cc38db4c99
This would allow external_(deploy/update/upgrade)_tasks to honor excluded nodes during deploy/update/upgrade. Depends-On: https://review.opendev.org/c/openstack/tripleo-common/+/856407 Change-Id: Ia9d3c8d0a3098191b2d8b12fc24eee4517c6c521
405 lines
16 KiB
YAML
405 lines
16 KiB
YAML
heat_template_version: wallaby
|
|
|
|
description: >
|
|
OpenStack containerized Manila API service
|
|
|
|
parameters:
|
|
ContainerManilaApiImage:
|
|
description: image
|
|
type: string
|
|
tags:
|
|
- role_specific
|
|
ContainerManilaConfigImage:
|
|
description: The container image to use for the manila config_volume
|
|
type: string
|
|
tags:
|
|
- role_specific
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. Use
|
|
parameter_merge_strategies to merge it with the defaults.
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
EnableInternalTLS:
|
|
type: boolean
|
|
default: false
|
|
ManilaWorkers:
|
|
type: string
|
|
description: Set the number of workers for manila::wsgi::apache
|
|
default: '%{::os_workers}'
|
|
ManilaPassword:
|
|
description: The password for the manila service account.
|
|
type: string
|
|
hidden: true
|
|
KeystoneRegion:
|
|
type: string
|
|
default: 'regionOne'
|
|
description: Keystone region for endpoint
|
|
ManilaApiPolicies:
|
|
description: |
|
|
A hash of policies to configure for Manila API.
|
|
e.g. { manila-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
|
|
default: {}
|
|
type: json
|
|
MonitoringSubscriptionManilaApi:
|
|
default: 'overcloud-manila-api'
|
|
type: string
|
|
ManilaEnabledShareProtocols:
|
|
default: ''
|
|
description: List of protocols to be allowed for share creation in manila.
|
|
When not set, the list is inferred via the storage back end/s
|
|
enabled.
|
|
type: comma_delimited_list
|
|
ManilaCronDbPurgeMinute:
|
|
type: string
|
|
description: >
|
|
Cron to purge db entries marked as deleted and older than $age - Minute
|
|
default: '1'
|
|
ManilaCronDbPurgeHour:
|
|
type: string
|
|
description: >
|
|
Cron to purge db entries marked as deleted and older than $age - Hour
|
|
default: '0'
|
|
ManilaCronDbPurgeMonthday:
|
|
type: string
|
|
description: >
|
|
Cron to purge db entries marked as deleted and older than $age - Month Day
|
|
default: '*'
|
|
ManilaCronDbPurgeMonth:
|
|
type: string
|
|
description: >
|
|
Cron to purge db entries marked as deleted and older than $age - Month
|
|
default: '*'
|
|
ManilaCronDbPurgeWeekday:
|
|
type: string
|
|
description: >
|
|
Cron to purge db entries marked as deleted and older than $age - Week Day
|
|
default: '*'
|
|
ManilaCronDbPurgeUser:
|
|
type: string
|
|
description: >
|
|
Cron to purge db entries marked as deleted and older than $age - User
|
|
default: 'manila'
|
|
ManilaCronDbPurgeAge:
|
|
type: string
|
|
description: >
|
|
Cron to purge db entries marked as deleted and older than $age - Age
|
|
default: '30'
|
|
ManilaCronDbPurgeDestination:
|
|
type: string
|
|
description: >
|
|
Cron to purge db entries marked as deleted and older than $age - Log destination
|
|
default: '/var/log/manila/manila-rowsflush.log'
|
|
ManilaCronDbPurgeMaxDelay:
|
|
type: string
|
|
description: >
|
|
Cron to purge db entries marked as deleted and older than $age - Max Delay
|
|
default: '3600'
|
|
MemcacheUseAdvancedPool:
|
|
type: boolean
|
|
description: |
|
|
Use the advanced (eventlet safe) memcached client pool.
