Flavio Percoco 58a8b282c2 Mount hostpath logs on /var/log
Some containers are using the logs named volume for collecting logs
written to `/var/log`. We should make this consistent for all the
containers.

This patch also cleans up some mounts that weren't needed for some
services. For example, glance-api doesn't need `/run` to be mounted.

Other changes:
* Rework log volumes to hostpath mounts to omit slow COW writes.
* Add kolla_config's permission and host_prep_tasks create and
  manage hostpath mounted log dirs permissions.
* Rework data owning init containers to kolla_config permissions
* When a step wants KOLLA_BOOTSTRAP or DB sync, use logs data owning
  init containers to set permissions for logs. This is required
  because kolla bootsrap and DB sync runs before the kolla config
  stage and there is yet permissions set for logs.
* In order to address hybrid cases for host services vs containerized
  ones to access logs having different UIDs, persist containerized
  services' logs into separate directories (an upgrade impact)
* Ensure host prep tasks to create /var/log/containers/ and /var/lib/
  sub-directories for services
* Fix missing /etc/httpd, /var/www config-data mounts for zaqar/ironic
* Fix YAML indentation and drop strings quotation.

Co-authored-by: Bogdan Dobrelya <bdobreli@redhat.com>
Partial blueprint containerized-services-logs

Change-Id: I53e737120bf0121bd28667f355b6f29f1b2a6b82
2017-05-05 12:30:17 +02:00

94 lines
3.0 KiB
YAML

heat_template_version: pike
description: >
OpenStack containerized Aodh Notifier service
parameters:
DockerNamespace:
description: namespace
default: 'tripleoupstream'
type: string
DockerAodhNotifierImage:
description: image
default: 'centos-binary-aodh-notifier:latest'
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
resources:
ContainersCommon:
type: ./containers-common.yaml
AodhNotifierBase:
type: ../../puppet/services/aodh-notifier.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
outputs:
role_data:
description: Role data for the Aodh API role.
value:
service_name: {get_attr: [AodhNotifierBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [AodhNotifierBase, role_data, config_settings]
step_config: &step_config
get_attr: [AodhNotifierBase, role_data, step_config]
service_config_settings: {get_attr: [AodhNotifierBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: aodh
puppet_tags: aodh_config
step_config: *step_config
config_image: &aodh_notifier_image
list_join:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerAodhNotifierImage} ]
kolla_config:
/var/lib/kolla/config_files/aodh-notifier.json:
command: /usr/bin/aodh-notifier
permissions:
- path: /var/log/aodh
owner: aodh:aodh
recurse: true
docker_config:
step_4:
aodh_notifier:
image: *aodh_notifier_image
net: host
privileged: false
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/aodh-notifier.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro
- /var/log/containers/aodh:/var/log/aodh
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent logs directory
file:
path: /var/log/containers/aodh
state: directory
upgrade_tasks:
- name: Stop and disable openstack-aodh-notifier service
tags: step2
service: name=openstack-aodh-notifier.service state=stopped enabled=no