Move nova-metadata api to httpd wsgi
Upstream will deprecate usage of eventlet of all the WSGI-run services, including nova-api and nova-metadata-api. See https://review.openstack.org/#/c/549510/ for more details. With this change we move nova-metadata to run via httpd wsgi and therefore uses its own config volume. Closes-Bug: 1781405 Change-Id: I7206925c5416814bcbf92021e606afeaedde4b1b Depends-On: Ic65736cb0e95c400a728cd699ecf06c6aecff832 Depends-On: Ic46acdbac280ac648ec5ed9d7af0139126334fe0 Depends-On: I47d79ab8e274e94cbe0d4cadd204e63cbbe3dca8 Depends-On: I069510b8dfc8e6a7c5ff6f07826f10a2038856d7 Depends-On: I3d572dda2e90b7e24f2f8912d704462b9332d807
This commit is contained in:
parent
fa8b4bb955
commit
a823be0733
46
docker/services/logging/files/nova-metadata.yaml
Normal file
46
docker/services/logging/files/nova-metadata.yaml
Normal file
@ -0,0 +1,46 @@
|
|||||||
|
heat_template_version: rocky
|
||||||
|
|
||||||
|
description: >
|
||||||
|
Template for nova-metadata's logging to files
|
||||||
|
|
||||||
|
parameters:
|
||||||
|
DockerNovaMetadataImage:
|
||||||
|
description: image
|
||||||
|
type: string
|
||||||
|
|
||||||
|
outputs:
|
||||||
|
config_settings:
|
||||||
|
description: Extra hieradata needed to log to files in the host.
|
||||||
|
value: null
|
||||||
|
volumes:
|
||||||
|
description: The volumes needed to log to files in the host.
|
||||||
|
value: &nova_metadata_volumes
|
||||||
|
- /var/log/containers/nova:/var/log/nova
|
||||||
|
- /var/log/containers/httpd/nova-metadata:/var/log/httpd
|
||||||
|
docker_config:
|
||||||
|
description: Extra containers needed for logging to files in the host.
|
||||||
|
value:
|
||||||
|
step_2:
|
||||||
|
nova_metadata_init_logs:
|
||||||
|
image: {get_param: DockerNovaMetadataImage}
|
||||||
|
privileged: false
|
||||||
|
user: root
|
||||||
|
volumes: *nova_metadata_volumes
|
||||||
|
command: ['/bin/bash', '-c', 'chown -R nova:nova /var/log/nova']
|
||||||
|
host_prep_tasks:
|
||||||
|
description: Extra ansible tasks needed for logging to files in the host.
|
||||||
|
value:
|
||||||
|
- name: create persistent logs directory
|
||||||
|
file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
state: directory
|
||||||
|
with_items:
|
||||||
|
- /var/log/containers/nova
|
||||||
|
- /var/log/containers/httpd/nova-metadata
|
||||||
|
- name: nova logs readme
|
||||||
|
copy:
|
||||||
|
dest: /var/log/nova/readme.txt
|
||||||
|
content: |
|
||||||
|
Log files from nova containers can be found under
|
||||||
|
/var/log/containers/nova and /var/log/containers/httpd/nova-*.
|
||||||
|
ignore_errors: true
|
60
docker/services/logging/stdout/nova-metadata.yaml
Normal file
60
docker/services/logging/stdout/nova-metadata.yaml
Normal file
@ -0,0 +1,60 @@
|
|||||||
|
heat_template_version: rocky
|
||||||
|
|
||||||
|
description: >
|
||||||
|
Template for nova-metadata's logging to stdout
|
||||||
|
|
||||||
|
parameters:
|
||||||
|
DockerNovaMetadataImage:
|
||||||
|
description: image
|
||||||
|
type: string
|
||||||
|
|
||||||
|
outputs:
|
||||||
|
config_settings:
|
||||||
|
description: Extra hieradata needed to log to stdout.
|
||||||
|
value:
|
||||||
|
nova::wsgi::apache_metadata::access_log_file: /var/log/httpd/access.log
|
||||||
|
nova::wsgi::apache_metadata::error_log_file: /var/log/httpd/error_log
|
||||||
|
volumes:
|
||||||
|
description: The volumes needed to log to stdout or a sidecar container.
