heat_template_version: wallaby description: > OpenStack containerized Nova Conductor service parameters: ContainerNovaConductorImage: description: image type: string tags: - role_specific ContainerNovaConfigImage: description: The container image to use for the nova config_volume type: string tags: - role_specific NovaConductorLoggingSource: type: json default: tag: openstack.nova.conductor file: /var/log/containers/nova/nova-conductor.log EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json ServiceData: default: {} description: Dictionary packing service data type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. Use parameter_merge_strategies to merge it with the defaults. type: json RoleName: default: '' description: Role name on which the service is applied type: string RoleParameters: default: {} description: Parameters specific to the role type: json DeployIdentifier: default: '' type: string description: > Setting this to a unique value will re-run any deployment tasks which perform configuration on a Heat stack-update. NovaWorkers: default: 0 description: Number of workers for Nova services. type: number MonitoringSubscriptionNovaConductor: default: 'overcloud-nova-conductor' type: string NovaAdditionalCell: default: false description: Whether this is an cell additional to the default cell. type: boolean conditions: nova_workers_set: not: {equals : [{get_param: NovaWorkers}, 0]} resources: ContainersCommon: type: ../containers-common.yaml MySQLClient: type: ../../deployment/database/mysql-client.yaml NovaLogging: type: OS::TripleO::Services::Logging::NovaCommon properties: ContainerNovaImage: {get_attr: [RoleParametersValue, value, ContainerNovaConductorImage]} NovaServiceName: 'conductor' NovaBase: type: ./nova-base-puppet.yaml properties: ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} EndpointMap: {get_param: EndpointMap} RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} NovaApiDBClient: type: ./nova-apidb-client-puppet.yaml properties: ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} EndpointMap: {get_param: EndpointMap} RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} NovaDBClient: type: ./nova-db-client-puppet.yaml properties: ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} EndpointMap: {get_param: EndpointMap} RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} RoleParametersValue: type: OS::Heat::Value properties: type: json value: map_replace: - map_replace: - ContainerNovaConductorImage: ContainerNovaConductorImage ContainerNovaConfigImage: ContainerNovaConfigImage - values: {get_param: [RoleParameters]} - values: ContainerNovaConductorImage: {get_param: ContainerNovaConductorImage} ContainerNovaConfigImage: {get_param: ContainerNovaConfigImage} outputs: role_data: description: Role data for the Nova Conductor service. value: service_name: nova_conductor monitoring_subscription: {get_param: MonitoringSubscriptionNovaConductor} config_settings: map_merge: - get_attr: [NovaBase, role_data, config_settings] # FIXME(owalsh): NovaApiDBClient should depend on NovaAdditionalCell # however cell conductor currently requires api db access for affinity checks - get_attr: [NovaApiDBClient, role_data, config_settings] - get_attr: [NovaDBClient, role_data, config_settings] - get_attr: [NovaLogging, config_settings] - if: - nova_workers_set - nova::conductor::workers: {get_param: NovaWorkers} service_config_settings: rabbitmq: {get_attr: [NovaBase, role_data, service_config_settings], rabbitmq} mysql: map_merge: # FIXME(owalsh): NovaApiDBClient should depend on NovaAdditionalCell # however cell conductor currently requires api db access for affinity checks - get_attr: [NovaApiDBClient, role_data, service_config_settings, mysql] - get_attr: [NovaDBClient, role_data, service_config_settings, mysql] rsyslog: tripleo_logging_sources_nova_conductor: - {get_param: NovaConductorLoggingSource} # BEGIN DOCKER SETTINGS puppet_config: config_volume: nova puppet_tags: nova_config step_config: list_join: - "\n" - - include tripleo::profile::base::nova::conductor - {get_attr: [MySQLClient, role_data, step_config]} config_image: {get_attr: [RoleParametersValue, value, ContainerNovaConfigImage]} kolla_config: /var/lib/kolla/config_files/nova_conductor.json: command: list_join: - ' ' - - /usr/bin/nova-conductor - get_attr: [NovaLogging, cmd_extra_args] config_files: &nova_conductor_config_files - source: "/var/lib/kolla/config_files/src/*" dest: "/" merge: true preserve_properties: true permissions: &nova_conductor_permissions - path: /var/log/nova owner: nova:nova recurse: true /var/lib/kolla/config_files/nova_conductor_db_sync.json: command: str_replace: template: "/usr/bin/bootstrap_host_exec nova_conductor su nova -s /bin/bash -c '/usr/bin/nova-manage db sync DB_SYNC_ARGS'" params: if: - {get_param: NovaAdditionalCell} - DB_SYNC_ARGS: "--local_cell" - DB_SYNC_ARGS: "" config_files: *nova_conductor_config_files permissions: *nova_conductor_permissions docker_config: step_2: get_attr: [NovaLogging, docker_config, step_2] step_3: nova_db_sync: image: &nova_conductor_image {get_attr: [RoleParametersValue, value, ContainerNovaConductorImage]} start_order: 3 # Runs after nova-api tasks if installed on this host net: host detach: false volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} - {get_attr: [NovaLogging, volumes]} - - /var/lib/kolla/config_files/nova_conductor_db_sync.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/nova:/var/lib/kolla/config_files/src:ro user: root environment: KOLLA_CONFIG_STRATEGY: COPY_ALWAYS TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier} step_4: nova_conductor: image: *nova_conductor_image net: host privileged: false restart: always healthcheck: {get_attr: [ContainersCommon, healthcheck_rpc_port]} volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} - {get_attr: [NovaLogging, volumes]} - - /var/lib/kolla/config_files/nova_conductor.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/nova:/var/lib/kolla/config_files/src:ro environment: KOLLA_CONFIG_STRATEGY: COPY_ALWAYS deploy_steps_tasks: - name: validate nova-conductor container state containers.podman.podman_container_info: name: nova_conductor register: nova_conductor_infos failed_when: - nova_conductor_infos.containers.0.Healthcheck.Status is defined - "'healthy' not in nova_conductor_infos.containers.0.Healthcheck.Status" retries: 10 delay: 30 tags: - opendev-validation - opendev-validation-nova when: - container_cli == 'podman' - not container_healthcheck_disabled - step|int == 5 host_prep_tasks: list_concat: - {get_attr: [NovaLogging, host_prep_tasks]} - - name: enable virt_sandbox_use_netlink for healthcheck seboolean: name: virt_sandbox_use_netlink persistent: true state: true when: - ansible_facts.selinux is defined - ansible_facts.selinux.status == "enabled" external_upgrade_tasks: - when: step|int == 1 block: &nova_online_db_migration - name: Online data migration for Nova command: "{{ container_cli }} exec nova_conductor nova-manage db online_data_migrations" delegate_to: "{{ groups['nova_conductor'][0] }}" become: true tags: - online_upgrade - online_upgrade_nova - when: - step|int == 1 tags: - never - system_upgrade_transfer_data - system_upgrade_stop_services block: - name: Stop nova conductor container import_role: name: tripleo_container_stop vars: tripleo_containers_to_stop: - nova_conductor tripleo_delegate_to: "{{ groups['nova_conductor'] | default([]) }}" external_update_tasks: - when: step|int == 1 block: *nova_online_db_migration