch_tls_client_cert: {get_param: RsyslogElasticsearchTlsClientCert}
tripleo::profile::base::logging::rsyslog::elasticsearch_tls_client_key: {get_param: RsyslogElasticsearchTlsClientKey}
- {}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: rsyslog
@ -226,8 +225,7 @@ outputs:
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/rsyslog.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/kolla/config_files/rsyslog.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/rsyslog:/var/lib/kolla/config_files/src:ro
- /var/log/containers:/var/log/containers:ro
- /var/log/containers/rsyslog:/var/log/rsyslog:rw,z

7
deployment/logging/rsyslog-sidecar-container-puppet.yaml
View File

@ -32,7 +32,6 @@ parameters:
type: json
resources:
ContainersCommon:
type: ../containers-common.yaml
@ -41,7 +40,7 @@ outputs:
description: Role data for the rsyslog-sidecar role.
value:
service_name: rsyslog_sidecar
config_settings: null
config_settings: {}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: rsyslog_sidecar
@ -58,5 +57,5 @@ outputs:
merge: true
preserve_properties: true
docker_config: {}
host_prep_tasks: null
upgrade_tasks: null
host_prep_tasks: []
upgrade_tasks: []

13
deployment/logrotate/logrotate-crond-container-puppet.yaml
View File

@ -69,15 +69,10 @@ parameters:
type: boolean
default: false
conditions:
logrotatedateext_is_enabled: {equals: [{get_param: LogrotateDateExt}, true]}
resources:
ContainersCommon:
type: ../containers-common.yaml
outputs:
role_data:
description: Role data for the crond role.
@ -91,10 +86,9 @@ outputs:
tripleo::profile::base::logging::logrotate::purge_after_days: {get_param: LogrotatePurgeAfterDays}
tripleo::profile::base::logging::logrotate::dateext: {get_param: LogrotateDateExt}
- if:
- logrotatedateext_is_enabled
- {get_param: LogrotateDateExt}
- tripleo::profile::base::logging::logrotate::dateformat: {get_param: LogrotateDateFormat}
tripleo::profile::base::logging::logrotate::dateyesterday: {get_param: LogrotateDateYesterday}
- {}
host_prep_tasks:
- name: allow logrotate to read inside containers
seboolean:
@ -161,8 +155,7 @@ outputs:
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/logrotate-crond.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/kolla/config_files/logrotate-crond.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/crond:/var/lib/kolla/config_files/src:ro
- /var/log/containers:/var/log/containers:z
environment:

30
deployment/manila/manila-api-container-puppet.yaml
View File

@ -103,13 +103,7 @@ parameters:
Cron to purge db entries marked as deleted and older than $age - Max Delay
default: '3600'
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
manila_workers_zero: {equals : [{get_param: ManilaWorkers}, 0]}
resources:
ContainersCommon:
type: ../containers-common.yaml
@ -211,16 +205,13 @@ outputs:
manila::cron::db_purge::age: {get_param: ManilaCronDbPurgeAge}
manila::cron::db_purge::destination: {get_param: ManilaCronDbPurgeDestination}
manila::cron::db_purge::maxdelay: {get_param: ManilaCronDbPurgeMaxDelay}
- manila::wsgi::apache::servername:
manila::wsgi::apache::servername:
str_replace:
template:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, ManilaApiNetwork]}
- if:
- manila_workers_zero
- {}
- manila::wsgi::apache::workers: {get_param: ManilaWorkers}
manila::wsgi::apache::workers: {get_param: ManilaWorkers}
service_config_settings: {get_attr: [ManilaBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS #
puppet_config:
@ -285,8 +276,7 @@ outputs:
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/manila/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- - /var/lib/config-data/manila/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/manila/etc/manila/:/etc/manila/:ro
- /var/log/containers/manila:/var/log/manila:z
- /var/log/containers/httpd/manila-api:/var/log/httpd:z
@ -302,19 +292,14 @@ outputs:
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/manila_api.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/kolla/config_files/manila_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/manila:/var/lib/kolla/config_files/src:ro
- /var/log/containers/manila:/var/log/manila:z
- /var/log/containers/httpd/manila-api:/var/log/httpd:z
- if:
- internal_tls_enabled
- {get_param: EnableInternalTLS}
- - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
- []
- if:
- internal_tls_enabled
- - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
- []
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
manila_api_cron:
@ -328,8 +313,7 @@ outputs:
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/manila_api_cron.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/kolla/config_files/manila_api_cron.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/manila:/var/lib/kolla/config_files/src:ro
- /var/log/containers/manila:/var/log/manila:z
- /var/log/containers/httpd/manila-api:/var/log/httpd:z

