Move cell_v2 discovery off compute hosts
In I12a02f636f31985bc1b71bff5b744d346286a95f cell_v2 discovery was originally moved from the nova-api container to the nova-compute|nova-ironic containers in order to run cell discovery during a scale up where the controllers are omitted (e.g to exclude the controllers from a maintenance window). This requires api database credentials on the compute node, which is forbidden, so it must move back to a nova-api host as a pre-requisite for removing these credentials in a follow-up patch. Scale-up while omitting the controllers will no longer work out of the box. Either a manual cell_v2 discovery can be run after scale up, or an additional node can be deployed using the NovaManager tripleo role. Related-bug: #1786961 Related-bug: #1871482 Change-Id: I47b95ad46e2d4e5b1f370a2f840826e87da2d703
This commit is contained in:
parent
cc797b648b
commit
629485dde5
@ -42,6 +42,7 @@ parameter_defaults:
|
||||
- OS::TripleO::Services::Multipathd
|
||||
- OS::TripleO::Services::Pacemaker
|
||||
- OS::TripleO::Services::Clustercheck
|
||||
- OS::TripleO::Services::NovaManager
|
||||
ControllerExtraConfig:
|
||||
nova::compute::libvirt::services::libvirt_virt_type: qemu
|
||||
nova::compute::libvirt::virt_type: qemu
|
||||
|
@ -61,19 +61,27 @@ outputs:
|
||||
- not nova_additional_cell|bool
|
||||
- nova_cellv2_discovery_done is not defined
|
||||
block:
|
||||
- name: discover via nova_compute?
|
||||
- name: discover via nova_manager?
|
||||
set_fact:
|
||||
nova_cellv2_discovery_delegate_host: "{{ groups['nova_compute'][0] }}"
|
||||
nova_cellv2_discovery_delegate_host: "{{ groups['nova_manager'][0] }}"
|
||||
nova_cellv2_discovery_container: nova_manager
|
||||
when:
|
||||
- groups['nova_compute'] is defined and (groups['nova_compute']|length>0)
|
||||
- name: discover via nova_ironic?
|
||||
- groups['nova_manager'] is defined and (groups['nova_manager']|length>0)
|
||||
- name: discover via nova_api?
|
||||
set_fact:
|
||||
nova_cellv2_discovery_delegate_host: "{{ groups['nova_ironic'][0] }}"
|
||||
nova_cellv2_discovery_delegate_host: "{{ groups['nova_api'][0] }}"
|
||||
nova_cellv2_discovery_container: nova_api
|
||||
when:
|
||||
- nova_cellv2_discovery_delegate_host is not defined
|
||||
- groups['nova_api'] is defined and (groups['nova_api']|length>0)
|
||||
- name: Warn if no discovery host available
|
||||
fail:
|
||||
msg: 'No hosts available to run nova cell_v2 host discovery.'
|
||||
ignore_errors: yes
|
||||
when:
|
||||
- nova_cellv2_discovery_delegate_host is not defined
|
||||
- groups['nova_ironic'] is defined and (groups['nova_ironic']|length>0)
|
||||
- name: Discovering nova hosts
|
||||
command: "{{ container_cli }} exec nova_compute nova-manage cell_v2 discover_hosts --by-service"
|
||||
command: "{{ container_cli }} exec {{ nova_cellv2_discovery_container }} nova-manage cell_v2 discover_hosts --by-service"
|
||||
become: true
|
||||
changed_when: false
|
||||
delegate_to: '{{ nova_cellv2_discovery_delegate_host }}'
|
||||
|
105
deployment/nova/nova-manager-container-puppet.yaml
Normal file
105
deployment/nova/nova-manager-container-puppet.yaml
Normal file
@ -0,0 +1,105 @@
|
||||
heat_template_version: rocky
|
||||
|
||||
description: >
|
||||
OpenStack containerized nova-manage runner service
|
||||
|
||||
parameters:
|
||||
ContainerNovaConductorImage:
|
||||
description: image
|
||||
type: string
|
||||
EndpointMap:
|
||||
default: {}
|
||||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
type: json
|
||||
ServiceData:
|
||||
default: {}
|
||||
description: Dictionary packing service data
|
||||
type: json
|
||||
ServiceNetMap:
|
||||
default: {}
|
||||
description: Mapping of service_name -> network name. Typically set
|
||||
via parameter_defaults in the resource registry. This
|
||||
mapping overrides those in ServiceNetMapDefaults.