|
|
default: true
|
|
|
|
resources:
|
|
ContainersCommon:
|
|
type: ../containers-common.yaml
|
|
|
|
MySQLClient:
|
|
type: ../../deployment/database/mysql-client.yaml
|
|
|
|
ManilaBase:
|
|
type: ./manila-base.yaml
|
|
properties:
|
|
EndpointMap: {get_param: EndpointMap}
|
|
ServiceData: {get_param: ServiceData}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
RoleName: {get_param: RoleName}
|
|
RoleParameters: {get_param: RoleParameters}
|
|
|
|
ApacheServiceBase:
|
|
type: ../../deployment/apache/apache-baremetal-puppet.yaml
|
|
properties:
|
|
ServiceData: {get_param: ServiceData}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
EndpointMap: {get_param: EndpointMap}
|
|
RoleName: {get_param: RoleName}
|
|
RoleParameters: {get_param: RoleParameters}
|
|
EnableInternalTLS: {get_param: EnableInternalTLS}
|
|
|
|
RoleParametersValue:
|
|
type: OS::Heat::Value
|
|
properties:
|
|
type: json
|
|
value:
|
|
map_replace:
|
|
- map_replace:
|
|
- ContainerManilaApiImage: ContainerManilaApiImage
|
|
ContainerManilaConfigImage: ContainerManilaConfigImage
|
|
- values: {get_param: [RoleParameters]}
|
|
- values:
|
|
ContainerManilaApiImage: {get_param: ContainerManilaApiImage}
|
|
ContainerManilaConfigImage: {get_param: ContainerManilaConfigImage}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Manila API role.
|
|
value:
|
|
service_name: manila_api
|
|
firewall_rules:
|
|
'150 manila':
|
|
dport:
|
|
- 8786
|
|
firewall_frontend_rules:
|
|
'100 manila_haproxy_frontend':
|
|
dport:
|
|
- 8786
|
|
firewall_ssl_frontend_rules:
|
|
'100 manila_haproxy_frontend_ssl':
|
|
dport:
|
|
- 13786
|
|
keystone_resources:
|
|
manila:
|
|
endpoints:
|
|
public: {get_param: [EndpointMap, ManilaV1Public, uri]}
|
|
internal: {get_param: [EndpointMap, ManilaV1Internal, uri]}
|
|
admin: {get_param: [EndpointMap, ManilaV1Admin, uri]}
|
|
users:
|
|
manila:
|
|
password: {get_param: ManilaPassword}
|
|
roles:
|
|
- admin
|
|
- service
|
|
region: {get_param: KeystoneRegion}
|
|
service: 'share'
|
|
manilav2:
|
|
endpoints:
|
|
public: {get_param: [EndpointMap, ManilaPublic, uri]}
|
|
internal: {get_param: [EndpointMap, ManilaInternal, uri]}
|
|
admin: {get_param: [EndpointMap, ManilaAdmin, uri]}
|
|
users:
|
|
manilav2:
|
|
password: {get_param: ManilaPassword}
|
|
roles:
|
|
- admin
|
|
- service
|
|
region: {get_param: KeystoneRegion}
|
|
service: 'sharev2'
|
|
monitoring_subscription: {get_param: MonitoringSubscriptionManilaApi}
|
|
config_settings:
|
|
map_merge:
|
|
- get_attr: [ManilaBase, role_data, config_settings]
|
|
- get_attr: [ApacheServiceBase, role_data, config_settings]
|
|
- manila::keystone::authtoken::password: {get_param: ManilaPassword}
|
|
manila::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
|
|
manila::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
|
manila::keystone::authtoken::project_name: 'service'
|
|
manila::keystone::authtoken::user_domain_name: 'Default'
|
|
manila::keystone::authtoken::project_domain_name: 'Default'
|
|
manila::keystone::authtoken::region_name: {get_param: KeystoneRegion}
|
|
manila::keystone::authtoken::interface: 'internal'
|
|
manila::keystone::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool}
|
|
# NOTE: bind IP is found in hiera replacing the network name with the
|
|
# local node IP for the given network; replacement examples
|
|
# (eg. for internal_api):
|
|
# internal_api -> IP
|
|
# internal_api_uri -> [IP]
|
|
# internal_api_subnet - > IP/CIDR
|
|
manila::api::bind_host:
|
|
str_replace:
|
|
template:
|
|
"%{lookup('$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, ManilaApiNetwork]}
|
|
manila::wsgi::apache::bind_host:
|
|
str_replace:
|
|
template:
|
|
"%{lookup('$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, ManilaApiNetwork]}
|
|
manila::wsgi::apache::access_log_format: 'forwarded'
|
|
manila::wsgi::apache::ssl: {get_param: EnableInternalTLS}
|
|
manila::api::service_name: 'httpd'
|
|
manila::api::enable_proxy_headers_parsing: true
|
|
manila::api::default_share_type: 'default'
|
|
manila::api::sync_db: false
|
|
manila::policy::policies: { get_param: ManilaApiPolicies }
|
|
tripleo::profile::base::manila::api::enabled_share_protocols: {get_param: ManilaEnabledShareProtocols}
|
|
manila::cron::db_purge::minute: {get_param: ManilaCronDbPurgeMinute}
|
|
manila::cron::db_purge::hour: {get_param: ManilaCronDbPurgeHour}
|
|
manila::cron::db_purge::monthday: {get_param: ManilaCronDbPurgeMonthday}
|
|
manila::cron::db_purge::month: {get_param: ManilaCronDbPurgeMonth}
|
|
manila::cron::db_purge::weekday: {get_param: ManilaCronDbPurgeWeekday}
|
|
manila::cron::db_purge::user: {get_param: ManilaCronDbPurgeUser}
|
|
manila::cron::db_purge::age: {get_param: ManilaCronDbPurgeAge}
|
|
manila::cron::db_purge::destination: {get_param: ManilaCronDbPurgeDestination}
|
|
manila::cron::db_purge::maxdelay: {get_param: ManilaCronDbPurgeMaxDelay}
|
|
manila::wsgi::apache::servername:
|
|
str_replace:
|
|
template:
|
|
"%{lookup('fqdn_$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, ManilaApiNetwork]}
|
|
manila::wsgi::apache::workers: {get_param: ManilaWorkers}
|
|
service_config_settings:
|
|
map_merge:
|
|
- {get_attr: [ManilaBase, role_data, service_config_settings]}
|
|
- horizon:
|
|
horizon::dashboards::manila::policies: {get_param: ManilaApiPolicies}
|
|
# BEGIN DOCKER SETTINGS #
|
|
puppet_config:
|
|
config_volume: manila
|
|
puppet_tags: manila_config,manila_api_paste_ini
|
|
step_config:
|
|
list_join:
|
|
- "\n"
|
|
- - "include tripleo::profile::base::manila::api"
|
|
- {get_attr: [MySQLClient, role_data, step_config]}
|
|
config_image: {get_attr: [RoleParametersValue, value, ContainerManilaConfigImage]}
|
|
kolla_config:
|
|
/var/lib/kolla/config_files/manila_api.json:
|
|
command: /usr/sbin/httpd -DFOREGROUND
|
|
config_files: &manila_api_config_files
|
|
- source: "/var/lib/kolla/config_files/src/etc/httpd/conf.d"
|
|
dest: "/etc/httpd/conf.d"
|
|
merge: false
|
|
preserve_properties: true
|
|
- source: "/var/lib/kolla/config_files/src/etc/httpd/conf.modules.d"
|
|
dest: "/etc/httpd/conf.modules.d"
|
|
merge: false
|
|
preserve_properties: true
|
|
- source: "/var/lib/kolla/config_files/src/*"
|
|
dest: "/"
|
|
merge: true
|
|
preserve_properties: true
|
|
permissions: &manila_api_permissions
|
|
- path: /var/log/manila
|
|
owner: manila:manila
|
|
recurse: true
|
|
/var/lib/kolla/config_files/manila_api_db_sync.json:
|
|
command: "/usr/bin/bootstrap_host_exec manila_api su manila -s /bin/bash -c '/usr/bin/manila-manage db sync'"
|
|
config_files: *manila_api_config_files
|
|
permissions: *manila_api_permissions
|
|
/var/lib/kolla/config_files/manila_api_cron.json:
|
|
command: /usr/sbin/crond -n
|
|
config_files:
|
|
- source: "/var/lib/kolla/config_files/src/*"
|
|
dest: "/"
|
|
merge: true
|
|
preserve_properties: true
|
|
permissions:
|
|
- path: /var/log/manila
|
|
