Heat templates for deploying OpenStack
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
tripleo-heat-templates/deployment/nova/nova-compute-container-pupp...

1022 lines
42 KiB

heat_template_version: rocky
description: >
OpenStack containerized Nova Compute service
parameters:
ContainerNovaComputeImage:
description: image
type: string
ContainerNovaLibvirtConfigImage:
description: The container image to use for the nova_libvirt config_volume
type: string
DockerNovaComputeUlimit:
default: ['nofile=131072', 'memlock=67108864']
description: ulimit for Nova Compute Container
type: comma_delimited_list
NovaComputeLoggingSource:
type: json
default:
tag: openstack.nova.compute
path: /var/log/containers/nova/nova-compute.log
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
CephClientUserName:
default: openstack
type: string
CephClusterName:
type: string
default: ceph
description: The Ceph cluster name.
constraints:
- allowed_pattern: "[a-zA-Z0-9]+"
description: >
The Ceph cluster name must be at least 1 character and contain only
letters and numbers.
NovaComputeOptVolumes:
default: []
description: list of optional vo
type: comma_delimited_list
NovaComputeOptEnvVars:
default: []
description: list of optional en
type: comma_delimited_list
EnableInstanceHA:
default: false
description: Whether to enable an Instance Ha configurarion or not.
This setup requires the Compute role to have the
PacemakerRemote service added to it.
type: boolean
NovaRbdPoolName:
default: vms
type: string
description: The pool name for RBD backend ephemeral storage.
tags:
- role_specific
CephClientKey:
description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
type: string
hidden: true
CephClusterFSID:
type: string
description: The Ceph cluster FSID. Must be a UUID.
CinderEnableNfsBackend:
default: false
description: Whether to enable or not the NFS backend for Cinder
type: boolean
NovaNfsEnabled:
default: false
description: Whether to enable or not the NFS backend for Nova
type: boolean
tags:
- role_specific
NovaNfsShare:
default: ''
description: NFS share to mount for nova storage (when NovaNfsEnabled is true)
type: string
tags:
- role_specific
NovaNfsOptions:
default: 'context=system_u:object_r:nfs_t:s0'
description: NFS mount options for nova storage (when NovaNfsEnabled is true)
type: string
tags:
- role_specific
NovaNfsVersion:
default: '4'
description: >
NFS version used for nova storage (when NovaNfsEnabled is true). Since
NFSv3 does not support full locking a NFSv4 version need to be used.
To not break current installations the default is the previous hard
coded version 4.
type: string
constraints:
- allowed_pattern: "^4.?[0-9]?"
tags:
- role_specific
CinderEnableRbdBackend:
default: false
description: Whether to enable or not the Rbd backend for Cinder
type: boolean
NovaEnableRbdBackend:
default: false
description: Whether to enable the Rbd backend for Nova ephemeral storage.
type: boolean
tags:
- role_specific
NovaComputeLibvirtVifDriver:
default: ''
description: Libvirt VIF driver configuration for the network
type: string
NovaPCIPassthrough:
description: >
List of PCI Passthrough whitelist parameters.
Example -
NovaPCIPassthrough:
- vendor_id: "8086"
product_id: "154c"
address: "0000:05:00.0"
physical_network: "datacentre"
For different formats, refer to the nova.conf documentation for
pci_passthrough_whitelist configuration
type: json
default: ''
tags:
- role_specific
NovaVcpuPinSet:
description: >
A list or range of physical CPU cores to reserve for virtual machine
processes.
Ex. NovaVcpuPinSet: ['4-12','^8'] will reserve cores from 4-12 excluding 8
type: comma_delimited_list
default: []
tags:
- role_specific
NovaComputeCpuSharedSet:
description: >
A list or range of physical CPU cores will be used for best-effort guest
vCPU resources (e.g. emulator threads in libvirt/QEMU).
Ex. NovaComputeCpuSharedSet: [4-12,^8,15] will reserve cores from 4-12
and 15, excluding 8.
type: comma_delimited_list
default: []
tags:
- role_specific
NovaReservedHostMemory:
description: >
Reserved RAM for host processes.
type: number
default: 4096
constraints:
- range: { min: 512 }
tags:
- role_specific
MonitoringSubscriptionNovaCompute:
default: 'overcloud-nova-compute'
type: string
MigrationSshKey:
type: json
description: >
SSH key for migration.
