Damien Ciabrini f37c06cd9d Fix update of pacemaker container images during major upgrade
Currently, the idiomatic "download image and retag to pcmklatest"
happens at step 2 during upgrade. This doesn't work if the stack
is already containerized before the upgrade, because pacemaker
is still running at step 2.

Reshuffle the steps at which the various upgrade tasks are run,
while keeping the ordering guarantees of the upgrade flow:

  . Deletion of non-containerized resources happens at step 1,
    to allow calling pcs while pacemaker is running.
  . Pacemaker is stopped at step 2.
  . Docker images for containerized resources are upgraded at
    step 3, after the cluster is guaranteed to be stopped.
  . Pacemaker is restarted at step 4 as before, once we know
    that all resources have been upgraded, yum packages updated
    and any potential docker restart has been executed.

Also change the way we detect containerized resources, so that
the predicate still remains valid past step 2 when pacemaker
has been stopped and has deleted its containerized resources.

Change-Id: I85e11dd93c7fd2c42e71b467f46b0044d4516524
2018-03-20 22:36:31 +00:00

149 lines
5.3 KiB
YAML

heat_template_version: queens
description: >
OpenStack containerized OVN DBs service managed by pacemaker
parameters:
DockerOvnDbsImage:
description: image
type: string
DockerOvnDbsConfigImage:
description: image
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
OVNNorthboundServerPort:
description: Port of the OVN Northbound DB server
type: number
default: 6641
OVNSouthboundServerPort:
description: Port of the OVN Southbound DB server
type: number
default: 6642
ConfigDebug:
default: false
description: Whether to run config management (e.g. Puppet) in debug mode.
type: boolean
conditions:
puppet_debug_enabled: {get_param: ConfigDebug}
resources:
ContainersCommon:
type: ./../containers-common.yaml
OVNDbsBase:
type: ../../../puppet/services/pacemaker/ovn-dbs.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
OVNNorthboundServerPort: {get_param: OVNNorthboundServerPort}
OVNSouthboundServerPort: {get_param: OVNSouthboundServerPort}
outputs:
role_data:
description: Role data for the OVN Dbs HA role.
value:
service_name: {get_attr: [OVNDbsBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [OVNDbsBase, role_data, config_settings]
- tripleo::profile::pacemaker::ovn_dbs_bundle::ovn_dbs_docker_image: {get_param: DockerOvnDbsImage}
- tripleo::profile::pacemaker::ovn_dbs_bundle::nb_db_port: {get_param: OVNNorthboundServerPort}
- tripleo::profile::pacemaker::ovn_dbs_bundle::sb_db_port: {get_param: OVNSouthboundServerPort}
logging_source: {get_attr: [OVNDbsBase, role_data, logging_source]}
logging_groups: {get_attr: [OVNDbsBase, role_data, logging_groups]}
service_config_settings: {get_attr: [OVNDbsBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: 'ovn_dbs'
puppet_tags: 'exec'
step_config: ''
config_image: &ovn_dbs_config_image {get_param: DockerOvnDbsConfigImage}
kolla_config:
/var/lib/kolla/config_files/ovn_dbs.json:
command: /usr/sbin/pacemaker_remoted
config_files:
- dest: /etc/libqb/force-filesystem-sockets
source: /dev/null
owner: root
perm: '0644'
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
optional: true
docker_config_scripts: {get_attr: [ContainersCommon, docker_config_scripts]}
docker_config:
step_3:
ovn_dbs_init_bundle:
start_order: 1
detach: false
net: host
user: root
config_volume: 'ovn_dbs_init_bundle'
command: # '/docker_puppet_apply.sh "STEP" "TAGS" "CONFIG" "DEBUG"'
list_concat:
- - '/docker_puppet_apply.sh'
- '3'
- 'file,file_line,concat,augeas,pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ip,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation'
- 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::ovn_dbs_bundle'
- if:
- puppet_debug_enabled
- - '--debug'
- - ''
image: *ovn_dbs_config_image
volumes:
list_concat:
- {get_attr: [ContainersCommon, docker_puppet_apply_volumes]}
- - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro
- /dev/shm:/dev/shm:rw
host_prep_tasks:
- name: create persistent directories
file:
path: "{{ item }}"
state: directory
with_items:
- /var/log/containers/openvswitch
- /var/lib/openvswitch/ovn
- name: openvswitch logs readme
copy:
dest: /var/log/openvswitch/readme.txt
content: |
Log files from openvswitch containers can be found under
/var/log/containers/openvswitch.
ignore_errors: true
upgrade_tasks:
- name: Stop and disable ovn-northd service
when: step|int == 1
service: name=ovn-northd state=stopped enabled=no