Unify cinder's volume and backup kolla_config settings

Define a common set of kolla config_files and permissions for use by
cinder's volume and backup services (both pcmk and non-pcmk variants).
Previously, there were four different sets and some of them contained
subtle errors.

Change-Id: Id6a1ab51041a3cd870449399b6793c10bbb1fdca
(cherry picked from commit 8d38363a78)
(cherry picked from commit 51a9a07810)
This commit is contained in:
Alan Bishop 2021-02-03 08:50:21 -08:00
parent 23846f1496
commit 95835538c9
5 changed files with 60 additions and 133 deletions

View File

@ -62,18 +62,6 @@ parameters:
CinderBackupRbdPoolName:
default: backups
type: string
CephClusterName:
type: string
default: ceph
description: The Ceph cluster name.
constraints:
- allowed_pattern: "[a-zA-Z0-9]+"
description: >
The Ceph cluster name must be at least 1 character and contain only
letters and numbers.
CephClientUserName:
default: openstack
type: string
CinderBackupNfsShare:
default: ''
description: NFS share to be mounted
@ -153,43 +141,8 @@ outputs:
kolla_config:
/var/lib/kolla/config_files/cinder_backup.json:
command: /usr/bin/cinder-backup --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
- source: "/var/lib/kolla/config_files/src-ceph/"
dest: "/etc/ceph/"
merge: true
preserve_properties: true
- source: "/var/lib/kolla/config_files/src-iscsid/*"
dest: "/etc/iscsi/"
merge: true
preserve_properties: true
- source: "/var/lib/kolla/config_files/src-tls/*"
dest: "/"
merge: true
preserve_properties: true
optional: true
permissions:
- path: /var/lib/cinder
owner: cinder:cinder
recurse: true
- path: /var/log/cinder
owner: cinder:cinder
recurse: true
- path:
str_replace:
template: /etc/ceph/CLUSTER.client.USER.keyring
params:
CLUSTER: {get_param: CephClusterName}
USER: {get_param: CephClientUserName}
owner: cinder:cinder
perm: '0600'
- path: /etc/pki/tls/certs/etcd.crt
owner: cinder:cinder
- path: /etc/pki/tls/private/etcd.key
owner: cinder:cinder
config_files: {get_attr: [CinderCommon, cinder_common_kolla_config_files]}
permissions: {get_attr: [CinderCommon, cinder_common_kolla_permissions]}
docker_config:
step_3:
cinder_backup_init_logs:

View File

@ -149,35 +149,8 @@ outputs:
kolla_config:
/var/lib/kolla/config_files/cinder_backup.json:
command: /usr/bin/cinder-backup --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
- source: "/var/lib/kolla/config_files/src-ceph/"
dest: "/etc/ceph/"
merge: true
preserve_properties: true
- source: "/var/lib/kolla/config_files/src-iscsid/*"
dest: "/etc/iscsi/"
merge: true
preserve_properties: true
- source: "/var/lib/kolla/config_files/src-tls/*"
dest: "/"
merge: true
preserve_properties: true
optional: true
permissions:
- path: /var/lib/cinder
owner: cinder:cinder
recurse: true
- path: /var/log/cinder
owner: cinder:cinder
recurse: true
- path: /etc/pki/tls/certs/etcd.crt
owner: cinder:cinder
- path: /etc/pki/tls/private/etcd.key
owner: cinder:cinder
config_files: {get_attr: [CinderCommon, cinder_common_kolla_config_files]}
permissions: {get_attr: [CinderCommon, cinder_common_kolla_permissions]}
container_config_scripts: {get_attr: [ContainersCommon, container_config_scripts]}
docker_config:
step_3:

View File

@ -73,6 +73,18 @@ parameters:
API network is using TLS.
type: boolean
default: false
CephClientUserName:
default: openstack
type: string
CephClusterName:
type: string
default: ceph
description: The Ceph cluster name.
constraints:
- allowed_pattern: "[a-zA-Z0-9]+"
description: >
The Ceph cluster name must be at least 1 character and contain only
letters and numbers.
conditions:
@ -123,6 +135,46 @@ outputs:
- /etc/pki/tls/private/etcd.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/etcd.key:ro
- []
cinder_common_kolla_config_files:
description: Common kolla config_files for cinder-volume and cinder-backup services
value:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
- source: "/var/lib/kolla/config_files/src-ceph/"
dest: "/etc/ceph/"
merge: true
preserve_properties: true
- source: "/var/lib/kolla/config_files/src-iscsid/*"
dest: "/etc/iscsi/"
merge: true
preserve_properties: true
- source: "/var/lib/kolla/config_files/src-tls/*"
dest: "/"
merge: true
preserve_properties: true
optional: true
cinder_common_kolla_permissions:
description: Common kolla permissions for cinder-volume and cinder-backup services
value:
- path: /var/log/cinder
owner: cinder:cinder
recurse: true
- path:
str_replace:
template: /etc/ceph/CLUSTER.client.USER.keyring
params:
CLUSTER: {get_param: CephClusterName}
USER: {get_param: CephClientUserName}
owner: cinder:cinder
perm: '0600'
- path: /etc/pki/tls/certs/etcd.crt
owner: cinder:cinder
- path: /etc/pki/tls/private/etcd.key
owner: cinder:cinder
cinder_volume_host_prep_tasks:
description: Host prep tasks for the cinder-volume service (HA or non-HA)
value:

View File

@ -297,40 +297,8 @@ outputs:
kolla_config:
/var/lib/kolla/config_files/cinder_volume.json:
command: /usr/bin/cinder-volume --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
- source: "/var/lib/kolla/config_files/src-ceph/"
dest: "/etc/ceph/"
merge: true
preserve_properties: true
- source: "/var/lib/kolla/config_files/src-iscsid/*"
dest: "/etc/iscsi/"
merge: true
preserve_properties: true
- source: "/var/lib/kolla/config_files/src-tls/*"
dest: "/"
merge: true
preserve_properties: true
optional: true
permissions:
- path: /var/log/cinder
owner: cinder:cinder
recurse: true
- path:
str_replace:
template: /etc/ceph/CLUSTER.client.USER.keyring
params:
CLUSTER: {get_param: CephClusterName}
USER: {get_param: CephClientUserName}
owner: cinder:cinder
perm: '0600'
- path: /etc/pki/tls/certs/etcd.crt
owner: cinder:cinder
- path: /etc/pki/tls/private/etcd.key
owner: cinder:cinder
config_files: {get_attr: [CinderCommon, cinder_common_kolla_config_files]}
permissions: {get_attr: [CinderCommon, cinder_common_kolla_permissions]}
docker_config:
step_3:
cinder_volume_init_logs:

View File

@ -138,27 +138,8 @@ outputs:
kolla_config:
/var/lib/kolla/config_files/cinder_volume.json:
command: /usr/bin/cinder-volume --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
- source: "/var/lib/kolla/config_files/src-ceph/"
dest: "/etc/ceph/"
merge: true
preserve_properties: true
- source: "/var/lib/kolla/config_files/src-iscsid/*"
dest: "/etc/iscsi/"
merge: true
preserve_properties: true
# NOTE(abishop): no need to copy any src-tls/* files or set ownership
# of etcd's TLS certificate and key. The etcd service is only used by
# cinder-volume when it's running active/active, and *not* when it's
# under pcmk control.
permissions:
- path: /var/log/cinder
owner: cinder:cinder
recurse: true
config_files: {get_attr: [CinderCommon, cinder_common_kolla_config_files]}
permissions: {get_attr: [CinderCommon, cinder_common_kolla_permissions]}
container_config_scripts: {get_attr: [ContainersCommon, container_config_scripts]}
docker_config:
step_3: