d86025593b
Using host_prep_tasks interface to handle undercloud teardown before we run the undercloud install. The reason of not using upgrade_tasks is because the existing tasks were created for the overcloud upgrade first and there are too much logic right now so we can easily re-use the bits for the undercloud. In the future, we'll probably use upgrade_tasks for both the undercloud and overcloud but right now this is not possible and a simple way to move forward was to implement these tasks that work fine for the undercloud containerization case. Workflow will be: - Services will be stopped and disabled (except mariadb) - Neutron DB will be renamed, then mariadb stopped & disabled - Remove cron jobs - All packages will be upgraded with yum update. Change-Id: I36be7f398dcd91e332687c6222b3ccbb9cd74ad2
260 lines
9.7 KiB
YAML
260 lines
9.7 KiB
YAML
heat_template_version: queens
|
|
|
|
description: >
|
|
OpenStack containerized Rabbitmq service
|
|
|
|
parameters:
|
|
DockerRabbitmqImage:
|
|
description: image
|
|
type: string
|
|
DockerRabbitmqConfigImage:
|
|
description: The container image to use for the rabbitmq config_volume
|
|
type: string
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
RabbitCookie:
|
|
type: string
|
|
default: ''
|
|
hidden: true
|
|
EnableInternalTLS:
|
|
type: boolean
|
|
default: false
|
|
InternalTLSCAFile:
|
|
default: '/etc/ipa/ca.crt'
|
|
type: string
|
|
description: Specifies the default CA cert to use if TLS is used for
|
|
services in the internal network.
|
|
UndercloudUpgrade:
|
|
type: boolean
|
|
description: Flag to indicate undercloud upgrade process is being run.
|
|
default: false
|
|
|
|
conditions:
|
|
|
|
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
|
|
|
resources:
|
|
|
|
ContainersCommon:
|
|
type: ./containers-common.yaml
|
|
|
|
RabbitmqBase:
|
|
type: ../../puppet/services/rabbitmq.yaml
|
|
properties:
|
|
EndpointMap: {get_param: EndpointMap}
|
|
ServiceData: {get_param: ServiceData}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
RoleName: {get_param: RoleName}
|
|
RoleParameters: {get_param: RoleParameters}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Rabbitmq API role.
|
|
value:
|
|
service_name: {get_attr: [RabbitmqBase, role_data, service_name]}
|
|
# RabbitMQ plugins initialization occurs on every node
|
|
config_settings:
|
|
map_merge:
|
|
- {get_attr: [RabbitmqBase, role_data, config_settings]}
|
|
- rabbitmq::admin_enable: false
|
|
- if:
|
|
- internal_tls_enabled
|
|
- tripleo::certmonger::rabbitmq::postsave_cmd: "true" # TODO: restart the rabbitmq container here
|
|
- {}
|
|
logging_source: {get_attr: [RabbitmqBase, role_data, logging_source]}
|
|
logging_groups: {get_attr: [RabbitmqBase, role_data, logging_groups]}
|
|
service_config_settings: {get_attr: [RabbitmqBase, role_data, service_config_settings]}
|
|
# BEGIN DOCKER SETTINGS
|
|
puppet_config:
|
|
config_volume: rabbitmq
|
|
step_config:
|
|
list_join:
|
|
- "\n"
|
|
- - "['Rabbitmq_policy', 'Rabbitmq_user'].each |String $val| { noop_resource($val) }"
|
|
- get_attr: [RabbitmqBase, role_data, step_config]
|
|
config_image: &rabbitmq_config_image {get_param: DockerRabbitmqConfigImage}
|
|
kolla_config:
|
|
/var/lib/kolla/config_files/rabbitmq.json:
|
|
command: /usr/lib/rabbitmq/bin/rabbitmq-server
|
|
config_files:
|
|
- source: "/var/lib/kolla/config_files/src/*"
|
|
dest: "/"
|
|
merge: true
|
|
preserve_properties: true
|
|
- source: "/var/lib/kolla/config_files/src-tls/*"
|
|
dest: "/"
|
|
merge: true
|
|
preserve_properties: true
|
|
optional: true
|
|
permissions:
|
|
- path: /var/lib/rabbitmq
|
|
owner: rabbitmq:rabbitmq
|
|
recurse: true
|
|
- path: /etc/pki/tls/certs/rabbitmq.crt
|
|
owner: rabbitmq:rabbitmq
|
|
optional: true
|
|
- path: /etc/pki/tls/private/rabbitmq.key
|
|
owner: rabbitmq:rabbitmq
|
|
optional: true
|
|
docker_config:
|
|
# Kolla_bootstrap runs before permissions set by kolla_config
|
|
step_1:
|
|
rabbitmq_init_logs:
|
|
start_order: 0
|
|
detach: false
|
|
image: &rabbitmq_image {get_param: DockerRabbitmqImage}
|
|
privileged: false
|
|
user: root
|
|
volumes:
|
|
- /var/log/containers/rabbitmq:/var/log/rabbitmq
|
|
command: ['/bin/bash', '-c', 'chown -R rabbitmq:rabbitmq /var/log/rabbitmq']
|
|
rabbitmq_bootstrap:
|
|
start_order: 1
|
|
detach: false
|
|
image: *rabbitmq_image
|
|
net: host
|
|
privileged: false
|
|
volumes:
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, volumes]}
|
|
-
|
|
- /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro
|
|
- /var/lib/config-data/puppet-generated/rabbitmq/:/var/lib/kolla/config_files/src:ro
|
|
- /var/lib/rabbitmq:/var/lib/rabbitmq
|
|
- /var/log/containers/rabbitmq:/var/log/rabbitmq
|
|
- if:
|
|
- internal_tls_enabled
|
|
-
|
|
- list_join:
|
|
- ':'
|
|
- - {get_param: InternalTLSCAFile}
|
|
- {get_param: InternalTLSCAFile}
|
|
- 'ro'
|
|
- /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro
|
|
- /etc/pki/tls/private/rabbitmq.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/rabbitmq.key:ro
|
|
- null
|
|
environment:
|
|
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
|
- KOLLA_BOOTSTRAP=True
|
|
-
|
|
list_join:
|
|
- '='
|
|
- - 'RABBITMQ_CLUSTER_COOKIE'
|
|
-
|
|
yaql:
|
|
expression: $.data.passwords.where($ != '').first()
|
|
data:
|
|
passwords:
|
|
- {get_param: RabbitCookie}
|
|
- {get_param: [DefaultPasswords, rabbit_cookie]}
|
|
rabbitmq:
|
|
start_order: 2
|
|
image: *rabbitmq_image
|
|
net: host
|
|
privileged: false
|
|
restart: always
|
|
healthcheck:
|
|
test: /openstack/healthcheck
|
|
volumes:
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, volumes]}
|
|
-
|
|
- /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro
|
|
- /var/lib/config-data/puppet-generated/rabbitmq/:/var/lib/kolla/config_files/src:ro
|
|
- /var/lib/rabbitmq:/var/lib/rabbitmq
|
|
- /var/log/containers/rabbitmq:/var/log/rabbitmq
|
|
- if:
|
|
- internal_tls_enabled
|
|
-
|
|
- list_join:
|
|
- ':'
|
|
- - {get_param: InternalTLSCAFile}
|
|
- {get_param: InternalTLSCAFile}
|
|
- 'ro'
|
|
- /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro
|
|
- /etc/pki/tls/private/rabbitmq.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/rabbitmq.key:ro
|
|
- null
|
|
environment:
|
|
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
|
docker_puppet_tasks:
|
|
# RabbitMQ users and policies initialization occurs only on single node
|
|
step_1:
|
|
config_volume: 'rabbit_init_tasks'
|
|
puppet_tags: 'rabbitmq_policy,rabbitmq_user'
|
|
step_config: 'include ::tripleo::profile::base::rabbitmq'
|
|
config_image: *rabbitmq_config_image
|
|
volumes:
|
|
- /var/lib/config-data/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/:ro
|
|
- /var/lib/rabbitmq:/var/lib/rabbitmq:ro
|
|
metadata_settings:
|
|
get_attr: [RabbitmqBase, role_data, metadata_settings]
|
|
host_prep_tasks:
|
|
- name: create persistent directories
|
|
file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
with_items:
|
|
- /var/log/containers/rabbitmq
|
|
- /var/lib/rabbitmq
|
|
- name: rabbitmq logs readme
|
|
copy:
|
|
dest: /var/log/rabbitmq/readme.txt
|
|
content: |
|
|
Log files from rabbitmq containers can be found under
|
|
/var/log/containers/rabbitmq.
|
|
ignore_errors: true
|
|
- name: Stop and disable the rabbitmq-server service
|
|
service:
|
|
name: rabbitmq-server
|
|
state: stopped
|
|
enabled: no
|
|
when: {get_param: UndercloudUpgrade}
|
|
upgrade_tasks:
|
|
- name: Check if rabbitmq server is deployed
|
|
command: systemctl is-enabled --quiet rabbitmq-server
|
|
tags: common
|
|
ignore_errors: True
|
|
register: rabbitmq_enabled
|
|
- name: "PreUpgrade step0,validation: Check service rabbitmq server is running"
|
|
command: systemctl is-active --quiet rabbitmq-server
|
|
when:
|
|
- step|int == 0
|
|
- rabbitmq_enabled.rc == 0
|
|
tags: validation
|
|
- name: Stop and disable rabbitmq service
|
|
when:
|
|
- step|int == 2
|
|
- rabbitmq_enabled.rc == 0
|
|
service: name=rabbitmq-server state=stopped enabled=no
|
|
update_tasks:
|
|
# TODO: Are we sure we want to support this. Rolling update
|
|
# without pacemaker may fail. Do we test this ? In any case,
|
|
# this is under paunch control so the latest image should be
|
|
# pulled in by the deploy steps. Same question for other
|
|
# usually managed by pacemaker container.
|