248099db8c
In many occasions we had log directory initialization containers without `detach: false`, which didn't guarantee that they'll finish before the container depending on them will start using the log directory. This is now fixed by moving the initialization container one global step earlier, so that we can keep the concurrency when creating the log dirs. (Using `detach: false` makes paunch handle just one container at a time, and as such it can have negative performance impact.) For services which have their container(s) starting in step_1, initialization cannot be moved to an earlier step, so the solution here was to just add `detach: false`. As a minor related change, cinder DB sync container now mounts the log directory from host to put cinder-manage.log into the expected location. Change-Id: I1340de4f68dd32c2412d9385cf3a8ca202b48556
175 lines
6.0 KiB
YAML
175 lines
6.0 KiB
YAML
heat_template_version: pike
|
|
|
|
description: >
|
|
OpenStack containerized Nova API service
|
|
|
|
parameters:
|
|
DockerNamespace:
|
|
description: namespace
|
|
default: 'tripleoupstream'
|
|
type: string
|
|
DockerNovaApiImage:
|
|
description: image
|
|
default: 'centos-binary-nova-api:latest'
|
|
type: string
|
|
DockerNovaConfigImage:
|
|
description: image
|
|
default: 'centos-binary-nova-base:latest'
|
|
type: string
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
|
|
resources:
|
|
|
|
ContainersCommon:
|
|
type: ./containers-common.yaml
|
|
|
|
NovaApiBase:
|
|
type: ../../puppet/services/nova-api.yaml
|
|
properties:
|
|
EndpointMap: {get_param: EndpointMap}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
RoleName: {get_param: RoleName}
|
|
RoleParameters: {get_param: RoleParameters}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Nova API role.
|
|
value:
|
|
service_name: {get_attr: [NovaApiBase, role_data, service_name]}
|
|
config_settings:
|
|
map_merge:
|
|
- get_attr: [NovaApiBase, role_data, config_settings]
|
|
- apache::default_vhost: false
|
|
step_config: &step_config
|
|
list_join:
|
|
- "\n"
|
|
- - "['Nova_cell_v2'].each |String $val| { noop_resource($val) }"
|
|
- {get_attr: [NovaApiBase, role_data, step_config]}
|
|
service_config_settings: {get_attr: [NovaApiBase, role_data, service_config_settings]}
|
|
# BEGIN DOCKER SETTINGS
|
|
puppet_config:
|
|
config_volume: nova
|
|
puppet_tags: nova_config
|
|
step_config: *step_config
|
|
config_image:
|
|
list_join:
|
|
- '/'
|
|
- [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ]
|
|
kolla_config:
|
|
/var/lib/kolla/config_files/nova_api.json:
|
|
command: /usr/bin/nova-api
|
|
permissions:
|
|
- path: /var/log/nova
|
|
owner: nova:nova
|
|
recurse: true
|
|
docker_config:
|
|
# db sync runs before permissions set by kolla_config
|
|
step_2:
|
|
nova_init_logs:
|
|
image: &nova_api_image
|
|
list_join:
|
|
- '/'
|
|
- [ {get_param: DockerNamespace}, {get_param: DockerNovaApiImage} ]
|
|
privileged: false
|
|
user: root
|
|
volumes:
|
|
- /var/log/containers/nova:/var/log/nova
|
|
command: ['/bin/bash', '-c', 'chown -R nova:nova /var/log/nova']
|
|
step_3:
|
|
nova_api_db_sync:
|
|
start_order: 0
|
|
image: *nova_api_image
|
|
net: host
|
|
detach: false
|
|
user: root
|
|
volumes: &nova_api_volumes
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, volumes]}
|
|
-
|
|
- /var/lib/kolla/config_files/nova_api.json:/var/lib/kolla/config_files/config.json:ro
|
|
- /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro
|
|
- /var/log/containers/nova:/var/log/nova
|
|
command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage api_db sync'"
|
|
# FIXME: we probably want to wait on the 'cell_v2 update' in order for this
|
|
# to be capable of upgrading a baremetal setup. This is to ensure the name
|
|
# of the cell is 'default'
|
|
nova_api_map_cell0:
|
|
start_order: 1
|
|
image: *nova_api_image
|
|
net: host
|
|
detach: false
|
|
user: root
|
|
volumes: *nova_api_volumes
|
|
command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 map_cell0'"
|
|
nova_api_create_default_cell:
|
|
start_order: 2
|
|
image: *nova_api_image
|
|
net: host
|
|
detach: false
|
|
volumes: *nova_api_volumes
|
|
# NOTE: allowing the exit code 2 is a dirty way of making
|
|
# this idempotent (if the resource already exists a conflict
|
|
# is raised)
|
|
exit_codes: [0,2]
|
|
user: root
|
|
command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 create_cell --name=default'"
|
|
nova_db_sync:
|
|
start_order: 3
|
|
image: *nova_api_image
|
|
net: host
|
|
detach: false
|
|
volumes: *nova_api_volumes
|
|
user: root
|
|
command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage db sync'"
|
|
step_4:
|
|
nova_api:
|
|
start_order: 2
|
|
image: *nova_api_image
|
|
net: host
|
|
user: nova
|
|
privileged: true
|
|
restart: always
|
|
volumes: *nova_api_volumes
|
|
environment:
|
|
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
|
step_5:
|
|
nova_api_discover_hosts:
|
|
start_order: 1
|
|
image: *nova_api_image
|
|
net: host
|
|
detach: false
|
|
volumes: *nova_api_volumes
|
|
user: root
|
|
command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 discover_hosts'"
|
|
host_prep_tasks:
|
|
- name: create persistent logs directory
|
|
file:
|
|
path: /var/log/containers/nova
|
|
state: directory
|
|
upgrade_tasks:
|
|
- name: Stop and disable nova_api service
|
|
tags: step2
|
|
service: name=openstack-nova-api state=stopped enabled=no
|