heat_template_version: rocky description: > OpenStack containerized Nova Conductor service parameters: ContainerNovaConductorImageStein: description: image type: string default: '' ContainerNovaConductorImage: description: image type: string ContainerNovaConfigImage: description: The container image to use for the nova config_volume type: string NovaConductorLoggingSource: type: json default: tag: openstack.nova.conductor file: /var/log/containers/nova/nova-conductor.log EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json ServiceData: default: {} description: Dictionary packing service data type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. This mapping overrides those in ServiceNetMapDefaults. type: json DefaultPasswords: default: {} type: json RoleName: default: '' description: Role name on which the service is applied type: string RoleParameters: default: {} description: Parameters specific to the role type: json DeployIdentifier: default: '' type: string description: > Setting this to a unique value will re-run any deployment tasks which perform configuration on a Heat stack-update. NovaWorkers: default: 0 description: Number of workers for Nova services. type: number MonitoringSubscriptionNovaConductor: default: 'overcloud-nova-conductor' type: string NovaPassword: description: The password for the nova service and db account type: string hidden: true NovaEnableNUMALiveMigration: default: false description: Whether to enable or not the live migration for NUMA topology instances. type: boolean tags: - role_specific NovaAdditionalCell: default: false description: Whether this is an cell additional to the default cell. type: boolean conditions: fast_forward_upgrade: {not: {equals: [{get_param: ContainerNovaConductorImageStein},'']}} nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]} is_not_additional_cell: {equals: [{get_param: NovaAdditionalCell}, false]} resources: ContainersCommon: type: ../containers-common.yaml MySQLClient: type: ../../deployment/database/mysql-client.yaml NovaLogging: type: OS::TripleO::Services::Logging::NovaCommon properties: ContainerNovaImage: {get_param: ContainerNovaConductorImage} NovaServiceName: 'conductor' NovaBase: type: ./nova-base-puppet.yaml properties: ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} NovaApiDBClient: type: ./nova-apidb-client-puppet.yaml properties: ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} NovaDBClient: type: ./nova-db-client-puppet.yaml properties: ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} RoleParametersValue: type: OS::Heat::Value properties: type: json value: map_replace: - map_replace: - nova::workarounds::enable_numa_live_migration: NovaEnableNUMALiveMigration - values: {get_param: [RoleParameters]} - values: NovaEnableNUMALiveMigration: {get_param: NovaEnableNUMALiveMigration} outputs: role_data: description: Role data for the Nova Conductor service. value: service_name: nova_conductor monitoring_subscription: {get_param: MonitoringSubscriptionNovaConductor} config_settings: map_merge: - {get_attr: [NovaBase, role_data, config_settings]} - {get_attr: [NovaLogging, config_settings]} # FIXME(owalsh): NovaApiDBClient should be conditional on is_not_additional_cell # however cell conductor currently requires api db access for affinity checks - {get_attr: [NovaApiDBClient, role_data, config_settings]} - {get_attr: [NovaDBClient, role_data, config_settings]} - {get_attr: [RoleParametersValue, value]} - if: - nova_workers_zero - {} - nova::conductor::workers: {get_param: NovaWorkers} service_config_settings: rsyslog: tripleo_logging_sources_nova_conductor: - {get_param: NovaConductorLoggingSource} mysql: map_merge: # FIXME(owalsh): NovaApiDBClient should be conditional on is_not_additional_cell # however cell conductor currently requires api db access for affinity checks - get_attr: [NovaApiDBClient, role_data, service_config_settings, mysql] - get_attr: [NovaDBClient, role_data, service_config_settings, mysql] # BEGIN DOCKER SETTINGS puppet_config: config_volume: nova puppet_tags: nova_config step_config: list_join: - "\n" - - include