owner: manila:manila
|
|
recurse: true
|
|
docker_config:
|
|
step_2:
|
|
manila_init_logs:
|
|
image: &manila_api_image {get_attr: [RoleParametersValue, value, ContainerManilaApiImage]}
|
|
net: none
|
|
user: root
|
|
volumes:
|
|
- /var/log/containers/manila:/var/log/manila:z
|
|
- /var/log/containers/httpd/manila-api:/var/log/httpd:z
|
|
command: ['/bin/bash', '-c', 'chown -R manila:manila /var/log/manila']
|
|
step_3:
|
|
manila_api_db_sync:
|
|
user: root
|
|
image: *manila_api_image
|
|
net: host
|
|
detach: false
|
|
volumes:
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, volumes]}
|
|
- - /var/lib/kolla/config_files/manila_api_db_sync.json:/var/lib/kolla/config_files/config.json:ro
|
|
- /var/lib/config-data/puppet-generated/manila:/var/lib/kolla/config_files/src:ro
|
|
- /var/log/containers/manila:/var/log/manila:z
|
|
environment:
|
|
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
|
|
step_4:
|
|
manila_api:
|
|
image: *manila_api_image
|
|
net: host
|
|
restart: always
|
|
# NOTE(gouthamr) kolla image changes the user to 'manila', we
|
|
# need it to be root to run httpd
|
|
user: root
|
|
healthcheck:
|
|
test: /openstack/healthcheck
|
|
volumes:
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, volumes]}
|
|
- - /var/lib/kolla/config_files/manila_api.json:/var/lib/kolla/config_files/config.json:ro
|
|
- /var/lib/config-data/puppet-generated/manila:/var/lib/kolla/config_files/src:ro
|
|
- /var/log/containers/manila:/var/log/manila:z
|
|
- /var/log/containers/httpd/manila-api:/var/log/httpd:z
|
|
- if:
|
|
- {get_param: EnableInternalTLS}
|
|
- - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
|
|
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
|
|
environment:
|
|
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
|
|
manila_api_cron:
|
|
image: *manila_api_image
|
|
net: host
|
|
user: root
|
|
privileged: false
|
|
restart: always
|
|
healthcheck:
|
|
test: '/usr/share/openstack-tripleo-common/healthcheck/cron manila'
|
|
volumes:
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, volumes]}
|
|
- - /var/lib/kolla/config_files/manila_api_cron.json:/var/lib/kolla/config_files/config.json:ro
|
|
- /var/lib/config-data/puppet-generated/manila:/var/lib/kolla/config_files/src:ro
|
|
- /var/log/containers/manila:/var/log/manila:z
|
|
- /var/log/containers/httpd/manila-api:/var/log/httpd:z
|
|
environment:
|
|
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
|
|
metadata_settings:
|
|
get_attr: [ApacheServiceBase, role_data, metadata_settings]
|
|
deploy_steps_tasks:
|
|
get_attr: [ApacheServiceBase, role_data, deploy_steps_tasks]
|
|
host_prep_tasks:
|
|
- name: Create persistent directories
|
|
file:
|
|
path: "{{ item.path }}"
|
|
state: directory
|
|
setype: "{{ item.setype }}"
|
|
mode: "{{ item.mode|default(omit) }}"
|
|
with_items:
|
|
- { 'path': /var/log/containers/manila, 'setype': container_file_t, 'mode': '0750' }
|
|
- { 'path': /var/log/containers/httpd/manila-api, 'setype': container_file_t, 'mode': '0750' }
|
|
upgrade_tasks: []
|
|
external_upgrade_tasks:
|
|
- when:
|
|
- step|int == 1
|
|
tags:
|
|
- never
|
|
- system_upgrade_transfer_data
|
|
- system_upgrade_stop_services
|
|
block:
|
|
- name: Stop manila api container
|
|
import_role:
|
|
name: tripleo_container_stop
|
|
vars:
|
|
tripleo_containers_to_stop:
|
|
- manila_api
|
|
tripleo_delegate_to: "{{ groups['manila_api'] | difference(groups['excluded_overcloud']) }}"
|