tripleo-heat-templates/docker/services/panko-api.yaml
Jiri Stransky 248099db8c Fix race conditions between containers
In many occasions we had log directory initialization containers
without `detach: false`, which didn't guarantee that they'll finish
before the container depending on them will start using the log
directory.

This is now fixed by moving the initialization container one global
step earlier, so that we can keep the concurrency when creating the
log dirs. (Using `detach: false` makes paunch handle just one
container at a time, and as such it can have negative performance
impact.)

For services which have their container(s) starting in step_1,
initialization cannot be moved to an earlier step, so the solution
here was to just add `detach: false`.

As a minor related change, cinder DB sync container now mounts the log
directory from host to put cinder-manage.log into the expected
location.

Change-Id: I1340de4f68dd32c2412d9385cf3a8ca202b48556
2017-06-14 15:58:55 +02:00

148 lines
5.0 KiB
YAML

heat_template_version: pike
description: >
OpenStack Panko service configured with docker.
Note, this service is deprecated in Pike release and
will be disabled in future releases.
parameters:
DockerNamespace:
description: namespace
default: 'tripleoupstream'
type: string
DockerPankoApiImage:
description: image
default: 'centos-binary-panko-api:latest'
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EnableInternalTLS:
type: boolean
default: false
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
ContainersCommon:
type: ./containers-common.yaml
PankoApiPuppetBase:
type: ../../puppet/services/panko-api.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Panko API role.
value:
service_name: {get_attr: [PankoApiPuppetBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [PankoApiPuppetBase, role_data, config_settings]
- apache::default_vhost: false
step_config: &step_config
get_attr: [PankoApiPuppetBase, role_data, step_config]
service_config_settings: {get_attr: [PankoApiPuppetBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS #
puppet_config:
config_volume: panko
puppet_tags: panko_api_paste_ini,panko_config
step_config: *step_config
config_image: &panko_image
list_join:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerPankoApiImage} ]
kolla_config:
/var/lib/kolla/config_files/panko_api.json:
command: /usr/sbin/httpd -DFOREGROUND
permissions:
- path: /var/log/panko
owner: panko:panko
recurse: true
docker_config:
step_2:
panko_init_log:
image: *panko_image
user: root
volumes:
- /var/log/containers/panko:/var/log/panko
command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R panko:panko /var/log/panko']
step_3:
panko_db_sync:
image: *panko_image
net: host
detach: false
privileged: false
user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/panko/etc/panko:/etc/panko:ro
- /var/log/containers/panko:/var/log/panko
command: "/usr/bin/bootstrap_host_exec panko_api su panko -s /bin/bash -c '/usr/bin/panko-dbsync'"
step_4:
panko_api:
start_order: 2
image: *panko_image
net: host
privileged: false
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/panko_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/panko/etc/panko/:/etc/panko/:ro
- /var/lib/config-data/panko/etc/httpd/conf/:/etc/httpd/conf/:ro
- /var/lib/config-data/panko/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro
- /var/lib/config-data/panko/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro
- /var/lib/config-data/panko/var/www/:/var/www/:ro
- /var/log/containers/panko:/var/log/panko
-
if:
- internal_tls_enabled
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
- ''
-
if:
- internal_tls_enabled
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
- ''
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent logs directory
file:
path: /var/log/containers/panko
state: directory
metadata_settings:
get_attr: [PankoApiPuppetBase, role_data, metadata_settings]