c55cf61c99
Using "cp -a" in a container might lead to SELinux failures, since this option is a shortcut for "-dR --preserve=all". The "all" has the context, and we do not allow SELinux relabelling within containers. Splitting the "-a" to "-dR --preserve" will provide the same end results, but without the relabelling, preventing audit.log to fill up during the deploy. Closes-Bug: #1819459 Change-Id: Ic280ad8e95fcc32986987f5abaa524f171d7c13b
127 lines
4.6 KiB
YAML
127 lines
4.6 KiB
YAML
heat_template_version: rocky
|
|
|
|
description: >
|
|
OpenStack Swift Ringbuilder
|
|
|
|
parameters:
|
|
DockerSwiftConfigImage:
|
|
description: The container image to use for the swift config_volume
|
|
type: string
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
SwiftMinPartHours:
|
|
type: number
|
|
default: 1
|
|
description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
|
|
SwiftPartPower:
|
|
default: 10
|
|
description: Partition Power to use when building Swift rings
|
|
type: number
|
|
SwiftRingBuild:
|
|
default: true
|
|
description: Whether to manage Swift rings or not
|
|
type: boolean
|
|
SwiftReplicas:
|
|
type: number
|
|
default: 3
|
|
description: How many replicas to use in the swift rings.
|
|
SwiftRawDisks:
|
|
default: {}
|
|
description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})'
|
|
type: json
|
|
SwiftUseLocalDir:
|
|
default: true
|
|
description: 'Use a local directory for Swift storage services when building rings'
|
|
type: boolean
|
|
SwiftRingGetTempurl:
|
|
default: ''
|
|
description: A temporary Swift URL to download rings from.
|
|
type: string
|
|
SwiftRingPutTempurl:
|
|
default: ''
|
|
description: A temporary Swift URL to upload rings to.
|
|
type: string
|
|
|
|
conditions:
|
|
swift_use_local_dir:
|
|
and:
|
|
- equals:
|
|
- get_param: SwiftUseLocalDir
|
|
- true
|
|
- equals:
|
|
- get_param: SwiftRawDisks
|
|
- {}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for Swift Ringbuilder configuration in containers.
|
|
value:
|
|
service_name: swift_ringbuilder
|
|
config_settings:
|
|
tripleo::profile::base::swift::ringbuilder:skip_consistency_check: true
|
|
tripleo::profile::base::swift::ringbuilder::swift_ring_get_tempurl: {get_param: SwiftRingGetTempurl}
|
|
tripleo::profile::base::swift::ringbuilder::swift_ring_put_tempurl: {get_param: SwiftRingPutTempurl}
|
|
tripleo::profile::base::swift::ringbuilder::build_ring: {get_param: SwiftRingBuild}
|
|
tripleo::profile::base::swift::ringbuilder::replicas: {get_param: SwiftReplicas}
|
|
tripleo::profile::base::swift::ringbuilder::part_power: {get_param: SwiftPartPower}
|
|
tripleo::profile::base::swift::ringbuilder::min_part_hours: {get_param: SwiftMinPartHours}
|
|
tripleo::profile::base::swift::ringbuilder::raw_disk_prefix: 'r1z1-'
|
|
tripleo::profile::base::swift::ringbuilder::raw_disks:
|
|
yaql:
|
|
expression: $.data.raw_disk_lists.flatten()
|
|
data:
|
|
raw_disk_lists:
|
|
- {if: [swift_use_local_dir, [':%PORT%/d1'], []]}
|
|
- repeat:
|
|
template: ':%PORT%/DEVICE'
|
|
for_each:
|
|
DEVICE: {get_param: SwiftRawDisks}
|
|
service_config_settings: {}
|
|
# BEGIN DOCKER SETTINGS
|
|
puppet_config:
|
|
config_volume: 'swift_ringbuilder'
|
|
puppet_tags: exec,fetch_swift_ring_tarball,extract_swift_ring_tarball,ring_object_device,swift::ringbuilder::create,tripleo::profile::base::swift::add_devices,swift::ringbuilder::rebalance,create_swift_ring_tarball,upload_swift_ring_tarball
|
|
step_config: |
|
|
include ::tripleo::profile::base::swift::ringbuilder
|
|
config_image: &swift_ringbuilder_image {get_param: DockerSwiftConfigImage}
|
|
kolla_config: {}
|
|
docker_config:
|
|
step_3:
|
|
swift_copy_rings:
|
|
image: *swift_ringbuilder_image
|
|
net: none
|
|
user: root
|
|
detach: false
|
|
command:
|
|
# Use bash to run the cp command so that wildcards can be used
|
|
- '/bin/bash'
|
|
- '-c'
|
|
- 'cp -v -dR --preserve -t /etc/swift /swift_ringbuilder/etc/swift/*.gz /swift_ringbuilder/etc/swift/*.builder /swift_ringbuilder/etc/swift/backups'
|
|
volumes:
|
|
- /var/lib/config-data/puppet-generated/swift/etc/swift:/etc/swift:rw,z
|
|
- /var/lib/config-data/swift_ringbuilder:/swift_ringbuilder:ro
|