tripleo-heat-templates/deployment/nova/nova-conductor-container-puppet.yaml
Alex Schultz 8e052715c8 Use kolla_config for other actions
Today for some services we mount in /var/lib/config-data/<service>/etc
which is actually an output from the container-puppet process. We should
be using kolla to ensure that we properly create the configurations
based on the puppet generated configurations and things in the
container.  Some services correctly leverage the kolla_config that the
associated api/service uses when running their db sync. This patch
aligns the rest to follow the similar pattern.

Change-Id: I0e3d5748a50937880a55413b75fe6eca479c9160
2021-06-02 08:34:05 -06:00

259 lines
9.3 KiB
YAML

heat_template_version: wallaby
description: >
OpenStack containerized Nova Conductor service
parameters:
ContainerNovaConductorImage:
description: image
type: string
ContainerNovaConfigImage:
description: The container image to use for the nova config_volume
type: string
NovaConductorLoggingSource:
type: json
default:
tag: openstack.nova.conductor
file: /var/log/containers/nova/nova-conductor.log
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. Use
parameter_merge_strategies to merge it with the defaults.
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
DeployIdentifier:
default: ''
type: string
description: >
Setting this to a unique value will re-run any deployment tasks which
perform configuration on a Heat stack-update.
NovaWorkers:
default: 0
description: Number of workers for Nova services.
type: number
MonitoringSubscriptionNovaConductor:
default: 'overcloud-nova-conductor'
type: string
NovaPassword:
description: The password for the nova service and db account
type: string
hidden: true
NovaAdditionalCell:
default: false
description: Whether this is an cell additional to the default cell.
type: boolean
conditions:
nova_workers_set:
not: {equals : [{get_param: NovaWorkers}, 0]}
resources:
ContainersCommon:
type: ../containers-common.yaml
MySQLClient:
type: ../../deployment/database/mysql-client.yaml
NovaLogging:
type: OS::TripleO::Services::Logging::NovaCommon
properties:
ContainerNovaImage: {get_param: ContainerNovaConductorImage}
NovaServiceName: 'conductor'
NovaBase:
type: ./nova-base-puppet.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
NovaApiDBClient:
type: ./nova-apidb-client-puppet.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
NovaDBClient:
type: ./nova-db-client-puppet.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Nova Conductor service.
value:
service_name: nova_conductor
monitoring_subscription: {get_param: MonitoringSubscriptionNovaConductor}
config_settings:
map_merge:
- get_attr: [NovaBase, role_data, config_settings]
# FIXME(owalsh): NovaApiDBClient should depend on NovaAdditionalCell
# however cell conductor currently requires api db access for affinity checks
- get_attr: [NovaApiDBClient, role_data, config_settings]
- get_attr: [NovaDBClient, role_data, config_settings]
- get_attr: [NovaLogging, config_settings]
- if:
- nova_workers_set
- nova::conductor::workers: {get_param: NovaWorkers}
service_config_settings:
rabbitmq: {get_attr: [NovaBase, role_data, service_config_settings], rabbitmq}
mysql:
map_merge:
# FIXME(owalsh): NovaApiDBClient should depend on NovaAdditionalCell
# however cell conductor currently requires api db access for affinity checks
- get_attr: [NovaApiDBClient, role_data, service_config_settings, mysql]
- get_attr: [NovaDBClient, role_data, service_config_settings, mysql]
rsyslog:
tripleo_logging_sources_nova_conductor:
- {get_param: NovaConductorLoggingSource}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: nova
puppet_tags: nova_config
step_config:
list_join:
- "\n"
- - include tripleo::profile::base::nova::conductor
- {get_attr: [MySQLClient, role_data, step_config]}
config_image: {get_param: ContainerNovaConfigImage}
kolla_config:
/var/lib/kolla/config_files/nova_conductor.json:
command:
list_join:
- ' '
- - /usr/bin/nova-conductor
- get_attr: [NovaLogging, cmd_extra_args]
config_files: &nova_conductor_config_files
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions: &nova_conductor_permissions
- path: /var/log/nova
owner: nova:nova
recurse: true
/var/lib/kolla/config_files/nova_conductor_db_sync.json:
command:
str_replace:
template: "/usr/bin/bootstrap_host_exec nova_conductor su nova -s /bin/bash -c '/usr/bin/nova-manage db sync DB_SYNC_ARGS'"
params:
if:
- {get_param: NovaAdditionalCell}
- DB_SYNC_ARGS: "--local_cell"
- DB_SYNC_ARGS: ""
config_files: *nova_conductor_config_files
permissions: *nova_conductor_permissions
docker_config:
step_2:
get_attr: [NovaLogging, docker_config, step_2]
step_3:
nova_db_sync:
image: &nova_conductor_image {get_param: ContainerNovaConductorImage}
start_order: 3 # Runs after nova-api tasks if installed on this host
net: host
detach: false
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [NovaLogging, volumes]}
- - /var/lib/kolla/config_files/nova_conductor_db_sync.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/nova:/var/lib/kolla/config_files/src:ro
user: root
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier}
step_4:
nova_conductor:
image: *nova_conductor_image
net: host
privileged: false
restart: always
healthcheck: {get_attr: [ContainersCommon, healthcheck_rpc_port]}
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [NovaLogging, volumes]}
- - /var/lib/kolla/config_files/nova_conductor.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/nova:/var/lib/kolla/config_files/src:ro
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
deploy_steps_tasks:
- name: validate nova-conductor container state
containers.podman.podman_container_info:
name: nova_conductor
register: nova_conductor_infos
failed_when:
- nova_conductor_infos.containers.0.Healthcheck.Status is defined
- "'healthy' not in nova_conductor_infos.containers.0.Healthcheck.Status"
retries: 10
delay: 30
tags:
- opendev-validation
- opendev-validation-nova
when:
- container_cli == 'podman'
- not container_healthcheck_disabled
- step|int == 5
host_prep_tasks:
list_concat:
- {get_attr: [NovaLogging, host_prep_tasks]}
- - name: enable virt_sandbox_use_netlink for healthcheck
seboolean:
name: virt_sandbox_use_netlink
persistent: yes
state: yes
external_upgrade_tasks:
- when: step|int == 1
block: &nova_online_db_migration
- name: Online data migration for Nova
command: "{{ container_cli }} exec nova_conductor nova-manage db online_data_migrations"
delegate_to: "{{ groups['nova_conductor'][0] }}"
become: true
tags:
- online_upgrade
- online_upgrade_nova
- when:
- step|int == 1
tags:
- never
- system_upgrade_transfer_data
- system_upgrade_stop_services
block:
- name: Stop nova conductor container
import_role:
name: tripleo_container_stop
vars:
tripleo_containers_to_stop:
- nova_conductor
tripleo_delegate_to: "{{ groups['nova_conductor'] | default([]) }}"
external_update_tasks:
- when: step|int == 1
block: *nova_online_db_migration