tripleo-heat-templates/deployment/cinder/cinder-backup-container-puppet.yaml

337 lines
13 KiB
YAML

heat_template_version: wallaby
description: >
OpenStack containerized Cinder Backup service
parameters:
ContainerCinderBackupImage:
description: image
type: string
tags:
- role_specific
ContainerCinderConfigImage:
description: The container image to use for the cinder config_volume
type: string
tags:
- role_specific
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. Use
parameter_merge_strategies to merge it with the defaults.
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
CephClusterName:
type: string
default: ceph
description: The Ceph cluster name.
constraints:
- allowed_pattern: "[a-zA-Z0-9]+"
description: >
The Ceph cluster name must be at least 1 character and contain only
letters and numbers.
CephClientUserName:
default: openstack
type: string
DockerCinderBackupLoggingSource:
type: json
default:
tag: openstack.cinder.backup
file: /var/log/containers/cinder/cinder-backup.log
CinderBackupBackend:
default: swift
description: The short name of the Cinder Backup backend to use.
type: string
constraints:
- allowed_values: ['swift', 'ceph', 'nfs', 'gcs', 's3']
CinderBackupWorkers:
type: number
default: 1
description: The number of cinder-backup processes to launch.
CinderBackupMaxOperations:
type: number
default: 15
description: The maximum number of concurrent cinder backup/restore
operations (0 means unlimited).
CinderBackupCompressionAlgorithm:
default: zlib
description: The compression algorithm used by Cinder Backup backends that
are based on Cinder's "chunked" backup driver. This includes
the swift, nfs, gcs and s3 backends. The ceph backend does not
support the feature.
type: string
constraints:
- allowed_values: ['none', 'zlib', 'bzip2', 'zstd']
CinderBackupRbdClusterName:
type: string
default: ''
description: The Ceph cluster where backups are to be stored. If no value
is specified then the CephClusterName value is used.
CinderBackupRbdClientUserName:
default: ''
type: string
description: The Ceph client name used by the backup service. If no value
is specified then the CephClientUserName value is used.
CinderBackupRbdPoolName:
default: backups
type: string
CinderBackupNfsShare:
default: ''
description: NFS share to be mounted
type: string
CinderBackupNfsMountOptions:
default: 'context=system_u:object_r:container_file_t:s0'
description: Mount options passed to the NFS client. See NFS man
page for details.
type: string
CinderBackupGcsCredentials:
default: {}
description: The GCS service account credentials, in JSON format.
type: json
CinderBackupGcsProjectId:
default: ''
description: The GCS project ID.
type: string
CinderBackupGcsBucket:
default: volumebackups
description: The GCS bucket where backups are to be stored.
type: string
CinderBackupGcsBucketLocation:
default: ''
description: If set, it specifies the location where the GCS bucket
should be created.
type: string
CinderBackupS3EndpointUrl:
default: ''
description: The URL where the S3 server is listening.
type: string
CinderBackupS3AccessKey:
default: ''
description: The S3 query token access key.
type: string
hidden: true
CinderBackupS3SecretKey:
default: ''
description: The S3 query token secret key.
type: string
hidden: true
CinderBackupS3Bucket:
default: volumebackups
description: The S3 bucket where backups are to be stored.
type: string
MonitoringSubscriptionCinderBackup:
default: 'overcloud-cinder-backup'
type: string
resources:
ContainersCommon:
type: ../containers-common.yaml
MySQLClient:
type: ../database/mysql-client.yaml
CinderBase:
type: ./cinder-base.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
CinderCommon:
type: ./cinder-common-container-puppet.yaml
RoleParametersValue:
type: OS::Heat::Value
properties:
type: json
value:
map_replace:
- map_replace:
- ContainerCinderBackupImage: ContainerCinderBackupImage
ContainerCinderConfigImage: ContainerCinderConfigImage
- values: {get_param: [RoleParameters]}
- values:
ContainerCinderBackupImage: {get_param: ContainerCinderBackupImage}
ContainerCinderConfigImage: {get_param: ContainerCinderConfigImage}
outputs:
role_data:
description: Role data for the Cinder Backup role.
value:
service_name: cinder_backup
monitoring_subscription: {get_param: MonitoringSubscriptionCinderBackup}
config_settings:
map_merge:
- get_attr: [CinderBase, role_data, config_settings]
- cinder::backup::backup_workers: {get_param: CinderBackupWorkers}
cinder::backup::backup_max_operations: {get_param: CinderBackupMaxOperations}
- if:
- {equals: [{get_param: CinderBackupBackend}, 'ceph']}
- cinder::backup::ceph::backup_ceph_user:
str_replace:
template: USERNAME
params:
USERNAME:
if:
- {equals: [{get_param: CinderBackupRbdClientUserName}, '']}
- {get_param: CephClientUserName}
- {get_param: CinderBackupRbdClientUserName}
cinder::backup::ceph::backup_ceph_pool: {get_param: CinderBackupRbdPoolName}
cinder::backup::ceph::backup_ceph_conf:
str_replace:
template: /etc/ceph/CLUSTER.conf
params:
CLUSTER:
if:
- {equals: [{get_param: CinderBackupRbdClusterName}, '']}
- {get_param: CephClusterName}
- {get_param: CinderBackupRbdClusterName}
- if:
- {equals: [{get_param: CinderBackupBackend}, 'swift']}
- cinder::backup::swift::backup_swift_container: volumebackups
cinder::backup::swift::backup_compression_algorithm: {get_param: CinderBackupCompressionAlgorithm}
cinder::backup::swift::swift_catalog_info: 'object-store:swift:internalURL'
- if:
- {equals: [{get_param: CinderBackupBackend}, 'nfs']}
- cinder::backup::nfs::backup_share: {get_param: CinderBackupNfsShare}
cinder::backup::nfs::backup_mount_options: {get_param: CinderBackupNfsMountOptions}
cinder::backup::nfs::backup_compression_algorithm: {get_param: CinderBackupCompressionAlgorithm}
- if:
- {equals: [{get_param: CinderBackupBackend}, 'gcs']}
- tripleo::profile::base::cinder::backup::gcs::credentials: {get_param: CinderBackupGcsCredentials}
cinder::backup::google::backup_gcs_project_id: {get_param: CinderBackupGcsProjectId}
cinder::backup::google::backup_gcs_bucket: {get_param: CinderBackupGcsBucket}
cinder::backup::google::backup_gcs_bucket_location: {get_param: CinderBackupGcsBucketLocation}
# cinder::backup::google does not support configuring the compression
# algorithm, so use cinder::config::cinder_config
cinder::config::cinder_config:
DEFAULT/backup_compression_algorithm:
value: {get_param: CinderBackupCompressionAlgorithm}
- if:
- {equals: [{get_param: CinderBackupBackend}, 's3']}
- cinder::backup::s3::backup_s3_endpoint_url: {get_param: CinderBackupS3EndpointUrl}
cinder::backup::s3::backup_s3_store_access_key: {get_param: CinderBackupS3AccessKey}
cinder::backup::s3::backup_s3_store_secret_key: {get_param: CinderBackupS3SecretKey}
cinder::backup::s3::backup_s3_store_bucket: {get_param: CinderBackupS3Bucket}
cinder::backup::s3::backup_compression_algorithm: {get_param: CinderBackupCompressionAlgorithm}
service_config_settings:
rsyslog:
tripleo_logging_sources_cinder_backup:
- {get_param: DockerCinderBackupLoggingSource}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: cinder
puppet_tags: cinder_config,file,concat,file_line
step_config:
list_join:
- "\n"
- - {get_attr: [CinderBase, role_data, step_config]}
- str_replace:
template: "include tripleo::profile::base::cinder::backup::DRIVER"
params:
DRIVER: {get_param: CinderBackupBackend}
- {get_attr: [MySQLClient, role_data, step_config]}
config_image: {get_attr: [RoleParametersValue, value, ContainerCinderConfigImage]}
kolla_config:
/var/lib/kolla/config_files/cinder_backup.json:
command: /usr/bin/cinder-backup --config-file /etc/cinder/cinder.conf
config_files: {get_attr: [CinderCommon, cinder_common_kolla_config_files]}
permissions: {get_attr: [CinderCommon, cinder_common_kolla_permissions]}
docker_config:
step_3:
cinder_backup_init_logs:
start_order: 0
image: &cinder_backup_image {get_attr: [RoleParametersValue, value, ContainerCinderBackupImage]}
net: none
privileged: false
user: root
volumes:
- /var/log/containers/cinder:/var/log/cinder:z
command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder']
step_4:
cinder_backup:
image: *cinder_backup_image
ipc: host
net: host
privileged: true
restart: always
healthcheck: {get_attr: [ContainersCommon, healthcheck_rpc_port]}
volumes: {get_attr: [CinderCommon, cinder_backup_volumes]}
environment: {get_attr: [CinderCommon, cinder_backup_environment]}
host_prep_tasks:
list_concat:
- {get_attr: [CinderCommon, cinder_backup_host_prep_tasks]}
- - name: enable virt_sandbox_use_netlink for healthcheck
seboolean:
name: virt_sandbox_use_netlink
persistent: true
state: true
when:
- ansible_facts.selinux is defined
- ansible_facts.selinux.status == "enabled"
deploy_steps_tasks:
- name: Clean up when switching cinder-backup from pcmk to active-active
when:
- step|int == 1
become: true
block:
- name: Check if cinder-backup is running under pacemaker
command: "pcs status"
register: cinder_backup_pcs_status
check_mode: false
failed_when: false
changed_when: false
- when:
- '"cinder-backup" in cinder_backup_pcs_status.stdout'
block:
- name: Remove the openstack-cinder-backup pcs resource
pacemaker_resource:
resource: openstack-cinder-backup
state: delete
run_once: true
- name: Identify the cinder-backup pcmklatest container image
shell: "{{container_cli}} images | awk '$1 ~ \"cinder-backup\" && $2 == \"pcmklatest\" {print $1\":\"$2}'"
register: cinder_backup_pcmklatest_image
check_mode: false
changed_when: false
- name: Remove the cinder-backup pcmklatest container image
command: "{{container_cli}} rmi {{cinder_backup_pcmklatest_image.stdout}}"
when:
- cinder_backup_pcmklatest_image.stdout|length > 0
external_upgrade_tasks:
- when:
- step|int == 1
tags:
- never
- system_upgrade_transfer_data
- system_upgrade_stop_services
block:
- name: Stop cinder backup container
import_role:
name: tripleo_container_stop
vars:
tripleo_containers_to_stop:
- cinder_backup
tripleo_delegate_to: "{{ groups['cinder_backup'] | difference(groups['excluded_overcloud']) }}"