From 2487becc6a6d263e55c9a642d51994a72c1cb9aa Mon Sep 17 00:00:00 2001 From: Damien Ciabrini Date: Mon, 2 Dec 2019 13:01:45 +0100 Subject: [PATCH] HA: minor update of arbitrary container image name HA services get their container image name from a pacemaker resource configuration. This image name is shared between all cluster nodes. To achieve image update without service disruption, a pacemaker resource is configured to use an intermediate image name "//:pcmklatest" pointing to the real image name configured in Heat. This tag can then be updated independently on every node during the minor update. In order to support the same rolling update when the changes in the container image, we need a similar floating approach for the prefix part of the container image. Introduce a new Heat parameter ClusterCommonTag that, when enabled, sets the intermediate image name to "cluster-common-tag/:pcmklatest". By default, this parameter is disabled and the original naming scheme is conserved. Note: by introducing this new naming scheme, we stop seeing a meaningful image name prefix when doing a "pcs status", but since we already can't tell what image ID the :pcmklatest tag points to, we don't lose much information really. Related-Bug: #1854730 Change-Id: Id369154d147cd5cf0a6f997bf806084fc7580e01 (cherry picked from commit a166ec6bcaae078a4f7ed91feb8e431fe031e0cb) (cherry picked from commit 44b6e6b8520bc9660dd1c6ac44d91523c7c7c84a) (cherry picked from commit f366adbd151193ba524d70c4f904be35f1d048a0) --- docker/services/pacemaker/cinder-backup.yaml | 24 ++++++++++++++----- docker/services/pacemaker/cinder-volume.yaml | 24 ++++++++++++++----- docker/services/pacemaker/database/mysql.yaml | 24 ++++++++++++++----- docker/services/pacemaker/database/redis.yaml | 24 ++++++++++++++----- docker/services/pacemaker/haproxy.yaml | 24 ++++++++++++++----- docker/services/pacemaker/manila-share.yaml | 24 ++++++++++++++----- .../services/pacemaker/notify-rabbitmq.yaml | 24 ++++++++++++++----- docker/services/pacemaker/ovn-dbs.yaml | 24 ++++++++++++++----- docker/services/pacemaker/rabbitmq.yaml | 24 ++++++++++++++----- docker/services/pacemaker/rpc-rabbitmq.yaml | 24 ++++++++++++++----- ...r-cluster-common-tag-45c4e8a6e7b08735.yaml | 12 ++++++++++ 11 files changed, 192 insertions(+), 60 deletions(-) create mode 100644 releasenotes/notes/pacemaker-cluster-common-tag-45c4e8a6e7b08735.yaml diff --git a/docker/services/pacemaker/cinder-backup.yaml b/docker/services/pacemaker/cinder-backup.yaml index 2aa12cece4..e77c0829b0 100644 --- a/docker/services/pacemaker/cinder-backup.yaml +++ b/docker/services/pacemaker/cinder-backup.yaml @@ -10,6 +10,14 @@ parameters: DockerCinderConfigImage: description: The container image to use for the cinder config_volume type: string + ClusterCommonTag: + default: false + description: When set to false, a pacemaker service is configured + to use a floating tag for its container image name, + e.g. 'REGISTRY/NAMESPACE/IMAGENAME:pcmklatest'. When + set to true, the service uses a floating prefix as + well, e.g. 'cluster-common-tag/IMAGENAME:pcmklatest'. + type: boolean CinderBackupBackend: default: swift description: The short name of the Cinder Backup backend to use. @@ -66,6 +74,7 @@ parameters: conditions: puppet_debug_enabled: {get_param: ConfigDebug} + common_tag_enabled: {equals: [{get_param: ClusterCommonTag}, true]} resources: @@ -100,12 +109,15 @@ outputs: map_merge: - get_attr: [CinderBackupBase, role_data, config_settings] - tripleo::profile::pacemaker::cinder::backup_bundle::cinder_backup_docker_image: &cinder_backup_image_pcmklatest - list_join: - - ':' - - - yaql: - data: {get_param: DockerCinderBackupImage} - expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0] - - 'pcmklatest' + yaql: + data: + if: + - common_tag_enabled + - yaql: + data: {get_param: DockerCinderBackupImage} + expression: concat("cluster-common-tag/", $.data.rightSplit(separator => "/", maxSplits => 1)[1]) + - {get_param: DockerCinderBackupImage} + expression: concat($.data.rightSplit(separator => ":", maxSplits => 1)[0], ":pcmklatest") tripleo::profile::pacemaker::cinder::backup_bundle::docker_volumes: {get_attr: [CinderCommon, cinder_backup_volumes]} tripleo::profile::pacemaker::cinder::backup_bundle::docker_environment: {get_attr: [CinderCommon, cinder_backup_environment]} cinder::backup::manage_service: false diff --git a/docker/services/pacemaker/cinder-volume.yaml b/docker/services/pacemaker/cinder-volume.yaml index 98ff0763b2..d10bab5c62 100644 --- a/docker/services/pacemaker/cinder-volume.yaml +++ b/docker/services/pacemaker/cinder-volume.yaml @@ -10,6 +10,14 @@ parameters: DockerCinderConfigImage: description: The container image to use for the cinder config_volume type: string + ClusterCommonTag: + default: false + description: When set to false, a pacemaker service is configured + to use a floating tag for its container image name, + e.g. 'REGISTRY/NAMESPACE/IMAGENAME:pcmklatest'. When + set to true, the service uses a floating prefix as + well, e.g. 'cluster-common-tag/IMAGENAME:pcmklatest'. + type: boolean EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -54,6 +62,7 @@ parameters: conditions: puppet_debug_enabled: {get_param: ConfigDebug} + common_tag_enabled: {equals: [{get_param: ClusterCommonTag}, true]} resources: @@ -86,12 +95,15 @@ outputs: - get_attr: [CinderBase, role_data, config_settings] - tripleo::profile::base::lvm::enable_udev: false tripleo::profile::pacemaker::cinder::volume_bundle::cinder_volume_docker_image: &cinder_volume_image_pcmklatest - list_join: - - ':' - - - yaql: - data: {get_param: DockerCinderVolumeImage} - expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0] - - 'pcmklatest' + yaql: + data: + if: + - common_tag_enabled + - yaql: + data: {get_param: DockerCinderVolumeImage} + expression: concat("cluster-common-tag/", $.data.rightSplit(separator => "/", maxSplits => 1)[1]) + - {get_param: DockerCinderVolumeImage} + expression: concat($.data.rightSplit(separator => ":", maxSplits => 1)[0], ":pcmklatest") tripleo::profile::pacemaker::cinder::volume_bundle::docker_volumes: {get_attr: [CinderCommon, cinder_volume_volumes]} tripleo::profile::pacemaker::cinder::volume_bundle::docker_environment: {get_attr: [CinderCommon, cinder_volume_environment]} cinder::volume::manage_service: false diff --git a/docker/services/pacemaker/database/mysql.yaml b/docker/services/pacemaker/database/mysql.yaml index 1ebbaee488..cb907cbda5 100644 --- a/docker/services/pacemaker/database/mysql.yaml +++ b/docker/services/pacemaker/database/mysql.yaml @@ -10,6 +10,14 @@ parameters: DockerMysqlConfigImage: description: The container image to use for the mysql config_volume type: string + ClusterCommonTag: + default: false + description: When set to false, a pacemaker service is configured + to use a floating tag for its container image name, + e.g. 'REGISTRY/NAMESPACE/IMAGENAME:pcmklatest'. When + set to true, the service uses a floating prefix as + well, e.g. 