Expects a dictionary with keys 'public_key' and 'private_key'.
Values should be identical to SSH public/private key files.
default:
public_key: ''
private_key: ''
MigrationSshPort:
default: 2022
description: Target port for migration over ssh
type: number
VerifyGlanceSignatures:
default: False
description: Whether to verify image signatures.
type: boolean
NovaAutoDisabling:
default: '10'
description: Max number of consecutive build failures before the nova-compute will disable itself.
type: string
NeutronPhysnetNUMANodesMapping:
description: |
Map of physnet name as key and NUMA nodes as value.
Ex. NeutronPhysnetNUMANodesMapping: {'foo': [0, 1], 'bar': [1]} where `foo` and `bar` are
physnet names and corresponding values are list of associated numa_nodes.
type: json
default: {}
tags:
- role_specific
NeutronTunnelNUMANodes:
description: Used to configure NUMA affinity for all tunneled networks.
type: comma_delimited_list
default: []
tags:
- role_specific
NovaResumeGuestsStateOnHostBoot:
default: false
description: Whether to start running instance on compute host reboot
type: boolean
tags:
- role_specific
NovaLibvirtRxQueueSize:
description: >
virtio-net RX queue size. Valid values are 256, 512, 1024
default: 512
type: number
constraints:
- allowed_values: [ 256, 512, 1024 ]
tags:
- role_specific
NovaLibvirtTxQueueSize:
description: >
virtio-net TX queue size. Valid values are 256, 512, 1024
default: 512
type: number
constraints:
- allowed_values: [ 256, 512, 1024 ]
tags:
- role_specific
NovaLibvirtFileBackedMemory:
description: >
Available capacity in MiB for file-backed memory.
default: 0
type: number
tags:
- role_specific
NovaLibvirtVolumeUseMultipath:
default: false
description: Whether to enable or not the multipath connection of the volumes.
type: boolean
tags:
- role_specific
NovaHWMachineType:
description: >
To specify a default machine type per host architecture.
default: 'x86_64=pc-i440fx-rhel7.6.0,aarch64=virt-rhel7.6.0,ppc64=pseries-rhel7.6.0,ppc64le=pseries-rhel7.6.0'
type: string
tags:
- role_specific
DeployIdentifier:
default: ''
type: string
description: >
Setting this to a unique value will re-run any deployment tasks which
perform configuration on a Heat stack-update.
NovaAdditionalCell:
default: false
description: Whether this is an cell additional to the default cell.
type: boolean
NovaComputeEnableKsm:
default: false
description: Whether to enable KSM on compute nodes or not. Especially
in NFV use case one wants to keep it disabled.
type: boolean
tags:
- role_specific
AdminPassword:
description: The password for the keystone admin account, used for monitoring, querying neutron etc.
type: string
hidden: true
CinderPassword:
description: The password for the cinder service and db account.
type: string
hidden: true
KeystoneRegion:
type: string
default: 'regionOne'
description: Keystone region for endpoint
NovaLibvirtNumPciePorts:
description: >
Set `num_pcie_ports` to specify the number of PCIe ports an
instance will get.
Libvirt allows a custom number of PCIe ports (pcie-root-port controllers) a
target instance will get. Some will be used by default, rest will be available
for hotplug use.
default: 16
type: number
tags:
- role_specific
NovaLibvirtMemStatsPeriodSeconds:
description: >
A number of seconds to memory usage statistics period, zero or negative
value mean to disable memory usage statistics.
default: 10
type: number
tags:
- role_specific
NeutronMechanismDrivers:
default: 'ovn'
description: |
The mechanism drivers for the Neutron tenant network.
type: comma_delimited_list
NovaLiveMigrationWaitForVIFPlug:
description: Whether to wait for `network-vif-plugged` events before starting guest transfer.
