openstack/tripleo-heat-templates
Code Issues Proposed changes
5b2d2795a8
tripleo-heat-templates/deployment/metrics/qdr-container-puppet.yaml
Jose Luis Franco Arza d1035703b7 Force removal of docker container in tripleo-docker-rm. 
The tripleo-docker-rm role has been replaced by tripleo-container-rm [0].
This role will identify the docker engine via the container_cli variable
and perform a deletion of that container. However, these tasks inside the
post_upgrade_tasks section were thought to remove the old docker containers
after upgrading from rocky to stein, in which podman starts to be the
container engine by default.

For that reason, we need to ensure that the container engine in which the
containers are removed is docker, as otherwise we will be removing the
podman container and the deployment steps will fail.

Closes-Bug: #1836531
[0] - 2135446a35

Depends-On: https://review.opendev.org/#/c/671698/
Change-Id: Ib139a1d77f71fc32a49c9878d1b4a6d07564e9dc
2019-07-19 12:37:35 +00:00

319 lines
12 KiB
YAML
Raw Blame History

heat_template_version: rocky
description: >
Qpid dispatch router service for metrics and monitoring purposes
parameters:
ContainerMetricsQdrImage:
description: image
type: string
ContainerMetricsQdrConfigImage:
description: The container image to use for the qdrouterd config_volume
type: string
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
MonitoringSubscriptionQdr:
default: 'overcloud-qdr'
type: string
MetricsQdrLoggingSource:
type: json
default:
tag: openstack.nova.consoleauth
path: /var/log/containers/qdrouterd/metrics-qdr.log
MetricsQdrPort:
default: '5666'
description: Service name or port number on which the qdrouterd will accept
connections. This argument must be string, even if the numeric
form is used.
type: string
MetricsQdrUsername:
default: 'guest'
description: Username which should be used to authenticate to the deployed
qdrouterd.
type: string
MetricsQdrPassword:
default: 'guest'
description: Password which should be used to authenticate to the deployed
qdrouterd.
type: string
hidden: true
MetricsQdrConnectors:
default: []
description: Connectors configuration (array of hashes).
type: json
MetricsQdrSSLProfiles:
default: []
description: SSL Profiles for the connectors (array of hashes).
type: json
MetricsQdrAddresses:
default:
- prefix: 'collectd/notify'
distribution: multicast
- prefix: 'collectd/telemetry'
distribution: multicast
- prefix: 'ceilometer/metering.sample'
distribution: multicast
- prefix: 'ceilometer/event.sample'
distribution: multicast
description: Addresses configuration (array of hashes).
type: json
MetricsQdrAutoLinks:
default: []
description: AutoLinks for the Configured Addresses
type: json
MetricsQdrUseSSL:
default: false
description: Set to true if it is required to use SSL or TLS on
the connection for listener.
type: boolean
MetricsQdrUseEncryption:
default: false
description: Set to true if it is required to encrypt connection to the peer
for listener.
type: boolean
MetricsQdrSaslMechanisms:
default: 'ANONYMOUS'
description: List of accepted SASL auth mechanisms for listener in format
of comma separated list.
type: string
MetricsQdrSslCertDb:
default: ''
description: Path to SSL certificate db for listener.
type: string
MetricsQdrSslCertFile:
default: ''
description: Path to SSL certificate file for listener.
type: string
MetricsQdrSslKeyFile:
default: ''
description: Path to SSL private key file for listener.
type: string
MetricsQdrSslPwFile:
default: ''
description: Path to SSL password file for certificate key for listener.
type: string
MetricsQdrSslPassword:
default: ''
description: SSL password to be supplied for listener.
type: string
MetricsQdrTrustedCerts:
default: ''
description: Path to file containing trusted certificates for listener.
type: string
MetricsQdrAuthenticateClient:
default: 'no'
description: Authenticate the client using SSL/TLS
type: string
InternalTLSCAFile:
default: '/etc/ipa/ca.crt'
type: string
description: Specifies the default CA cert to use if TLS is used for
services in the internal network.
EnableInternalTLS:
type: boolean
default: false
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
ContainersCommon:
type: ../containers-common.yaml
outputs:
role_data:
description: Role data for the metrics Qdr role.
value:
service_name: metrics-qdr
monitoring_subscription: {get_param: MonitoringSubscriptionQdr}
service_config_settings:
fluentd:
tripleo_fluentd_groups_metrics_qdr:
- qdr
tripleo_fluentd_sources_metrics_qdr:
- {get_param: MetricsQdrLoggingSource}
config_settings:
map_merge:
- tripleo::metrics_qdr::firewall_rules:
'109 metrics qdr':
dport:
- {get_param: MetricsQdrPort}
tripleo::profile::base::metrics::qdr::listener_addr:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, MetricsQdrNetwork]}
tripleo::profile::base::metrics::qdr::listener_port: {get_param: MetricsQdrPort}
tripleo::profile::base::metrics::qdr::username: {get_param: MetricsQdrUsername}
