From 98ecf9760903740290603bc1d1ca6d92a5ea8ac0 Mon Sep 17 00:00:00 2001 From: Jill Rouleau Date: Fri, 25 Jan 2019 14:00:15 -0700 Subject: [PATCH] step2: flatten nova service configuration This change combines the previous puppet and docker files into a single file that performs the docker service installation and configuration. With this patch the baremetal version of nova has been removed. Change-Id: Ia41a6adf9fda2d6be8f1b5ac57854381b7f92ce7 --- .../nova-compute-common-container-puppet.yaml | 0 .../nova/nova-compute-container-puppet.yaml | 431 +++++++++++++++--- .../nova/nova-ironic-container-puppet.yaml | 8 +- .../nova/nova-libvirt-container-puppet.yaml | 212 ++++++++- .../nova-libvirt-guests-container-puppet.yaml | 4 +- docker/services/nova-compute.yaml | 367 --------------- environments/baremetal-services.yaml | 4 +- environments/computealt.yaml | 4 +- overcloud-resource-registry-puppet.j2.yaml | 6 +- puppet/services/nova-metadata.yaml | 161 ------- sample-env-generator/storage.yaml | 2 +- 11 files changed, 570 insertions(+), 629 deletions(-) rename docker/services/nova-compute-common.yaml => deployment/nova/nova-compute-common-container-puppet.yaml (100%) rename puppet/services/nova-compute.yaml => deployment/nova/nova-compute-container-puppet.yaml (52%) rename docker/services/nova-libvirt.yaml => deployment/nova/nova-libvirt-container-puppet.yaml (69%) rename puppet/services/nova-libvirt-guests.yaml => deployment/nova/nova-libvirt-guests-container-puppet.yaml (96%) delete mode 100644 docker/services/nova-compute.yaml delete mode 100644 puppet/services/nova-metadata.yaml diff --git a/docker/services/nova-compute-common.yaml b/deployment/nova/nova-compute-common-container-puppet.yaml similarity index 100% rename from docker/services/nova-compute-common.yaml rename to deployment/nova/nova-compute-common-container-puppet.yaml diff --git a/puppet/services/nova-compute.yaml b/deployment/nova/nova-compute-container-puppet.yaml similarity index 52% rename from puppet/services/nova-compute.yaml rename to deployment/nova/nova-compute-container-puppet.yaml index 811b2854bd..6292701994 100644 --- a/puppet/services/nova-compute.yaml +++ b/deployment/nova/nova-compute-container-puppet.yaml @@ -1,9 +1,24 @@ heat_template_version: rocky description: > - OpenStack Nova Compute service configured with Puppet + OpenStack containerized Nova Compute service parameters: + DockerNovaComputeImage: + description: image + type: string + DockerNovaLibvirtConfigImage: + description: The container image to use for the nova_libvirt config_volume + type: string + DockerNovaComputeUlimit: + default: ['nofile=1024'] + description: ulimit for Nova Compute Container + type: comma_delimited_list + NovaComputeLoggingSource: + type: json + default: + tag: openstack.nova.compute + path: /var/log/containers/nova/nova-compute.log ServiceData: default: {} description: Dictionary packing service data @@ -30,8 +45,13 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json - NovaRbdPoolName: - default: vms + DockerNovaMigrationSshdPort: + default: 2022 + description: Port that dockerized nova migration target sshd service + binds to. + type: number + CephClientUserName: + default: openstack type: string CephClusterName: type: string @@ -42,8 +62,22 @@ parameters: description: > The Ceph cluster name must be at least 1 character and contain only letters and numbers. - CephClientUserName: - default: openstack + NovaComputeOptVolumes: + default: [] + description: list of optional vo + type: comma_delimited_list + NovaComputeOptEnvVars: + default: [] + description: list of optional en + type: comma_delimited_list + EnableInstanceHA: + default: false + description: Whether to enable an Instance Ha configurarion or not. + This setup requires the Compute role to have the + PacemakerRemote service added to it. + type: boolean + NovaRbdPoolName: + default: vms type: string CephClientKey: description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. @@ -124,11 +158,6 @@ parameters: MonitoringSubscriptionNovaCompute: default: 'overcloud-nova-compute' type: string - NovaComputeLoggingSource: - type: json - default: - tag: openstack.nova.compute - path: /var/log/nova/nova-compute.log UpgradeLevelNovaCompute: type: string description: Nova Compute upgrade level @@ -213,22 +242,39 @@ parameters: type: string tags: - role_specific - -conditions: - enable_live_migration_tunnelled: - or: - - equals: [{get_param: NovaNfsEnabled}, true] - - equals: [{get_param: NovaEnableRbdBackend}, true] - - libvirt_file_backed_memory_enabled: - not: - or: - - equals: [{get_param: NovaLibvirtFileBackedMemory}, ''] - - equals: [{get_param: NovaLibvirtFileBackedMemory}, 0] + DeployIdentifier: + default: '' + type: string + description: > + Setting this to a unique value will re-run any deployment tasks which + perform configuration on a Heat stack-update. resources: + + ContainersCommon: + type: ../../docker/services/containers-common.yaml + + MySQLClient: + type: ../../deployment/database/mysql-client.yaml + + NovaComputeCommon: + type: ./nova-compute-common-container-puppet.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + + NovaLogging: + type: OS::TripleO::Services::Logging::NovaCommon + properties: + DockerNovaImage: {get_param: DockerNovaComputeImage} + NovaServiceName: 'compute' + NovaBase: - type: ./nova-base.yaml + type: ../../puppet/services/nova-base.yaml properties: ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} @@ -271,6 +317,20 @@ resources: NovaLibvirtVolumeUseMultipath: {get_param: NovaLibvirtVolumeUseMultipath} NovaHWMachineType: {get_param: NovaHWMachineType} +conditions: + enable_instance_ha: {equals: [{get_param: EnableInstanceHA}, true]} + + enable_live_migration_tunnelled: + or: + - equals: [{get_param: NovaNfsEnabled}, true] + - equals: [{get_param: NovaEnableRbdBackend}, true] + + libvirt_file_backed_memory_enabled: + not: + or: + - equals: [{get_param: NovaLibvirtFileBackedMemory}, ''] + - equals: [{get_param: NovaLibvirtFileBackedMemory}, 0] + outputs: role_data: description: Role data for the Nova Compute service. @@ -279,6 +339,7 @@ outputs: monitoring_subscription: {get_param: MonitoringSubscriptionNovaCompute} config_settings: map_merge: + - get_attr: [NovaLogging, config_settings] - get_attr: [NovaBase, role_data, config_settings] - get_attr: [RoleParametersValue, value] - nova::compute::libvirt::manage_libvirt_services: false @@ -355,11 +416,6 @@ outputs: - libvirt_file_backed_memory_enabled - '1.0' - null - step_config: | - # TODO(emilien): figure how to deal with libvirt profile. - # We'll probably treat it like we do with Neutron plugins. - # Until then, just include it in the default nova-compute role. - include tripleo::profile::base::nova::compute::libvirt service_config_settings: fluentd: tripleo_fluentd_groups_nova_compute: @@ -370,55 +426,234 @@ outputs: tripleo.collectd.plugins.nova_compute: - virt collectd::plugin::virt::connection: 'qemu:///system' + puppet_config: + config_volume: nova_libvirt + puppet_tags: nova_config,nova_paste_api_ini + step_config: + list_join: + - "\n" + - - # TODO(emilien): figure how to deal with libvirt profile. + # We'll probably treat it like we do with Neutron plugins. + # Until then, just include it in the default nova-compute role. + include tripleo::profile::base::nova::compute::libvirt + - {get_attr: [MySQLClient, role_data, step_config]} + config_image: {get_param: DockerNovaLibvirtConfigImage} + kolla_config: + /var/lib/kolla/config_files/nova_compute.json: + command: + list_join: + - ' ' + - - if: + - enable_instance_ha + - /var/lib/nova/instanceha/check-run-nova-compute + - /usr/bin/nova-compute + - get_attr: [NovaLogging, cmd_extra_args] + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + - source: "/var/lib/kolla/config_files/src-iscsid/*" + dest: "/etc/iscsi/" + merge: true + preserve_properties: true + - source: "/var/lib/kolla/config_files/src-ceph/" + dest: "/etc/ceph/" + merge: true + preserve_properties: true + permissions: + - path: /var/log/nova + owner: nova:nova + recurse: true + - path: + str_replace: + template: /etc/ceph/CLUSTER.client.USER.keyring + params: + CLUSTER: {get_param: CephClusterName} + USER: {get_param: CephClientUserName} + owner: nova:nova + perm: '0600' + docker_config_scripts: + map_merge: + - {get_attr: [ContainersCommon, docker_config_scripts]} + - {get_attr: [NovaComputeCommon, docker_config_scripts]} + docker_config: + step_3: + nova_statedir_owner: + image: &nova_compute_image {get_param: DockerNovaComputeImage} + net: none + user: root + privileged: false + detach: false + volumes: + - /var/lib/nova:/var/lib/nova:shared,z + - /var/lib/docker-config-scripts/:/docker-config-scripts/:z + command: "/docker-config-scripts/pyshim.sh /docker-config-scripts/nova_statedir_ownership.py" + environment: + # NOTE: this should force this container to re-run on each + # update (scale-out, etc.) + - list_join: + - '' + - - 'TRIPLEO_DEPLOY_IDENTIFIER=' + - {get_param: DeployIdentifier} + step_4: + nova_wait_for_placement_service: + start_order: 2 + image: *nova_compute_image + user: root + net: host + privileged: false + detach: false + volumes: + - /var/lib/docker-config-scripts/:/docker-config-scripts/:z + - /var/lib/config-data/puppet-generated/nova_libvirt/etc/nova:/etc/nova:ro + command: "/docker-config-scripts/pyshim.sh /docker-config-scripts/nova_wait_for_placement_service.py" + nova_compute: + start_order: 3 + image: *nova_compute_image + ulimit: {get_param: DockerNovaComputeUlimit} + ipc: host + net: host + privileged: true + user: nova + restart: always + healthcheck: + test: + list_join: + - ' ' + - - '/openstack/healthcheck' + - yaql: + expression: str($.data.port) + data: + port: {get_attr: [NovaBase, role_data, config_settings, 'nova::rabbit_port']} + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - {get_attr: [NovaLogging, volumes]} + - {get_param: NovaComputeOptVolumes} + - + - /var/lib/kolla/config_files/nova_compute.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/nova_libvirt/:/var/lib/kolla/config_files/src:ro + - /etc/iscsi:/var/lib/kolla/config_files/src-iscsid:ro + - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro + - /dev:/dev + - /lib/modules:/lib/modules:ro + - /run:/run + - /var/lib/iscsi:/var/lib/iscsi:z + - /var/lib/nova:/var/lib/nova:shared,z + - /var/lib/libvirt:/var/lib/libvirt:shared,z + - /sys/class/net:/sys/class/net + - /sys/bus/pci:/sys/bus/pci + environment: + list_concat: + - {get_param: NovaComputeOptEnvVars} + - + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + step_5: + nova_cellv2_discover_hosts: + start_order: 0 + image: *nova_compute_image + net: host + detach: false + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/config-data/nova_libvirt/etc/nova/:/etc/nova/:ro + - /var/log/containers/nova:/var/log/nova + - /var/lib/docker-config-scripts/:/docker-config-scripts/ + user: root + command: "/docker-config-scripts/pyshim.sh /docker-config-scripts/nova_cell_v2_discover_host.py" host_prep_tasks: - - name: Mount Nova NFS Share - vars: - nfs_backend_enable: {get_param: NovaNfsEnabled} - nfs_share: {get_param: NovaNfsShare} - nfs_options: {get_param: NovaNfsOptions} - mount: name=/var/lib/nova/instances src="{{nfs_share}}" fstype=nfs4 opts="_netdev,bg,{{nfs_options}},vers=4,nfsvers=4" state=mounted - when: nfs_backend_enable|bool - - name: is Nova Resume Guests State On Host Boot enabled - set_fact: - resume_guests_state_on_host_boot_enabled: {get_param: NovaResumeGuestsStateOnHostBoot} - - name: install libvirt-guests systemd unit file - when: resume_guests_state_on_host_boot_enabled|bool - block: - - name: libvirt-guests unit to stop