1
deployment/manila/manila-backend-cephfs.yaml
View File

@ -96,4 +96,3 @@ outputs:
manila::backend::cephfs::cephfs_enable_snapshots: {get_param: ManilaCephFSCephFSEnableSnapshots}
manila::backend::cephfs::cephfs_volume_mode: {get_param: ManilaCephFSCephVolumeMode}
manila::backend::cephfs::cephfs_protocol_helper_type: {get_param: ManilaCephFSCephFSProtocolHelperType}
step_config:

1
deployment/manila/manila-backend-isilon.yaml
View File

@ -66,4 +66,3 @@ outputs:
manila::backend::dellemc_isilon::emc_nas_root_dir: {get_param: ManilaIsilonNasRootDir}
manila::backend::dellemc_isilon::emc_nas_server_port: {get_param: ManilaIsilonNasServerPort}
manila::backend::dellemc_isilon::emc_nas_server_secure: {get_param: ManilaIsilonNasServerSecure}
step_config:

1
deployment/manila/manila-backend-netapp.yaml
View File

@ -114,4 +114,3 @@ outputs:
manila::backend::netapp::netapp_enabled_share_protocols: {get_param: ManilaNetappEnabledShareProtocols}
manila::backend::netapp::netapp_volume_snapshot_reserve_percent: {get_param: ManilaNetappVolumeSnapshotReservePercent}
manila::backend::netapp::netapp_snapmirror_quiesce_timeout: {get_param: ManilaNetappSnapmirrorQuiesceTimeout}
step_config:

2
deployment/manila/manila-backend-unity.yaml
View File

@ -80,5 +80,3 @@ outputs:
manila::backend::dellemc_unity::network_plugin_ipv6_enabled: {get_param: ManilaIPv6}
manila::backend::dellemc_unity::emc_ssl_cert_verify: {get_param: ManilaUnityEmcSslCertVerify}
manila::backend::dellemc_unity::emc_ssl_cert_path: {get_param: ManilaUnityEmcSslCertPath}
step_config:

2
deployment/manila/manila-backend-vmax.yaml
View File

@ -67,5 +67,3 @@ outputs:
manila::backend::dellemc_vmax::vmax_server_container: {get_param: ManilaVMAXServerContainer}
manila::backend::dellemc_vmax::vmax_share_data_pools: {get_param: ManilaVMAXShareDataPools}
manila::backend::dellemc_vmax::vmax_ethernet_ports: {get_param: ManilaVMAXEthernetPorts}
step_config:

3
deployment/manila/manila-backend-vnx.yaml
View File

@ -80,6 +80,3 @@ outputs:
manila::backend::dellemc_vnx::network_plugin_ipv6_enabled: {get_param: ManilaIPv6}
manila::backend::dellemc_vnx::emc_ssl_cert_verify: {get_param: ManilaVNXEmcSslCertVerify}
manila::backend::dellemc_vnx::emc_ssl_cert_path: {get_param: ManilaVNXEmcSslCertPath}
step_config:

28
deployment/manila/manila-base.yaml
View File

@ -53,10 +53,6 @@ parameters:
default: 'noop'
description: Driver or drivers to handle sending notifications.
conditions:
manila_ipv6: {equals : [{get_param: ManilaIPv6}, true]}
enable_sqlalchemy_collectd: {equals : [{get_param: EnableSQLAlchemyCollectd}, true]}
outputs:
role_data:
description: Role data for the Manila Base service.
@ -79,21 +75,19 @@ outputs:
host: {get_param: [EndpointMap, MysqlInternal, host]}
path: /manila
query:
if:
- enable_sqlalchemy_collectd
-
read_default_file: /etc/my.cnf.d/tripleo.cnf
read_default_group: tripleo
plugin: collectd
collectd_program_name: manila
collectd_host: localhost
-
read_default_file: /etc/my.cnf.d/tripleo.cnf
read_default_group: tripleo
if:
- {get_param: EnableSQLAlchemyCollectd}
- read_default_file: /etc/my.cnf.d/tripleo.cnf
read_default_group: tripleo
plugin: collectd
collectd_program_name: manila
collectd_host: localhost
- read_default_file: /etc/my.cnf.d/tripleo.cnf
read_default_group: tripleo
manila::network::neutron::network_plugin_ipv6_enabled: {get_param: ManilaIPv6}
# Currently the address family parameters are mutually exclusive
manila::network::neutron::network_plugin_ipv4_enabled: {if: ["manila_ipv6", false, true]}
manila::network::neutron::network_plugin_ipv4_enabled:
if: [{get_param: ManilaIPv6}, false, true]
service_config_settings:
mysql:
manila::db::mysql::password: {get_param: ManilaPassword}

4
deployment/manila/manila-scheduler-container-puppet.yaml
View File

@ -38,7 +38,6 @@ parameters:
type: string
resources:
ContainersCommon:
type: ../containers-common.yaml
@ -92,8 +91,7 @@ outputs:
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/manila_scheduler.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/kolla/config_files/manila_scheduler.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/manila:/var/lib/kolla/config_files/src:ro
- /var/log/containers/manila:/var/log/manila:z
environment:

10
deployment/manila/manila-share-common.yaml
View File

@ -42,11 +42,9 @@ parameters:
The path where the Ceph Cluster config files are stored on the host.
conditions:
cephfs_nfs_enabled: {equals: [{get_param: ManilaCephFSCephFSProtocolHelperType}, 'NFS']}
resources:
ContainersCommon:
type: ../containers-common.yaml
@ -56,8 +54,7 @@ outputs:
value:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/manila_share.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/kolla/config_files/manila_share.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/manila:/var/lib/kolla/config_files/src:ro
- list_join:
- ':'
@ -72,11 +69,8 @@ outputs:
- /var/log/containers/manila:/var/log/manila:z
- if:
- cephfs_nfs_enabled
-
- /etc/ganesha:/etc/ganesha
- - /etc/ganesha:/etc/ganesha
- /run/dbus/system_bus_socket:/run/dbus/system_bus_socket
- null
manila_share_environment:
description: Docker environment for the manila-share container (HA or non-HA)
value:

4
deployment/manila/manila-share-container-puppet.yaml
View File

@ -63,7 +63,6 @@ parameters:
description: Keystone region for endpoint
resources:
ContainersCommon:
type: ../containers-common.yaml
@ -91,9 +90,8 @@ outputs:
config_settings:
map_merge:
- get_attr: [ManilaBase, role_data, config_settings]
-
# keystone_authtoken
manila::keystone::authtoken::password: {get_param: ManilaPassword}
- manila::keystone::authtoken::password: {get_param: ManilaPassword}
manila::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
manila::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
manila::keystone::authtoken::project_name: 'service'

10
deployment/manila/manila-share-pacemaker-puppet.yaml
View File

@ -69,13 +69,7 @@ parameters:
description: |
The path where the Ceph Cluster config files are stored on the host.
conditions:
docker_enabled: {equals: [{get_param: ContainerCli}, 'docker']}
common_tag_enabled: {equals: [{get_param: ClusterCommonTag}, true]}
common_tag_full: {equals: [{get_param: ClusterFullTag}, true]}
resources:
ContainersCommon:
type: ../containers-common.yaml
@ -104,12 +98,12 @@ outputs:
- get_attr: [ManilaShareContainerBase, role_data, config_settings]
- tripleo::profile::pacemaker::manila::share_bundle::manila_share_docker_image: &manila_share_image_pcmklatest
if:
- common_tag_full
- {get_param: ClusterFullTag}
- "cluster.common.tag/manila-share:pcmklatest"
- yaql:
data:
if:
- common_tag_enabled
- {get_param: ClusterCommonTag}
- yaql:
data: {get_param: ContainerManilaShareImage}
expression: concat("cluster.common.tag/", $.data.rightSplit(separator => "/", maxSplits => 1)[1])