'cluster-common-tag/IMAGENAME:pcmklatest'. + type: boolean EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -80,6 +88,7 @@ resources: conditions: puppet_debug_enabled: {get_param: ConfigDebug} internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} + common_tag_enabled: {equals: [{get_param: ClusterCommonTag}, true]} outputs: role_data: @@ -90,12 +99,15 @@ outputs: map_merge: - {get_attr: [MysqlPuppetBase, role_data, config_settings]} - tripleo::profile::pacemaker::database::mysql_bundle::mysql_docker_image: &mysql_image_pcmklatest - list_join: - - ':' - - - yaql: - data: {get_param: DockerMysqlImage} - expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0] - - 'pcmklatest' + yaql: + data: + if: + - common_tag_enabled + - yaql: + data: {get_param: DockerMysqlImage} + expression: concat("cluster-common-tag/", $.data.rightSplit(separator => "/", maxSplits => 1)[1]) + - {get_param: DockerMysqlImage} + expression: concat($.data.rightSplit(separator => ":", maxSplits => 1)[0], ":pcmklatest") tripleo::profile::pacemaker::database::mysql_bundle::control_port: 3123 tripleo.mysql.firewall_rules: '104 mysql galera-bundle': diff --git a/docker/services/pacemaker/database/redis.yaml b/docker/services/pacemaker/database/redis.yaml index 92621578ff..feaff1329e 100644 --- a/docker/services/pacemaker/database/redis.yaml +++ b/docker/services/pacemaker/database/redis.yaml @@ -10,6 +10,14 @@ parameters: DockerRedisConfigImage: description: The container image to use for the redis config_volume type: string + ClusterCommonTag: + default: false + description: When set to false, a pacemaker service is configured + to use a floating tag for its container image name, + e.g. 'REGISTRY/NAMESPACE/IMAGENAME:pcmklatest'. When + set to true, the service uses a floating prefix as + well, e.g. 'cluster-common-tag/IMAGENAME:pcmklatest'. + type: boolean EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -58,6 +66,7 @@ conditions: puppet_debug_enabled: {get_param: ConfigDebug} internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} redis_ipv6: {get_param: RedisIPv6} + common_tag_enabled: {equals: [{get_param: ClusterCommonTag}, true]} resources: @@ -86,12 +95,15 @@ outputs: redis::notify_service: false redis::managed_by_cluster_manager: true tripleo::profile::pacemaker::database::redis_bundle::redis_docker_image: &redis_image_pcmklatest - list_join: - - ':' - - - yaql: - data: {get_param: DockerRedisImage} - expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0] - - 'pcmklatest' + yaql: + data: + if: + - common_tag_enabled + - yaql: + data: {get_param: DockerRedisImage} + expression: concat("cluster-common-tag/", $.data.rightSplit(separator => "/", maxSplits => 1)[1]) + - {get_param: DockerRedisImage} + expression: concat($.data.rightSplit(separator => ":", maxSplits => 1)[0], ":pcmklatest") tripleo::profile::pacemaker::database::redis_bundle::control_port: 3124 tripleo.redis.firewall_rules: '108 redis-bundle': diff --git a/docker/services/pacemaker/haproxy.yaml b/docker/services/pacemaker/haproxy.yaml index a5d0a68032..19ec3bfee1 100644 --- a/docker/services/pacemaker/haproxy.yaml +++ b/docker/services/pacemaker/haproxy.yaml @@ -10,6 +10,14 @@ parameters: DockerHAProxyConfigImage: description: The container image to use for the haproxy config_volume type: string + ClusterCommonTag: + default: false + description: When set to false, a pacemaker service is configured + to use a floating tag for its container image name, + e.g. 'REGISTRY/NAMESPACE/IMAGENAME:pcmklatest'. When + set to true, the service uses a floating prefix as + well, e.g. 