nova_api container before shutdown VMs - copy: - dest: /etc/systemd/system/libvirt-guests.service - content: | - [Unit] - Description=Suspend/Resume Running libvirt Guests - Requires=virt-guest-shutdown.target - After=network.target - After=time-sync.target - After=virt-guest-shutdown.target - After=docker.service - After=paunch-container-shutdown.service - After=rhel-push-plugin.service - Documentation=man:libvirtd(8) - Documentation=https://libvirt.org + list_concat: + - {get_attr: [NovaLogging, host_prep_tasks]} + - - name: Mount Nova NFS Share + vars: + nfs_backend_enable: {get_param: NovaNfsEnabled} + nfs_share: {get_param: NovaNfsShare} + nfs_options: {get_param: NovaNfsOptions} + mount: name=/var/lib/nova/instances src="{{nfs_share}}" fstype=nfs4 opts="_netdev,bg,{{nfs_options}},vers=4,nfsvers=4" state=mounted + when: nfs_backend_enable|bool + - name: is Nova Resume Guests State On Host Boot enabled + set_fact: + resume_guests_state_on_host_boot_enabled: {get_param: NovaResumeGuestsStateOnHostBoot} + - name: install libvirt-guests systemd unit file + when: resume_guests_state_on_host_boot_enabled|bool + block: + - name: libvirt-guests unit to stop nova_api container before shutdown VMs + copy: + dest: /etc/systemd/system/libvirt-guests.service + content: | + [Unit] + Description=Suspend/Resume Running libvirt Guests + Requires=virt-guest-shutdown.target + After=network.target + After=time-sync.target + After=virt-guest-shutdown.target + After=docker.service + After=paunch-container-shutdown.service + After=rhel-push-plugin.service + Documentation=man:libvirtd(8) + Documentation=https://libvirt.org - [Service] - EnvironmentFile=-/etc/sysconfig/libvirt-guests - # Hack just call traditional service until we factor - # out the code - ExecStart=/usr/libexec/libvirt-guests.sh start - ExecStop=/bin/{{container_cli}} stop nova_compute - ExecStop=/usr/libexec/libvirt-guests.sh stop - Type=oneshot - RemainAfterExit=yes - StandardOutput=journal+console - TimeoutStopSec=0 + [Service] + EnvironmentFile=-/etc/sysconfig/libvirt-guests + # Hack just call traditional service until we factor + # out the code + ExecStart=/usr/libexec/libvirt-guests.sh start + ExecStop=/bin/{{container_cli}} stop nova_compute + ExecStop=/usr/libexec/libvirt-guests.sh stop + Type=oneshot + RemainAfterExit=yes + StandardOutput=journal+console + TimeoutStopSec=0 - [Install] - WantedBy=multi-user.target - - name: libvirt-guests enable VM shutdown on compute reboot/shutdown - systemd: - name: libvirt-guests - enabled: yes - daemon_reload: yes + [Install] + WantedBy=multi-user.target + - name: libvirt-guests enable VM shutdown on compute reboot/shutdown + systemd: + name: libvirt-guests + enabled: yes + daemon_reload: yes + - name: create persistent directories + file: + path: "{{ item.path }}" + state: directory + setype: "{{ item.setype }}" + with_items: + - { 'path': /var/lib/nova, 'setype': svirt_sandbox_file_t } + - { 'path': /var/lib/nova/instances, 'setype': svirt_sandbox_file_t } + - { 'path': /var/lib/libvirt, 'setype': svirt_sandbox_file_t } + - name: ensure ceph configurations exist + file: + path: /etc/ceph + state: directory + - name: is Instance HA enabled + set_fact: + instance_ha_enabled: {get_param: EnableInstanceHA} + - name: enable virt_sandbox_use_netlink for healthcheck + seboolean: + name: virt_sandbox_use_netlink + persistent: yes + state: yes + - name: install Instance HA recovery script + when: instance_ha_enabled|bool + block: + - name: prepare Instance HA script directory + file: + path: /var/lib/nova/instanceha + state: directory + - name: install Instance HA script that runs nova-compute + copy: + content: {get_file: ../../extraconfig/tasks/instanceha/check-run-nova-compute} + dest: /var/lib/nova/instanceha/check-run-nova-compute + mode: 0755 + - name: Get list of instance HA compute nodes + command: hiera -c /etc/puppet/hiera.yaml compute_instanceha_short_node_names + register: iha_nodes + - name: If instance HA is enabled on the node activate the evacuation completed check + file: path=/var/lib/nova/instanceha/enabled state=touch + when: iha_nodes.stdout|lower | search('"'+ansible_hostname|lower+'"') upgrade_tasks: - name: Stop nova-compute service when: step|int == 1 @@ -438,3 +673,51 @@ outputs: - name: Start nova-compute service when: step|int == 6 service: name=openstack-nova-compute state=started + - name: Remove openstack-nova-compute and python-nova package during upgrade + package: + name: + - openstack-nova-compute + - python-nova + state: removed + ignore_errors: True + when: step|int == 2 + update_tasks: + - name: Remove openstack-nova-compute and python-nova package during upgrade + package: + name: + - openstack-nova-compute + - python-nova + state: removed + ignore_errors: True + when: step|int == 2 + post_upgrade_tasks: + - when: step|int == 1 + import_role: + name: tripleo-docker-rm + vars: + containers_to_rm: + - nova_compute + fast_forward_upgrade_tasks: + - when: + - step|int == 0 + - release == 'ocata' + block: + - name: Check if nova-compute is deployed + command: systemctl is-enabled --quiet openstack-nova-compute + ignore_errors: True + register: nova_compute_enabled_result + - name: Set fact nova_compute_enabled + set_fact: + nova_compute_enabled: "{{ nova_compute_enabled_result.rc == 0 }}" + - when: + - step|int == 1 + - release == 'ocata' + block: + - name: Stop and disable nova-compute service + service: name=openstack-nova-compute state=stopped + when: + - nova_compute_enabled|bool + - name: Set upgrade marker in nova statedir + file: path=/var/lib/nova/upgrade_marker state=touch owner=nova group=nova + when: + - nova_compute_enabled|bool diff --git a/deployment/nova/nova-ironic-container-puppet.yaml b/deployment/nova/nova-ironic-container-puppet.yaml index ddb85635a4..8ab901ad4c 100644 --- a/deployment/nova/nova-ironic-container-puppet.yaml +++ b/deployment/nova/nova-ironic-container-puppet.yaml @@ -54,7 +54,7 @@ resources: type: ../../deployment/database/mysql-client.yaml NovaComputeCommon: - type: ../../docker/services/nova-compute-common.yaml + type: ./nova-compute-common-container-puppet.yaml properties: EndpointMap: {get_param: EndpointMap} ServiceData: {get_param: ServiceData} @@ -95,9 +95,9 @@ outputs: puppet_tags: nova_config,nova_paste_api_ini step_config: list_join: - - "\n" - - - include tripleo::profile::base::nova::compute::ironic - - {get_attr: [MySQLClient, role_data, step_config]} + - "\n" + - - include tripleo::profile::base::nova::compute::ironic + - {get_attr: [MySQLClient, role_data, step_config]} config_image: {get_param: DockerNovaConfigImage} kolla_config: /var/lib/kolla/config_files/nova_ironic.json: diff --git a/docker/services/nova-libvirt.yaml b/deployment/nova/nova-libvirt-container-puppet.yaml similarity index 69% rename from docker/services/nova-libvirt.yaml rename to deployment/nova/nova-libvirt-container-puppet.yaml index 8a42b3cb85..07a37b3a59 100644 --- a/docker/services/nova-libvirt.yaml +++ b/deployment/nova/nova-libvirt-container-puppet.yaml @@ -160,6 +160,37 @@ parameters: description: CLI tool used to manage containers. constraints: - allowed_values: ['docker', 'podman'] + NovaComputeLibvirtType: + type: string + default: kvm + LibvirtEnabledPerfEvents: + type: comma_delimited_list + default: [] + description: This is a performance event list which could be used as monitor. + For example - ``enabled_perf_events = cmt, mbml, mbmt`` + The supported events list can be found in + https://libvirt.org/html/libvirt-libvirt-domain.html , + which you may need to search key words ``VIR_PERF_PARAM_*`` + MonitoringSubscriptionNovaLibvirt: + default: 'overcloud-nova-libvirt' + type: string + MigrationSshKey: + type: json + description: > + SSH key for migration. + Expects a dictionary with keys 'public_key' and 'private_key'. + Values should be identical to SSH public/private key files. + default: + public_key: '' + private_key: '' + MigrationSshPort: + default: 2022 + description: Target port for migration over ssh + type: number + LibvirtTLSPassword: + description: The password for the libvirt service when TLS is enabled + type: string + hidden: true conditions: @@ -242,41 +273,177 @@ resources: ContainersCommon: - type: ./containers-common.yaml + type: ../../docker/services/containers-common.yaml MySQLClient: type: ../../deployment/database/mysql-client.yaml - NovaLibvirtBase: - type: ../../puppet/services/nova-libvirt.yaml + NovaLibvirtLogging: + type: OS::TripleO::Services::Logging::NovaLibvirt + + NovaBase: + type: ../../puppet/services/nova-base.yaml properties: - EndpointMap: {get_param: EndpointMap} ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} - NovaLibvirtLogging: - type: OS::TripleO::Services::Logging::NovaLibvirt - outputs: role_data: description: Role data for the Libvirt service. value: - service_name: {get_attr: [NovaLibvirtBase, role_data, service_name]} + service_name: nova_libvirt config_settings: map_merge: - - get_attr: [NovaLibvirtBase, role_data, config_settings] + - get_attr: [NovaBase, role_data, config_settings] + - get_attr: [RoleParametersValue, value] - get_attr: [NovaLibvirtLogging, config_settings] - + # we include ::nova::compute::libvirt::services in nova/libvirt profile + - nova::compute::libvirt::manage_libvirt_services: false + # we manage migration in nova common puppet profile + nova::compute::libvirt::migration_support: false + nova::compute::rbd::libvirt_images_rbd_ceph_conf: + list_join: + - '' + - - '/etc/ceph/' + - {get_param: CephClusterName} + - '.conf' + nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName} + nova::compute::rbd::rbd_keyring: + list_join: + - '.' + - - 'client' + - {get_param: CephClientUserName} + nova::compute::rbd::libvirt_rbd_secret_key: {get_param: CephClientKey} + nova::compute::rbd::libvirt_rbd_secret_uuid: {get_param: CephClusterFSID} + tripleo::profile::base::nova::migration::client::libvirt_enabled: true + tripleo::profile::base::nova::migration::client::ssh_private_key: {get_param: [ MigrationSshKey, private_key ]} + tripleo::profile::base::nova::migration::client::ssh_port: {get_param: MigrationSshPort} + nova::compute::libvirt::services::libvirt_virt_type: {get_param: NovaComputeLibvirtType} + nova::compute::libvirt::libvirt_virt_type: {get_param: NovaComputeLibvirtType} + nova::compute::libvirt::libvirt_enabled_perf_events: {get_param: LibvirtEnabledPerfEvents} + nova::compute::libvirt::qemu::configure_qemu: true + nova::compute::libvirt::qemu::max_files: 32768 + nova::compute::libvirt::qemu::max_processes: 131072 + nova::migration::qemu::configure_qemu: true + nova::migration::qemu::migration_port_min: 61152 + nova::migration::qemu::migration_port_max: 61215 + nova::compute::libvirt::vncserver_listen: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]} + rbd_persistent_storage: {get_param: CinderEnableRbdBackend} + tripleo::nova_libvirt::firewall_rules: + '200 nova_libvirt': + dport: + - 16514 + - '61152-61215' + - '5900-6923' + - + if: + - use_tls_for_live_migration + - + generate_service_certificates: true + tripleo::profile::base::nova::migration::client::libvirt_tls: true + tripleo::profile::base::nova::libvirt::tls_password: {get_param: [LibvirtTLSPassword]} + nova::migration::libvirt::listen_address: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]} + nova::migration::libvirt::live_migration_inbound_addr: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]} + tripleo::certmonger::ca::libvirt::origin_ca_pem: + if: + - libvirt_specific_ca_unset + - get_param: InternalTLSCAFile + - get_param: LibvirtCACert + tripleo::certmonger::libvirt_dirs::certificate_dir: '/etc/pki/libvirt' + tripleo::certmonger::libvirt_dirs::key_dir: '/etc/pki/libvirt/private' + libvirt_certificates_specs: + libvirt-server-cert: + service_certificate: '/etc/pki/libvirt/servercert.pem' + service_key: '/etc/pki/libvirt/private/serverkey.pem' + hostname: + str_replace: + template: "%{hiera('fqdn_NETWORK')}" + params: + NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]} + principal: + str_replace: + template: "libvirt/%{hiera('fqdn_NETWORK')}" + params: + NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]} + libvirt-client-cert: + service_certificate: '/etc/pki/libvirt/clientcert.pem' + service_key: '/etc/pki/libvirt/private/clientkey.pem' + hostname: + str_replace: + template: "%{hiera('fqdn_NETWORK')}" + params: + NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]} + principal: + str_replace: + template: "libvirt/%{hiera('fqdn_NETWORK')}" + params: + NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]} + - + nova::migration::libvirt::live_migration_inbound_addr: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]} + - + if: + - use_tls_for_vnc + - + nova::compute::libvirt::qemu::vnc_tls: true + nova::compute::libvirt::qemu::vnc_tls_verify: true + generate_service_certificates: true + tripleo::certmonger::ca::libvirt_vnc::origin_ca_pem: + if: + - libvirt_vnc_specific_ca_unset + - get_param: InternalTLSVncCAFile + - get_param: LibvirtVncCACert + tripleo::certmonger::libvirt_vnc_dirs::certificate_dir: '/etc/pki/libvirt-vnc' + libvirt_vnc_certificates_specs: + libvirt-vnc-server-cert: + cacertfile: + if: + - libvirt_vnc_specific_ca_unset + - get_param: InternalTLSVncCAFile + - null + service_certificate: '/etc/pki/libvirt-vnc/server-cert.pem' + service_key: '/etc/pki/libvirt-vnc/server-key.pem' + hostname: + str_replace: + template: "%{hiera('fqdn_NETWORK')}" + params: + NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]} + principal: + str_replace: + template: "libvirt-vnc/%{hiera('fqdn_NETWORK')}" + params: + NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]} + - {} puppet_config: config_volume: nova_libvirt puppet_tags: libvirtd_config,nova_config,file,libvirt_tls_password step_config: list_join: - "\n" - - - {get_attr: [NovaLibvirtBase, role_data, step_config]} + - - include tripleo::profile::base::nova::libvirt - {get_attr: [MySQLClient, role_data, step_config]} config_image: {get_param: DockerNovaLibvirtConfigImage} kolla_config: @@ -564,7 +731,28 @@ outputs: content: | d /var/run/libvirt 0755 root root - - metadata_settings: - get_attr: [NovaLibvirtBase, role_data, metadata_settings] + list_concat: + - if: + - use_tls_for_live_migration + - + - service: libvirt + network: {get_param: [ServiceNetMap, NovaLibvirtNetwork]} + type: node + - null + - if: + - use_tls_for_vnc + - + - service: libvirt-vnc + network: {get_param: [ServiceNetMap, NovaLibvirtNetwork]} + type: node + - null + - if: + - use_tls_for_nbd + - + - service: qemu + network: {get_param: [ServiceNetMap, NovaLibvirtNetwork]} + type: node + - null upgrade_tasks: [] post_upgrade_tasks: - when: step|int == 1 diff --git a/puppet/services/nova-libvirt-guests.yaml b/deployment/nova/nova-libvirt-guests-container-puppet.yaml similarity index 96% rename from puppet/services/nova-libvirt-guests.yaml rename to deployment/nova/nova-libvirt-guests-container-puppet.yaml index c087a07917..d0cc11fa59 100644 --- a/puppet/services/nova-libvirt-guests.yaml +++ b/deployment/nova/nova-libvirt-guests-container-puppet.yaml @@ -66,8 +66,6 @@ outputs: description: Role data for libvirt-guests value: service_name: nova_libvirt_guests - config_settings: - map_merge: - - get_attr: [RoleParametersValue, value] + config_settings: {get_attr: [RoleParametersValue, value]} step_config: | include ::tripleo::profile::base::nova::compute::libvirt_guests diff --git a/docker/services/nova-compute.yaml b/docker/services/nova-compute.yaml deleted file mode 100644 index e5c0d6e781..0000000000 --- a/docker/services/nova-compute.yaml +++ /dev/null @@ -1,367 +0,0 @@ -heat_template_version: rocky - -description: > - OpenStack containerized Nova Compute service - -parameters: - DockerNovaComputeImage: - description: image - type: string - DockerNovaLibvirtConfigImage: - description: The container image to use for the nova_libvirt config_volume - type: string - DockerNovaComputeUlimit: - default: ['nofile=1024'] - description: ulimit for Nova Compute Container - type: comma_delimited_list - NovaComputeLoggingSource: - type: json - default: - tag: openstack.nova.compute - path: /var/log/containers/nova/nova-compute.log - ServiceData: - default: {} - description: Dictionary packing service data - type: json - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - RoleName: - default: '' - description: Role name on which the service is applied - type: string - RoleParameters: - default: {} - description: Parameters specific to the role - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - DockerNovaMigrationSshdPort: - default: 2022 - description: Port that dockerized nova migration target sshd service - binds to. - type: number - CephClientUserName: - default: openstack - type: string - CephClusterName: - type: string - default: ceph - description: The Ceph cluster name. - constraints: - - allowed_pattern: "[a-zA-Z0-9]+" - description: > - The Ceph cluster name must be at least 1 character and contain only - letters and numbers. - NovaComputeOptVolumes: - default: [] - description: list of optional vo - type: comma_delimited_list - NovaComputeOptEnvVars: - default: [] - description: list of optional en - type: comma_delimited_list - EnableInstanceHA: - default: false - description: Whether to enable an Instance Ha configurarion or not. - This setup requires the Compute role to have the - PacemakerRemote service added to it. - type: boolean - DeployIdentifier: - default: '' - type: string - description: > - Setting