73
deployment/memcached/memcached-container-puppet.yaml
View File

@ -87,24 +87,24 @@ parameters:
certificate for this service
conditions:
internal_tls_enabled: {get_param: MemcachedTLS}
# NOTE: A non-tls port is necessary while there are still services
# consuming Memcached that do not support TLS. Once all services
# do support TLS, this config should be dropped.
enable_non_tls_port:
and:
- internal_tls_enabled
- {get_param: MemcachedTLS}
- not: {equals: [{get_param: MemcachedPort}, 11211]}
memcached_network_unset: {equals : [{get_param: MemcachedIpSubnet}, '']}
memcached_network_set:
not: {equals : [{get_param: MemcachedIpSubnet}, '']}
service_debug: {get_param: MemcachedDebug}
is_ipv6:
equals:
- {get_param: [ServiceData, net_ip_version_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
- 6
key_size_override_unset: {equals: [{get_param: MemcachedCertificateKeySize}, '']}
key_size_override_set:
not: {equals: [{get_param: MemcachedCertificateKeySize}, '']}
resources:
ContainersCommon:
type: ../containers-common.yaml
@ -120,7 +120,16 @@ outputs:
# Even if binding is configured on internal_api network, enforce it
# via firewall as well.
if:
- memcached_network_unset
- memcached_network_set
- '121 memcached':
dport:
list_concat:
- - {get_param: MemcachedPort}
- if:
- enable_non_tls_port
- [11211]
proto: 'tcp'
source: {get_param: MemcachedIpSubnet}
- map_merge:
repeat:
for_each:
@ -137,29 +146,17 @@ outputs:
- if:
- enable_non_tls_port
- [11211]
- []
proto: 'tcp'
source: <%net_cidr%>
- '121 memcached':
dport:
list_concat:
- - {get_param: MemcachedPort}
- if:
- enable_non_tls_port
- [11211]
- []
proto: 'tcp'
source: {get_param: MemcachedIpSubnet}
monitoring_subscription: {get_param: MonitoringSubscriptionMemcached}
config_settings:
map_merge:
-
- memcached::listen:
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
memcached::listen:
list_concat:
- - if:
- is_ipv6
@ -181,7 +178,6 @@ outputs:
- is_ipv6
- 'notls:[::1]:11211'
- 'notls:127.0.0.1:11211'
- []
# NOTE(xek): the IP addresses are configured with:
# memcached::listen - the new way
# memcached::listen_ip - will be deprecated
@ -223,25 +219,21 @@ outputs:
memcached::disable_cachedump: true
memcached::logstdout: true
tripleo::profile::base::memcached::enable_internal_memcached_tls: {get_param: MemcachedTLS}
-
- if:
# NOTE: This config is necessary while there are still services
# consuming Memcached that do not support TLS. Once all services
# do support TLS, this config should be dropped.
if:
- enable_non_tls_port
- memcached_port: {get_param: MemcachedPort}
memcached_authtoken_port: 11211
- memcached_port: {get_param: MemcachedPort}
memcached_authtoken_port: {get_param: MemcachedPort}
-
if:
- internal_tls_enabled
-
tripleo::memcached::service_certificate: '/etc/pki/tls/certs/memcached.crt'
- if:
- {get_param: MemcachedTLS}
- tripleo::memcached::service_certificate: '/etc/pki/tls/certs/memcached.crt'
tripleo::profile::base::memcached::certificate_specs:
service_certificate: '/etc/pki/tls/certs/memcached.crt'
service_key: '/etc/pki/tls/private/memcached.key'
- {}
service_config_settings:
collectd:
tripleo.collectd.plugins.memcached:
@ -297,31 +289,25 @@ outputs:
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/memcached.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/kolla/config_files/memcached.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/memcached:/var/lib/kolla/config_files/src:rw,z
- /var/log/containers/memcached:/var/log/memcached:rw
- if:
- internal_tls_enabled
-
- /etc/pki/tls/certs/memcached.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/memcached.crt:ro
- {get_param: MemcachedTLS}
- - /etc/pki/tls/certs/memcached.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/memcached.crt:ro
- /etc/pki/tls/private/memcached.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/memcached.key:ro
- null
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
metadata_settings:
if:
- internal_tls_enabled
-
- service: memcached
- {get_param: MemcachedTLS}
- - service: memcached
network: {get_param: [ServiceNetMap, MemcachedNetwork]}
type: node
- null
deploy_steps_tasks:
if:
- internal_tls_enabled
-
- name: Certificate generation
- {get_param: MemcachedTLS}
- - name: Certificate generation
when: step|int == 1
block:
- include_role:
@ -356,11 +342,10 @@ outputs:
echo refresh_certs | openssl s_client -connect $memcached_ip:$memcached_port
key_size:
if:
- key_size_override_unset
- {get_param: CertificateKeySize}
- key_size_override_set
- {get_param: MemcachedCertificateKeySize}
- {get_param: CertificateKeySize}
ca: ipa
- null
host_prep_tasks:
- name: create persistent directories
file: