40467b0f3f
The pre-upgrade validation tasks in the containerized services made
sense when upgrading from non-containerized to containerized overcloud
(ocata to pike), however we kept them for queens and rocky
release thinking about using them during the undercloud upgrade from
non-containerized to containerized (queens to rocky) but they
were skipped there too [0]. It's beeing observed in the current
upgrades taken place by operators, that these validations are
causing more issues than it was thought, so let's get rid of
them from all the containerized services in Queens and Rocky.
Closes-Bug: #1829858
[0] - https://github.com/openstack/python-tripleoclient/blob/stable/rocky/tripleoclient/v1/tripleo_deploy.py#L833
Change-Id: If99ea62b6cefb140a9c918b8f6a774658c52d54b
(cherry picked from commit 7e0a4d0e52)
206 lines
7.6 KiB
YAML
206 lines
7.6 KiB
YAML
heat_template_version: queens
|
|
|
|
description: >
|
|
Containerized Sensu client service
|
|
|
|
parameters:
|
|
DockerSensuClientImage:
|
|
description: image
|
|
type: string
|
|
DockerSensuConfigImage:
|
|
description: The container image to use for the sensu config_volume
|
|
type: string
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
SensuDockerCheckCommand:
|
|
type: string
|
|
default: |
|
|
output=''
|
|
for i in $(docker ps --format '{{.ID}}'); do
|
|
if result=$(docker inspect --format='{{.State.Health.Status}}' $i 2>/dev/null); then
|
|
if [ "$result" != 'healthy' ]; then
|
|
output="${output} ; $(docker inspect --format='{{.Name}}' $i) ($i): $(docker inspect --format='{{(index .State.Health.Log 0).Output}}' $i)";
|
|
fi
|
|
fi
|
|
done
|
|
if [ ! -z "${output}" ]; then
|
|
echo ${output:3} && exit 2;
|
|
fi
|
|
SensuDockerCheckInterval:
|
|
type: number
|
|
description: The frequency in seconds the docker health check is executed.
|
|
default: 10
|
|
SensuDockerCheckHandlers:
|
|
default: []
|
|
description: The Sensu event handler to use for events
|
|
created by the docker health check.
|
|
type: comma_delimited_list
|
|
SensuDockerCheckOccurrences:
|
|
type: number
|
|
description: The number of event occurrences before sensu-plugin-aware handler should take action.
|
|
default: 3
|
|
SensuDockerCheckRefresh:
|
|
type: number
|
|
description: The number of seconds sensu-plugin-aware handlers should wait before taking second action.
|
|
default: 90
|
|
|
|
|
|
resources:
|
|
ContainersCommon:
|
|
type: ./containers-common.yaml
|
|
|
|
SensuClientBase:
|
|
type: ../../puppet/services/monitoring/sensu-client.yaml
|
|
properties:
|
|
EndpointMap: {get_param: EndpointMap}
|
|
ServiceData: {get_param: ServiceData}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Sensu client role.
|
|
value:
|
|
service_name: {get_attr: [SensuClientBase, role_data, service_name]}
|
|
config_settings:
|
|
map_merge:
|
|
- get_attr: [SensuClientBase, role_data, config_settings]
|
|
- sensu::checks:
|
|
check-docker-health:
|
|
standalone: true
|
|
command: {get_param: SensuDockerCheckCommand}
|
|
interval: {get_param: SensuDockerCheckInterval}
|
|
handlers: {get_param: SensuDockerCheckHandlers}
|
|
occurrences: {get_param: SensuDockerCheckOccurrences}
|
|
refresh: {get_param: SensuDockerCheckRefresh}
|
|
service_config_settings: {get_attr: [SensuClientBase, role_data, service_config_settings]}
|
|
# BEGIN DOCKER SETTINGS
|
|
puppet_config:
|
|
config_volume: sensu
|
|
puppet_tags: sensu_rabbitmq_config,sensu_client_config,sensu_check_config,sensu_check
|
|
step_config:
|
|
get_attr: [SensuClientBase, role_data, step_config]
|
|
config_image: {get_param: DockerSensuConfigImage}
|
|
kolla_config:
|
|
/var/lib/kolla/config_files/sensu-client.json:
|
|
command: /usr/bin/sensu-client -d /etc/sensu/conf.d/ -l /var/log/sensu/sensu-client.log
|
|
config_files:
|
|
- source: "/var/lib/kolla/config_files/src/*"
|
|
dest: "/"
|
|
merge: true
|
|
preserve_properties: true
|
|
permissions:
|
|
- path: /var/log/sensu
|
|
owner: sensu:sensu
|
|
recurse: true
|
|
docker_config:
|
|
step_3:
|
|
sensu_client:
|
|
image: {get_param: DockerSensuClientImage}
|
|
net: host
|
|
privileged: true
|
|
# NOTE(mmagr) kolla image changes the user to 'sensu', we need it
|
|
# to be root have rw permission to docker.sock to run successfully
|
|
# "docker inspect" command
|
|
user: root
|
|
restart: always
|
|
healthcheck:
|
|
test:
|
|
list_join:
|
|
- ' '
|
|
- - '/openstack/healthcheck'
|
|
- yaql:
|
|
expression: >
|
|
switch(bool($.data.cluster) => $.data.cluster, bool($.data.single_node) => $.data.single_node).select($.port).distinct().join(' ')
|
|
data:
|
|
cluster: {get_attr: [SensuClientBase, role_data, config_settings, 'sensu::rabbitmq_cluster']}
|
|
single_node: [{port: {get_attr: [SensuClientBase, role_data, config_settings, 'sensu::rabbitmq_port']}}]
|
|
volumes:
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, volumes]}
|
|
-
|
|
- /var/run/docker.sock:/var/run/docker.sock:rw
|
|
- /var/lib/kolla/config_files/sensu-client.json:/var/lib/kolla/config_files/config.json:ro
|
|
- /var/lib/config-data/puppet-generated/sensu/:/var/lib/kolla/config_files/src:ro
|
|
- /var/log/containers/sensu:/var/log/sensu:rw
|
|
environment:
|
|
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
|
host_prep_tasks:
|
|
- name: create persistent directories
|
|
file:
|
|
path: "{{ item.path }}"
|
|
state: directory
|
|
setype: "{{ item.setype }}"
|
|
with_items:
|
|
- { 'path': /var/log/containers/sensu, 'setype': svirt_sandbox_file_t }
|
|
- { 'path': /var/log/sensu, 'setype': svirt_sandbox_file_t }
|
|
- name: sensu logs readme
|
|
copy:
|
|
dest: /var/log/sensu/readme.txt
|
|
content: |
|
|
Log files from sensu containers can be found under
|
|
/var/log/containers/sensu.
|
|
ignore_errors: true
|
|
upgrade_tasks:
|
|
- when: step|int == 0
|
|
tags: common
|
|
block:
|
|
- name: Check if sensu client is deployed
|
|
command: systemctl is-enabled --quiet sensu-client
|
|
ignore_errors: True
|
|
register: sensu_enabled_result
|
|
- name: Set fact sensu_enabled
|
|
set_fact:
|
|
sensu_enabled: "{{ sensu_enabled_result.rc == 0 }}"
|
|
- when: step|int == 2
|
|
block:
|
|
- name: Stop and disable sensu-client service
|
|
when: sensu_enabled|bool
|
|
service: name=sensu-client state=stopped enabled=no
|
|
#TODO: Removal of package
|
|
fast_forward_upgrade_tasks:
|
|
- name: Check if sensu client is deployed
|
|
command: systemctl is-enabled --quiet sensu-client
|
|
ignore_errors: True
|
|
register: sensu_enabled_result
|
|
when:
|
|
- step|int == 0
|
|
- release == 'ocata'
|
|
- name: Set fact sensu_enabled
|
|
set_fact:
|
|
sensu_enabled: "{{ sensu_enabled_result.rc == 0 }}"
|
|
when:
|
|
- step|int == 0
|
|
- release == 'ocata'
|
|
- name: Stop and disable sensu-client service
|
|
when:
|
|
- step|int == 1
|
|
- release == 'ocata'
|
|
- sensu_enabled|bool
|
|
service: name=sensu-client state=stopped enabled=no
|