tripleo::profile::base::metrics::qdr::password: {get_param: MetricsQdrPassword}
tripleo::profile::base::metrics::qdr::connectors: {get_param: MetricsQdrConnectors}
tripleo::profile::base::metrics::qdr::addresses: {get_param: MetricsQdrAddresses}
tripleo::profile::base::metrics::qdr::autolink_addresses: {get_param: MetricsQdrAutoLinks}
# ssl support
tripleo::profile::base::metrics::qdr::listener_require_ssl: {get_param: MetricsQdrUseSSL}
tripleo::profile::base::metrics::qdr::listener_require_encrypt: {get_param: MetricsQdrUseEncryption}
tripleo::profile::base::metrics::qdr::listener_sasl_mech: {get_param: MetricsQdrSaslMechanisms}
tripleo::profile::base::metrics::qdr::listener_ssl_cert_db: {get_param: MetricsQdrSslCertDb}
tripleo::profile::base::metrics::qdr::listener_ssl_cert_file: {get_param: MetricsQdrSslCertFile}
tripleo::profile::base::metrics::qdr::listener_ssl_key_file: {get_param: MetricsQdrSslKeyFile}
tripleo::profile::base::metrics::qdr::listener_ssl_pw_file: {get_param: MetricsQdrSslPwFile}
tripleo::profile::base::metrics::qdr::listener_ssl_password: {get_param: MetricsQdrSslPassword}
tripleo::profile::base::metrics::qdr::listener_trusted_certs: {get_param: MetricsQdrTrustedCerts}
qdr::log_enable: 'info+'
qdr::log_output: '/var/log/qdrouterd/metrics-qdr.log'
qdr::listener_auth_peer: {get_param: MetricsQdrAuthenticateClient}
- if:
- internal_tls_enabled
- generate_service_certificates: true
tripleo::metrics::qdr::service_certificate: '/etc/pki/tls/certs/metrics_qdr.crt'
tripleo::metrics::qdr::service_key: '/etc/pki/tls/private/metrics_qdr.key'
tripleo::profile::base::metrics::qdr::certificate_specs:
service_certificate: '/etc/pki/tls/certs/metrics_qdr.crt'
service_key: '/etc/pki/tls/private/metrics_qdr.key'
postsave_cmd: "/usr/bin/certmonger-metrics-qdr-refresh.sh"
hostname:
str_replace:
template: "%{hiera('fqdn_NETWORK')}"
params:
NETWORK: {get_param: [ServiceNetMap, MetricsQdrNetwork]}
principal:
str_replace:
template: "metrics-qdr/%{hiera('fqdn_NETWORK')}"
params:
NETWORK: {get_param: [ServiceNetMap, MetricsQdrNetwork]}
tripleo::profile::base::metrics::qdr::ssl_profiles:
list_concat:
- get_param: MetricsQdrSSLProfiles
- - name: 'tlsProfile'
certFile: '/etc/pki/tls/certs/metrics_qdr.crt'
keyFile: '/etc/pki/tls/private/metrics_qdr.key'
caCertFile: {get_param: InternalTLSCAFile}
- tripleo::profile::base::metrics::qdr::ssl_profiles: {get_param: MetricsQdrSSLProfiles}
metadata_settings:
if:
- internal_tls_enabled
-
- service: metrics-qdr
network: {get_param: [ServiceNetMap, MetricsQdrNetwork]}
type: node
- null
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: metrics-qdr
step_config: |
include ::tripleo::profile::base::metrics::qdr
config_image: {get_param: ContainerMetricsQdrConfigImage}
kolla_config:
/var/lib/kolla/config_files/metrics-qdr.json:
command: /usr/sbin/qdrouterd -c /etc/qpid-dispatch/qdrouterd.conf
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
- source: "/var/lib/kolla/config_files/src-tls/*"
dest: "/"
merge: true
preserve_properties: true
optional: true
permissions:
- path: /var/lib/qdrouterd
owner: qdrouterd:qdrouterd
recurse: true
- path: /etc/pki/tls/certs/metrics_qdr.crt
owner: qdrouterd:qdrouterd
optional: true
- path: /etc/pki/tls/private/metrics_qdr.key
owner: qdrouterd:qdrouterd
optional: true
docker_config:
step_1:
metrics_qdr_init_logs:
start_order: 0
detach: false
image: &qdrouterd_image {get_param: ContainerMetricsQdrImage}
net: none
privileged: false
user: root
volumes:
- /var/log/containers/metrics-qdr:/var/log/qdrouterd:z
command: ['/bin/bash', '-c', 'chown -R qdrouterd:qdrouterd /var/log/qdrouterd']
metrics_qdr:
start_order: 1
image: *qdrouterd_image
net: host
user: qdrouterd
privileged: false
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/metrics-qdr.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/metrics-qdr/:/var/lib/kolla/config_files/src:ro
- /var/lib/metrics-qdr:/var/lib/qdrouterd:z
- /var/log/containers/metrics-qdr:/var/log/qdrouterd:z
- if:
- internal_tls_enabled
- - /etc/pki/tls/certs/metrics_qdr.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/metrics_qdr.crt:ro
- /etc/pki/tls/private/metrics_qdr.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/metrics_qdr.key:ro
- list_join:
- ':'
- - {get_param: InternalTLSCAFile}
- {get_param: InternalTLSCAFile}
- 'ro'
- null
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent logs directory
file:
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/metrics-qdr, 'setype': svirt_sandbox_file_t }
- { 'path': /var/lib/metrics-qdr, 'setype': svirt_sandbox_file_t }
- name: qrouterd logs readme
copy:
dest: /var/log/qrouterd/readme-metrics.txt
content: |
Log files from metrics qrouterd containers can be found under
/var/log/containers/metrics-qdr.
ignore_errors: true
post_upgrade_tasks:
- when: step|int == 1
import_role:
name: tripleo-docker-rm
vars:
containers_to_rm:
- metrics_qdr
tripleo_container_cli: "docker"
View Git Blame Copy Permalink