openstack/tripleo-heat-templates
Code Issues Proposed changes
7345963531
tripleo-heat-templates/docker/services/nova-api.yaml
Emilien Macchi e4ee042a2a upgrade: remove tasks that stop and disable services 
We don't need upgrade_tasks that stop systemd services since all
services are now containerized.
However, we decided to keep the tasks that remove the rpms in case some
of deployments didn't cleanup them in previous releases, they can still
do it now.

Change-Id: I6abdc9e37966cd818306f7af473958fd4662ccb5
Related-Bug: #1806733
2018-12-10 09:19:59 -05:00

472 lines
19 KiB
YAML
Raw Blame History

heat_template_version: rocky
description: >
OpenStack containerized Nova API service
parameters:
DockerNovaApiImage:
description: image
type: string
DockerNovaConfigImage:
description: The container image to use for the nova config_volume
type: string
NovaApiLoggingSource:
type: json
default:
tag: openstack.nova.api
path: /var/log/containers/nova/nova-api.log
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EnableInternalTLS:
type: boolean
default: false
NovaDbSyncTimeout:
default: 300
description: Timeout for Nova db sync
type: number
UpgradeRemoveUnusedPackages:
default: false
description: Remove package if the service is being disabled during upgrade
type: boolean
DeployIdentifier:
default: ''
type: string
description: >
Setting this to a unique value will re-run any deployment tasks which
perform configuration on a Heat stack-update.
NovaPassword:
description: The password for the nova service and db account
type: string
hidden: true
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
ContainersCommon:
type: ./containers-common.yaml
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
NovaApiBase:
type: ../../puppet/services/nova-api.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
NovaApiLogging:
type: OS::TripleO::Services::Logging::NovaApi
outputs:
role_data:
description: Role data for the Nova API role.
value:
service_name: {get_attr: [NovaApiBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [NovaApiBase, role_data, config_settings]
- get_attr: [NovaApiLogging, config_settings]
- apache::default_vhost: false
service_config_settings:
map_merge:
- get_attr: [NovaApiBase, role_data, service_config_settings]
- fluentd:
tripleo_fluentd_groups_nova_api:
- nova
tripleo_fluentd_sources_nova_api:
- {get_param: NovaApiLoggingSource}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: nova
puppet_tags: nova_config
step_config:
list_join:
- "\n"
- - "['Nova_cell_v2'].each |String $val| { noop_resource($val) }"
- {get_attr: [NovaApiBase, role_data, step_config]}
- {get_attr: [MySQLClient, role_data, step_config]}
config_image: {get_param: DockerNovaConfigImage}
kolla_config:
/var/lib/kolla/config_files/nova_api.json:
command: /usr/sbin/httpd -DFOREGROUND
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/nova
owner: nova:nova
recurse: true
/var/lib/kolla/config_files/nova_api_cron.json:
command: /usr/sbin/crond -n
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/nova
owner: nova:nova
recurse: true
docker_config_scripts:
nova_api_discover_hosts.sh:
mode: "0700"
content: |
#!/bin/bash
export OS_PROJECT_DOMAIN_NAME=$(crudini --get /etc/nova/nova.conf keystone_authtoken project_domain_name)
export OS_USER_DOMAIN_NAME=$(crudini --get /etc/nova/nova.conf keystone_authtoken user_domain_name)
export OS_PROJECT_NAME=$(crudini --get /etc/nova/nova.conf keystone_authtoken project_name)
export OS_USERNAME=$(crudini --get /etc/nova/nova.conf keystone_authtoken username)
export OS_PASSWORD=$(crudini --get /etc/nova/nova.conf keystone_authtoken password)
export OS_AUTH_URL=$(crudini --get /etc/nova/nova.conf keystone_authtoken auth_url)
export OS_AUTH_TYPE=password
export OS_IDENTITY_API_VERSION=3
echo "(cellv2) Running cell_v2 host discovery"
timeout=600
loop_wait=30
declare -A discoverable_hosts
for host in $(hiera -c /etc/puppet/hiera.yaml cellv2_discovery_hosts | sed -e '/^nil$/d' | tr "," " "); do discoverable_hosts[$host]=1; done
timeout_at=$(( $(date +"%s") + ${timeout} ))
echo "(cellv2) Waiting ${timeout} seconds for hosts to register"
finished=0
while : ; do
for host in $(openstack -q compute service list -c 'Host' -c 'Zone' -f value | awk '$2 != "internal" { print $1 }'); do
if (( discoverable_hosts[$host] == 1 )); then
echo "(cellv2) compute node $host has registered"
unset discoverable_hosts[$host]
fi
done
finished=1
for host in "${!discoverable_hosts[@]}"; do
if (( ${discoverable_hosts[$host]} == 1 )); then
echo "(cellv2) compute node $host has not registered"
finished=0
fi
done
remaining=$(( $timeout_at - $(date +"%s") ))
if (( $finished == 1 )); then
echo "(cellv2) All nodes registered"
break
elif (( $remaining <= 0 )); then
echo "(cellv2) WARNING: timeout waiting for nodes to register, running host discovery regardless"
echo "(cellv2) Expected host list:" $(hiera -c /etc/puppet/hiera.yaml cellv2_discovery_hosts | sed -e '/^nil$/d' | sort -u | tr ',' ' ')
echo "(cellv2) Detected host list:" $(openstack -q compute service list -c 'Host' -c 'Zone' -f value | awk '$2 != "internal" { print $1 }' | sort -u | tr '\n', ' ')
break
else
echo "(cellv2) Waiting ${remaining} seconds for hosts to register"
sleep $loop_wait
fi
done
echo "(cellv2) Running host discovery..."
su nova -s /bin/bash -c "/usr/bin/nova-manage cell_v2 discover_hosts --by-service --verbose"
nova_api_ensure_default_cell.sh:
mode: "0700"
content: |
#!/bin/bash
DEFID=$(nova-manage cell_v2 list_cells | sed -e '1,3d' -e '$d' | awk -F ' *| *' '$2 == "default" {print $4}')
if [ "$DEFID" ]; then
echo "(cellv2) Updating default cell_v2 cell $DEFID"
su nova -s /bin/bash -c "/usr/bin/nova-manage cell_v2 update_cell --cell_uuid $DEFID --name=default"
else
echo "(cellv2) Creating default cell_v2 cell"
su nova -s /bin/bash -c "/usr/bin/nova-manage cell_v2 create_cell --name=default"
fi
docker_config:
step_2:
get_attr: [NovaApiLogging, docker_config, step_2]
step_3:
nova_api_db_sync:
start_order: 0
image: &nova_api_image {get_param: DockerNovaApiImage}
net: host
detach: false
user: root
volumes: &nova_api_bootstrap_volumes
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [NovaApiLogging, volumes]}
-
- /var/lib/config-data/nova/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro
command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage api_db sync'"
nova_api_map_cell0:
start_order: 1
image: *nova_api_image
net: host
detach: false
user: root
volumes: *nova_api_bootstrap_volumes
command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 map_cell0'"
nova_api_ensure_default_cell:
start_order: 2
image: *nova_api_image
net: host
detach: false
volumes:
list_concat:
- *nova_api_bootstrap_volumes
-
- /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro
- /var/lib/docker-config-scripts/nova_api_ensure_default_cell.sh:/nova_api_ensure_default_cell.sh:ro
user: root
command: "/usr/bin/bootstrap_host_exec nova_api /nova_api_ensure_default_cell.sh"
nova_db_sync:
start_order: 3
image: *nova_api_image
net: host
detach: false
volumes: *nova_api_bootstrap_volumes
user: root
command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage db sync'"
step_4:
nova_api:
start_order: 2
image: *nova_api_image
net: host
user: root
privileged: true
restart: always
healthcheck:
test: /openstack/healthcheck
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [NovaApiLogging, volumes]}
-
- /var/lib/kolla/config_files/nova_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro
-
if:
- internal_tls_enabled
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
- ''
-
if:
- internal_tls_enabled
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
- ''
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
nova_api_cron:
image: *nova_api_image
net: host
user: root
privileged: false
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [NovaApiLogging, volumes]}
-
- /var/lib/kolla/config_files/nova_api_cron.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
step_5:
nova_api_discover_hosts:
start_order: 1
image: *nova_api_image
net: host
detach: false
volumes:
list_concat:
- *nova_api_bootstrap_volumes
-
- /var/lib/config-data/nova/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro
- /var/lib/docker-config-scripts/nova_api_discover_hosts.sh:/nova_api_discover_hosts.sh:ro
user: root
command: "/usr/bin/bootstrap_host_exec nova_api /nova_api_discover_hosts.sh"
environment:
# NOTE: this should force this container to re-run on each
# update (scale-out, etc.)
- list_join:
- ''
- - 'TRIPLEO_DEPLOY_IDENTIFIER='
- {get_param: DeployIdentifier}
metadata_settings:
get_attr: [NovaApiBase, role_data, metadata_settings]
host_prep_tasks: {get_attr: [NovaApiLogging, host_prep_tasks]}
upgrade_tasks:
- when: step|int == 0
tags: common
block:
- name: set is_bootstrap_node fact
set_fact: is_bootstrap_node={{nova_api_short_bootstrap_node_name|lower == ansible_hostname|lower}}
- name: Ensure all online data migrations for Nova have been applied
shell: |
if {{ container_cli }} ps | grep nova_api; then
{{ container_cli }} exec nova_api nova-manage db online_data_migrations
# handle situation when container_cli is podman but
# the containers are still under docker
elif docker ps | grep nova_api; then
docker exec nova_api nova-manage db online_data_migrations
fi
tags: pre-upgrade
when: is_bootstrap_node|bool
- when: step|int == 3
block:
- name: Set fact for removal of openstack-nova-api package
set_fact:
remove_nova_api_package: {get_param: UpgradeRemoveUnusedPackages}
- name: Remove openstack-nova-api package if operator requests it
package: name=openstack-nova-api state=removed
ignore_errors: True
when:
- remove_nova_api_package|bool
external_upgrade_tasks:
- when: step|int == 1
block:
- name: Online data migration for Nova
command: "{{ container_cli }} exec nova_api nova-manage db online_data_migrations"
delegate_to: "{{ groups['nova_api'][0] }}"
become: true
tags:
- online_upgrade
- online_upgrade_nova
post_upgrade_tasks:
- when: step|int == 1
import_role:
name: tripleo-docker-rm
vars:
containers_to_rm:
- nova_api
- nova_api_cron
fast_forward_upgrade_tasks:
- when:
- step|int == 0
- release == 'ocata'
block:
- name: Check if nova-api is deployed
command: systemctl is-enabled --quiet openstack-nova-api
ignore_errors: True
register: nova_api_enabled_result
- name: Set fact nova_api_enabled
set_fact:
nova_api_enabled: "{{ nova_api_enabled_result.rc == 0 }}"
- name: Stop openstack-nova-api service
service: name=openstack-nova-api state=stopped
when:
- step|int == 1
- nova_api_enabled|bool
- release == 'ocata'
- name: Extra migration for nova tripleo/+bug/1656791
command: nova-manage db online_data_migrations
when:
- step|int == 5
- release == 'ocata'
- is_bootstrap_node|bool
- name: Update nova packages
package:
name: '*nova*'
state: latest
when:
- step|int == 6
- is_bootstrap_node|bool
#FIXME(lyarwood): Use puppet to do this?
- when:
- step|int == 7
- release == 'ocata'
- is_bootstrap_node|bool
block:
- name: Create puppet manifest to set transport_url in nova.conf
copy:
dest: /root/nova-api_upgrade_manifest.pp
mode: 0600
content: >
$transport_url = os_transport_url({
'transport' => hiera('messaging_service_name', 'rabbit'),
'hosts' => any2array(hiera('rabbitmq_node_names', undef)),
'port' => sprintf('%s',hiera('nova::rabbit_port', '5672') ),
'username' => hiera('nova::rabbit_userid', 'guest'),
'password' => hiera('nova::rabbit_password'),
'ssl' => sprintf('%s', bool2num(str2bool(hiera('nova::rabbit_use_ssl', '0'))))
})
oslo::messaging::default { 'nova_config':
transport_url => $transport_url
}
- name: Run puppet apply to set tranport_url in nova.conf
command: puppet apply --modulepath /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules --detailed-exitcodes /root/nova-api_upgrade_manifest.pp
register: puppet_apply_nova_api_upgrade
failed_when: puppet_apply_nova_api_upgrade.rc not in [0,2]
changed_when: puppet_apply_nova_api_upgrade.rc == 2
- name: Setup cell_v2 (map cell0)
shell:
str_replace:
template: nova-manage cell_v2 map_cell0 --database_connection=CELL
params:
CELL:
make_url:
scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
username: nova
password: {get_param: NovaPassword}
host: {get_param: [EndpointMap, MysqlInternal, host]}
path: /nova_cell0
- name: Setup cell_v2 (create default cell)
# (owalsh) puppet-nova expects the cell name 'default'
# (owalsh) pass the db uri explicitly to avoid https://bugs.launchpad.net/tripleo/+bug/1662344
shell: nova-manage cell_v2 create_cell --name='default' --database_connection=$(hiera nova::database_connection)
register: nova_api_create_cell
failed_when: nova_api_create_cell.rc not in [0,2]
changed_when: nova_api_create_cell.rc == 0
- name: Setup cell_v2 (sync nova/cell DB)
command: nova-manage db sync
async: {get_param: NovaDbSyncTimeout}
poll: 10
- name: Setup cell_v2 (get cell uuid)
shell: nova-manage cell_v2 list_cells | sed -e '1,3d' -e '$d' | awk -F ' *| *' '$2 == "default" {print $4}'
register: nova_api_cell_uuid
- name: Setup cell_v2 (migrate hosts)
command: nova-manage cell_v2 discover_hosts --cell_uuid {{nova_api_cell_uuid.stdout}} --verbose
- name: Setup cell_v2 (migrate instances)
command: nova-manage cell_v2 map_instances --cell_uuid {{nova_api_cell_uuid.stdout}}
- when:
- step|int == 8
- is_bootstrap_node|bool
block:
- name: Sync nova/cell DB
command: nova-manage db sync
async: {get_param: NovaDbSyncTimeout}
poll: 10
when:
- release == 'pike'
- name: Sync nova_api DB
command: nova-manage api_db sync
- name: Online data migration for nova
command: nova-manage db online_data_migrations
View Git Blame Copy Permalink