'cluster-common-tag/IMAGENAME:pcmklatest'. + type: boolean ServiceData: default: {} description: Dictionary packing service data @@ -104,6 +112,7 @@ conditions: - equals: - {get_param: PublicSSLCertificateAutogenerated} - true + common_tag_enabled: {equals: [{get_param: ClusterCommonTag}, true]} resources: @@ -145,12 +154,15 @@ outputs: # disable the use CRL file until we can restart the container when the file expires tripleo::haproxy::crl_file: null tripleo::profile::pacemaker::haproxy_bundle::haproxy_docker_image: &haproxy_image_pcmklatest - list_join: - - ':' - - - yaql: - data: {get_param: DockerHAProxyImage} - expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0] - - 'pcmklatest' + yaql: + data: + if: + - common_tag_enabled + - yaql: + data: {get_param: DockerHAProxyImage} + expression: concat("cluster-common-tag/", $.data.rightSplit(separator => "/", maxSplits => 1)[1]) + - {get_param: DockerHAProxyImage} + expression: concat($.data.rightSplit(separator => ":", maxSplits => 1)[0], ":pcmklatest") logging_source: {get_attr: [HAProxyBase, role_data, logging_source]} logging_groups: {get_attr: [HAProxyBase, role_data, logging_groups]} service_config_settings: {get_attr: [HAProxyBase, role_data, service_config_settings]} diff --git a/docker/services/pacemaker/manila-share.yaml b/docker/services/pacemaker/manila-share.yaml index 964bfe3f1c..72123c0229 100644 --- a/docker/services/pacemaker/manila-share.yaml +++ b/docker/services/pacemaker/manila-share.yaml @@ -10,6 +10,14 @@ parameters: DockerManilaConfigImage: description: image type: string + ClusterCommonTag: + default: false + description: When set to false, a pacemaker service is configured + to use a floating tag for its container image name, + e.g. 'REGISTRY/NAMESPACE/IMAGENAME:pcmklatest'. When + set to true, the service uses a floating prefix as + well, e.g. 'cluster-common-tag/IMAGENAME:pcmklatest'. + type: boolean EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -49,6 +57,7 @@ parameters: conditions: puppet_debug_enabled: {get_param: ConfigDebug} + common_tag_enabled: {equals: [{get_param: ClusterCommonTag}, true]} resources: @@ -80,12 +89,15 @@ outputs: map_merge: - get_attr: [ManilaBase, role_data, config_settings] - tripleo::profile::pacemaker::manila::share_bundle::manila_share_docker_image: &manila_share_image_pcmklatest - list_join: - - ':' - - - yaql: - data: {get_param: DockerManilaShareImage} - expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0] - - 'pcmklatest' + yaql: + data: + if: + - common_tag_enabled + - yaql: + data: {get_param: DockerManilaShareImage} + expression: concat("cluster-common-tag/", $.data.rightSplit(separator => "/", maxSplits => 1)[1]) + - {get_param: DockerManilaShareImage} + expression: concat($.data.rightSplit(separator => ":", maxSplits => 1)[0], ":pcmklatest") tripleo::profile::pacemaker::manila::share_bundle::docker_volumes: {get_attr: [ManilaCommon, manila_share_volumes]} tripleo::profile::pacemaker::manila::share_bundle::docker_environment: {get_attr: [ManilaCommon, manila_share_environment]} manila::share::manage_service: false diff --git a/docker/services/pacemaker/notify-rabbitmq.yaml b/docker/services/pacemaker/notify-rabbitmq.yaml index e9feb4403f..825897e2d0 100644 --- a/docker/services/pacemaker/notify-rabbitmq.yaml +++ b/docker/services/pacemaker/notify-rabbitmq.yaml @@ -10,6 +10,14 @@ parameters: DockerRabbitmqConfigImage: description: The container image to use for the rabbitmq config_volume type: string + ClusterCommonTag: + default: false + description: When set to false, a pacemaker service is configured + to use a floating tag for its container image name, + e.g. 'REGISTRY/NAMESPACE/IMAGENAME:pcmklatest'. When + set to true, the service uses a floating prefix as + well, e.g. 'cluster-common-tag/IMAGENAME:pcmklatest'. + type: boolean EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -53,6 +61,7 @@ parameters: conditions: puppet_debug_enabled: {get_param: ConfigDebug} + common_tag_enabled: {equals: [{get_param: ClusterCommonTag}, true]} resources: @@ -80,12 +89,15 @@ outputs: - {get_attr: [RabbitmqBase, role_data, config_settings]} - rabbitmq::service_manage: false tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image: &rabbitmq_image_pcmklatest - list_join: - - ':' - - - yaql: - data: {get_param: DockerRabbitmqImage} - expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0] - - 'pcmklatest' + yaql: + data: + if: + - common_tag_enabled + - yaql: + data: {get_param: DockerRabbitmqImage} + expression: concat("cluster-common-tag/", $.data.rightSplit(separator => "/", maxSplits => 1)[1]) + - {get_param: DockerRabbitmqImage} + expression: concat($.data.rightSplit(separator => ":", maxSplits => 1)[0], ":pcmklatest") tripleo::profile::pacemaker::rabbitmq_bundle::control_port: 3122 tripleo.oslo_messaging_notify.firewall_rules: '109 rabbitmq-bundle': diff --git a/docker/services/pacemaker/ovn-dbs.yaml b/docker/services/pacemaker/ovn-dbs.yaml index 37cac53dee..56ac5165c3 100644 --- a/docker/services/pacemaker/ovn-dbs.yaml +++ b/docker/services/pacemaker/ovn-dbs.yaml @@ -10,6 +10,14 @@ parameters: DockerOvnDbsConfigImage: description: image type: string + ClusterCommonTag: + default: false + description: When set to false, a pacemaker service is configured + to use a floating tag for its container image name, + e.g. 'REGISTRY/NAMESPACE/IMAGENAME:pcmklatest'. When + set to true, the service uses a floating prefix as + well, e.g. 'cluster-common-tag/IMAGENAME:pcmklatest'. + type: boolean EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -61,6 +69,7 @@ parameters: conditions: puppet_debug_enabled: {get_param: ConfigDebug} + common_tag_enabled: {equals: [{get_param: ClusterCommonTag}, true]} resources: @@ -88,12 +97,15 @@ outputs: map_merge: - get_attr: [OVNDbsBase, role_data, config_settings] - tripleo::profile::pacemaker::ovn_dbs_bundle::ovn_dbs_docker_image: &ovn_dbs_image_pcmklatest - list_join: - - ':' - - - yaql: - data: {get_param: DockerOvnDbsImage} - expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0] - - 'pcmklatest' + yaql: + data: + if: + - common_tag_enabled + - yaql: + data: {get_param: DockerOvnDbsImage} + expression: concat("cluster-common-tag/", $.data.rightSplit(separator => "/", maxSplits => 1)[1]) + - {get_param: DockerOvnDbsImage} + expression: concat($.data.rightSplit(separator => ":", maxSplits => 1)[0], ":pcmklatest") - tripleo::profile::pacemaker::ovn_dbs_bundle::nb_db_port: {get_param: OVNNorthboundServerPort} - tripleo::profile::pacemaker::ovn_dbs_bundle::sb_db_port: {get_param: OVNSouthboundServerPort} - tripleo::profile::pacemaker::ovn_dbs_bundle::dbs_timeout: {get_param: OVNDBSPacemakerTimeout} diff --git a/docker/services/pacemaker/rabbitmq.yaml b/docker/services/pacemaker/rabbitmq.yaml index 95e272f89c..3183aa0474 100644 --- a/docker/services/pacemaker/rabbitmq.yaml +++ b/docker/services/pacemaker/rabbitmq.yaml @@ -10,6 +10,14 @@ parameters: DockerRabbitmqConfigImage: description: The container image to use for the rabbitmq config_volume type: string + ClusterCommonTag: + default: false + description: When set to false, a pacemaker service is configured + to use a floating tag for its container image name, + e.g. 'REGISTRY/NAMESPACE/IMAGENAME:pcmklatest'. When + set to true, the service uses a floating prefix as + well, e.g. 