tripleo::profile::base::nova::conductor - {get_attr: [MySQLClient, role_data, step_config]} config_image: {get_param: ContainerNovaConfigImage} kolla_config: /var/lib/kolla/config_files/nova_conductor.json: command: list_join: - ' ' - - /usr/bin/nova-conductor - get_attr: [NovaLogging, cmd_extra_args] config_files: - source: "/var/lib/kolla/config_files/src/*" dest: "/" merge: true preserve_properties: true permissions: - path: /var/log/nova owner: nova:nova recurse: true container_config_scripts: map_merge: - {get_attr: [ContainersCommon, container_config_scripts]} - nova_ffu_db_sync.sh: mode: "0755" content: { get_file: ../../container_config_scripts/nova_ffu_db_sync.sh } docker_config: step_2: get_attr: [NovaLogging, docker_config, step_2] step_3: map_merge: - nova_db_sync: image: &nova_conductor_image {get_param: ContainerNovaConductorImage} start_order: 6 # Runs after nova-api tasks if installed on this host net: host detach: false volumes: &nova_conductor_bootstrap_volumes list_concat: - {get_attr: [ContainersCommon, volumes]} - {get_attr: [NovaLogging, volumes]} - - /var/lib/config-data/nova/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro user: root command: str_replace: template: "/usr/bin/bootstrap_host_exec nova_conductor su nova -s /bin/bash -c '/usr/bin/nova-manage db sync DB_SYNC_ARGS'" params: if: - is_not_additional_cell - DB_SYNC_ARGS: "" - DB_SYNC_ARGS: "--local_cell" environment: TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier} - if: - fast_forward_upgrade - nova_db_sync_stein: image: {get_param: ContainerNovaConductorImageStein} start_order: 1 # Runs after nova-api db sync Stein net: host detach: false volumes: list_concat: - *nova_conductor_bootstrap_volumes - - /var/lib/container-config-scripts/:/container-config-scripts/:ro user: root command: - '/usr/bin/bootstrap_host_exec' - 'nova_conductor' - '/container-config-scripts/nova_ffu_db_sync.sh' - 'db' environment: TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier} - {} step_4: nova_conductor: image: *nova_conductor_image net: host privileged: false restart: always healthcheck: {get_attr: [ContainersCommon, healthcheck_rpc_port]} volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} - {get_attr: [NovaLogging, volumes]} - - /var/lib/kolla/config_files/nova_conductor.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/nova:/var/lib/kolla/config_files/src:ro environment: KOLLA_CONFIG_STRATEGY: COPY_ALWAYS deploy_steps_tasks: - name: validate nova conductor container state when: - not (ansible_check_mode | bool) - container_cli == 'podman' - not container_healthcheck_disabled - step|int == 5 tags: - opendev-validation - opendev-validation-nova block: - name: Get nova-conductor healthcheck status register: nova_conductor_healthcheck_state systemd: name: tripleo_nova_conductor_healthcheck retries: 10 delay: 30 until: nova_conductor_healthcheck_state.status.ExecMainPID != '0' and nova_conductor_healthcheck_state.status.ActiveState in ['inactive', 'failed'] failed_when: false - name: Fail if nova-conductor healthcheck report failed status fail: msg: nova-conductor isn't working (healthcheck failed) when: nova_conductor_healthcheck_state.status.ExecMainStatus != '0' host_prep_tasks: list_concat: - {get_attr: [NovaLogging, host_prep_tasks]} - - name: enable virt_sandbox_use_netlink for healthcheck seboolean: name: virt_sandbox_use_netlink persistent: yes state: yes external_upgrade_tasks: - when: step|int == 1 block: &nova_online_db_migration - name: Online data migration for Nova command: "{{ container_cli }} exec nova_conductor nova-manage db online_data_migrations" delegate_to: "{{ groups['nova_conductor'][0] }}" become: true tags: - online_upgrade - online_upgrade_nova - when: - step|int == 1 tags: - never - system_upgrade_transfer_data - system_upgrade_stop_services block: - name: Stop nova conductor container import_role: name: tripleo-container-stop vars: tripleo_containers_to_stop: - nova_conductor tripleo_delegate_to: "{{ groups['nova_conductor'] | default([]) }}" external_update_tasks: - when: step|int == 1 block: *nova_online_db_migration