heat_template_version: wallaby description: > OpenStack containerized Cinder Backup service parameters: ContainerCinderBackupImage: description: image type: string ContainerCinderConfigImage: description: The container image to use for the cinder config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json ServiceData: default: {} description: Dictionary packing service data type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. Use parameter_merge_strategies to merge it with the defaults. type: json RoleName: default: '' description: Role name on which the service is applied type: string RoleParameters: default: {} description: Parameters specific to the role type: json CephClusterName: type: string default: ceph description: The Ceph cluster name. constraints: - allowed_pattern: "[a-zA-Z0-9]+" description: > The Ceph cluster name must be at least 1 character and contain only letters and numbers. CephClientUserName: default: openstack type: string DockerCinderBackupLoggingSource: type: json default: tag: openstack.cinder.backup file: /var/log/containers/cinder/cinder-backup.log CinderBackupBackend: default: swift description: The short name of the Cinder Backup backend to use. type: string constraints: - allowed_values: ['swift', 'ceph', 'nfs', 'gcs', 's3'] CinderBackupWorkers: type: number default: 1 description: The number of cinder-backup processes to launch. CinderBackupMaxOperations: type: number default: 15 description: The maximum number of concurrent cinder backup/restore operations (0 means unlimited). CinderBackupCompressionAlgorithm: default: zlib description: The compression algorithm used by Cinder Backup backends that are based on Cinder's "chunked" backup driver. This includes the swift, nfs, gcs and s3 backends. The ceph backend does not support the feature. type: string constraints: - allowed_values: ['none', 'zlib', 'bzip2', 'zstd'] CinderBackupRbdClusterName: type: string default: '' description: The Ceph cluster where backups are to be stored. If no value is specified then the CephClusterName value is used. CinderBackupRbdClientUserName: default: '' type: string description: The Ceph client name used by the backup service. If no value is specified then the CephClientUserName value is used. CinderBackupRbdPoolName: default: backups type: string CinderBackupNfsShare: default: '' description: NFS share to be mounted type: string CinderBackupNfsMountOptions: default: 'context=system_u:object_r:container_file_t:s0' description: Mount options passed to the NFS client. See NFS man page for details. type: string CinderBackupGcsCredentials: default: {} description: The GCS service account credentials, in JSON format. type: json CinderBackupGcsProjectId: default: '' description: The GCS project ID. type: string CinderBackupGcsBucket: default: volumebackups description: The GCS bucket where backups are to be stored. type: string CinderBackupGcsBucketLocation: default: '' description: If set, it specifies the location where the GCS bucket should be created. type: string CinderBackupS3EndpointUrl: default: '' description: The URL where the S3 server is listening. type: string CinderBackupS3AccessKey: default: '' description: The S3 query token access key. type: string CinderBackupS3SecretKey: default: '' description: The S3 query token secret key. type: string CinderBackupS3Bucket: default: volumebackups description: The S3 bucket where backups are to be stored. type: string MonitoringSubscriptionCinderBackup: default: 'overcloud-cinder-backup' type: string resources: ContainersCommon: type: ../containers-common.yaml MySQLClient: type: ../database/mysql-client.yaml CinderBase: type: ./cinder-base.yaml properties: EndpointMap: {get_param: EndpointMap} ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} CinderCommon: type: ./cinder-common-container-puppet.yaml outputs: role_data: description: Role data for the Cinder Backup role. value: service_name: cinder_backup monitoring_subscription: {get_param: MonitoringSubscriptionCinderBackup} config_settings: map_merge: - get_attr: [CinderBase, role_data, config_settings] - cinder::backup::backup_workers: {get_param: CinderBackupWorkers} cinder::backup::backup_max_operations: {get_param: CinderBackupMaxOperations} - if: - {equals: [{get_param: CinderBackupBackend}, 'ceph']} - cinder::backup::ceph::backup_ceph_user: str_replace: template: USERNAME params: USERNAME: if: - {equals: [{get_param: CinderBackupRbdClientUserName}, '']} - {get_param: CephClientUserName} - {get_param: CinderBackupRbdClientUserName} cinder::backup::ceph::backup_ceph_pool: {get_param: CinderBackupRbdPoolName} cinder::backup::ceph::backup_ceph_conf: str_replace: template: /etc/ceph/CLUSTER.conf params: CLUSTER: if: - {equals: [{get_param: CinderBackupRbdClusterName}, '']} - {get_param: CephClusterName} - {get_param: CinderBackupRbdClusterName} - if: - {equals: [{get_param: CinderBackupBackend}, 'swift']} - cinder::backup::swift::backup_swift_container: volumebackups cinder::backup::swift::backup_compression_algorithm: {get_param: CinderBackupCompressionAlgorithm} cinder::backup::swift::swift_catalog_info: 'object-store:swift:internalURL' - if: - {equals: [{get_param: CinderBackupBackend}, 'nfs']} - cinder::backup::nfs::backup_share: {get_param: CinderBackupNfsShare} cinder::backup::nfs::backup_mount_options: {get_param: CinderBackupNfsMountOptions} cinder::backup::nfs::backup_compression_algorithm: {get_param: CinderBackupCompressionAlgorithm} - if: - {equals: [{get_param: CinderBackupBackend}, 'gcs']} - tripleo::profile::base::cinder::backup::gcs::credentials: {get_param: CinderBackupGcsCredentials} cinder::backup::google::backup_gcs_project_id: {get_param: CinderBackupGcsProjectId} cinder::backup::google::backup_gcs_bucket: {get_param: CinderBackupGcsBucket} cinder::backup::google::backup_gcs_bucket_location: {get_param: CinderBackupGcsBucketLocation} # cinder::backup::google does not support configuring the compression # algorithm, so use cinder::config::cinder_config cinder::config::cinder_config: DEFAULT/backup_compression_algorithm: value: {get_param: CinderBackupCompressionAlgorithm} - if: - {equals: [{get_param: CinderBackupBackend}, 's3']} - cinder::backup::s3::backup_s3_endpoint_url: {get_param: CinderBackupS3EndpointUrl} cinder::backup::s3::backup_s3_store_access_key: {get_param: CinderBackupS3AccessKey} cinder::backup::s3::backup_s3_store_secret_key: {get_param: CinderBackupS3SecretKey} cinder::backup::s3::backup_s3_store_bucket: {get_param: CinderBackupS3Bucket} cinder::backup::s3::backup_compression_algorithm: {get_param: CinderBackupCompressionAlgorithm} service_config_settings: rsyslog: tripleo_logging_sources_cinder_backup: - {get_param: DockerCinderBackupLoggingSource} # BEGIN DOCKER SETTINGS puppet_config: config_volume: cinder puppet_tags: cinder_config,file,concat,file_line step_config: list_join: - "\n" - - {get_attr: [CinderBase, role_data, step_config]} - str_replace: template: "include tripleo::profile::base::cinder::backup::DRIVER" params: DRIVER: {get_param: CinderBackupBackend} - {get_attr: [MySQLClient, role_data, step_config]} config_image: {get_param: ContainerCinderConfigImage} kolla_config: /var/lib/kolla/config_files/cinder_backup.json: command: /usr/bin/cinder-backup --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf config_files: {get_attr: [CinderCommon, cinder_common_kolla_config_files]} permissions: {get_attr: [CinderCommon, cinder_common_kolla_permissions]} docker_config: step_3: cinder_backup_init_logs: start_order: 0 image: &cinder_backup_image {get_param: ContainerCinderBackupImage} net: none privileged: false user: root volumes: - /var/log/containers/cinder:/var/log/cinder:z command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder'] step_4: cinder_backup: image: *cinder_backup_image ipc: host net: host privileged: true restart: always healthcheck: {get_attr: [ContainersCommon, healthcheck_rpc_port]} volumes: {get_attr: [CinderCommon, cinder_backup_volumes]} environment: {get_attr: [CinderCommon, cinder_backup_environment]} host_prep_tasks: list_concat: - {get_attr: [CinderCommon, cinder_backup_host_prep_tasks]} - - name: enable virt_sandbox_use_netlink for healthcheck seboolean: name: virt_sandbox_use_netlink persistent: yes state: yes deploy_steps_tasks: - name: Clean up when switching cinder-backup from pcmk to active-active when: - step|int == 1 become: true block: - name: Check if cinder-backup is running under pacemaker command: "pcs status" register: cinder_backup_pcs_status check_mode: false failed_when: false changed_when: false - when: - '"cinder-backup" in cinder_backup_pcs_status.stdout' block: - name: Remove the openstack-cinder-backup pcs resource pacemaker_resource: resource: openstack-cinder-backup state: delete run_once: true - name: Identify the cinder-backup pcmklatest container image shell: "{{container_cli}} images | awk '$1 ~ \"cinder-backup\" && $2 == \"pcmklatest\" {print $1\":\"$2}'" register: cinder_backup_pcmklatest_image check_mode: false changed_when: false - name: Remove the cinder-backup pcmklatest container image command: "{{container_cli}} rmi {{cinder_backup_pcmklatest_image.stdout}}" when: - cinder_backup_pcmklatest_image.stdout|length > 0 external_upgrade_tasks: - when: - step|int == 1 tags: - never - system_upgrade_transfer_data - system_upgrade_stop_services block: - name: Stop cinder backup container import_role: name: tripleo_container_stop vars: tripleo_containers_to_stop: - cinder_backup tripleo_delegate_to: "{{ groups['cinder_backup'] | default([]) }}"