tripleo-heat-templates/docker/services/nova-api.yaml
Jiri Stransky 248099db8c Fix race conditions between containers
In many occasions we had log directory initialization containers
without `detach: false`, which didn't guarantee that they'll finish
before the container depending on them will start using the log
directory.

This is now fixed by moving the initialization container one global
step earlier, so that we can keep the concurrency when creating the
log dirs. (Using `detach: false` makes paunch handle just one
container at a time, and as such it can have negative performance
impact.)

For services which have their container(s) starting in step_1,
initialization cannot be moved to an earlier step, so the solution
here was to just add `detach: false`.

As a minor related change, cinder DB sync container now mounts the log
directory from host to put cinder-manage.log into the expected
location.

Change-Id: I1340de4f68dd32c2412d9385cf3a8ca202b48556
2017-06-14 15:58:55 +02:00

175 lines
6.0 KiB
YAML

heat_template_version: pike
description: >
OpenStack containerized Nova API service
parameters:
DockerNamespace:
description: namespace
default: 'tripleoupstream'
type: string
DockerNovaApiImage:
description: image
default: 'centos-binary-nova-api:latest'
type: string
DockerNovaConfigImage:
description: image
default: 'centos-binary-nova-base:latest'
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
resources:
ContainersCommon:
type: ./containers-common.yaml
NovaApiBase:
type: ../../puppet/services/nova-api.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Nova API role.
value:
service_name: {get_attr: [NovaApiBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [NovaApiBase, role_data, config_settings]
- apache::default_vhost: false
step_config: &step_config
list_join:
- "\n"
- - "['Nova_cell_v2'].each |String $val| { noop_resource($val) }"
- {get_attr: [NovaApiBase, role_data, step_config]}
service_config_settings: {get_attr: [NovaApiBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: nova
puppet_tags: nova_config
step_config: *step_config
config_image:
list_join:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ]
kolla_config:
/var/lib/kolla/config_files/nova_api.json:
command: /usr/bin/nova-api
permissions:
- path: /var/log/nova
owner: nova:nova
recurse: true
docker_config:
# db sync runs before permissions set by kolla_config
step_2:
nova_init_logs:
image: &nova_api_image
list_join:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerNovaApiImage} ]
privileged: false
user: root
volumes:
- /var/log/containers/nova:/var/log/nova
command: ['/bin/bash', '-c', 'chown -R nova:nova /var/log/nova']
step_3:
nova_api_db_sync:
start_order: 0
image: *nova_api_image
net: host
detach: false
user: root
volumes: &nova_api_volumes
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/nova_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro
- /var/log/containers/nova:/var/log/nova
command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage api_db sync'"
# FIXME: we probably want to wait on the 'cell_v2 update' in order for this
# to be capable of upgrading a baremetal setup. This is to ensure the name
# of the cell is 'default'
nova_api_map_cell0:
start_order: 1
image: *nova_api_image
net: host
detach: false
user: root
volumes: *nova_api_volumes
command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 map_cell0'"
nova_api_create_default_cell:
start_order: 2
image: *nova_api_image
net: host
detach: false
volumes: *nova_api_volumes
# NOTE: allowing the exit code 2 is a dirty way of making
# this idempotent (if the resource already exists a conflict
# is raised)
exit_codes: [0,2]
user: root
command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 create_cell --name=default'"
nova_db_sync:
start_order: 3
image: *nova_api_image
net: host
detach: false
volumes: *nova_api_volumes
user: root
command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage db sync'"
step_4:
nova_api:
start_order: 2
image: *nova_api_image
net: host
user: nova
privileged: true
restart: always
volumes: *nova_api_volumes
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
step_5:
nova_api_discover_hosts:
start_order: 1
image: *nova_api_image
net: host
detach: false
volumes: *nova_api_volumes
user: root
command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 discover_hosts'"
host_prep_tasks:
- name: create persistent logs directory
file:
path: /var/log/containers/nova
state: directory
upgrade_tasks:
- name: Stop and disable nova_api service
tags: step2
service: name=openstack-nova-api state=stopped enabled=no