Heat templates for deploying OpenStack
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 

469 lines
19 KiB

heat_template_version: queens
description: >
OpenStack containerized Nova API service
parameters:
DockerNovaApiImage:
description: image
type: string
DockerNovaConfigImage:
description: The container image to use for the nova config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EnableInternalTLS:
type: boolean
default: false
EnableOnlineDataMigrations:
type: boolean
description: Enable post-upgrade online data migrations.
default: true
NovaDbSyncTimeout:
default: 300
description: Timeout for Nova db sync
type: number
UpgradeRemoveUnusedPackages:
default: false
description: Remove package if the service is being disabled during upgrade
type: boolean
DeployIdentifier:
default: ''
type: string
description: >
Setting this to a unique value will re-run any deployment tasks which
perform configuration on a Heat stack-update.
NovaPassword:
description: The password for the nova service and db account
type: string
hidden: true
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
online_data_migrations_enabled: {equals: [{get_param: EnableOnlineDataMigrations}, true]}
resources:
ContainersCommon:
type: ./containers-common.yaml
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
NovaApiBase:
type: ../../puppet/services/nova-api.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
NovaApiLogging:
type: OS::TripleO::Services::Logging::NovaApi
OnlineDataMigrationsCommand:
type: OS::Heat::Value
properties:
type: string
value:
if:
- online_data_migrations_enabled
- "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage db online_data_migrations'"
- "/usr/bin/echo Online data migrations disabled via EnableOnlineDataMigrations parameter"
outputs:
role_data:
description: Role data for the Nova API role.
value:
service_name: {get_attr: [NovaApiBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [NovaApiBase, role_data, config_settings]
- get_attr: [NovaApiLogging, config_settings]
- apache::default_vhost: false
logging_source: {get_attr: [NovaApiBase, role_data, logging_source]}
logging_groups: {get_attr: [NovaApiBase, role_data, logging_groups]}
service_config_settings: {get_attr: [NovaApiBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: nova
puppet_tags: nova_config
step_config:
list_join:
- "\n"
- - "['Nova_cell_v2'].each |String $val| { noop_resource($val) }"
- {get_attr: [NovaApiBase, role_data, step_config]}
- {get_attr: [MySQLClient, role_data, step_config]}
config_image: {get_param: DockerNovaConfigImage}
kolla_config:
/var/lib/kolla/config_files/nova_api.json:
command: /usr/sbin/httpd -DFOREGROUND
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/nova
owner: nova:nova
recurse: true
/var/lib/kolla/config_files/nova_api_cron.json:
command: /usr/sbin/crond -n
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/nova
owner: nova:nova
recurse: true
docker_config_scripts:
nova_api_ensure_default_cell.sh:
mode: "0700"
content: |
#!/bin/bash
DEFID=$(su nova -s /bin/bash -c "nova-manage cell_v2 list_cells" | sed -e '1,3d' -e '$d' | awk -F ' *| *' '$2 == "default" {print $4}')
if [ "$DEFID" ]; then
echo "(cellv2) Updating default cell_v2 cell $DEFID"
su nova -s /bin/bash -c "/usr/bin/nova-manage cell_v2 update_cell --cell_uuid $DEFID --name=default"
else
echo "(cellv2) Creating default cell_v2 cell"
su nova -s /bin/bash -c "/usr/bin/nova-manage cell_v2 create_cell --name=default"
fi
nova_api_ensure_cell0_database_url.sh:
mode: "0700"
content:
str_replace:
template: su nova -s /bin/bash -c "nova-manage cell_v2 list_cells --verbose | grep 'CELL' || nova-manage cell_v2 update_cell --cell_uuid 00000000-0000-0000-0000-000000000000 --transport-url 'none:///' --database_connection='CELL'"
params:
CELL: {get_attr: [NovaApiBase, role_data, config_settings, "nova::cell0_database_connection"]}
docker_config:
step_2:
get_attr: [NovaApiLogging, docker_config, step_2]
step_3:
nova_api_db_sync:
start_order: 0
image: &nova_api_image {get_param: DockerNovaApiImage}
net: host
detach: false
user: root
volumes: &nova_api_bootstrap_volumes
