89fde273ea
This change introduces a single parameter, MemcacheUseAdvancedPool, to enable usage of advanced connection pool in keystone middleware. This is useful to avoid bursting connection to memcached. Note that the default value of memcached_use_advanced_pool was changed from false to true during Xena cycle[1], so this parameter is no longer required in master. However the change in keystonemiddleware will never be backported. This change is created so that we can switch to advanced pool even in older releases. [1] https://review.opendev.org/c/openstack/keystonemiddleware/+/773939 (To Victoria) Conflicts: deployment/aodh/aodh-api-container-puppet.yaml deployment/glance/glance-api-container-puppet.yaml deployment/gnocchi/gnocchi-api-container-puppet.yaml deployment/manila/manila-api-container-puppet.yaml deployment/nova/nova-api-container-puppet.yaml Closes-Bug: #1931047 Change-Id: I2887249af44ccfdae1592dd9120d3366fa059876 (cherry picked from commit09bcacd25a
) (cherry picked from commit9a89b9add6
)
458 lines
17 KiB
YAML
458 lines
17 KiB
YAML
heat_template_version: rocky
|
|
|
|
description: >
|
|
OpenStack containerized Cinder API service
|
|
|
|
parameters:
|
|
ContainerCinderApiImage:
|
|
description: image
|
|
type: string
|
|
ContainerCinderConfigImage:
|
|
description: The container image to use for the cinder config_volume
|
|
type: string
|
|
CinderApiLoggingSource:
|
|
type: json
|
|
default:
|
|
tag: openstack.cinder.api
|
|
file: /var/log/containers/cinder/cinder-api.log
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
DeployIdentifier:
|
|
default: ''
|
|
type: string
|
|
description: >
|
|
Setting this to a unique value will re-run any deployment tasks which
|
|
perform configuration on a Heat stack-update.
|
|
EnableInternalTLS:
|
|
type: boolean
|
|
default: false
|
|
CinderDefaultVolumeType:
|
|
default: tripleo
|
|
description: The name of Cinder's default volume type.
|
|
type: string
|
|
CinderEnableDBPurge:
|
|
default: true
|
|
description: |
|
|
Whether to create cron job for purging soft deleted rows in Cinder database.
|
|
type: boolean
|
|
CinderPassword:
|
|
description: The password for the cinder service and db account.
|
|
type: string
|
|
hidden: true
|
|
KeystoneRegion:
|
|
type: string
|
|
default: 'regionOne'
|
|
description: Keystone region for endpoint
|
|
MonitoringSubscriptionCinderApi:
|
|
default: 'overcloud-cinder-api'
|
|
type: string
|
|
CinderWorkers:
|
|
type: string
|
|
description: Set the number of workers for cinder::wsgi::apache
|
|
default: '%{::os_workers}'
|
|
CinderApiPolicies:
|
|
description: |
|
|
A hash of policies to configure for Cinder API.
|
|
e.g. { cinder-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
|
|
default: {}
|
|
type: json
|
|
CinderApiWsgiTimeout:
|
|
default: 60
|
|
description: The number of seconds until a Cinder API WSGI connection times out.
|
|
type: number
|
|
NotificationDriver:
|
|
type: string
|
|
default: 'noop'
|
|
description: Driver or drivers to handle sending notifications.
|
|
RootStackName:
|
|
description: The name of the stack/plan.
|
|
type: string
|
|
MemcacheUseAdvancedPool:
|
|
type: boolean
|
|
description: |
|
|
Use the advanced (eventlet safe) memcached client pool.
|
|
default: true
|
|
|
|
conditions:
|
|
|
|
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
|
cinder_workers_zero: {equals : [{get_param: CinderWorkers}, 0]}
|
|
|
|
resources:
|
|
|
|
ContainersCommon:
|
|
type: ../containers-common.yaml
|
|
|
|
MySQLClient:
|
|
type: ../database/mysql-client.yaml
|
|
|
|
CinderBase:
|
|
type: ./cinder-base.yaml
|
|
properties:
|
|
EndpointMap: {get_param: EndpointMap}
|
|
ServiceData: {get_param: ServiceData}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
RoleName: {get_param: RoleName}
|
|
RoleParameters: {get_param: RoleParameters}
|
|
|
|
CinderCommon:
|
|
type: ./cinder-common-container-puppet.yaml
|
|
|
|
ApacheServiceBase:
|
|
type: ../../deployment/apache/apache-baremetal-puppet.yaml
|
|
properties:
|
|
ServiceData: {get_param: ServiceData}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
EndpointMap: {get_param: EndpointMap}
|
|
RoleName: {get_param: RoleName}
|
|
RoleParameters: {get_param: RoleParameters}
|
|
EnableInternalTLS: {get_param: EnableInternalTLS}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Cinder API role.