|
||||||
|
value:
|
||||||
|
- NovaMetadataLogs:/var/log/
|
||||||
|
docker_config:
|
||||||
|
description: Extra containers needed for logging to stdout or a sidecar container.
|
||||||
|
value:
|
||||||
|
step_2:
|
||||||
|
nova_metadata_apache_error_logs:
|
||||||
|
start_order: 1
|
||||||
|
image: {get_param: DockerNovaMetadataImage}
|
||||||
|
user: root
|
||||||
|
privileged: false
|
||||||
|
restart: always
|
||||||
|
healthcheck:
|
||||||
|
test: '[ -p /var/log/httpd/error_log ]'
|
||||||
|
command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd && rm -f /var/log/httpd/error_log && mkfifo /var/log/httpd/error_log && while true; do cat /var/log/httpd/error_log; done']
|
||||||
|
volumes:
|
||||||
|
- NovaMetadataLogs:/var/log/
|
||||||
|
nova_metadata_apache_access_logs:
|
||||||
|
start_order: 1
|
||||||
|
image: {get_param: DockerNovaMetadataImage}
|
||||||
|
user: root
|
||||||
|
privileged: false
|
||||||
|
restart: always
|
||||||
|
healthcheck:
|
||||||
|
test: '[ -p /var/log/httpd/access.log ]'
|
||||||
|
command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd && rm -f /var/log/httpd/access.log && mkfifo /var/log/httpd/access.log && while true; do cat /var/log/httpd/access.log; done']
|
||||||
|
volumes:
|
||||||
|
- NovaMetadataLogs:/var/log/
|
||||||
|
nova_metadata_logs:
|
||||||
|
start_order: 2
|
||||||
|
image: {get_param: DockerNovaMetadataImage}
|
||||||
|
user: nova
|
||||||
|
privileged: false
|
||||||
|
restart: always
|
||||||
|
healthcheck:
|
||||||
|
test: '[ -p /var/log/nova/nova-metadata-api.log ]'
|
||||||
|
command: ['/bin/bash', '-c', 'mkdir -p /var/log/nova && rm -f /var/log/nova/nova-metadata-api.log && mkfifo /var/log/nova/nova-metadata-api.log && while true; do cat /var/log/nova/nova-metadata-api.log; done']
|
||||||
|
volumes:
|
||||||
|
- NovaMetadataLogs:/var/log/
|
||||||
|
host_prep_tasks:
|
||||||
|
description: Extra ansible tasks needed for logging to files in the host.
|
||||||
|
value: null
|
@ -7,7 +7,7 @@ parameters:
|
|||||||
DockerNovaMetadataImage:
|
DockerNovaMetadataImage:
|
||||||
description: image
|
description: image
|
||||||
type: string
|
type: string
|
||||||
DockerNovaConfigImage:
|
DockerNovaMetadataConfigImage:
|
||||||
description: The container image to use for the nova config_volume
|
description: The container image to use for the nova config_volume
|
||||||
type: string
|
type: string
|
||||||
NovaMetadataLoggingSource:
|
NovaMetadataLoggingSource:
|
||||||
@ -41,12 +41,22 @@ parameters:
|
|||||||
default: {}
|
default: {}
|
||||||
description: Parameters specific to the role
|
description: Parameters specific to the role
|
||||||
type: json
|
type: json
|
||||||
|
EnableInternalTLS:
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
|
|
||||||
|
conditions:
|
||||||
|
|
||||||
|
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
|
|
||||||
ContainersCommon:
|
ContainersCommon:
|
||||||
type: ./containers-common.yaml
|
type: ./containers-common.yaml
|
||||||
|
|
||||||
|
MySQLClient:
|
||||||
|
type: ../../puppet/services/database/mysql-client.yaml
|
||||||
|
|
||||||
NovaMetadataBase:
|
NovaMetadataBase:
|
||||||
type: ../../puppet/services/nova-metadata.yaml
|
type: ../../puppet/services/nova-metadata.yaml
|
||||||
properties:
|
properties:
|
||||||
@ -57,11 +67,8 @@ resources:
|
|||||||
RoleName: {get_param: RoleName}
|
RoleName: {get_param: RoleName}
|
||||||
RoleParameters: {get_param: RoleParameters}
|
RoleParameters: {get_param: RoleParameters}
|
||||||
|
|
||||||
NovaLogging:
|
NovaMetadataLogging:
|
||||||
type: OS::TripleO::Services::Logging::NovaCommon
|
type: OS::TripleO::Services::Logging::NovaMetadata
|
||||||
properties:
|
|
||||||
DockerNovaImage: {get_param: DockerNovaMetadataImage}
|
|
||||||
NovaServiceName: 'metadata'
|
|
||||||
|
|
||||||
outputs:
|
outputs:
|
||||||
role_data:
|
role_data:
|
||||||
@ -71,7 +78,8 @@ outputs:
|
|||||||
config_settings:
|
config_settings:
|
||||||
map_merge:
|
map_merge:
|
||||||
- get_attr: [NovaMetadataBase, role_data, config_settings]
|
- get_attr: [NovaMetadataBase, role_data, config_settings]
|
||||||
- {get_attr: [NovaLogging, config_settings]}
|
- get_attr: [NovaMetadataLogging, config_settings]
|
||||||
|
- apache::default_vhost: false
|
||||||
logging_source: {get_attr: [NovaMetadataBase, role_data, logging_source]}
|
logging_source: {get_attr: [NovaMetadataBase, role_data, logging_source]}
|
||||||
service_config_settings:
|
service_config_settings:
|
||||||
map_merge:
|
map_merge:
|
||||||
@ -83,18 +91,17 @@ outputs:
|
|||||||
- {get_param: NovaMetadataLoggingSource}
|
- {get_param: NovaMetadataLoggingSource}
|
||||||
# BEGIN DOCKER SETTINGS
|
# BEGIN DOCKER SETTINGS
|
||||||
puppet_config:
|
puppet_config:
|
||||||
config_volume: nova
|
config_volume: nova_metadata
|
||||||
puppet_tags: nova_config
|
puppet_tags: nova_config
|
||||||
step_config:
|
step_config:
|
||||||
get_attr: [NovaMetadataBase, role_data, step_config]
|
list_join:
|
||||||
config_image: {get_param: DockerNovaConfigImage}
|
- "\n"
|
||||||
|
- - {get_attr: [NovaMetadataBase, role_data, step_config]}
|
||||||
|
- {get_attr: [MySQLClient, role_data, step_config]}
|
||||||
|
config_image: {get_param: DockerNovaMetadataConfigImage}
|
||||||
kolla_config:
|
kolla_config:
|
||||||
/var/lib/kolla/config_files/nova_metadata.json:
|
/var/lib/kolla/config_files/nova_metadata.json:
|
||||||
command:
|
command: /usr/sbin/httpd -DFOREGROUND
|
||||||
list_join:
|
|
||||||
- ' '
|
|
||||||
- - /usr/bin/nova-api-metadata
|
|
||||||
- get_attr: [NovaLogging, cmd_extra_args]
|
|
||||||
config_files:
|
config_files:
|
||||||
- source: "/var/lib/kolla/config_files/src/*"
|
- source: "/var/lib/kolla/config_files/src/*"
|
||||||
dest: "/"
|
dest: "/"
|
||||||
@ -106,65 +113,35 @@ outputs:
|
|||||||
recurse: true
|
recurse: true
|
||||||
docker_config:
|
docker_config:
|
||||||
step_2:
|
step_2:
|
||||||
get_attr: [NovaLogging, docker_config, step_2]
|
get_attr: [NovaMetadataLogging, docker_config, step_2]
|
||||||
step_4:
|
step_4:
|
||||||
nova_metadata:
|
nova_metadata:
|
||||||
start_order: 2
|
start_order: 2
|
||||||
image: &nova_metadata_image {get_param: DockerNovaMetadataImage}
|
image: {get_param: DockerNovaMetadataImage}
