![Flavio Percoco](/assets/img/avatar_default.png)
Some containers are using the logs named volume for collecting logs written to `/var/log`. We should make this consistent for all the containers. This patch also cleans up some mounts that weren't needed for some services. For example, glance-api doesn't need `/run` to be mounted. Other changes: * Rework log volumes to hostpath mounts to omit slow COW writes. * Add kolla_config's permission and host_prep_tasks create and manage hostpath mounted log dirs permissions. * Rework data owning init containers to kolla_config permissions * When a step wants KOLLA_BOOTSTRAP or DB sync, use logs data owning init containers to set permissions for logs. This is required because kolla bootsrap and DB sync runs before the kolla config stage and there is yet permissions set for logs. * In order to address hybrid cases for host services vs containerized ones to access logs having different UIDs, persist containerized services' logs into separate directories (an upgrade impact) * Ensure host prep tasks to create /var/log/containers/ and /var/lib/ sub-directories for services * Fix missing /etc/httpd, /var/www config-data mounts for zaqar/ironic * Fix YAML indentation and drop strings quotation. Co-authored-by: Bogdan Dobrelya <bdobreli@redhat.com> Partial blueprint containerized-services-logs Change-Id: I53e737120bf0121bd28667f355b6f29f1b2a6b82
94 lines
3.0 KiB
YAML
94 lines
3.0 KiB
YAML
heat_template_version: pike
|
|
|
|
description: >
|
|
OpenStack containerized Aodh Notifier service
|
|
|
|
parameters:
|
|
DockerNamespace:
|
|
description: namespace
|
|
default: 'tripleoupstream'
|
|
type: string
|
|
DockerAodhNotifierImage:
|
|
description: image
|
|
default: 'centos-binary-aodh-notifier:latest'
|
|
type: string
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
|
|
resources:
|
|
|
|
ContainersCommon:
|
|
type: ./containers-common.yaml
|
|
|
|
AodhNotifierBase:
|
|
type: ../../puppet/services/aodh-notifier.yaml
|
|
properties:
|
|
EndpointMap: {get_param: EndpointMap}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Aodh API role.
|
|
value:
|
|
service_name: {get_attr: [AodhNotifierBase, role_data, service_name]}
|
|
config_settings:
|
|
map_merge:
|
|
- get_attr: [AodhNotifierBase, role_data, config_settings]
|
|
step_config: &step_config
|
|
get_attr: [AodhNotifierBase, role_data, step_config]
|
|
service_config_settings: {get_attr: [AodhNotifierBase, role_data, service_config_settings]}
|
|
# BEGIN DOCKER SETTINGS
|
|
puppet_config:
|
|
config_volume: aodh
|
|
puppet_tags: aodh_config
|
|
step_config: *step_config
|
|
config_image: &aodh_notifier_image
|
|
list_join:
|
|
- '/'
|
|
- [ {get_param: DockerNamespace}, {get_param: DockerAodhNotifierImage} ]
|
|
kolla_config:
|
|
/var/lib/kolla/config_files/aodh-notifier.json:
|
|
command: /usr/bin/aodh-notifier
|
|
permissions:
|
|
- path: /var/log/aodh
|
|
owner: aodh:aodh
|
|
recurse: true
|
|
docker_config:
|
|
step_4:
|
|
aodh_notifier:
|
|
image: *aodh_notifier_image
|
|
net: host
|
|
privileged: false
|
|
restart: always
|
|
volumes:
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, volumes]}
|
|
-
|
|
- /var/lib/kolla/config_files/aodh-notifier.json:/var/lib/kolla/config_files/config.json:ro
|
|
- /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro
|
|
- /var/log/containers/aodh:/var/log/aodh
|
|
environment:
|
|
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
|
host_prep_tasks:
|
|
- name: create persistent logs directory
|
|
file:
|
|
path: /var/log/containers/aodh
|
|
state: directory
|
|
upgrade_tasks:
|
|
- name: Stop and disable openstack-aodh-notifier service
|
|
tags: step2
|
|
service: name=openstack-aodh-notifier.service state=stopped enabled=no
|