|
||||
type: json
|
||||
DefaultPasswords:
|
||||
default: {}
|
||||
type: json
|
||||
RoleName:
|
||||
default: ''
|
||||
description: Role name on which the service is applied
|
||||
type: string
|
||||
RoleParameters:
|
||||
default: {}
|
||||
description: Parameters specific to the role
|
||||
type: json
|
||||
|
||||
|
||||
resources:
|
||||
|
||||
# Cannot control nova-manage logging so expect it to log to file
|
||||
NovaLogging:
|
||||
type: ../logging/files/nova-common.yaml
|
||||
properties:
|
||||
ContainerNovaImage: &nova_conductor_image {get_param: ContainerNovaConductorImage}
|
||||
NovaServiceName: 'manager'
|
||||
|
||||
ContainersCommon:
|
||||
type: ../containers-common.yaml
|
||||
|
||||
NovaConductorBase:
|
||||
type: ./nova-conductor-container-puppet.yaml
|
||||
properties:
|
||||
ServiceData: {get_param: ServiceData}
|
||||
ServiceNetMap: {get_param: ServiceNetMap}
|
||||
DefaultPasswords: {get_param: DefaultPasswords}
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
RoleName: {get_param: RoleName}
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
description: Role data for the nova-manage runner service.
|
||||
value:
|
||||
service_name: nova_manager
|
||||
config_settings:
|
||||
get_attr: [NovaConductorBase, role_data, config_settings]
|
||||
service_config_settings:
|
||||
mysql:
|
||||
get_attr: [NovaConductorBase, role_data, service_config_settings, mysql]
|
||||
# BEGIN DOCKER SETTINGS
|
||||
puppet_config:
|
||||
get_attr: [NovaConductorBase, role_data, puppet_config]
|
||||
kolla_config:
|
||||
/var/lib/kolla/config_files/nova_manager.json:
|
||||
command: "/bin/sleep infinity"
|
||||
config_files:
|
||||
- source: "/var/lib/kolla/config_files/src/*"
|
||||
dest: "/"
|
||||
merge: true
|
||||
preserve_properties: true
|
||||
permissions:
|
||||
- path: /var/log/nova
|
||||
owner: nova:nova
|
||||
recurse: true
|
||||
docker_config:
|
||||
step_2:
|
||||
get_attr: [NovaLogging, docker_config, step_2]
|
||||
step_4:
|
||||
nova_manager:
|
||||
image: *nova_conductor_image
|
||||
net: host
|
||||
privileged: false
|
||||
restart: always
|
||||
volumes:
|
||||
list_concat:
|
||||
- {get_attr: [ContainersCommon, volumes]}
|
||||
- {get_attr: [NovaLogging, volumes]}
|
||||
-
|
||||
- /var/lib/kolla/config_files/nova_manager.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- /var/lib/config-data/puppet-generated/nova:/var/lib/kolla/config_files/src:ro
|
||||
environment:
|
||||
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
|
||||
host_prep_tasks:
|
||||
get_attr: [NovaLogging, host_prep_tasks]
|
@ -187,6 +187,7 @@ resource_registry:
|
||||
OS::TripleO::Services::NovaConductor: deployment/nova/nova-conductor-container-puppet.yaml
|
||||
OS::TripleO::Services::NovaLibvirt: deployment/nova/nova-libvirt-container-puppet.yaml
|
||||
OS::TripleO::Services::NovaLibvirtGuests: deployment/nova/nova-libvirt-guests-container-puppet.yaml
|
||||
OS::TripleO::Services::NovaManager: deployment/nova/nova-manager-container-puppet.yaml
|
||||
OS::TripleO::Services::NovaMetadata: deployment/nova/nova-metadata-container-puppet.yaml
|
||||
OS::TripleO::Services::NovaMigrationTarget: deployment/nova/nova-migration-target-container-puppet.yaml
|
||||
OS::TripleO::Services::NovaPlacement: OS::Heat::None
|
||||
|
@ -0,0 +1,13 @@
|
||||
---
|
||||
issues:
|
||||
- |
|
||||
Cell_v2 discovery has been moved from the nova-compute|nova-ironic
|
||||
containers as this requires nova api database credentials which must
|
||||
not be configured for the nova-compute service.
|
||||
As a result scale-up deployments which explicitly omit the Controller
|
||||
nodes will need to make alternative arrangements to run cell_v2 discovery.
|
||||
Either the nova-manage command can be run manually after scale-up, or
|
||||
an additional helper node using the NovaManage role can be deployed that
|
||||
will be used for this task instead of a Controller node. See Bug:
|
||||
`1786961 <https://launchpad.net/bugs/1786961>`_ and Bug:
|
||||
`1871482 <https://launchpad.net/bugs/1871482>`_.
|
37
roles/NovaManager.yaml
Normal file
37
roles/NovaManager.yaml
Normal file
@ -0,0 +1,37 @@
|
||||
###############################################################################
|
||||
# Role: NovaManager
|
||||
###############################################################################
|
||||
- name: NovaManager
|
||||
description: |
|
||||
Role to run nova-manage runner container on a separate host
|
||||
networks:
|
||||
InternalApi:
|
||||
subnet: internal_api_subnet
|
||||
HostnameFormatDefault: '%stackname%-novamanager-%index%'
|
||||
update_serial: 25
|
||||
ServicesDefault:
|
||||
- OS::TripleO::Services::Aide
|
||||
- OS::TripleO::Services::AuditD
|
||||
- OS::TripleO::Services::BootParams
|
||||
- OS::TripleO::Services::CACerts
|
||||
- OS::TripleO::Services::CertmongerUser
|
||||
- OS::TripleO::Services::Collectd
|
||||
- OS::TripleO::Services::IpaClient
|
||||
- OS::TripleO::Services::Ipsec
|
||||
- OS::TripleO::Services::Kernel
|
||||
- OS::TripleO::Services::LoginDefs
|
||||
- OS::TripleO::Services::MetricsQdr
|
||||
- OS::TripleO::Services::MySQLClient
|
||||
- OS::TripleO::Services::NovaManager
|
||||
- OS::TripleO::Services::ContainersLogrotateCrond
|
||||
- OS::TripleO::Services::Podman
|
||||
- OS::TripleO::Services::Rhsm
|
||||
- OS::TripleO::Services::Rsyslog
|
||||
- OS::TripleO::Services::Securetty
|
||||
- OS::TripleO::Services::Snmp
|
||||
- OS::TripleO::Services::Sshd
|
||||
- OS::TripleO::Services::Timesync
|
||||
- OS::TripleO::Services::Timezone
|
||||
- OS::TripleO::Services::TripleoFirewall
|
||||
- OS::TripleO::Services::TripleoPackages
|
||||
- OS::TripleO::Services::Tuned
|
@ -258,6 +258,10 @@ VALIDATE_DOCKER_OVERRIDE = {
|
||||
# Does not follow the filename pattern
|
||||
'./deployment/multipathd/multipathd-container.yaml': True
|
||||
}
|
||||
VALIDATE_DOCKER_PUPPET_CONFIG_OVERRIDE = {
|
||||
# inherits from nova-conductor
|
||||
'./deployment/nova/nova-manager-container-puppet.yaml': False,
|
||||
}
|
||||
DEPLOYMENT_RESOURCE_TYPES = [
|
||||
'OS::Heat::SoftwareDeploymentGroup',
|
||||
'OS::Heat::StructuredDeploymentGroup',
|
||||
@ -738,7 +742,8 @@ def validate_docker_service(filename, tpl):
|
||||
% (section_name, filename))
|
||||
return 1
|
||||
|
||||
if 'puppet_config' in role_data:
|
||||
if 'puppet_config' in role_data and \
|
||||
VALIDATE_DOCKER_PUPPET_CONFIG_OVERRIDE.get(filename, True):
|
||||
if validate_docker_service_mysql_usage(filename, tpl):
|
||||
print('ERROR: could not validate use of mysql service for %s.'
|
||||
% filename)
|
||||
|
Loading…
x
Reference in New Issue
Block a user