|
||||||
net: host
|
net: host
|
||||||
user: nova
|
user: root
|
||||||
privileged: true
|
|
||||||
restart: always
|
restart: always
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test: /openstack/healthcheck
|
test: /openstack/healthcheck
|
||||||
volumes:
|
volumes:
|
||||||
list_concat:
|
list_concat:
|
||||||
- {get_attr: [ContainersCommon, volumes]}
|
- {get_attr: [ContainersCommon, volumes]}
|
||||||
- {get_attr: [NovaLogging, volumes]}
|
- {get_attr: [NovaMetadataLogging, volumes]}
|
||||||
-
|
-
|
||||||
- /var/lib/kolla/config_files/nova_metadata.json:/var/lib/kolla/config_files/config.json:ro
|
- /var/lib/kolla/config_files/nova_metadata.json:/var/lib/kolla/config_files/config.json:ro
|
||||||
- /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro
|
- /var/lib/config-data/puppet-generated/nova_metadata/:/var/lib/kolla/config_files/src:ro
|
||||||
|
-
|
||||||
|
if:
|
||||||
|
- internal_tls_enabled
|
||||||
|
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
|
||||||
|
- ''
|
||||||
|
-
|
||||||
|
if:
|
||||||
|
- internal_tls_enabled
|
||||||
|
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
|
||||||
|
- ''
|
||||||
environment:
|
environment:
|
||||||
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
||||||
metadata_settings:
|
metadata_settings:
|
||||||
get_attr: [NovaMetadataBase, role_data, metadata_settings]
|
get_attr: [NovaMetadataBase, role_data, metadata_settings]
|
||||||
host_prep_tasks: {get_attr: [NovaLogging, host_prep_tasks]}
|
host_prep_tasks: {get_attr: [NovaMetadataLogging, host_prep_tasks]}
|
||||||
upgrade_tasks:
|
|
||||||
- when: step|int == 0
|
|
||||||
tags: common
|
|
||||||
block:
|
|
||||||
- name: Check if nova_api_metadata is deployed
|
|
||||||
command: systemctl is-enabled --quiet openstack-nova-api
|
|
||||||
ignore_errors: True
|
|
||||||
register: nova_metadata_enabled_result
|
|
||||||
- name: Set fact nova_metadata_enabled
|
|
||||||
set_fact:
|
|
||||||
nova_metadata_enabled: "{{ nova_metadata_enabled_result.rc == 0 }}"
|
|
||||||
- name: "PreUpgrade step0,validation: Check service openstack-nova-api is running"
|
|
||||||
command: systemctl is-active --quiet openstack-nova-api
|
|
||||||
tags: validation
|
|
||||||
when: nova_metadata_enabled|bool
|
|
||||||
- when: step|int == 2
|
|
||||||
block:
|
|
||||||
- name: Stop and disable nova_api service
|
|
||||||
when: nova_metadata_enabled|bool
|
|
||||||
service: name=openstack-nova-api state=stopped enabled=no
|
|
||||||
fast_forward_upgrade_tasks:
|
|
||||||
- when:
|
|
||||||
- step|int == 0
|
|
||||||
- release == 'ocata'
|
|
||||||
block:
|
|
||||||
- name: Check if nova_api_metadata is deployed
|
|
||||||
command: systemctl is-enabled --quiet openstack-nova-api
|
|
||||||
tags: common
|
|
||||||
ignore_errors: True
|
|
||||||
register: nova_metadata_enabled_result
|
|
||||||
- name: Set fact nova_metadata_enabled
|
|
||||||
set_fact:
|
|
||||||
nova_metadata_enabled: "{{ nova_metadata_enabled_result.rc == 0 }}"
|
|
||||||
- name: Stop and disable nova_api service
|
|
||||||
when:
|
|
||||||
- step|int == 1
|
|
||||||
- release == 'ocata'
|
|
||||||
- nova_metadata_enabled|bool
|
|
||||||
service: name=openstack-nova-api state=stopped enabled=no
|
|
||||||
|
@ -13,5 +13,6 @@ resource_registry:
|
|||||||
OS::TripleO::Services::Logging::NovaApi: ../docker/services/logging/stdout/nova-api.yaml
|
OS::TripleO::Services::Logging::NovaApi: ../docker/services/logging/stdout/nova-api.yaml
|
||||||
OS::TripleO::Services::Logging::NovaCommon: ../docker/services/logging/stdout/nova-common.yaml
|
OS::TripleO::Services::Logging::NovaCommon: ../docker/services/logging/stdout/nova-common.yaml
|
||||||
OS::TripleO::Services::Logging::NovaPlacement: ../docker/services/logging/stdout/nova-placement.yaml
|
OS::TripleO::Services::Logging::NovaPlacement: ../docker/services/logging/stdout/nova-placement.yaml
|
||||||
|
OS::TripleO::Services::Logging::NovaMetadata: ../docker/services/logging/stdout/nova-metadata.yaml
|
||||||
OS::TripleO::Services::Logging::NovaLibvirt: ../docker/services/logging/stdout/nova-libvirt.yaml
|
OS::TripleO::Services::Logging::NovaLibvirt: ../docker/services/logging/stdout/nova-libvirt.yaml
|
||||||
OS::TripleO::Services::Logging::PankoApi: ../docker/services/logging/stdout/panko-api.yaml
|
OS::TripleO::Services::Logging::PankoApi: ../docker/services/logging/stdout/panko-api.yaml
|
||||||
|
@ -343,6 +343,7 @@ resource_registry:
|
|||||||
OS::TripleO::Services::Logging::NeutronApi: docker/services/logging/files/neutron-api.yaml
|
OS::TripleO::Services::Logging::NeutronApi: docker/services/logging/files/neutron-api.yaml
|
||||||
OS::TripleO::Services::Logging::NeutronCommon: docker/services/logging/files/neutron-common.yaml
|
OS::TripleO::Services::Logging::NeutronCommon: docker/services/logging/files/neutron-common.yaml
|
||||||
OS::TripleO::Services::Logging::NovaApi: docker/services/logging/files/nova-api.yaml
|
OS::TripleO::Services::Logging::NovaApi: docker/services/logging/files/nova-api.yaml
|
||||||
|
OS::TripleO::Services::Logging::NovaMetadata: docker/services/logging/files/nova-metadata.yaml
|
||||||
OS::TripleO::Services::Logging::NovaCommon: docker/services/logging/files/nova-common.yaml
|
OS::TripleO::Services::Logging::NovaCommon: docker/services/logging/files/nova-common.yaml
|
||||||
OS::TripleO::Services::Logging::NovaLibvirt: OS::Heat::None
|
OS::TripleO::Services::Logging::NovaLibvirt: OS::Heat::None
|
||||||
OS::TripleO::Services::Logging::NovaPlacement: docker/services/logging/files/nova-placement.yaml
|
OS::TripleO::Services::Logging::NovaPlacement: docker/services/logging/files/nova-placement.yaml
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
heat_template_version: rocky
|
heat_template_version: rocky
|
||||||
|
|
||||||
description: >
|
description: >
|
||||||
OpenStack Nova API service configured with Puppet
|
OpenStack Nova Metadata API service configured with Puppet
|
||||||
|
|
||||||
parameters:
|
parameters:
|
||||||
ServiceData:
|
ServiceData:
|
||||||
@ -34,75 +34,122 @@ parameters:
|
|||||||
default: 0
|
default: 0
|
||||||
description: Number of workers for Nova services.
|
description: Number of workers for Nova services.
|
||||||
type: number
|
type: number
|
||||||
EnableInternalTLS:
|
NovaPassword:
|
||||||
type: boolean
|
description: The password for the nova service and db account
|
||||||
default: false
|
type: string
|
||||||
|
hidden: true
|
||||||
|
KeystoneRegion:
|
||||||
|
type: string
|
||||||
|
default: 'regionOne'
|
||||||
|
description: Keystone region for endpoint
|
||||||
|
NeutronMetadataProxySharedSecret:
|
||||||
|
description: Shared secret to prevent spoofing
|
||||||
|
type: string
|
||||||
|
hidden: true
|
||||||
|
MonitoringSubscriptionNovaMetadata:
|
||||||
|
default: 'overcloud-nova-metadata'
|
||||||
|
type: string
|
||||||
NovaMetadataLoggingSource:
|
NovaMetadataLoggingSource:
|
||||||
type: json
|
type: json
|
||||||
default:
|
default:
|
||||||
tag: openstack.nova.api.metadata
|
tag: openstack.nova.metadata
|
||||||
path: /var/log/nova/nova-api-metadata.log
|
path: /var/log/httpd/nova_metadata_wsgi_error_ssl.log
|
||||||
|
EnableInternalTLS:
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
|
|
||||||
conditions:
|
conditions:
|
||||||
nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]}
|
nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]}
|
||||||
|
|
||||||
use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
|
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
|
ApacheServiceBase:
|
||||||
|
type: ./apache.yaml
|
||||||
|
properties:
|
||||||
|
ServiceNetMap: {get_param: ServiceNetMap}
|
||||||
|
DefaultPasswords: {get_param: DefaultPasswords}
|
||||||
|
EndpointMap: {get_param: EndpointMap}
|
||||||
|
RoleName: {get_param: RoleName}
|
||||||
|
RoleParameters: {get_param: RoleParameters}
|
||||||
|
EnableInternalTLS: {get_param: EnableInternalTLS}
|
||||||
|
|
||||||
TLSProxyBase:
|
NovaBase:
|
||||||
type: OS::TripleO::Services::TLSProxyBase
|
type: ./nova-base.yaml
|
||||||
properties:
|
properties:
|
||||||
ServiceData: {get_param: ServiceData}
|
ServiceData: {get_param: ServiceData}
|
||||||
ServiceNetMap: {get_param: ServiceNetMap}
|
ServiceNetMap: {get_param: ServiceNetMap}
|
||||||
DefaultPasswords: {get_param: DefaultPasswords}
|
DefaultPasswords: {get_param: DefaultPasswords}
|
||||||
EndpointMap: {get_param: EndpointMap}
|
EndpointMap: {get_param: EndpointMap}
|
||||||
EnableInternalTLS: {get_param: EnableInternalTLS}
|
RoleName: {get_param: RoleName}
|
||||||
|
RoleParameters: {get_param: RoleParameters}
|
||||||
|
|
||||||
outputs:
|
outputs:
|
||||||
role_data:
|
role_data:
|
||||||
description: Role data for the Nova Metadata service.
|
description: Role data for the Nova Metadata service.
|
||||||
value:
|
value:
|
||||||
service_name: nova_metadata
|
service_name: nova_metadata
|
||||||
|
monitoring_subscription: {get_param: MonitoringSubscriptionNovaMetadata}
|
||||||
config_settings:
|
config_settings:
|
||||||
map_merge:
|
map_merge:
|
||||||
- get_attr: [TLSProxyBase, role_data, config_settings]
|
- get_attr: [NovaBase, role_data, config_settings]
|
||||||
- nova::api::metadata_listen:
|
- get_attr: [ApacheServiceBase, role_data, config_settings]
|
||||||
if:
|
- tripleo.nova_placement.firewall_rules:
|
||||||
- use_tls_proxy
|
'139 nova_metadata':
|
||||||
- 'localhost'
|
dport:
|
||||||
- str_replace:
|
- 8775
|
||||||
template:
|
- 13775
|
||||||
"%{hiera('$NETWORK')}"
|
nova::keystone::authtoken::project_name: 'service'
|
||||||
params:
|
nova::keystone::authtoken::password: {get_param: NovaPassword}
|
||||||
$NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]}
|
nova::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||||
|
nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
|
||||||
|