default: true
type: boolean
MultipathdEnable:
default: false
description: Whether to enable the multipath daemon
type: boolean
NovaPassword:
description: The password for the nova service and db account
type: string
hidden: true
resources:
ContainersCommon:
type: ../containers-common.yaml
MySQLClient:
type: ../../deployment/database/mysql-client.yaml
NovaComputeCommon:
type: ./nova-compute-common-container-puppet.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
NovaLogging:
type: OS::TripleO::Services::Logging::NovaCommon
properties:
ContainerNovaImage: {get_param: ContainerNovaComputeImage}
NovaServiceName: 'compute'
NovaBase:
type: ./nova-base-puppet.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
# Merging role-specific parameters (RoleParameters) with the default parameters.
# RoleParameters will have the precedence over the default parameters.
RoleParametersValue:
type: OS::Heat::Value
properties:
type: json
value:
map_replace:
- map_replace:
- nova::compute::vcpu_pin_set: NovaVcpuPinSet
nova::compute::cpu_shared_set: NovaComputeCpuSharedSet
nova::compute::reserved_host_memory: NovaReservedHostMemory
nova::compute::neutron_physnets_numa_nodes_mapping: NeutronPhysnetNUMANodesMapping
nova::compute::neutron_tunnel_numa_nodes: NeutronTunnelNUMANodes
nova::compute::resume_guests_state_on_host_boot: NovaResumeGuestsStateOnHostBoot
nova::compute::libvirt::rx_queue_size: NovaLibvirtRxQueueSize
nova::compute::libvirt::tx_queue_size: NovaLibvirtTxQueueSize
nova::compute::libvirt::file_backed_memory: NovaLibvirtFileBackedMemory
nova::compute::libvirt::volume_use_multipath: NovaLibvirtVolumeUseMultipath
nova::compute::libvirt::libvirt_hw_machine_type: NovaHWMachineType
compute_enable_ksm: NovaComputeEnableKsm
nova::compute::rbd::libvirt_images_rbd_pool: NovaRbdPoolName
tripleo::profile::base::nova::compute::nova_nfs_enabled: NovaNfsEnabled
nfs_backend_enable: NovaNfsEnabled
nfs_share: NovaNfsShare
nfs_options: NovaNfsOptions
nfs_vers: NovaNfsVersion
nova::compute::libvirt::num_pcie_ports: NovaLibvirtNumPciePorts
nova::compute::libvirt::mem_stats_period_seconds: NovaLibvirtMemStatsPeriodSeconds
nova::compute::rbd::ephemeral_storage: NovaEnableRbdBackend
- values: {get_param: [RoleParameters]}
- values:
NovaVcpuPinSet: {get_param: NovaVcpuPinSet}
NovaComputeCpuSharedSet: {get_param: NovaComputeCpuSharedSet}
NovaReservedHostMemory: {get_param: NovaReservedHostMemory}
NeutronPhysnetNUMANodesMapping: {get_param: NeutronPhysnetNUMANodesMapping}
NeutronTunnelNUMANodes: {get_param: NeutronTunnelNUMANodes}
NovaResumeGuestsStateOnHostBoot: {get_param: NovaResumeGuestsStateOnHostBoot}
NovaLibvirtRxQueueSize: {get_param: NovaLibvirtRxQueueSize}
NovaLibvirtTxQueueSize: {get_param: NovaLibvirtTxQueueSize}
NovaLibvirtFileBackedMemory: {get_param: NovaLibvirtFileBackedMemory}
NovaLibvirtVolumeUseMultipath: {get_param: NovaLibvirtVolumeUseMultipath}
NovaHWMachineType: {get_param: NovaHWMachineType}
NovaComputeEnableKsm: {get_param: NovaComputeEnableKsm}
NovaRbdPoolName: {get_param: NovaRbdPoolName}
NovaNfsEnabled: {get_param: NovaNfsEnabled}
NovaNfsShare: {get_param: NovaNfsShare}
NovaNfsOptions: {get_param: NovaNfsOptions}
NovaNfsVersion: {get_param: NovaNfsVersion}
NovaLibvirtNumPciePorts: {get_param: NovaLibvirtNumPciePorts}
NovaLibvirtMemStatsPeriodSeconds: {get_param: NovaLibvirtMemStatsPeriodSeconds}
NovaEnableRbdBackend: {get_param: NovaEnableRbdBackend}
conditions:
enable_instance_ha: {equals: [{get_param: EnableInstanceHA}, true]}
enable_live_migration_tunnelled:
or:
- and:
- equals: [{get_param: NovaNfsEnabled}, true]
- equals: [{get_param: [RoleParameters, NovaNfsEnabled]}, '']
- equals: [{get_param: [RoleParameters, NovaNfsEnabled]}, true]
- equals: [{get_param: [RoleParameters, NovaEnableRbdBackend]}, true]
- and:
- equals: [{get_param: [RoleParameters, NovaEnableRbdBackend]}, '']
- equals: [{get_param: NovaEnableRbdBackend}, true]
libvirt_file_backed_memory_enabled:
not:
or:
- equals: [{get_param: NovaLibvirtFileBackedMemory}, '']
- equals: [{get_param: [RoleParameters, NovaLibvirtFileBackedMemory]}, '']
- equals: [{get_param: NovaLibvirtFileBackedMemory}, 0]
- equals: [{get_param: [RoleParameters, NovaLibvirtFileBackedMemory]}, 0]
is_not_additional_cell: {equals: [{get_param: NovaAdditionalCell}, false]}
is_ovn_in_neutron_mechanism_driver: {contains: ['ovn', {get_param: NeutronMechanismDrivers}]}
nova_nfs_enabled:
or:
- and:
- equals: [{get_param: NovaNfsEnabled}, true]
- equals: [{get_param: [RoleParameters, NovaNfsEnabled]}, '']
- equals: [{get_param: [RoleParameters, NovaNfsEnabled]}, true]
outputs:
role_data:
description: Role data for the Nova Compute service.
value:
service_name: nova_compute
monitoring_subscription: {get_param: MonitoringSubscriptionNovaCompute}
config_settings:
map_merge:
- get_attr: [NovaLogging, config_settings]
- get_attr: [NovaBase, role_data, config_settings]
- get_attr: [RoleParametersValue, value]
- nova::compute::libvirt::manage_libvirt_services: false
nova::compute::pci::passthrough:
str_replace:
template: "JSON_PARAM"
params:
map_replace:
- map_replace:
- JSON_PARAM: NovaPCIPassthrough
- values: {get_param: [RoleParameters]}
- values:
NovaPCIPassthrough: {get_param: NovaPCIPassthrough}
# we manage migration in nova common puppet profile
nova::compute::libvirt::migration_support: false
tripleo::profile::base::nova::migration::client::nova_compute_enabled: true
tripleo::profile::base::nova::migration::client::ssh_private_key: {get_param: [ MigrationSshKey, private_key ]}
tripleo::profile::base::nova::migration::client::ssh_port: {get_param: MigrationSshPort}
nova::compute::rbd::libvirt_images_rbd_ceph_conf:
list_join:
- ''
- - '/etc/ceph/'
- {get_param: CephClusterName}
- '.conf'
nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName}
nova::compute::rbd::rbd_keyring:
list_join:
- '.'
- - 'client'
- {get_param: CephClientUserName}
tripleo::profile::base::nova::compute::cinder_nfs_backend: {get_param: CinderEnableNfsBackend}
rbd_persistent_storage: {get_param: CinderEnableRbdBackend}
nova::keystone::authtoken::project_name: 'service'
nova::keystone::authtoken::user_domain_name: 'Default'
nova::keystone::authtoken::project_domain_name: 'Default'
nova::keystone::authtoken::password: {get_param: NovaPassword}
nova::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
nova::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
nova::keystone::authtoken::region_name: {get_param: KeystoneRegion}
nova::cinder::username: 'cinder'
nova::cinder::auth_type: 'v3password'
nova::cinder::project_name: 'service'
nova::cinder::password: {get_param: CinderPassword}
nova::cinder::auth_url: {get_param: [EndpointMap, KeystoneV3Internal, uri]}
nova::cinder::region_name: {get_param: KeystoneRegion}
nova::compute::rbd::libvirt_rbd_secret_key: {get_param: CephClientKey}
nova::compute::rbd::libvirt_rbd_secret_uuid: {get_param: CephClusterFSID}
nova::compute::instance_usage_audit: true
nova::compute::instance_usage_audit_period: 'hour'
nova::compute::consecutive_build_service_disable_threshold: {get_param: NovaAutoDisabling}
nova::compute::rbd::ephemeral_storage: {get_param: NovaEnableRbdBackend}
nova::compute::live_migration_wait_for_vif_plug:
if:
- is_ovn_in_neutron_mechanism_driver
- false
- {get_param: NovaLiveMigrationWaitForVIFPlug}
# TUNNELLED mode provides a security improvement for migration, but
# can't be used in combination with block migration. So we only enable it
# when shared storage is available (Ceph RDB is currently the only option).
# See https://bugzilla.redhat.com/show_bug.cgi?id=1301986#c12
# In future versions of QEMU (2.6, mostly), danpb's native
# encryption work will obsolete the need to use TUNNELLED transport
# mode.
nova::migration::live_migration_tunnelled:
if:
- enable_live_migration_tunnelled
- true
- false
nova::compute::neutron::libvirt_vif_driver: {get_param: NovaComputeLibvirtVifDriver}
# NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
nova::compute::vncserver_proxyclient_address:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NovaVncProxyNetwork]}
nova::compute::vncproxy_host: {get_param: [EndpointMap, NovaPublic, host_nobrackets]}
nova::vncproxy::common::vncproxy_protocol: {get_param: [EndpointMap, NovaVNCProxyCellPublic, protocol]}
nova::vncproxy::common::vncproxy_host: {get_param: [EndpointMap, NovaVNCProxyCellPublic, host_nobrackets]}
nova::vncproxy::common::vncproxy_port: {get_param: [EndpointMap, NovaVNCProxyCellPublic, port]}
nova::compute::verify_glance_signatures: {get_param: [VerifyGlanceSignatures]}
# if libvirt_file_backed_memory_enabled we have to set ram_allocation_ratio to 1.0
nova::ram_allocation_ratio:
if:
- libvirt_file_backed_memory_enabled
- '1.0'
- null
service_config_settings:
fluentd:
tripleo_fluentd_groups_nova_compute:
- nova
tripleo_fluentd_sources_nova_compute:
- {get_param: NovaComputeLoggingSource}
collectd:
tripleo.collectd.plugins.nova_compute:
- virt
collectd::plugin::virt::connection: 'qemu:///system'
puppet_config:
config_volume: nova_libvirt
puppet_tags: nova_config,nova_paste_api_ini
step_config:
list_join:
- "\n"
- - # TODO(emilien): figure how to deal with libvirt profile.
# We'll probably treat it like we do with Neutron plugins.
# Until then, just include it in the default nova-compute role.
include tripleo::profile::base::nova::compute::libvirt
- {get_attr: [MySQLClient, role_data, step_config]}
config_image: {get_param: ContainerNovaLibvirtConfigImage}
kolla_config:
/var/lib/kolla/config_files/nova_compute.json:
command:
list_join:
- ' '
- - if:
- enable_instance_ha
- /var/lib/nova/instanceha/check-run-nova-compute
- /usr/bin/nova-compute
- get_attr: [NovaLogging, cmd_extra_args]
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
- source: "/var/lib/kolla/config_files/src-iscsid/*"
dest: "/etc/iscsi/"
merge: true
preserve_properties: true
- source: "/var/lib/kolla/config_files/src-ceph/"
dest: "/etc/ceph/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/nova
owner: nova:nova
recurse: true
- path:
str_replace:
template: /etc/ceph/CLUSTER.client.USER.keyring
params:
CLUSTER: {get_param: CephClusterName}
USER: {get_param: CephClientUserName}
owner: nova:nova
perm: '0600'
container_config_scripts:
map_merge:
- {get_attr: [ContainersCommon, container_config_scripts]}
- {get_attr: [NovaComputeCommon, container_config_scripts]}
docker_config:
step_2:
get_attr: [NovaLogging, docker_config, step_2]
step_3:
nova_statedir_owner:
image: &nova_compute_image {get_param: ContainerNovaComputeImage}
net: none
user: root
privileged: false
detach: false
volumes:
list_concat:
# podman fails to relable if nova_nfs_enabled where we have
# the nfs share mounted to /var/lib/nova/instances
-
if:
- nova_nfs_enabled
- - /var/lib/nova:/var/lib/nova:shared
- - /var/lib/nova:/var/lib/nova:shared,z
-
- /var/lib/container-config-scripts/:/container-config-scripts/:z
command: "/container-config-scripts/pyshim.sh /container-config-scripts/nova_statedir_ownership.py"
environment:
