248099db8c
In many occasions we had log directory initialization containers without `detach: false`, which didn't guarantee that they'll finish before the container depending on them will start using the log directory. This is now fixed by moving the initialization container one global step earlier, so that we can keep the concurrency when creating the log dirs. (Using `detach: false` makes paunch handle just one container at a time, and as such it can have negative performance impact.) For services which have their container(s) starting in step_1, initialization cannot be moved to an earlier step, so the solution here was to just add `detach: false`. As a minor related change, cinder DB sync container now mounts the log directory from host to put cinder-manage.log into the expected location. Change-Id: I1340de4f68dd32c2412d9385cf3a8ca202b48556
150 lines
5.2 KiB
YAML
150 lines
5.2 KiB
YAML
heat_template_version: pike
|
|
|
|
description: >
|
|
OpenStack containerized gnocchi service
|
|
|
|
parameters:
|
|
DockerNamespace:
|
|
description: namespace
|
|
default: 'tripleoupstream'
|
|
type: string
|
|
DockerGnocchiApiImage:
|
|
description: image
|
|
default: 'centos-binary-gnocchi-api:latest'
|
|
type: string
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
EnableInternalTLS:
|
|
type: boolean
|
|
default: false
|
|
|
|
conditions:
|
|
|
|
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
|
|
|
resources:
|
|
|
|
ContainersCommon:
|
|
type: ./containers-common.yaml
|
|
|
|
GnocchiApiPuppetBase:
|
|
type: ../../puppet/services/gnocchi-api.yaml
|
|
properties:
|
|
EndpointMap: {get_param: EndpointMap}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
RoleName: {get_param: RoleName}
|
|
RoleParameters: {get_param: RoleParameters}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the gnocchi API role.
|
|
value:
|
|
service_name: {get_attr: [GnocchiApiPuppetBase, role_data, service_name]}
|
|
config_settings:
|
|
map_merge:
|
|
- get_attr: [GnocchiApiPuppetBase, role_data, config_settings]
|
|
- apache::default_vhost: false
|
|
step_config: &step_config
|
|
get_attr: [GnocchiApiPuppetBase, role_data, step_config]
|
|
service_config_settings: {get_attr: [GnocchiApiPuppetBase, role_data, service_config_settings]}
|
|
# BEGIN DOCKER SETTINGS
|
|
puppet_config:
|
|
config_volume: gnocchi
|
|
puppet_tags: gnocchi_api_paste_ini,gnocchi_config
|
|
step_config: *step_config
|
|
config_image: &gnocchi_image
|
|
list_join:
|
|
- '/'
|
|
- [ {get_param: DockerNamespace}, {get_param: DockerGnocchiApiImage} ]
|
|
kolla_config:
|
|
/var/lib/kolla/config_files/gnocchi_api.json:
|
|
command: /usr/sbin/httpd -DFOREGROUND
|
|
permissions:
|
|
- path: /var/log/gnocchi
|
|
owner: gnocchi:gnocchi
|
|
recurse: true
|
|
docker_config:
|
|
# db sync runs before permissions set by kolla_config
|
|
step_2:
|
|
gnocchi_init_log:
|
|
image: *gnocchi_image
|
|
user: root
|
|
volumes:
|
|
- /var/log/containers/gnocchi:/var/log/gnocchi
|
|
command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R gnocchi:gnocchi /var/log/gnocchi']
|
|
step_3:
|
|
gnocchi_db_sync:
|
|
image: *gnocchi_image
|
|
net: host
|
|
detach: false
|
|
privileged: false
|
|
user: root
|
|
volumes:
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, volumes]}
|
|
-
|
|
- /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro
|
|
- /var/log/containers/gnocchi:/var/log/gnocchi
|
|
command: "/usr/bin/bootstrap_host_exec gnocchi_api su gnocchi -s /bin/bash -c '/usr/bin/gnocchi-upgrade --skip-storage'"
|
|
step_4:
|
|
gnocchi_api:
|
|
image: *gnocchi_image
|
|
net: host
|
|
privileged: false
|
|
restart: always
|
|
volumes:
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, volumes]}
|
|
-
|
|
- /var/lib/kolla/config_files/gnocchi_api.json:/var/lib/kolla/config_files/config.json:ro
|
|
- /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro
|
|
- /var/lib/config-data/gnocchi/etc/httpd/conf/:/etc/httpd/conf/:ro
|
|
- /var/lib/config-data/gnocchi/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro
|
|
- /var/lib/config-data/gnocchi/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro
|
|
- /var/lib/config-data/gnocchi/var/www/:/var/www/:ro
|
|
- /var/log/containers/gnocchi:/var/log/gnocchi
|
|
-
|
|
if:
|
|
- internal_tls_enabled
|
|
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
|
|
- ''
|
|
-
|
|
if:
|
|
- internal_tls_enabled
|
|
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
|
|
- ''
|
|
environment:
|
|
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
|
host_prep_tasks:
|
|
- name: create persistent logs directory
|
|
file:
|
|
path: /var/log/containers/gnocchi
|
|
state: directory
|
|
upgrade_tasks:
|
|
- name: Stop and disable httpd service
|
|
tags: step2
|
|
service: name=httpd state=stopped enabled=no
|
|
metadata_settings:
|
|
get_attr: [GnocchiApiPuppetBase, role_data, metadata_settings]
|