|
|
value:
|
|
service_name: cinder_api
|
|
firewall_rules:
|
|
'119 cinder':
|
|
dport:
|
|
- 8776
|
|
- 13776
|
|
keystone_resources:
|
|
cinder:
|
|
users:
|
|
cinder:
|
|
password: {get_param: CinderPassword}
|
|
roles:
|
|
- admin
|
|
- service
|
|
cinderv2:
|
|
endpoints:
|
|
public: {get_param: [EndpointMap, CinderV2Public, uri]}
|
|
internal: {get_param: [EndpointMap, CinderV2Internal, uri]}
|
|
admin: {get_param: [EndpointMap, CinderV2Admin, uri]}
|
|
users:
|
|
cinderv2:
|
|
password: {get_param: CinderPassword}
|
|
roles:
|
|
- admin
|
|
- service
|
|
region: {get_param: KeystoneRegion}
|
|
service: 'volumev2'
|
|
cinderv3:
|
|
endpoints:
|
|
public: {get_param: [EndpointMap, CinderV3Public, uri]}
|
|
internal: {get_param: [EndpointMap, CinderV3Internal, uri]}
|
|
admin: {get_param: [EndpointMap, CinderV3Admin, uri]}
|
|
users:
|
|
cinderv3:
|
|
password: {get_param: CinderPassword}
|
|
roles:
|
|
- admin
|
|
- service
|
|
region: {get_param: KeystoneRegion}
|
|
service: 'volumev3'
|
|
monitoring_subscription: {get_param: MonitoringSubscriptionCinderApi}
|
|
config_settings:
|
|
map_merge:
|
|
- get_attr: [CinderBase, role_data, config_settings]
|
|
- get_attr: [ApacheServiceBase, role_data, config_settings]
|
|
- keystone_resources_managed: false
|
|
- cinder::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
|
cinder::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
|
cinder::keystone::authtoken::password: {get_param: CinderPassword}
|
|
cinder::keystone::authtoken::project_name: 'service'
|
|
cinder::keystone::authtoken::user_domain_name: 'Default'
|
|
cinder::keystone::authtoken::project_domain_name: 'Default'
|
|
cinder::keystone::authtoken::region_name: {get_param: KeystoneRegion}
|
|
cinder::keystone::authtoken::interface: 'internal'
|
|
cinder::keystone::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool}
|
|
cinder::policy::policies: {get_param: CinderApiPolicies}
|
|
cinder::notification_driver: {get_param: NotificationDriver}
|
|
cinder::api::default_volume_type: {get_param: CinderDefaultVolumeType}
|
|
cinder::api::enable_proxy_headers_parsing: true
|
|
|
|
cinder::api::nova_catalog_info: 'compute:nova:internalURL'
|
|
tripleo::profile::base::cinder::cinder_enable_db_purge: {get_param: CinderEnableDBPurge}
|
|
cinder::api::bind_host:
|
|
str_replace:
|
|
template:
|
|
"%{hiera('fqdn_$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, CinderApiNetwork]}
|
|
cinder::wsgi::apache::ssl: {get_param: EnableInternalTLS}
|
|
cinder::api::service_name: 'httpd'
|
|
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
|
|
# for the given network; replacement examples (eg. for internal_api):
|
|
# internal_api -> IP
|
|
# internal_api_uri -> [IP]
|
|
# internal_api_subnet - > IP/CIDR
|
|
cinder::wsgi::apache::bind_host:
|
|
str_replace:
|
|
template:
|
|
"%{hiera('$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, CinderApiNetwork]}
|
|
cinder::wsgi::apache::servername:
|
|
str_replace:
|
|
template:
|
|
"%{hiera('fqdn_$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, CinderApiNetwork]}
|
|
cinder::wsgi::apache::vhost_custom_fragment:
|
|
str_replace:
|
|
template:
|
|
"Timeout TIMEOUT"
|
|
params:
|
|
TIMEOUT: {get_param: CinderApiWsgiTimeout}
|
|
-
|
|
if:
|
|
- cinder_workers_zero
|
|
- {}
|
|
- cinder::wsgi::apache::workers: {get_param: CinderWorkers}
|
|
service_config_settings:
|
|
map_merge:
|
|
- get_attr: [CinderBase, role_data, service_config_settings]
|
|
- rsyslog:
|
|
tripleo_logging_sources_cinder_api:
|
|
- {get_param: CinderApiLoggingSource}
|
|
mysql:
|
|
cinder::db::mysql::password: {get_param: CinderPassword}
|
|
cinder::db::mysql::user: cinder
|
|
cinder::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
|
|
cinder::db::mysql::dbname: cinder
|
|
cinder::db::mysql::allowed_hosts:
|
|
- '%'
|
|
- "%{hiera('mysql_bind_host')}"
|
|
# BEGIN DOCKER SETTINGS
|
|
puppet_config:
|
|
config_volume: cinder
|
|
puppet_tags: cinder_config,cinder_type,file,concat,file_line
|
|
step_config:
|
|
list_join:
|
|
- "\n"
|
|
- - "include tripleo::profile::base::cinder::api"
|
|
- {get_attr: [MySQLClient, role_data, step_config]}
|
|
config_image: {get_param: ContainerCinderConfigImage}
|
|
kolla_config:
|
|
/var/lib/kolla/config_files/cinder_api.json:
|
|
command: /usr/sbin/httpd -DFOREGROUND
|
|
config_files:
|
|
- source: "/var/lib/kolla/config_files/src/etc/httpd/conf.d"
|
|
dest: "/etc/httpd/conf.d"
|
|
merge: false
|
|
preserve_properties: true
|
|
- source: "/var/lib/kolla/config_files/src/etc/httpd/conf.modules.d"
|
|
dest: "/etc/httpd/conf.modules.d"
|
|
# TODO(emilien) remove optional flag once we get a promotion
|
|
# https://launchpad.net/bugs/1884115
|
|
optional: true
|
|
merge: false
|
|
preserve_properties: true
|
|
- source: "/var/lib/kolla/config_files/src/*"
|
|
dest: "/"
|
|
merge: true
|
|
preserve_properties: true
|
|
- source: "/var/lib/kolla/config_files/src-tls/*"
|
|
dest: "/"
|
|
merge: true
|
|
preserve_properties: true
|
|
optional: true
|
|
permissions:
|
|
- path: /var/log/cinder
|
|
owner: cinder:cinder
|
|
recurse: true
|
|
- path: /etc/pki/tls/certs/etcd.crt
|
|
owner: cinder:cinder
|
|
- path: /etc/pki/tls/private/etcd.key
|
|
owner: cinder:cinder
|
|
/var/lib/kolla/config_files/cinder_api_cron.json:
|
|
command: /usr/sbin/crond -n
|
|
config_files:
|
|
- source: "/var/lib/kolla/config_files/src/*"
|
|
dest: "/"
|
|
merge: true
|
|
preserve_properties: true
|
|
permissions:
|
|
- path: /var/log/cinder
|
|
owner: cinder:cinder
|
|
recurse: true
|
|
docker_config:
|
|
step_2:
|
|
cinder_api_init_logs:
|
|
image: &cinder_api_image {get_param: ContainerCinderApiImage}
|
|
net: none
|
|
privileged: false
|
|
user: root
|
|
volumes:
|
|
- /var/log/containers/cinder:/var/log/cinder:z
|
|
- /var/log/containers/httpd/cinder-api:/var/log/httpd:z
|
|
command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder']
|
|
step_3:
|
|
cinder_api_db_sync:
|
|
image: *cinder_api_image
|
|
net: host
|
|
privileged: false
|
|
detach: false
|
|
user: root
|
|
volumes:
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, volumes]}
|
|
-
|
|
- /var/lib/config-data/cinder/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
|
|
- /var/lib/config-data/cinder/etc/cinder/:/etc/cinder/:ro
|
|
- /var/log/containers/cinder:/var/log/cinder:z
|
|
- /var/log/containers/httpd/cinder-api:/var/log/httpd:z
|
|
command:
|
|
- '/usr/bin/bootstrap_host_exec'
|
|
- 'cinder_api'
|
|
- "su cinder -s /bin/bash -c 'cinder-manage db sync --bump-versions'"
|
|
environment:
|
|
TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier}
|
|
step_4:
|
|
cinder_api:
|
|
image: *cinder_api_image
|
|
net: host
|
|
privileged: false
|
|
restart: always
|
|
# NOTE(mandre) kolla image changes the user to 'cinder', we need it
|
|
# to be root to run httpd
|
|
user: root
|
|
healthcheck:
|
|
test: /openstack/healthcheck
|
|
volumes:
|
|
list_concat:
|
|
- {get_attr: [CinderCommon, cinder_common_volumes]}
|
|
-
|
|
- /var/lib/kolla/config_files/cinder_api.json:/var/lib/kolla/config_files/config.json:ro
|
|
- /var/log/containers/httpd/cinder-api:/var/log/httpd:z
|
|
- if:
|
|
- internal_tls_enabled
|
|
-
|
|
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
|
|
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
|
|
- []
|
|
environment:
|
|
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
|
|
cinder_api_cron:
|
|
image: *cinder_api_image
|
|
net: host
|
|
user: root
|
|
privileged: false
|
|
restart: always
|
|
healthcheck:
|
|
test: '/usr/share/openstack-tripleo-common/healthcheck/cron cinder'
|
|
volumes:
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, volumes]}
|
|
-
|
|
- /var/lib/kolla/config_files/cinder_api_cron.json:/var/lib/kolla/config_files/config.json:ro
|
|
- /var/lib/config-data/puppet-generated/cinder:/var/lib/kolla/config_files/src:ro
|
|
- /var/log/containers/cinder:/var/log/cinder:z
|
|
- /var/log/containers/httpd/cinder-api:/var/log/httpd:z
|
|
environment:
|
|
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
|
|
container_puppet_tasks:
|
|
# Create the default volume type after the cinder-api service is
|
|
# running. The puppet code will ensure this is only done once, on
|
|
# the bootstrap node.
|
|
step_4:
|
|
config_volume: 'cinder_init_tasks'
|
|
puppet_tags: cinder_config,cinder_type,file,concat,file_line
|
|
step_config: 'include tripleo::profile::base::cinder::api'
|
|
config_image: *cinder_api_image
|
|
volumes:
|
|
- /var/lib/config-data/cinder/etc/cinder/:/etc/cinder/:ro
|
|
|
|
metadata_settings:
|
|
get_attr: [ApacheServiceBase, role_data, metadata_settings]
|
|
host_prep_tasks:
|
|
- name: create persistent directories
|
|
file:
|
|
path: "{{ item.path }}"
|
|
state: directory
|
|
setype: "{{ item.setype }}"
|
|
mode: "{{ item.mode|default(omit) }}"
|
|
with_items:
|
|
- { 'path': /var/log/containers/cinder, 'setype': container_file_t, 'mode': '0750' }
|
|
- { 'path': /var/log/containers/httpd/cinder-api, 'setype': container_file_t, 'mode': '0750' }
|
|
external_upgrade_tasks:
|
|
- when: step|int == 1
|
|
block: &cinder_online_db_migration
|
|
- name: Online data migration for Cinder
|
|
command: "{{ container_cli }} exec cinder_api cinder-manage db online_data_migrations"
|
|
delegate_to: "{{ groups['cinder_api'][0] }}"
|
|
become: true
|
|
tags:
|
|
- online_upgrade
|
|
- online_upgrade_cinder
|
|
- when: step|int == 1
|
|
tags:
|
|
- never
|
|
- system_upgrade_transfer_data
|
|
- system_upgrade_stop_services
|
|
block:
|
|
- name: Stop cinder api container
|
|
import_role:
|
|
name: tripleo_container_stop
|
|
vars:
|
|
tripleo_containers_to_stop:
|
|
- cinder_api
|
|
- cinder_api_cron
|
|
tripleo_delegate_to: "{{ groups['cinder_api'] | default([]) }}"
|
|
external_update_tasks:
|
|
- when: step|int == 1
|
|
block: *cinder_online_db_migration
|
|
external_deploy_tasks:
|
|
- name: Clean up legacy Cinder keystone catalog entries
|
|
become: true
|
|
os_keystone_service:
|
|
cloud: {get_param: RootStackName}
|
|
name: cinderv3
|
|
service_type: volume
|
|
state: absent
|
|
when:
|
|
- step|int == 4
|
|
- name: Manage Cinder Volume Type
|
|
become: true
|
|
vars:
|
|
default_volume_type: {get_param: CinderDefaultVolumeType}
|
|
environment:
|
|
OS_CLOUD: {get_param: RootStackName}
|
|
when:
|
|
- step|int == 5
|
|
- not ansible_check_mode|bool
|
|
shell: |
|
|
if ! openstack volume type show "{{ default_volume_type }}"; then
|
|
openstack volume type create --public "{{ default_volume_type }}"
|
|
fi
|
|
args:
|
|
executable: /bin/bash
|
|
changed_when: false
|