# NOTE: this should force this container to re-run on each
# update (scale-out, etc.)
- list_join:
- ''
- - 'TRIPLEO_DEPLOY_IDENTIFIER='
- {get_param: DeployIdentifier}
- list_join:
- ''
- - '__OS_DEBUG='
- yaql:
expression: str($.data.debug)
data:
debug: {get_attr: [NovaBase, role_data, config_settings, 'nova::logging::debug']}
step_4:
map_merge:
- nova_wait_for_placement_service:
start_order: 2
image: *nova_compute_image
user: nova
net: host
privileged: false
detach: false
volumes:
- /var/lib/container-config-scripts/:/container-config-scripts/:z
- /var/lib/config-data/puppet-generated/nova_libvirt/etc/nova:/etc/nova:ro
command: "/container-config-scripts/pyshim.sh /container-config-scripts/nova_wait_for_placement_service.py"
environment:
- list_join:
- ''
- - '__OS_DEBUG='
- yaql:
expression: str($.data.debug)
data:
debug: {get_attr: [NovaBase, role_data, config_settings, 'nova::logging::debug']}
- nova_compute:
start_order: 3
image: *nova_compute_image
ulimit: {get_param: DockerNovaComputeUlimit}
ipc: host
net: host
privileged: true
user: nova
restart: always
depends_on:
- tripleo_nova_libvirt
healthcheck: {get_attr: [ContainersCommon, healthcheck_rpc_port]}
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [NovaLogging, volumes]}
- {get_param: NovaComputeOptVolumes}
-
- /var/lib/kolla/config_files/nova_compute.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/nova_libvirt/:/var/lib/kolla/config_files/src:ro
- /etc/iscsi:/var/lib/kolla/config_files/src-iscsid:ro
- /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
- /dev:/dev
- /lib/modules:/lib/modules:ro
- /run:/run
- /var/lib/iscsi:/var/lib/iscsi:z
- /var/lib/libvirt:/var/lib/libvirt:shared,z
- /sys/class/net:/sys/class/net
- /sys/bus/pci:/sys/bus/pci
-
# podman fails to relable if nova_nfs_enabled where we have
# the nfs share mounted to /var/lib/nova/instances
if:
- nova_nfs_enabled
- - /var/lib/nova:/var/lib/nova:shared
- - /var/lib/nova:/var/lib/nova:shared,z
-
if:
- {equals: [{get_param: MultipathdEnable}, true]}
- - /etc/multipath:/etc/multipath:z
- []
environment:
list_concat:
- {get_param: NovaComputeOptEnvVars}
-
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
- if:
- is_not_additional_cell
- nova_wait_for_compute_service:
start_order: 4
image: *nova_compute_image
net: host
detach: false
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/nova_libvirt/etc/my.cnf.d/:/etc/my.cnf.d/:ro
- /var/lib/config-data/nova_libvirt/etc/nova/:/etc/nova/:ro
- /var/log/containers/nova:/var/log/nova
- /var/lib/container-config-scripts/:/container-config-scripts/
user: nova
command: "/container-config-scripts/pyshim.sh /container-config-scripts/nova_wait_for_compute_service.py"
environment:
- list_join:
- ''
- - '__OS_DEBUG='
- yaql:
expression: str($.data.debug)
data:
debug: {get_attr: [NovaBase, role_data, config_settings, 'nova::logging::debug']}
- {}
host_prep_tasks:
list_concat:
- {get_attr: [NovaLogging, host_prep_tasks]}
- - name: Mount Nova NFS Share
vars:
nfs_backend_enable: {get_attr: [RoleParametersValue, value, nfs_backend_enable]}
nfs_share: {get_attr: [RoleParametersValue, value, nfs_share]}
nfs_options: {get_attr: [RoleParametersValue, value, nfs_options]}
nfs_vers: {get_attr: [RoleParametersValue, value, nfs_vers]}
mount: name=/var/lib/nova/instances src="{{nfs_share}}" fstype=nfs4 opts="_netdev,bg,{{nfs_options}},vers={{nfs_vers}},nfsvers={{nfs_vers}}" state=mounted
when: nfs_backend_enable|bool
- name: is Nova Resume Guests State On Host Boot enabled
set_fact:
resume_guests_state_on_host_boot_enabled: {get_param: NovaResumeGuestsStateOnHostBoot}
- name: install libvirt-guests systemd unit file (docker)
when:
- resume_guests_state_on_host_boot_enabled|bool
- container_cli == 'docker'
block:
- name: make sure libvirt-client is installed
when: resume_guests_state_on_host_boot_enabled|bool
package:
name: libvirt-client
state: present
- name: libvirt-guests unit to stop nova_compute container before shutdown VMs
copy:
dest: /etc/systemd/system/libvirt-guests.service
content: |
[Unit]
Description=Suspend/Resume Running libvirt Guests
Requires=virt-guest-shutdown.target
After=network.target
After=time-sync.target
After=virt-guest-shutdown.target
After=docker.service
After=paunch-container-shutdown.service
After=rhel-push-plugin.service
Documentation=man:libvirtd(8)
Documentation=https://libvirt.org
[Service]
EnvironmentFile=-/etc/sysconfig/libvirt-guests
# Hack just call traditional service until we factor
# out the code
ExecStart=/usr/libexec/libvirt-guests.sh start
ExecStop=/bin/{{container_cli}} stop nova_compute
ExecStop=/usr/libexec/libvirt-guests.sh stop
Type=oneshot
RemainAfterExit=yes
StandardOutput=journal+console
TimeoutStopSec=0
[Install]
WantedBy=multi-user.target
- name: libvirt-guests enable VM shutdown on compute reboot/shutdown
systemd:
name: libvirt-guests
enabled: yes
daemon_reload: yes
- name: install tripleo_nova_libvirt_guests systemd unit file (podman)
when:
- resume_guests_state_on_host_boot_enabled|bool
- container_cli == 'podman'
block:
- name: make sure default libvirt-guests is disabled
systemd:
name: libvirt-guests
enabled: no
state: stopped
masked: yes
daemon_reload: yes
- name: libvirt-guests unit to stop nova_compute container before shutdown VMs
copy:
dest: /etc/systemd/system/tripleo_nova_libvirt_guests.service
content: |
[Unit]
Description=Suspend libvirt Guests in tripleo
Requires=virt-guest-shutdown.target
After=systemd-machined.service
After=tripleo_nova_libvirt.service
Before=tripleo_nova_compute.service
Documentation=man:libvirtd(8)
Documentation=https://libvirt.org
[Service]
EnvironmentFile=-/etc/sysconfig/libvirt-guests
ExecStart=/usr/bin/podman exec nova_libvirt /bin/rm -f /var/lib/libvirt/libvirt-guests
ExecStop=/usr/bin/podman exec nova_libvirt /bin/sh -x /usr/libexec/libvirt-guests.sh shutdown
Type=oneshot
RemainAfterExit=yes
StandardOutput=journal+console
TimeoutStopSec=0
[Install]
WantedBy=multi-user.target
- name: tripleo_nova_libvirt_guests enable VM shutdown on compute reboot/shutdown
systemd:
name: tripleo_nova_libvirt_guests
enabled: yes
daemon_reload: yes
- name: create persistent directories
file:
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/lib/nova, 'setype': svirt_sandbox_file_t }
- { 'path': /var/lib/nova/instances, 'setype': svirt_sandbox_file_t }
- { 'path': /var/lib/libvirt, 'setype': svirt_sandbox_file_t }
- name: ensure ceph configurations exist
file:
path: /etc/ceph
state: directory
- name: is Instance HA enabled
set_fact:
instance_ha_enabled: {get_param: EnableInstanceHA}
- name: enable virt_sandbox_use_netlink for healthcheck
seboolean:
name: virt_sandbox_use_netlink
persistent: yes
state: yes
- name: install Instance HA recovery script
when: instance_ha_enabled|bool
block:
- name: prepare Instance HA script directory
file:
path: /var/lib/nova/instanceha
state: directory
- name: install Instance HA script that runs nova-compute
copy:
content: {get_file: ../../scripts/check-run-nova-compute}
dest: /var/lib/nova/instanceha/check-run-nova-compute
mode: 0755
- name: Get list of instance HA compute nodes
command: hiera -c /etc/puppet/hiera.yaml compute_instanceha_short_node_names
register: iha_nodes
- name: If instance HA is enabled on the node activate the evacuation completed check
file: path=/var/lib/nova/instanceha/enabled state=touch
when: iha_nodes.stdout|lower | search('"'+ansible_hostname|lower+'"')
- name: is KSM enabled
set_fact:
compute_ksm_enabled: {get_attr: [RoleParametersValue, value, compute_enable_ksm]}
- name: disable KSM on compute
when: not compute_ksm_enabled|bool
block:
- name: Populate service facts (ksm)
service_facts: # needed to make yaml happy
- name: disable KSM services