this to a unique value will re-run any deployment tasks which - perform configuration on a Heat stack-update. - -resources: - - ContainersCommon: - type: ./containers-common.yaml - - MySQLClient: - type: ../../deployment/database/mysql-client.yaml - - NovaComputeCommon: - type: ./nova-compute-common.yaml - properties: - EndpointMap: {get_param: EndpointMap} - ServiceData: {get_param: ServiceData} - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - RoleName: {get_param: RoleName} - RoleParameters: {get_param: RoleParameters} - - NovaComputeBase: - type: ../../puppet/services/nova-compute.yaml - properties: - EndpointMap: {get_param: EndpointMap} - ServiceData: {get_param: ServiceData} - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - RoleName: {get_param: RoleName} - RoleParameters: {get_param: RoleParameters} - - NovaLogging: - type: OS::TripleO::Services::Logging::NovaCommon - properties: - DockerNovaImage: {get_param: DockerNovaComputeImage} - NovaServiceName: 'compute' - -conditions: - enable_instance_ha: {equals: [{get_param: EnableInstanceHA}, true]} - -outputs: - role_data: - description: Role data for the Nova Compute service. - value: - service_name: {get_attr: [NovaComputeBase, role_data, service_name]} - config_settings: - map_merge: - - get_attr: [NovaComputeBase, role_data, config_settings] - - get_attr: [NovaLogging, config_settings] - service_config_settings: - map_merge: - - get_attr: [NovaComputeBase, role_data, service_config_settings] - - fluentd: - tripleo_fluentd_groups_nova_compute: - - nova - tripleo_fluentd_sources_nova_compute: - - {get_param: NovaComputeLoggingSource} - puppet_config: - config_volume: nova_libvirt - puppet_tags: nova_config,nova_paste_api_ini - step_config: - list_join: - - "\n" - - - {get_attr: [NovaComputeBase, role_data, step_config]} - - {get_attr: [MySQLClient, role_data, step_config]} - config_image: {get_param: DockerNovaLibvirtConfigImage} - kolla_config: - /var/lib/kolla/config_files/nova_compute.json: - command: - list_join: - - ' ' - - - if: - - enable_instance_ha - - /var/lib/nova/instanceha/check-run-nova-compute - - /usr/bin/nova-compute - - get_attr: [NovaLogging, cmd_extra_args] - config_files: - - source: "/var/lib/kolla/config_files/src/*" - dest: "/" - merge: true - preserve_properties: true - - source: "/var/lib/kolla/config_files/src-iscsid/*" - dest: "/etc/iscsi/" - merge: true - preserve_properties: true - - source: "/var/lib/kolla/config_files/src-ceph/" - dest: "/etc/ceph/" - merge: true - preserve_properties: true - permissions: - - path: /var/log/nova - owner: nova:nova - recurse: true - - path: - str_replace: - template: /etc/ceph/CLUSTER.client.USER.keyring - params: - CLUSTER: {get_param: CephClusterName} - USER: {get_param: CephClientUserName} - owner: nova:nova - perm: '0600' - docker_config_scripts: - map_merge: - - {get_attr: [ContainersCommon, docker_config_scripts]} - - {get_attr: [NovaComputeCommon, docker_config_scripts]} - docker_config: - step_3: - nova_statedir_owner: - image: &nova_compute_image {get_param: DockerNovaComputeImage} - net: none - user: root - privileged: false - detach: false - volumes: - - /var/lib/nova:/var/lib/nova:shared,z - - /var/lib/docker-config-scripts/:/docker-config-scripts/:z - command: "/docker-config-scripts/pyshim.sh /docker-config-scripts/nova_statedir_ownership.py" - environment: - # NOTE: this should force this container to re-run on each - # update (scale-out, etc.) - - list_join: - - '' - - - 'TRIPLEO_DEPLOY_IDENTIFIER=' - - {get_param: DeployIdentifier} - step_4: - nova_wait_for_placement_service: - start_order: 2 - image: *nova_compute_image - user: root - net: host - privileged: false - detach: false - volumes: - - /var/lib/docker-config-scripts/:/docker-config-scripts/:z - - /var/lib/config-data/puppet-generated/nova_libvirt/etc/nova:/etc/nova:ro - command: "/docker-config-scripts/pyshim.sh /docker-config-scripts/nova_wait_for_placement_service.py" - nova_compute: - start_order: 3 - image: *nova_compute_image - ulimit: {get_param: DockerNovaComputeUlimit} - ipc: host - net: host - privileged: true - user: nova - restart: always - healthcheck: - test: - list_join: - - ' ' - - - '/openstack/healthcheck' - - yaql: - expression: str($.data.port) - data: - port: {get_attr: [NovaComputeBase, role_data, config_settings, 'nova::rabbit_port']} - volumes: - list_concat: - - {get_attr: [ContainersCommon, volumes]} - - {get_attr: [NovaLogging, volumes]} - - {get_param: NovaComputeOptVolumes} - - - - /var/lib/kolla/config_files/nova_compute.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/puppet-generated/nova_libvirt/:/var/lib/kolla/config_files/src:ro - - /etc/iscsi:/var/lib/kolla/config_files/src-iscsid:ro - - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro - - /dev:/dev - - /lib/modules:/lib/modules:ro - - /run:/run - - /var/lib/iscsi:/var/lib/iscsi:z - - /var/lib/nova:/var/lib/nova:shared,z - - /var/lib/libvirt:/var/lib/libvirt:shared,z - - /sys/class/net:/sys/class/net - - /sys/bus/pci:/sys/bus/pci - environment: - list_concat: - - {get_param: NovaComputeOptEnvVars} - - - - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - step_5: - nova_cellv2_discover_hosts: - start_order: 0 - image: *nova_compute_image - net: host - detach: false - volumes: - list_concat: - - {get_attr: [ContainersCommon, volumes]} - - - - /var/lib/config-data/nova_libvirt/etc/my.cnf.d/:/etc/my.cnf.d/:ro - - /var/lib/config-data/nova_libvirt/etc/nova/:/etc/nova/:ro - - /var/log/containers/nova:/var/log/nova - - /var/lib/docker-config-scripts/:/docker-config-scripts/ - user: root - command: "/docker-config-scripts/pyshim.sh /docker-config-scripts/nova_cell_v2_discover_host.py" - host_prep_tasks: - list_concat: - - {get_attr: [NovaLogging, host_prep_tasks]} - - {get_attr: [NovaComputeBase, role_data, host_prep_tasks]} - - - name: create persistent directories - file: - path: "{{ item.path }}" - state: directory - setype: "{{ item.setype }}" - with_items: - - { 'path': /var/lib/nova, 'setype': svirt_sandbox_file_t } - - { 'path': /var/lib/nova/instances, 'setype': svirt_sandbox_file_t } - - { 'path': /var/lib/libvirt, 'setype': svirt_sandbox_file_t } - - name: ensure ceph configurations exist - file: - path: /etc/ceph - state: directory - - name: is Instance HA enabled - set_fact: - instance_ha_enabled: {get_param: EnableInstanceHA} - - name: enable virt_sandbox_use_netlink for healthcheck - seboolean: - name: virt_sandbox_use_netlink - persistent: yes - state: yes - - name: install Instance HA recovery script - when: instance_ha_enabled|bool - block: - - name: prepare Instance HA script directory - file: - path: /var/lib/nova/instanceha - state: directory - - name: install Instance HA script that runs nova-compute - copy: - content: {get_file: ../../extraconfig/tasks/instanceha/check-run-nova-compute} - dest: /var/lib/nova/instanceha/check-run-nova-compute - mode: 0755 - - name: Get list of instance HA compute nodes - command: hiera -c /etc/puppet/hiera.yaml compute_instanceha_short_node_names - register: iha_nodes - - name: If instance HA is enabled on the node activate the evacuation completed check - file: path=/var/lib/nova/instanceha/enabled state=touch - when: iha_nodes.stdout|lower | search('"'+ansible_hostname|lower+'"') - upgrade_tasks: - - name: Remove openstack-nova-compute and python-nova package during upgrade - package: - name: - - openstack-nova-compute - - python-nova - state: removed - ignore_errors: True - when: step|int == 2 - update_tasks: - - name: Remove openstack-nova-compute and python-nova package during upgrade - package: - name: - - openstack-nova-compute - - python-nova - state: removed - ignore_errors: True - when: step|int == 2 - post_upgrade_tasks: - - when: step|int == 1 - import_role: - name: tripleo-docker-rm - vars: - containers_to_rm: - - nova_compute - fast_forward_upgrade_tasks: - - when: - - step|int == 0 - - release == 'ocata' - block: - - name: Check if nova-compute is deployed - command: systemctl is-enabled --quiet openstack-nova-compute - ignore_errors: True - register: nova_compute_enabled_result - - name: Set fact nova_compute_enabled - set_fact: - nova_compute_enabled: "{{ nova_compute_enabled_result.rc == 0 }}" - - when: - - step|int == 1 - - release == 'ocata' - block: - - name: Stop and disable nova-compute service - service: name=openstack-nova-compute state=stopped - when: - - nova_compute_enabled|bool - - name: Set upgrade marker in nova statedir - file: path=/var/lib/nova/upgrade_marker state=touch owner=nova group=nova - when: - - nova_compute_enabled|bool diff --git a/environments/baremetal-services.yaml b/environments/baremetal-services.yaml index 5e73f042bb..42f130b12f 100644 --- a/environments/baremetal-services.yaml +++ b/environments/baremetal-services.yaml @@ -38,10 +38,10 @@ resource_registry: OS::TripleO::Services::NeutronOvsAgent: ../deployment/neutron/neutron-ovs-agent-container-puppet.yaml OS::TripleO::Services::NeutronServer: ../deployment/neutron/neutron-api-container-puppet.yaml OS::TripleO::Services::NovaApi: ../puppet/services/nova-api.yaml - OS::TripleO::Services::NovaCompute: ../puppet/services/nova-compute.yaml + OS::TripleO::Services::NovaCompute: ../deployment/nova/nova-compute-container-puppet.yaml OS::TripleO::Services::NovaConductor: ../puppet/services/nova-conductor.yaml OS::TripleO::Services::NovaConsoleauth: ../deployment/nova/nova-consoleauth.yaml - OS::TripleO::Services::NovaLibvirt: ../puppet/services/nova-libvirt.yaml + OS::TripleO::Services::NovaLibvirt: ../deployment/nova/nova-libvirt-container-puppet.yaml OS::TripleO::Services::NovaMetadata: ../deployment/nova/nova-metadata-container-puppet.yaml OS::TripleO::Services::NovaMigrationTarget: ../deployment/nova/nova-migration-target-container-puppet.yaml OS::TripleO::Services::NovaPlacement: ../puppet/services/nova-placement.yaml diff --git a/environments/computealt.yaml b/environments/computealt.yaml index bb84ea087b..8f2978f939 100644 --- a/environments/computealt.yaml +++ b/environments/computealt.yaml @@ -8,8 +8,8 @@ resource_registry: # If enabling fluentd you'll need provide the following in a specific resource_registry # OS::TripleO::Services::FluentdAlt: ../puppet/services/logging/fluentd.yaml OS::TripleO::Services::IscsidAlt: ../deployment/iscsid/iscsid-container-puppet.yaml - OS::TripleO::Services::NovaComputeAlt: ../puppet/services/nova-compute.yaml - OS::TripleO::Services::NovaLibvirtAlt: ../puppet/services/nova-libvirt.yaml + OS::TripleO::Services::NovaComputeAlt: ../deployment/nova/nova-compute-container-puppet.yaml + OS::TripleO::Services::NovaLibvirtAlt: ../deployment/nova/nova-libvirt-container-puppet.yaml OS::TripleO::Services::NovaMigrationTargetAlt: ../deployment/nova/nova-migration-target-container-puppet.yaml OS::TripleO::Services::SensuClientAlt: OS::Heat::None # If enabling monitoring you'll need provide the following in a specific resource_registry diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index f8e91b4d31..48c043cbac 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -192,11 +192,11 @@ resource_registry: OS::TripleO::Services::Sshd: deployment/sshd/sshd-baremetal-puppet.yaml OS::TripleO::Services::Redis: docker/services/database/redis.yaml OS::TripleO::Services::NovaApi: docker/services/nova-api.yaml - OS::TripleO::Services::NovaCompute: docker/services/nova-compute.yaml + OS::TripleO::Services::NovaCompute: deployment/nova/nova-compute-container-puppet.yaml OS::TripleO::Services::NovaConductor: docker/services/nova-conductor.yaml OS::TripleO::Services::NovaConsoleauth: deployment/nova/nova-consoleauth-container-puppet.yaml - OS::TripleO::Services::NovaLibvirt: docker/services/nova-libvirt.yaml - OS::TripleO::Services::NovaLibvirtGuests: puppet/services/nova-libvirt-guests.yaml + OS::TripleO::Services::NovaLibvirt: deployment/nova/nova-libvirt-container-puppet.yaml + OS::TripleO::Services::NovaLibvirtGuests: deployment/nova/nova-libvirt-guests-container-puppet.yaml OS::TripleO::Services::NovaMetadata: deployment/nova/nova-metadata-container-puppet.yaml OS::TripleO::Services::NovaMigrationTarget: deployment/nova/nova-migration-target-container-puppet.yaml OS::TripleO::Services::NovaPlacement: docker/services/nova-placement.yaml diff --git a/puppet/services/nova-metadata.yaml b/puppet/services/nova-metadata.yaml deleted file mode 100644 index 8676eff023..0000000000 --- a/puppet/services/nova-metadata.yaml +++ /dev/null @@ -1,161 +0,0 @@ -heat_template_version: rocky - -description: > - OpenStack Nova Metadata API service configured with Puppet - -parameters: - ServiceData: - default: {} - description: Dictionary packing service data - type: json - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - RoleName: - default: '' - description: Role name on which the service is applied - type: string - RoleParameters: - default: {} - description: Parameters specific to the role - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - NovaWorkers: - default: 0 - description: Number of workers for Nova services. - type: number - NovaPassword: - description: The password for the nova service and db account - type: string - hidden: true - KeystoneRegion: - type: string - default: 'regionOne' - description: Keystone region for endpoint - NeutronMetadataProxySharedSecret: - description: Shared secret to prevent spoofing - type: string - hidden: true - MonitoringSubscriptionNovaMetadata: - default: 'overcloud-nova-metadata' - type: string - NovaMetadataLoggingSource: - type: json - default: - tag: openstack.nova.metadata - path: /var/log/httpd/nova_metadata_wsgi_error_ssl.log - EnableInternalTLS: - type: boolean - default: false - -conditions: - nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]} - is_neutron_shared_metadata_notempty: {not: {equals: [{get_param: NeutronMetadataProxySharedSecret}, '']}} - -resources: - ApacheServiceBase: - type: ./apache.yaml - properties: - ServiceData: {get_param: ServiceData} - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - RoleName: {get_param: RoleName} - RoleParameters: {get_param: RoleParameters} - EnableInternalTLS: {get_param: EnableInternalTLS} - - NovaBase: - type: ./nova-base.yaml - properties: - ServiceData: {get_param: ServiceData} - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - RoleName: {get_param: RoleName} - RoleParameters: {get_param: RoleParameters} - -outputs: - role_data: - description: Role data for the Nova Metadata service. - value: - service_name: nova_metadata - monitoring_subscription: {get_param: MonitoringSubscriptionNovaMetadata} - config_settings: - map_merge: - - get_attr: [NovaBase, role_data, config_settings] - - get_attr: [ApacheServiceBase, role_data, config_settings] - - tripleo::nova_placement::firewall_rules: - '139 nova_metadata': - dport: - - 8775 - - 13775 - nova::keystone::authtoken::project_name: 'service' - nova::keystone::authtoken::password: {get_param: NovaPassword} - nova::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } - nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} - nova::metadata::enable_proxy_headers_parsing: true - nova_metadata_wsgi_enabled: true - nova::wsgi::apache_metadata::api_port: '8775' - nova::wsgi::apache_metadata::ssl: {get_param: EnableInternalTLS} - # NOTE: bind IP is found in Heat replacing the network name with the local node IP - # for the given network; replacement examples (eg. for internal_api): - # internal_api -> IP - # internal_api_uri -> [IP] - # internal_api_subnet - > IP/CIDR - nova::wsgi::apache_metadata::bind_host: - str_replace: - template: - "%{hiera('$NETWORK')}" - params: - $NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]} - nova::wsgi::apache_metadata::servername: - str_replace: - template: - "%{hiera('fqdn_$NETWORK')}" - params: - $NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]} - - - if: - - nova_workers_zero - - {} - - nova::wsgi::apache_metadata::workers: {get_param: NovaWorkers} - - - if: - - is_neutron_shared_metadata_notempty - - nova::metadata::neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} - - {} - step_config: | - include tripleo::profile::base::nova::metadata - service_config_settings: - fluentd: - tripleo_fluentd_groups_nova_metadata: - - nova - tripleo_fluentd_sources_nova_metadata: - - {get_param: NovaMetadataLoggingSource} - keystone: - nova::keystone::auth::tenant: 'service' - nova::keystone::auth::public_url: {get_param: [EndpointMap, NovaPublic, uri]} - nova::keystone::auth::internal_url: {get_param: [EndpointMap, NovaInternal, uri]} - nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]} - nova::keystone::auth::password: {get_param: NovaPassword} - nova::keystone::auth::region: {get_param: KeystoneRegion} - mysql: - map_merge: - - {get_attr: [NovaBase, role_data, service_config_settings, mysql]} - - nova::db::mysql_api::password: {get_param: NovaPassword} - nova::db::mysql_api::user: nova_api - nova::db::mysql_api::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} - nova::db::mysql_api::dbname: nova_api - nova::db::mysql_api::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" diff --git a/sample-env-generator/storage.yaml b/sample-env-generator/storage.yaml index 9f91671e7f..482c5b96b7 100644 --- a/sample-env-generator/storage.yaml +++ b/sample-env-generator/storage.yaml @@ -45,7 +45,7 @@ environments: name: storage/nova-nfs title: Enable Nova NFS Backend files: - puppet/services/nova-compute.yaml: + deployment/nova/nova-compute-container-puppet.yaml: parameters: - NovaNfsEnabled - NovaNfsShare