openstack/tripleo-heat-templates
Code Issues Proposed changes
162541f242
tripleo-heat-templates/docker/services/neutron-l3.yaml
Jose Luis Franco Arza 40467b0f3f [Rocky/Queens Only] Remove pre-upgrade validation tasks in cont services. 
The pre-upgrade validation tasks in the containerized services made
sense when upgrading from non-containerized to containerized overcloud
(ocata to pike), however we kept them for queens and rocky
release thinking about using them during the undercloud upgrade from
non-containerized to containerized (queens to rocky) but they
were skipped there too [0]. It's beeing observed in the current
upgrades taken place by operators, that these validations are
causing more issues than it was thought, so let's get rid of
them from all the containerized services in Queens and Rocky.

Closes-Bug: #1829858

[0] - https://github.com/openstack/python-tripleoclient/blob/stable/rocky/tripleoclient/v1/tripleo_deploy.py#L833

Change-Id: If99ea62b6cefb140a9c918b8f6a774658c52d54b
(cherry picked from commit 7e0a4d0e52)
2019-06-04 14:07:47 +02:00

294 lines
12 KiB
YAML
Raw Blame History

heat_template_version: queens
description: >
OpenStack containerized Neutron L3 agent
parameters:
DockerNeutronL3AgentImage:
description: image
type: string
DockerNeutronConfigImage:
description: The container image to use for the neutron config_volume
type: string
DockerNeutronL3AgentUlimit:
default: ['nofile=16384']
description: ulimit for Neutron L3 Agent Container
type: comma_delimited_list
NeutronEnableKeepalivedWrapper:
description: Generate a wrapper script so neutron launches keepalived processes in a
separate container.
type: boolean
default: true
NeutronEnableHaproxyDockerWrapper:
description: Generate a wrapper script so neutron launches haproxy in a separate container.
type: boolean
default: true
NeutronEnableDibblerDockerWrapper:
description: Generate a wrapper script so neutron launches the dibbler client in a separate
container.
type: boolean
default: true
NeutronEnableRadvdDockerWrapper:
description: Generate a wrapper script so neutron launches radvd in a separate container. Note
that is currently disabled by default pending availability of a fix to radvd
(see https://bugzilla.redhat.com/show_bug.cgi?id=1564391). It will be enabled by default
once the fix to radvd is generally available across target distributions.
type: boolean
default: false
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
conditions:
keepalived_wrapper_enabled: {equals: [{get_param: NeutronEnableKeepalivedWrapper}, true]}
haproxy_wrapper_enabled: {equals: [{get_param: NeutronEnableHaproxyDockerWrapper}, true]}
dibbler_wrapper_enabled: {equals: [{get_param: NeutronEnableDibblerDockerWrapper}, true]}
radvd_wrapper_enabled: {equals: [{get_param: NeutronEnableRadvdDockerWrapper}, true]}
resources:
ContainersCommon:
type: ./containers-common.yaml
NeutronL3Base:
type: ../../puppet/services/neutron-l3.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
NeutronLogging:
type: OS::TripleO::Services::Logging::NeutronCommon
properties:
NeutronServiceName: l3-agent
outputs:
role_data:
description: Role data for Neutron L3 agent
value:
service_name: {get_attr: [NeutronL3Base, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [NeutronL3Base, role_data, config_settings]
- get_attr: [NeutronLogging, config_settings]
- tripleo::profile::base::neutron::l3_agent_wrappers::enable_keepalived_wrapper: {get_param: NeutronEnableKeepalivedWrapper}
tripleo::profile::base::neutron::l3_agent_wrappers::keepalived_process_wrapper: '/var/lib/neutron/keepalived_wrapper'
# TODO(beagles): this can be removed after a cleanup of the related puppet-tripleo code.
tripleo::profile::base::neutron::l3_agent_wrappers::keepalived_state_change_wrapper: '/var/lib/neutron/keepalived_state_change_wrapper'
tripleo::profile::base::neutron::l3_agent_wrappers::keepalived_image: {get_param: DockerNeutronL3AgentImage}
tripleo::profile::base::neutron::l3_agent_wrappers::enable_haproxy_wrapper: {get_param: NeutronEnableHaproxyDockerWrapper}
tripleo::profile::base::neutron::l3_agent_wrappers::haproxy_process_wrapper: '/var/lib/neutron/l3_haproxy_wrapper'
tripleo::profile::base::neutron::l3_agent_wrappers::haproxy_image: {get_param: DockerNeutronL3AgentImage}
tripleo::profile::base::neutron::l3_agent_wrappers::enable_dibbler_wrapper: {get_param: NeutronEnableDibblerDockerWrapper}
tripleo::profile::base::neutron::l3_agent_wrappers::dibbler_process_wrapper: '/var/lib/neutron/dibbler_wrapper'
tripleo::profile::base::neutron::l3_agent_wrappers::dibbler_image: {get_param: DockerNeutronL3AgentImage}
tripleo::profile::base::neutron::l3_agent_wrappers::enable_radvd_wrapper: {get_param: NeutronEnableRadvdDockerWrapper}
tripleo::profile::base::neutron::l3_agent_wrappers::radvd_process_wrapper: '/var/lib/neutron/radvd_wrapper'
tripleo::profile::base::neutron::l3_agent_wrappers::radvd_image: {get_param: DockerNeutronL3AgentImage}
logging_source: {get_attr: [NeutronL3Base, role_data, logging_source]}
logging_groups: {get_attr: [NeutronL3Base, role_data, logging_groups]}
service_config_settings: {get_attr: [NeutronL3Base, role_data, service_config_settings]}
puppet_config:
puppet_tags: neutron_config,neutron_l3_agent_config
config_volume: neutron
step_config:
get_attr: [NeutronL3Base, role_data, step_config]
config_image: {get_param: DockerNeutronConfigImage}
kolla_config:
/var/lib/kolla/config_files/neutron_l3_agent.json:
command:
list_join:
- ' '
- - /usr/bin/neutron-l3-agent --config-file /usr/share/neutron/neutron-dist.conf --config-dir /usr/share/neutron/l3_agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/l3_agent.ini --config-dir /etc/neutron/conf.d/common --config-dir /etc/neutron/conf.d/neutron-l3-agent
- get_attr: [NeutronLogging, cmd_extra_args]
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/neutron
owner: neutron:neutron
recurse: true
- path: /var/lib/neutron
owner: neutron:neutron
recurse: true
docker_config_scripts: {get_attr: [ContainersCommon, docker_config_scripts]}
docker_config:
step_2:
create_keepalived_wrapper:
start_order: 1
detach: false
net: host
pid: host
user: root
command: # '/docker_puppet_apply.sh "STEP" "TAGS" "CONFIG" "DEBUG"'
list_concat:
-
- '/docker_puppet_apply.sh'
- '4'
- 'file'
- 'include ::tripleo::profile::base::neutron::l3_agent_wrappers'
image: {get_param: DockerNeutronL3AgentImage}
volumes:
list_concat:
- {get_attr: [ContainersCommon, docker_puppet_apply_volumes]}
-
- /run/openvswitch:/run/openvswitch
- /var/lib/neutron:/var/lib/neutron
step_4:
neutron_l3_agent:
start_order: 10
image: {get_param: DockerNeutronL3AgentImage}
net: host
pid: host
privileged: true
restart: always
healthcheck:
test:
list_join:
- ' '
- - '/openstack/healthcheck'
- yaql:
expression: str($.data.port)
data:
port: {get_attr: [NeutronL3Base, role_data, config_settings, 'neutron::rabbit_port']}
ulimit: {get_param: DockerNeutronL3AgentUlimit}
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [NeutronLogging, volumes]}
-
- /var/lib/kolla/config_files/neutron_l3_agent.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro
- /lib/modules:/lib/modules:ro
- /run/openvswitch:/run/openvswitch
- /var/lib/neutron:/var/lib/neutron
- /run/netns:/run/netns:shared
- /var/lib/openstack:/var/lib/openstack
-
if:
- keepalived_wrapper_enabled
- - /var/lib/neutron/keepalived_wrapper:/usr/local/bin/keepalived:ro
- null
-
if:
- haproxy_wrapper_enabled
- - /var/lib/neutron/l3_haproxy_wrapper:/usr/local/bin/haproxy:ro
- null
-
if:
- radvd_wrapper_enabled
- - /var/lib/neutron/radvd_wrapper:/usr/local/bin/radvd:ro
- null
-
if:
- dibbler_wrapper_enabled
- - /var/lib/neutron/dibbler_wrapper:/usr/local/bin/dibbler_client:ro
- null
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
metadata_settings:
get_attr: [NeutronL3Base, role_data, metadata_settings]
host_prep_tasks:
list_concat:
- {get_attr: [NeutronLogging, host_prep_tasks]}
- - name: create /var/lib/neutron
file:
path: /var/lib/neutron
state: directory
upgrade_tasks:
- when: step|int == 0
tags: common
block:
- name: Check if neutron_l3_agent is deployed
command: systemctl is-enabled --quiet neutron-l3-agent
ignore_errors: True
register: neutron_l3_agent_enabled_result
- name: Set fact neutron_l3_agent_enabled
set_fact:
neutron_l3_agent_enabled: "{{ neutron_l3_agent_enabled_result.rc == 0 }}"
- when: step|int == 2
block:
- name: Stop and disable neutron_l3 service
when: neutron_l3_agent_enabled|bool
service: name=neutron-l3-agent state=stopped enabled=no
fast_forward_upgrade_tasks:
- name: Check if neutron_l3_agent is deployed
command: systemctl is-enabled --quiet neutron-l3-agent
ignore_errors: True
register: neutron_l3_agent_enabled_result
when:
- step|int == 0
- release == 'ocata'
- name: Set fact neutron_l3_agent_enabled
set_fact:
neutron_l3_agent_enabled: "{{ neutron_l3_agent_enabled_result.rc == 0 }}"
when:
- step|int == 0
- release == 'ocata'
- name: Stop neutron_l3_agent
service: name=neutron-l3-agent state=stopped enabled=no
when:
- step|int == 1
- release == 'ocata'
- neutron_l3_agent_enabled|bool
post_upgrade_tasks:
- name: Check for neutron user
getent:
database: passwd
key: neutron
ignore_errors: True
- name: Set neutron_user_avail
set_fact:
neutron_user_avail: "{{ getent_passwd is defined }}"
- when:
- step|int == 2
- neutron_user_avail|bool
block:
- name: Ensure r/w access for existing files after upgrade
become: true
shell: |
umask 0002
setfacl -d -R -m u:neutron:rwx /var/lib/neutron
setfacl -R -m u:neutron:rw /var/lib/neutron
find /var/lib/neutron -type d -exec setfacl -m u:neutron:rwx '{}' \;
- name: Provide access to domain sockets
become: true
shell: |
umask 0002
setfacl -m u:neutron:rwx "{{ item }}"
with_items:
- /var/lib/neutron/metadata_proxy
- /var/lib/neutron/keepalived-state-change
- /var/lib/neutron
# These files are not necessarily present
ignore_errors: True
View Git Blame Copy Permalink