'cluster-common-tag/IMAGENAME:pcmklatest'. + type: boolean EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -53,6 +61,7 @@ parameters: conditions: puppet_debug_enabled: {get_param: ConfigDebug} + common_tag_enabled: {equals: [{get_param: ClusterCommonTag}, true]} resources: @@ -79,12 +88,15 @@ outputs: - {get_attr: [RabbitmqBase, role_data, config_settings]} - rabbitmq::service_manage: false tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image: &rabbitmq_image_pcmklatest - list_join: - - ':' - - - yaql: - data: {get_param: DockerRabbitmqImage} - expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0] - - 'pcmklatest' + yaql: + data: + if: + - common_tag_enabled + - yaql: + data: {get_param: DockerRabbitmqImage} + expression: concat("cluster-common-tag/", $.data.rightSplit(separator => "/", maxSplits => 1)[1]) + - {get_param: DockerRabbitmqImage} + expression: concat($.data.rightSplit(separator => ":", maxSplits => 1)[0], ":pcmklatest") tripleo::profile::pacemaker::rabbitmq_bundle::control_port: 3122 tripleo.rabbitmq.firewall_rules: '109 rabbitmq-bundle': diff --git a/docker/services/pacemaker/rpc-rabbitmq.yaml b/docker/services/pacemaker/rpc-rabbitmq.yaml index 795442a41c..1418f7f8be 100644 --- a/docker/services/pacemaker/rpc-rabbitmq.yaml +++ b/docker/services/pacemaker/rpc-rabbitmq.yaml @@ -10,6 +10,14 @@ parameters: DockerRabbitmqConfigImage: description: The container image to use for the rabbitmq config_volume type: string + ClusterCommonTag: + default: false + description: When set to false, a pacemaker service is configured + to use a floating tag for its container image name, + e.g. 'REGISTRY/NAMESPACE/IMAGENAME:pcmklatest'. When + set to true, the service uses a floating prefix as + well, e.g. 'cluster-common-tag/IMAGENAME:pcmklatest'. + type: boolean EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -53,6 +61,7 @@ parameters: conditions: puppet_debug_enabled: {get_param: ConfigDebug} + common_tag_enabled: {equals: [{get_param: ClusterCommonTag}, true]} resources: @@ -80,12 +89,15 @@ outputs: - {get_attr: [RabbitmqBase, role_data, config_settings]} - rabbitmq::service_manage: false tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image: &rabbitmq_image_pcmklatest - list_join: - - ':' - - - yaql: - data: {get_param: DockerRabbitmqImage} - expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0] - - 'pcmklatest' + yaql: + data: + if: + - common_tag_enabled + - yaql: + data: {get_param: DockerRabbitmqImage} + expression: concat("cluster-common-tag/", $.data.rightSplit(separator => "/", maxSplits => 1)[1]) + - {get_param: DockerRabbitmqImage} + expression: concat($.data.rightSplit(separator => ":", maxSplits => 1)[0], ":pcmklatest") tripleo::profile::pacemaker::rabbitmq_bundle::control_port: 3122 tripleo.oslo_messaging_rpc.firewall_rules: '109 rabbitmq-bundle': diff --git a/releasenotes/notes/pacemaker-cluster-common-tag-45c4e8a6e7b08735.yaml b/releasenotes/notes/pacemaker-cluster-common-tag-45c4e8a6e7b08735.yaml new file mode 100644 index 0000000000..d16c347a05 --- /dev/null +++ b/releasenotes/notes/pacemaker-cluster-common-tag-45c4e8a6e7b08735.yaml @@ -0,0 +1,12 @@ +--- +features: + - HA services use a special container image name derived from the one + configured in Heat parameter plus a fixed tag part, i.e. + '//:pcmklatest'. To implement rolling + update without service disruption, this 'pcmklatest' tag is adjusted + automatically during minor update every time a new image is pulled. + A new Heat parameter ClusterCommonTag can now control the prefix part + of the container image name. When set to true, the container name + for HA services will look like + 'container-common-tag/:pcmklatest'. This allows rolling + update of HA services even when the changes in Heat.