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [NovaApiLogging, volumes]}
-
- /var/lib/config-data/nova/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro
command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage api_db sync'"
nova_api_map_cell0:
start_order: 1
image: *nova_api_image
net: host
detach: false
user: root
volumes: *nova_api_bootstrap_volumes
command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 map_cell0'"
nova_api_ensure_default_cell:
start_order: 2
image: *nova_api_image
net: host
detach: false
volumes:
list_concat:
- *nova_api_bootstrap_volumes
-
- /var/log/containers/nova:/var/log/nova
- /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro
- /var/lib/docker-config-scripts/nova_api_ensure_default_cell.sh:/nova_api_ensure_default_cell.sh:ro
user: root
command: "/usr/bin/bootstrap_host_exec nova_api /nova_api_ensure_default_cell.sh"
nova_api_ensure_cell0_database_url:
start_order: 3
image: *nova_api_image
net: host
detach: false
volumes:
list_concat:
- *nova_api_bootstrap_volumes
-
- /var/log/containers/nova:/var/log/nova
- /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro
- /var/lib/docker-config-scripts/nova_api_ensure_cell0_database_url.sh:/nova_api_ensure_cell0_database_url.sh:ro
user: root
command: "/usr/bin/bootstrap_host_exec nova_api /nova_api_ensure_cell0_database_url.sh"
nova_db_sync:
start_order: 4
image: *nova_api_image
net: host
detach: false
volumes: *nova_api_bootstrap_volumes
user: root
command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage db sync'"
step_4:
nova_api:
start_order: 2
image: *nova_api_image
net: host
user: root
privileged: false
restart: always
healthcheck:
test: /openstack/healthcheck
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [NovaApiLogging, volumes]}
-
- /var/lib/kolla/config_files/nova_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro
-
if:
- internal_tls_enabled
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
- ''
-
if:
- internal_tls_enabled
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
- ''
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
nova_api_cron:
image: *nova_api_image
net: host
user: root
privileged: false
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [NovaApiLogging, volumes]}
-
- /var/lib/kolla/config_files/nova_api_cron.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
step_5:
nova_online_migrations:
start_order: 2
image: *nova_api_image
net: host
detach: false
volumes: *nova_api_bootstrap_volumes
user: root
command: {get_attr: [OnlineDataMigrationsCommand, value]}
metadata_settings:
get_attr: [NovaApiBase, role_data, metadata_settings]
host_prep_tasks: {get_attr: [NovaApiLogging, host_prep_tasks]}
update_tasks:
- name: check at which step is nova_api_ensure_cell0_database_url
shell: "docker inspect nova_api_ensure_cell0_database_url|jq -r '.[]|.Config.Labels.config_id'"
ignore_errors: true
register: cell0_database_url_step
when:
- step|int == 1
- name: remove nova_api_ensure_cell0_database_url explicitly.
shell: "docker rm -fv nova_api_ensure_cell0_database_url"
when:
- step|int == 1
- cell0_database_url_step is succeeded
- cell0_database_url_step.stdout == 'tripleo_step5'
upgrade_tasks:
- when: step|int == 0
tags: common
block:
- name: get bootstrap nodeid
command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid
register: bootstrap_node
- name: set is_bootstrap_node fact
set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}}
- name: Check if nova_api is deployed
command: systemctl is-enabled --quiet openstack-nova-api
ignore_errors: True
register: nova_api_enabled_result
- set_fact:
nova_api_enabled: "{{ nova_api_enabled_result.rc == 0 }}"
- name: Check for nova-api running under apache
shell: httpd -t -D DUMP_VHOSTS | grep -q 'nova'
ignore_errors: True
register: nova_api_httpd_enabled_result
- set_fact:
nova_api_httpd_enabled: "{{ nova_api_httpd_enabled_result.rc == 0 }}"
- name: Check if httpd service is running
command: systemctl is-active --quiet httpd
ignore_errors: True
register: httpd_running_result
when: httpd_running is undefined
- set_fact:
httpd_running: "{{ httpd_running_result.rc == 0 }}"
