tripleo-heat-templates/docker/services/cinder-common.yaml
Cédric Jeanneret c76584c021 Set setype for log and persistant data directories
This allows to deploy and use the services on a selinux-enforcing host
with proper selinux separation.

Change-Id: Icde6c61a0b26741946d079b2b00475de34722bea
2018-11-12 02:04:07 +00:00

180 lines
6.2 KiB
YAML

heat_template_version: rocky
description: >
Provides the list of Docker volumes and environment to be used by the
CinderVolume and CinderBackup services. The same list is used for
HA and non-HA deployments.
parameters:
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
CinderVolumeOptVolumes:
default: []
description: list of optional volumes to be mounted
type: comma_delimited_list
CinderVolumeOptEnvVars:
default: []
description: list of optional environment variables
type: comma_delimited_list
CinderEnableIscsiBackend:
default: true
description: Whether to enable or not the Iscsi backend for Cinder
type: boolean
CinderLVMLoopDeviceSize:
default: 10280
description: The size of the loopback file used by the cinder LVM driver.
type: number
resources:
ContainersCommon:
type: ./containers-common.yaml
outputs:
cinder_volume_host_prep_tasks:
description: Host prep tasks for the cinder-volume service (HA or non-HA)
value:
- name: create persistent directories
file:
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/cinder, 'setype': svirt_sandbox_file_t }
- { 'path': /var/lib/cinder, 'setype': svirt_sandbox_file_t }
- name: cinder logs readme
copy:
dest: /var/log/cinder/readme.txt
content: |
Log files from cinder containers can be found under
/var/log/containers/cinder and /var/log/containers/httpd/cinder-api.
ignore_errors: true
- name: ensure ceph configurations exist
file:
path: /etc/ceph
state: directory
- name: cinder_enable_iscsi_backend fact
set_fact:
cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend}
- when: cinder_enable_iscsi_backend
block:
- name: cinder create LVM volume group dd
command:
list_join:
- ''
- - 'dd if=/dev/zero of=/var/lib/cinder/cinder-volumes bs=1 count=0 seek='
- str_replace:
template: VALUE
params:
VALUE: {get_param: CinderLVMLoopDeviceSize}
- 'M'
args:
creates: /var/lib/cinder/cinder-volumes
- name: cinder create LVM volume group
shell: |
if ! losetup /dev/loop2; then
losetup /dev/loop2 /var/lib/cinder/cinder-volumes
fi
if ! pvdisplay | grep cinder-volumes; then
pvcreate /dev/loop2
fi
if ! vgdisplay | grep cinder-volumes; then
vgcreate cinder-volumes /dev/loop2
fi
args:
executable: /bin/bash
creates: /dev/loop2
- name: cinder create service to run losetup for LVM on startup
copy:
dest: /etc/systemd/system/cinder-lvm-losetup.service
content: |
[Unit]
Description=Cinder LVM losetup
After=syslog.target
[Service]
Type=oneshot
ExecStart=/bin/bash -c '/sbin/losetup /dev/loop2 || /sbin/losetup /dev/loop2 /var/lib/cinder/cinder-volumes'
ExecStop=/bin/bash -c '/sbin/losetup -d /dev/loop2'
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
- name: cinder enable the LVM losetup service
systemd:
name: cinder-lvm-losetup
enabled: yes
daemon_reload: yes
cinder_volume_volumes:
description: Volumes for the cinder-volume container (HA or non-HA)
value:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_param: CinderVolumeOptVolumes}
-
- /var/lib/kolla/config_files/cinder_volume.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro
- /etc/iscsi:/var/lib/kolla/config_files/src-iscsid:ro
- /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
- /lib/modules:/lib/modules:ro
- /dev/:/dev/
- /run/:/run/
- /sys:/sys
- /var/lib/cinder:/var/lib/cinder
- /var/log/containers/cinder:/var/log/cinder
cinder_volume_environment:
description: Docker environment for the cinder-volume container (HA or non-HA)
value:
list_concat:
- {get_param: CinderVolumeOptEnvVars}
-
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
cinder_backup_volumes:
description: Volumes for the cinder-backup container (HA or non-HA)
value:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/cinder_backup.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro
- /etc/iscsi:/var/lib/kolla/config_files/src-iscsid:ro
- /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
- /dev/:/dev/
- /run/:/run/
- /sys:/sys
- /lib/modules:/lib/modules:ro
- /var/lib/cinder:/var/lib/cinder:z
- /var/log/containers/cinder:/var/log/cinder:z
cinder_backup_environment:
description: Docker environment for the cinder-backup container (HA or non-HA)
value:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS