58b99bf5ee
During the upgrad of pacemaker managed services there is a temporary tagging of the existing container image to the newly image we are going to upgrade to. The input during this taggins is the container image id, in contrast to what is passed during deploy tasks, which is the image name with its tag. For that reason, we can't pull the image in these cases otherwise the role will fail as it can't find an image to pull from a container image id. Change-Id: I4fdd3a05465fa0318b4ec5c079d59f4dd80fa9f2 Closes-Bug: #1814104
395 lines
16 KiB
YAML
395 lines
16 KiB
YAML
heat_template_version: rocky
|
|
|
|
description: >
|
|
OpenStack containerized Manila Share service
|
|
|
|
parameters:
|
|
DockerManilaShareImage:
|
|
description: image
|
|
type: string
|
|
DockerManilaConfigImage:
|
|
description: image
|
|
type: string
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
ConfigDebug:
|
|
default: false
|
|
description: Whether to run config management (e.g. Puppet) in debug mode.
|
|
type: boolean
|
|
PcmkConfigRestartTimeout:
|
|
default: 600
|
|
description: Time in seconds to wait for a pcmk resource to restart when
|
|
a config change is detected and the resource is being restarted
|
|
type: number
|
|
ContainerCli:
|
|
type: string
|
|
default: 'docker'
|
|
description: CLI tool used to manage containers.
|
|
constraints:
|
|
- allowed_values: ['docker', 'podman']
|
|
DeployIdentifier:
|
|
default: ''
|
|
type: string
|
|
description: >
|
|
Setting this to a unique value will re-run any deployment tasks which
|
|
perform configuration on a Heat stack-update.
|
|
|
|
conditions:
|
|
puppet_debug_enabled: {get_param: ConfigDebug}
|
|
|
|
resources:
|
|
|
|
ContainersCommon:
|
|
type: ../../docker/services/containers-common.yaml
|
|
|
|
MySQLClient:
|
|
type: ../database/mysql-client.yaml
|
|
|
|
ManilaShareContainerBase:
|
|
type: ./manila-share-container-puppet.yaml
|
|
properties:
|
|
EndpointMap: {get_param: EndpointMap}
|
|
ServiceData: {get_param: ServiceData}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
RoleName: {get_param: RoleName}
|
|
RoleParameters: {get_param: RoleParameters}
|
|
|
|
ManilaCommon:
|
|
type: ./manila-share-common.yaml
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Manila Share role.
|
|
value:
|
|
service_name: manila_share
|
|
config_settings:
|
|
map_merge:
|
|
- get_attr: [ManilaShareContainerBase, role_data, config_settings]
|
|
- tripleo::profile::pacemaker::manila::share_bundle::manila_share_docker_image: &manila_share_image_pcmklatest
|
|
list_join:
|
|
- ':'
|
|
- - yaql:
|
|
data: {get_param: DockerManilaShareImage}
|
|
expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0]
|
|
- 'pcmklatest'
|
|
tripleo::profile::pacemaker::manila::share_bundle::docker_volumes: {get_attr: [ManilaCommon, manila_share_volumes]}
|
|
tripleo::profile::pacemaker::manila::share_bundle::docker_environment: {get_attr: [ManilaCommon, manila_share_environment]}
|
|
tripleo::profile::pacemaker::manila::share_bundle::container_backend: {get_param: ContainerCli}
|
|
manila::share::manage_service: false
|
|
manila::share::enabled: false
|
|
manila::host: hostgroup
|
|
service_config_settings: {get_attr: [ManilaShareContainerBase, role_data, service_config_settings]}
|
|
# BEGIN DOCKER SETTINGS
|
|
puppet_config:
|
|
config_volume: manila
|
|
puppet_tags: manila_config,file,concat,file_line
|
|
step_config:
|
|
list_join:
|
|
- "\n"
|
|
- - "include ::tripleo::profile::pacemaker::manila"
|
|
- {get_attr: [MySQLClient, role_data, step_config]}
|
|
config_image: {get_param: DockerManilaConfigImage}
|
|
kolla_config:
|
|
/var/lib/kolla/config_files/manila_share.json:
|
|
command: /usr/bin/manila-share --config-file /usr/share/manila/manila-dist.conf --config-file /etc/manila/manila.conf
|
|
config_files:
|
|
- source: "/var/lib/kolla/config_files/src/*"
|
|
dest: "/"
|
|
merge: true
|
|
preserve_properties: true
|
|
- source: "/var/lib/kolla/config_files/src-ceph/"
|
|
dest: "/etc/ceph/"
|
|
merge: true
|
|
preserve_properties: true
|
|
permissions:
|
|
- path: /var/log/manila
|
|
owner: manila:manila
|
|
recurse: true
|
|
docker_config_scripts: {get_attr: [ContainersCommon, docker_config_scripts]}
|
|
docker_config:
|
|
step_3:
|
|
manila_share_init_logs:
|
|
start_order: 0
|
|
image: {get_param: DockerManilaShareImage}
|
|
net: none
|
|
privileged: false
|
|
user: root
|
|
volumes:
|
|
- /var/log/containers/manila:/var/log/manila:z
|
|
command: ['/bin/bash', '-c', 'chown -R manila:manila /var/log/manila']
|
|
step_5:
|
|
manila_share_restart_bundle:
|
|
start_order: 0
|
|
config_volume: manila
|
|
detach: false
|
|
net: host
|
|
ipc: host
|
|
user: root
|
|
command:
|
|
- '/usr/bin/bootstrap_host_exec'
|
|
- 'manila_share'
|
|
- str_replace:
|
|
template:
|
|
'if /usr/sbin/pcs resource show openstack-manila-share; then /usr/sbin/pcs resource restart --wait=PCMKTIMEOUT openstack-manila-share; echo "openstack-manila-share restart invoked"; fi'
|
|
params:
|
|
PCMKTIMEOUT: {get_param: PcmkConfigRestartTimeout}
|
|
image: {get_param: DockerManilaShareImage}
|
|
volumes:
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, volumes]}
|
|
-
|
|
- /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro
|
|
- /var/lib/config-data/puppet-generated/manila/:/var/lib/kolla/config_files/src:ro
|
|
manila_share_init_bundle:
|
|
start_order: 1
|
|
detach: false
|
|
net: host
|
|
ipc: host
|
|
user: root
|
|
command: # '/docker_puppet_apply.sh "STEP" "TAGS" "CONFIG" "DEBUG"'
|
|
list_concat:
|
|
- - '/docker_puppet_apply.sh'
|
|
- '5'
|
|
- 'pacemaker_constraint,file,file_line,concat,augeas,pacemaker::resource::bundle,pacemaker::property,pacemaker::constraint::location'
|
|
- 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::manila::share_bundle'
|
|
- if:
|
|
- puppet_debug_enabled
|
|
- - '--debug'
|
|
- - ''
|
|
image: {get_param: DockerManilaShareImage}
|
|
volumes:
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, docker_puppet_apply_volumes]}
|
|
- - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro
|
|
environment:
|
|
# NOTE: this should force this container to re-run on each
|
|
# update (scale-out, etc.)
|
|
- list_join:
|
|
- ''
|
|
- - 'TRIPLEO_DEPLOY_IDENTIFIER='
|
|
- {get_param: DeployIdentifier}
|
|
host_prep_tasks:
|
|
- name: create persistent directories
|
|
file:
|
|
path: "{{ item.path }}"
|
|
state: directory
|
|
setype: "{{ item.setype }}"
|
|
with_items:
|
|
- { 'path': /var/log/containers/manila, 'setype': svirt_sandbox_file_t }
|
|
- { 'path': /var/lib/manila, 'setype': svirt_sandbox_file_t }
|
|
- { 'path': /var/log/manila, 'setype': svirt_sandbox_file_t }
|
|
- name: manila logs readme
|
|
copy:
|
|
dest: /var/log/manila/readme.txt
|
|
content: |
|
|
Log files from manila containers can be found under
|
|
/var/log/containers/manila and /var/log/containers/httpd/manila-api.
|
|
ignore_errors: true
|
|
- name: ensure ceph configurations exist
|
|
file:
|
|
path: /etc/ceph
|
|
state: directory
|
|
deploy_steps_tasks:
|
|
- name: Manila Share tag container image for pacemaker
|
|
when: step|int == 1
|
|
import_role:
|
|
name: tripleo-container-tag
|
|
vars:
|
|
container_image: {get_param: DockerManilaShareImage}
|
|
container_image_latest: *manila_share_image_pcmklatest
|
|
update_tasks:
|
|
- name: Manila-Share fetch and retag container image for pacemaker
|
|
when: step|int == 2
|
|
block: &manila_share_fetch_retag_container_tasks
|
|
- name: Get docker Manila-Share image
|
|
set_fact:
|
|
docker_image: {get_param: DockerManilaShareImage}
|
|
docker_image_latest: *manila_share_image_pcmklatest
|
|
- name: Get previous Manila-Share image id
|
|
shell: "{{container_cli}} images | awk '/manila-share.* pcmklatest/{print $3}' | uniq"
|
|
register: manila_share_image_id
|
|
- block:
|
|
- name: Get a list of container using Manila-Share image
|
|
shell: "{{container_cli}} ps -a -q -f 'ancestor={{manila_share_image_id.stdout}}'"
|
|
register: manila_share_containers_to_destroy
|
|
# It will be recreated with the delpoy step.
|
|
- name: Remove any container using the same Manila-Share image
|
|
shell: "{{container_cli}} rm -fv {{item}}"
|
|
with_items: "{{ manila_share_containers_to_destroy.stdout_lines }}"
|
|
- name: Remove previous Manila-Share images
|
|
shell: "{{container_cli}} rmi -f {{manila_share_image_id.stdout}}"
|
|
when:
|
|
- manila_share_image_id.stdout != ''
|
|
- name: Pull latest Manila-Share images
|
|
command: "docker pull {{docker_image}}"
|
|
- name: Retag pcmklatest to latest Manila-Share image
|
|
import_role:
|
|
name: tripleo-container-tag
|
|
vars:
|
|
container_image: "{{docker_image}}"
|
|
container_image_latest: "{{docker_image_latest}}"
|
|
# Got to check that pacemaker_is_active is working fine with bundle.
|
|
# TODO: pacemaker_is_active resource doesn't support bundle.
|
|
upgrade_tasks:
|
|
- when: step|int == 0
|
|
tags: common
|
|
block:
|
|
- name: Get docker Manila-Share image
|
|
set_fact:
|
|
manila_share_docker_image_latest: *manila_share_image_pcmklatest
|
|
- name: Check for Manila-Share Kolla configuration
|
|
command: grep '^share_driver[ \t]*=' /var/lib/config-data/puppet-generated/manila/etc/manila/manila.conf
|
|
changed_when: no
|
|
ignore_errors: true
|
|
register: manila_share_kolla_config
|
|
- name: Check if Manila-Share is already containerized
|
|
set_fact:
|
|
manila_share_containerized: "{{manila_share_kolla_config|succeeded}}"
|
|
- name: Prepare the switch to new Manila-Share container image name in pacemaker
|
|
when: manila_share_containerized|bool
|
|
block:
|
|
- name: Get Manila-Share image id currently used by pacemaker
|
|
shell: "{{container_cli}} images | awk '/manila-share.* pcmklatest/{print $3}' | uniq"
|
|
register: manila_share_current_pcmklatest_id
|
|
- name: Temporarily tag the current Manila-Share image id with the upgraded image name
|
|
import_role:
|
|
name: tripleo-container-tag
|
|
vars:
|
|
container_image: "{{manila_share_current_pcmklatest_id.stdout}}"
|
|
container_image_latest: "{{manila_share_docker_image_latest}}"
|
|
pull_image: false
|
|
when: manila_share_current_pcmklatest_id.stdout != ''
|
|
- name: Check openstack-manila-share cluster resource status
|
|
pacemaker_resource:
|
|
resource: openstack-manila-share
|
|
state: show
|
|
check_mode: false
|
|
ignore_errors: true
|
|
register: manila_share_pcs_res_result
|
|
- name: Set fact manila_share_pcs_res
|
|
set_fact:
|
|
manila_share_pcs_res: "{{manila_share_pcs_res_result|succeeded}}"
|
|
- name: set is_manila_share_bootstrap_node fact
|
|
tags: common
|
|
set_fact: is_manila_share_bootstrap_node={{manila_share_short_bootstrap_node_name|lower == ansible_hostname|lower}}
|
|
- name: Manila-Share baremetal to container upgrade tasks
|
|
when:
|
|
- step|int == 1
|
|
- not manila_share_containerized|bool
|
|
block:
|
|
- name: Check cluster resource status
|
|
pacemaker_resource:
|
|
resource: openstack-manila-share
|
|
state: show
|
|
check_mode: false
|
|
ignore_errors: true
|
|
register: manila_share_res
|
|
- when: (is_manila_share_bootstrap_node) and (manila_share_res|succeeded)
|
|
block:
|
|
- name: Disable the openstack-manila-share cluster resource
|
|
pacemaker_resource:
|
|
resource: openstack-manila-share
|
|
state: disable
|
|
wait_for_resource: true
|
|
register: output
|
|
retries: 5
|
|
until: output.rc == 0
|
|
- name: Delete the stopped openstack-manila-share cluster resource.
|
|
pacemaker_resource:
|
|
resource: openstack-manila-share
|
|
state: delete
|
|
wait_for_resource: true
|
|
register: output
|
|
retries: 5
|
|
until: output.rc == 0
|
|
- name: Disable manila_share service from boot
|
|
service: name=openstack-manila-share enabled=no
|
|
- name: Update openstack-manila-share pcs resource bundle for new container image
|
|
when:
|
|
- step|int == 1
|
|
- manila_share_containerized|bool
|
|
- is_manila_share_bootstrap_node
|
|
- manila_share_pcs_res|bool
|
|
block:
|
|
- name: Disable the Manila-Share cluster resource before container upgrade
|
|
pacemaker_resource:
|
|
resource: openstack-manila-share
|
|
state: disable
|
|
wait_for_resource: true
|
|
register: output
|
|
retries: 5
|
|
until: output.rc == 0
|
|
- name: Update the Manila-Share bundle to use the new container image name
|
|
command: "pcs resource bundle update openstack-manila-share container image={{manila_share_docker_image_latest}}"
|
|
- name: Enable the Manila-Share cluster resource
|
|
when:
|
|
pacemaker_resource:
|
|
resource: openstack-manila-share
|
|
state: enable
|
|
wait_for_resource: true
|
|
register: output
|
|
retries: 5
|
|
until: output.rc == 0
|
|
- name: Retag the pacemaker image if containerized
|
|
when:
|
|
- step|int == 3
|
|
- manila_share_containerized|bool
|
|
block: *manila_share_fetch_retag_container_tasks
|
|
fast_forward_upgrade_tasks:
|
|
- name: Check cluster resource status
|
|
pacemaker_resource:
|
|
resource: openstack-manila-share
|
|
state: show
|
|
check_mode: false
|
|
ignore_errors: true
|
|
register: manila_share_res_result
|
|
when:
|
|
- step|int == 0
|
|
- release == 'ocata'
|
|
- is_bootstrap_node|bool
|
|
- name: Set fact manila_share_res
|
|
set_fact:
|
|
manila_share_res: "{{ manila_share_res_result.rc == 0 }}"
|
|
when:
|
|
- step|int == 0
|
|
- release == 'ocata'
|
|
- is_bootstrap_node|bool
|
|
- name: Disable the openstack-manila-share cluster resource
|
|
pacemaker_resource:
|
|
resource: openstack-manila-share
|
|
state: disable
|
|
wait_for_resource: true
|
|
register: manila_share_output
|
|
retries: 5
|
|
until: manila_share_output.rc == 0
|
|
when:
|
|
- step|int == 2
|
|
- release == 'ocata'
|
|
- is_bootstrap_node|bool
|
|
- manila_share_res|bool
|