when: httpd_running is undefined
# NOTE: In puppet service variant, we ran release N online
# migrations before upgrade to release N+1. In docker
# service variant, we run release N online migrations
# after upgrade to release N. This means that during
# switch from non-containerized to containerized, we need
# to run both of these.
- name: Online data migration for Nova before switching to containers
tags: pre-upgrade
when:
- is_bootstrap_node|bool
- (nova_api_httpd_enabled|bool and httpd_running|bool) or nova_api_enabled|bool
command: nova-manage db online_data_migrations
- when: step|int == 2
block:
- name: Stop and disable nova_api service
when:
- nova_api_enabled|bool
service: name=openstack-nova-api state=stopped enabled=no
- name: Stop nova_api service (running under httpd)
when:
- nova_api_httpd_enabled|bool
- httpd_running|bool
service: name=httpd state=stopped
- when: step|int == 3
block:
- name: Set fact for removal of openstack-nova-api package
set_fact:
remove_nova_api_package: {get_param: UpgradeRemoveUnusedPackages}
- name: Remove openstack-nova-api package if operator requests it
yum: name=openstack-nova-api state=removed
ignore_errors: True
when:
- remove_nova_api_package|bool
- name: remove old nova cron jobs
file:
path: /var/spool/cron/nova
state: absent
fast_forward_upgrade_tasks:
- name: Check if nova-api is deployed
command: systemctl is-enabled --quiet openstack-nova-api
ignore_errors: True
register: nova_api_enabled_result
when:
- step|int == 0
- release == 'ocata'
- name: Set fact nova_api_enabled
set_fact:
nova_api_enabled: "{{ nova_api_enabled_result.rc == 0 }}"
when:
- step|int == 0
- release == 'ocata'
- name: Stop openstack-nova-api service
service: name=openstack-nova-api state=stopped
when:
- step|int == 1
- nova_api_enabled|bool
- release == 'ocata'
- name: Extra migration for nova tripleo/+bug/1656791
command: nova-manage db online_data_migrations
when:
- step|int == 5
- release == 'ocata'
- is_bootstrap_node|bool
- name: Update nova packages
command: yum update -y *nova*
when:
- step|int == 6
- is_bootstrap_node|bool
#FIXME(lyarwood): Use puppet to do this?
- when:
- step|int == 7
- release == 'ocata'
- is_bootstrap_node|bool
block:
- name: Create puppet manifest to set transport_url in nova.conf
copy:
dest: /root/nova-api_upgrade_manifest.pp
mode: 0600
content: >
$transport_url = os_transport_url({
'transport' => hiera('messaging_service_name', 'rabbit'),
'hosts' => any2array(hiera('rabbitmq_node_names', undef)),
'port' => sprintf('%s',hiera('nova::rabbit_port', '5672') ),
'username' => hiera('nova::rabbit_userid', 'guest'),
'password' => hiera('nova::rabbit_password'),
'ssl' => sprintf('%s', bool2num(str2bool(hiera('nova::rabbit_use_ssl', '0'))))
})
oslo::messaging::default { 'nova_config':
transport_url => $transport_url
}
- name: Run puppet apply to set tranport_url in nova.conf
command: puppet apply --modulepath /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules --detailed-exitcodes /root/nova-api_upgrade_manifest.pp
register: puppet_apply_nova_api_upgrade
failed_when: puppet_apply_nova_api_upgrade.rc not in [0,2]
changed_when: puppet_apply_nova_api_upgrade.rc == 2
- name: Setup cell_v2 (map cell0)
shell:
str_replace:
template: nova-manage cell_v2 map_cell0 --database_connection='CELL'
params:
CELL: {get_attr: [NovaApiBase, role_data, config_settings, "nova::cell0_database_connection"]}
- name: Setup cell_v2 (create default cell)
# (owalsh) puppet-nova expects the cell name 'default'
# (owalsh) pass the db uri explicitly to avoid https://bugs.launchpad.net/tripleo/+bug/1662344
shell:
str_replace:
template: nova-manage cell_v2 create_cell --name='default' --database_connection='CELL'
params:
CELL: {get_attr: [NovaApiBase, role_data, config_settings, "nova::database_connection"]}
register: nova_api_create_cell
failed_when: nova_api_create_cell.rc not in [0,2]
changed_when: nova_api_create_cell.rc == 0
- name: Setup cell_v2 (sync nova/cell DB)
command: nova-manage db sync
async: {get_param: NovaDbSyncTimeout}
poll: 10
- name: Setup cell_v2 (get cell uuid)
shell: nova-manage cell_v2 list_cells | sed -e '1,3d' -e '$d' | awk -F ' *| *' '$2 == "default" {print $4}'
register: nova_api_cell_uuid
- name: Setup cell_v2 (migrate hosts)
command: nova-manage cell_v2 discover_hosts --cell_uuid {{nova_api_cell_uuid.stdout}} --verbose
- name: Setup cell_v2 (migrate instances)
command: nova-manage cell_v2 map_instances --cell_uuid {{nova_api_cell_uuid.stdout}}
- name: Sync nova/cell DB
command: nova-manage db sync
async: {get_param: NovaDbSyncTimeout}
poll: 10
when:
- step|int == 8
- is_bootstrap_node|bool
- release == 'pike'
- name: Sync nova_api DB
command: nova-manage api_db sync
when:
- step|int == 8
- is_bootstrap_node|bool
- name: Online data migration for nova
command: nova-manage db online_data_migrations
when:
- step|int == 8
- is_bootstrap_node|bool