openstack/tripleo-heat-templates
Code Issues Proposed changes
72b60678e0
tripleo-heat-templates/deployment/nova/nova-migration-target-container-puppet.yaml
ramishra 7f195ff9a8 Remove DefaultPasswords interface 
This was mainly there as an legacy interface which was
for internal use. Now that we pull the passwords from
the existing environment and don't use it, we can drop
this.

Reduces a number of heat resources.

Change-Id: If83d0f3d72a229d737a45b2fd37507dc11a04649
2021-02-12 11:38:44 +05:30

208 lines
7.1 KiB
YAML
Raw Blame History

heat_template_version: rocky
description: >
OpenStack containerized Nova Migration Target service
parameters:
ContainerNovaComputeImage:
description: image
type: string
ContainerNovaLibvirtConfigImage:
description: The container image to use for the nova_libvirt config_volume
type: string
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
DockerNovaMigrationSshdPort:
default: 2022
description: Port that dockerized nova migration target sshd service
binds to.
type: number
MigrationSshKey:
type: json
description: >
SSH key for migration.
Expects a dictionary with keys 'public_key' and 'private_key'.
Values should be identical to SSH public/private key files.
default:
public_key: ''
private_key: ''
MigrationSshPort:
default: 2022
description: Target port for migration over ssh
type: number
NovaNfsEnabled:
default: false
description: Whether to enable or not the NFS backend for Nova
type: boolean
tags:
- role_specific
resources:
ContainersCommon:
type: ../containers-common.yaml
SshdBase:
type: ../../deployment/sshd/sshd-baremetal-puppet.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceNetMap: {get_param: ServiceNetMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
conditions:
nova_nfs_enabled:
or:
- and:
- equals: [{get_param: NovaNfsEnabled}, true]
- equals: [{get_param: [RoleParameters, NovaNfsEnabled]}, '']
- equals: [{get_param: [RoleParameters, NovaNfsEnabled]}, true]
outputs:
role_data:
description: Role data for the Nova Migration Target service.
value:
service_name: nova_migration_target
firewall_rules:
'113 nova_migration_target':
dport:
- {get_param: MigrationSshPort}
config_settings:
map_merge:
- get_attr: [SshdBase, role_data, config_settings]
- tripleo::profile::base::nova::migration::target::ssh_authorized_keys:
- {get_param: [ MigrationSshKey, public_key ]}
tripleo::profile::base::nova::migration::target::ssh_localaddrs:
- "%{hiera('cold_migration_ssh_inbound_addr')}"
- "%{hiera('live_migration_ssh_inbound_addr')}"
live_migration_ssh_inbound_addr:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK:
get_param:
- ServiceNetMap
- str_replace:
template: "ROLENAMEHostnameResolveNetwork"
params:
ROLENAME: {get_param: RoleName}
cold_migration_ssh_inbound_addr:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
tripleo::profile::base::sshd::port:
- 22
puppet_config:
config_volume: nova_libvirt
step_config:
list_join:
- "\n"
- - get_attr: [SshdBase, role_data, step_config]
- include tripleo::profile::base::nova::migration::target
config_image: {get_param: ContainerNovaLibvirtConfigImage}
kolla_config:
/var/lib/kolla/config_files/nova-migration-target.json:
command:
str_replace:
template: "/usr/sbin/sshd -D -p SSHDPORT"
params:
SSHDPORT: {get_param: DockerNovaMigrationSshdPort}
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
- source: /host-ssh/ssh_host_*_key
dest: /etc/ssh/
owner: "root"
perm: "0600"
host_prep_tasks:
# Let's use loop here even for one item, maybe we'll need some more
# directories later.
- name: Create libvirt persistent data directories
file:
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
loop:
- { 'path': /run/libvirt, 'setype': virt_var_run_t }
- name: ensure /run/libvirt is present upon reboot
copy:
dest: /etc/tmpfiles.d/run-libvirt.conf
content: |
d /run/libvirt 0755 root root - -
docker_config:
step_4:
nova_migration_target:
image: {get_param: ContainerNovaComputeImage}
net: host
privileged: true
user: root
restart: always
healthcheck:
test: /openstack/healthcheck
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/nova-migration-target.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/nova_libvirt:/var/lib/kolla/config_files/src:ro
- /etc/ssh/:/host-ssh/:ro
- /run/libvirt:/run/libvirt:shared,z
- /var/lib/nova:/var/lib/nova:shared
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
deploy_steps_tasks:
- name: validate nova-migration-target container state
podman_container_info:
name: nova_migration_target
register: nova_migration_target_infos
failed_when:
- nova_migration_target_infos.containers.0.Healthcheck.Status is defined
- "'healthy' not in nova_migration_target_infos.containers.0.Healthcheck.Status"
retries: 10
delay: 30
tags:
- opendev-validation
- opendev-validation-nova
when:
- container_cli == 'podman'
- not container_healthcheck_disabled
- step|int == 5
update_tasks:
- name: nova_migration_target_tmpfile_cleanup
when: step|int == 1
block: &nova_migration_target_tmpfile_cleanup
- name: Remove old tmpfiles.d config
file:
path: /etc/tmpfiles.d/var-run-libvirt.conf
state: absent
upgrade_tasks:
- name: nova_migration_target_tmpfile_cleanup
when: step|int == 1
block: *nova_migration_target_tmpfile_cleanup
View Git Blame Copy Permalink