service:
name: "{{ item }}"
state: stopped
enabled: no
with_items:
- ksm.service
- ksmtuned.service
when: "'ksm.service' in ansible_facts.services"
register: ksmdisabled
# When KSM is disabled, any memory pages that were shared prior to
# deactivating KSM are still shared. To delete all of the PageKSM
# in the system, we use:
- name: delete PageKSM after disable ksm on compute
command: echo 2 >/sys/kernel/mm/ksm/run
when: ksmdisabled.changed
- name: enable KSM on compute
when: compute_ksm_enabled|bool
block:
- name: Populate service facts (ksm)
service_facts: # needed to make yaml happy
# mschuppert: we can remove the CentOS/RHEL split here when CentOS8/
# RHEL8 is available and we have the same package name providing the
# KSM services
- name: make sure package providing ksmtuned is installed (CentOS)
package:
name: qemu-kvm-common-ev
state: present
when: ansible_distribution == 'CentOS'
- name: make sure package providing ksmtuned is installed (RHEL)
package:
name: qemu-kvm-common-rhev
state: present
when: ansible_distribution == 'RedHat'
- name: enable ksmtunded
service:
name: "{{ item }}"
state: started
enabled: yes
with_items:
- ksm.service
- ksmtuned.service
deploy_steps_tasks: {get_attr: [NovaComputeCommon, nova_compute_common_deploy_steps_tasks]}
upgrade_tasks:
- name: Remove openstack-nova-compute and python-nova package during upgrade
package:
name:
- openstack-nova-compute
- python-nova
state: removed
ignore_errors: True
when: step|int == 2
update_tasks:
- name: Remove openstack-nova-compute and python-nova package during upgrade
package:
name:
- openstack-nova-compute
- python-nova
state: removed
ignore_errors: True
when: step|int == 2
post_upgrade_tasks:
- when: step|int == 1
import_role:
name: tripleo-docker-rm
vars:
containers_to_rm:
- nova_compute
scale_tasks:
- when: step|int == 1
tags: down
environment:
OS_USERNAME: admin
OS_USER_DOMAIN_NAME: "Default"
OS_PROJECT_DOMAIN_NAME: "Default"
OS_PROJECT_NAME: admin
OS_PASSWORD: { get_param: AdminPassword }
OS_AUTH_URL: { get_param: [EndpointMap, KeystoneV3Public, uri] }
OS_IDENTITY_API_VERSION: 3
OS_AUTH_TYPE: password
block:
# Some tasks are running from the Undercloud which has
# the OpenStack clients installed.
- name: Get nova-compute service ID
shell: openstack compute service list --service nova-compute --host {{ ansible_fqdn }} --column ID --format value
register: nova_compute_service_result
delegate_to: localhost
check_mode: no
- name: Set fact nova_compute_service_id
set_fact:
nova_compute_service_id: "{{ nova_compute_service_result.stdout }}"
delegate_to: localhost
check_mode: no
- name: Disable nova-compute service
command: openstack compute service set {{ ansible_fqdn }} nova-compute --disable
delegate_to: localhost
check_mode: no
- name: Stop nova-compute healthcheck container
service:
name: tripleo_nova_compute_healthcheck
state: stopped
enabled: no
become: true
- name: Stop nova-compute container
service:
name: tripleo_nova_compute
state: stopped
enabled: no
become: true
- name: Delete nova-compute service
command: openstack compute service delete {{ nova_compute_service_id }}
delegate_to: localhost
check_mode: no
fast_forward_upgrade_tasks:
- when:
- step|int == 0
- release == 'ocata'
block:
- name: Check if nova-compute is deployed
command: systemctl is-enabled --quiet openstack-nova-compute
ignore_errors: True
register: nova_compute_enabled_result
- name: Set fact nova_compute_enabled
set_fact:
nova_compute_enabled: "{{ nova_compute_enabled_result.rc == 0 }}"
- when:
- step|int == 1
- release == 'ocata'
block:
- name: Stop and disable nova-compute service
service: name=openstack-nova-compute state=stopped
when:
- nova_compute_enabled|bool
- name: Set upgrade marker in nova statedir
file: path=/var/lib/nova/upgrade_marker state=touch owner=nova group=nova
when:
- nova_compute_enabled|bool