nova::metadata::neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
|
||||||
|
nova::metadata::enable_proxy_headers_parsing: true
|
||||||
|
nova_metadata_wsgi_enabled: true
|
||||||
|
nova::wsgi::apache_metadata::api_port: '8775'
|
||||||
|
nova::wsgi::apache_metadata::ssl: {get_param: EnableInternalTLS}
|
||||||
|
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
|
||||||
|
# for the given network; replacement examples (eg. for internal_api):
|
||||||
|
# internal_api -> IP
|
||||||
|
# internal_api_uri -> [IP]
|
||||||
|
# internal_api_subnet - > IP/CIDR
|
||||||
|
nova::wsgi::apache_metadata::bind_host:
|
||||||
|
str_replace:
|
||||||
|
template:
|
||||||
|
"%{hiera('$NETWORK')}"
|
||||||
|
params:
|
||||||
|
$NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]}
|
||||||
|
nova::wsgi::apache_metadata::servername:
|
||||||
|
str_replace:
|
||||||
|
template:
|
||||||
|
"%{hiera('fqdn_$NETWORK')}"
|
||||||
|
params:
|
||||||
|
$NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]}
|
||||||
-
|
-
|
||||||
if:
|
if:
|
||||||
- nova_workers_zero
|
- nova_workers_zero
|
||||||
- {}
|
- {}
|
||||||
- nova::api::metadata_workers: {get_param: NovaWorkers}
|
- nova::wsgi::apache_metadata::workers: {get_param: NovaWorkers}
|
||||||
-
|
step_config: |
|
||||||
if:
|
include tripleo::profile::base::nova::metadata
|
||||||
- use_tls_proxy
|
|
||||||
- tripleo::profile::base::nova::api::metadata_tls_proxy_bind_ip:
|
|
||||||
str_replace:
|
|
||||||
template:
|
|
||||||
"%{hiera('$NETWORK')}"
|
|
||||||
params:
|
|
||||||
$NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]}
|
|
||||||
tripleo::profile::base::nova::api::metadata_tls_proxy_fqdn:
|
|
||||||
str_replace:
|
|
||||||
template:
|
|
||||||
"%{hiera('fqdn_$NETWORK')}"
|
|
||||||
params:
|
|
||||||
$NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]}
|
|
||||||
- {}
|
|
||||||
step_config: ""
|
|
||||||
service_config_settings:
|
service_config_settings:
|
||||||
fluentd:
|
fluentd:
|
||||||
tripleo_fluentd_groups_nova_metadata:
|
tripleo_fluentd_groups_nova_metadata:
|
||||||
- nova
|
- nova
|
||||||
tripleo_fluentd_sources_nova_metadata:
|
tripleo_fluentd_sources_nova_metadata:
|
||||||
- {get_param: NovaMetadataLoggingSource}
|
- {get_param: NovaMetadataLoggingSource}
|
||||||
metadata_settings:
|
keystone:
|
||||||
get_attr: [TLSProxyBase, role_data, metadata_settings]
|
nova::keystone::auth::tenant: 'service'
|
||||||
|
nova::keystone::auth::public_url: {get_param: [EndpointMap, NovaPublic, uri]}
|
||||||
|
nova::keystone::auth::internal_url: {get_param: [EndpointMap, NovaInternal, uri]}
|
||||||
|
nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]}
|
||||||
|
nova::keystone::auth::password: {get_param: NovaPassword}
|
||||||
|
nova::keystone::auth::region: {get_param: KeystoneRegion}
|
||||||
|
mysql:
|
||||||
|
map_merge:
|
||||||
|
- {get_attr: [NovaBase, role_data, service_config_settings, mysql]}
|
||||||
|
- nova::db::mysql_api::password: {get_param: NovaPassword}
|
||||||
|
nova::db::mysql_api::user: nova_api
|
||||||
|
nova::db::mysql_api::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
|
||||||
|
nova::db::mysql_api::dbname: nova_api
|
||||||
|
nova::db::mysql_api::allowed_hosts:
|
||||||
|
- '%'
|
||||||
|
- "%{hiera('mysql_bind_host')}"
|
||||||
|
@ -0,0 +1,7 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
Usage of eventlet of all the WSGI-run nova services get
|
||||||
|
deprecated, including nova-api and nova-metadata-api.
|
||||||
|
See https://review.openstack.org/#/c/549510/ for more details.
|
||||||
|
With this change we move nova-metadata to run via httpd wsgi.
|
Loading…
Reference in New Issue
Block a user