36f9cc78c8
Octavia worker, house-keeping and health-monitor serivices may use some
long taskflow's flows to handle load balancers and amphorae (launch VMs,
etc...). Those flows should not be interrupted when restarting those
services (i.e when updating an overcloud, or restarting services because
of certificates rotation), it might cause resource leaks that cannot be
fixed by an admin.
As default container stop timeout is defined to 10 seconds, this timeout
value needs to be increased for octavia services (except octavia api) to
ensure a graceful shutdown.
This new value has been set to 300 seconds according to the octavia
worker default configuration introduced in
https://review.opendev.org/#/c/684201/
Closes-Bug: #1855684
Change-Id: I8911a79328769c910d03168cfa5a421d0dd0f9b6
(cherry picked from commit c595835776
)
167 lines
6.3 KiB
YAML
167 lines
6.3 KiB
YAML
heat_template_version: rocky
|
|
|
|
description: >
|
|
OpenStack Octavia health-manager service configured with Puppet
|
|
|
|
parameters:
|
|
ContainerOctaviaHealthManagerImage:
|
|
description: image
|
|
type: string
|
|
ContainerOctaviaConfigImage:
|
|
description: The container image to use for the octavia config_volume
|
|
type: string
|
|
OctaviaHealthManagerLoggingSource:
|
|
type: json
|
|
default:
|
|
tag: openstack.octavia.health-manager
|
|
file: /var/log/containers/octavia/health-manager.log
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
MonitoringSubscriptionOctaviaHealthManager:
|
|
default: 'overcloud-octavia-health-manager'
|
|
type: string
|
|
OctaviaHeartbeatKey:
|
|
type: string
|
|
description: Key to identify heartbeat messages for amphorae.
|
|
hidden: true
|
|
OctaviaMgmtPortDevName:
|
|
type: string
|
|
default: "o-hm0"
|
|
description: Name of the octavia management network interface using
|
|
for communication between octavia worker/health-manager
|
|
with the amphora machine.
|
|
|
|
resources:
|
|
|
|
ContainersCommon:
|
|
type: ../containers-common.yaml
|
|
|
|
MySQLClient:
|
|
type: ../database/mysql-client.yaml
|
|
|
|
OctaviaBase:
|
|
type: ./octavia-base.yaml
|
|
properties:
|
|
EndpointMap: {get_param: EndpointMap}
|
|
ServiceData: {get_param: ServiceData}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
RoleName: {get_param: RoleName}
|
|
RoleParameters: {get_param: RoleParameters}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Octavia health-manager role.
|
|
value:
|
|
service_name: octavia_health_manager
|
|
monitoring_subscription: {get_param: MonitoringSubscriptionOctaviaHealthManager}
|
|
config_settings:
|
|
map_merge:
|
|
- get_attr: [OctaviaBase, role_data, config_settings]
|
|
- octavia::health_manager::heartbeat_key: {get_param: OctaviaHeartbeatKey}
|
|
tripleo::octavia_health_manager::firewall_rules:
|
|
'200 octavia health manager interface':
|
|
proto: udp
|
|
dport: 5555
|
|
iniface: {get_param: OctaviaMgmtPortDevName}
|
|
service_config_settings:
|
|
rsyslog:
|
|
tripleo_logging_sources_octavia_health_manager:
|
|
- {get_param: OctaviaHealthManagerLoggingSource}
|
|
# BEGIN DOCKER SETTINGS #
|
|
puppet_config:
|
|
config_volume: octavia
|
|
puppet_tags: octavia_config
|
|
step_config:
|
|
list_join:
|
|
- "\n"
|
|
- - "include tripleo::profile::base::octavia::health_manager"
|
|
- {get_attr: [MySQLClient, role_data, step_config]}
|
|
config_image: {get_param: ContainerOctaviaConfigImage}
|
|
kolla_config:
|
|
/var/lib/kolla/config_files/octavia_health_manager.json:
|
|
command: /usr/bin/octavia-health-manager --config-file /usr/share/octavia/octavia-dist.conf --config-file /etc/octavia/octavia.conf --config-file /etc/octavia/post-deploy.conf --log-file /var/log/octavia/health-manager.log --config-dir /etc/octavia/conf.d/octavia-health-manager
|
|
config_files:
|
|
- source: "/var/lib/kolla/config_files/src/*"
|
|
dest: "/"
|
|
merge: true
|
|
preserve_properties: true
|
|
permissions:
|
|
- path: /var/log/octavia
|
|
owner: octavia:octavia
|
|
recurse: true
|
|
docker_config:
|
|
step_2:
|
|
octavia_health_manager_init_dirs:
|
|
start_order: 0
|
|
image: &octavia_health_manager_image {get_param: ContainerOctaviaHealthManagerImage}
|
|
user: root
|
|
net: none
|
|
volumes:
|
|
# NOTE(mandre) we need extra dir for the service in /etc/octavia/conf.d
|
|
# It is normally created as part of the RPM install, but it is
|
|
# missing here because we use the same config_volume for all
|
|
# octavia services, hence the same container image to generate
|
|
# configuration.
|
|
- /var/lib/config-data/puppet-generated/octavia/etc/octavia:/etc/octavia/:z
|
|
command: ['/bin/bash', '-c', 'mkdir -p /etc/octavia/conf.d/octavia-health-manager; chown -R octavia:octavia /etc/octavia/conf.d/octavia-health-manager']
|
|
step_5:
|
|
octavia_health_manager:
|
|
start_order: 2
|
|
stop_grace_period: 300
|
|
image: *octavia_health_manager_image
|
|
net: host
|
|
privileged: false
|
|
restart: always
|
|
healthcheck:
|
|
test: /openstack/healthcheck
|
|
volumes:
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, volumes]}
|
|
-
|
|
- /var/lib/kolla/config_files/octavia_health_manager.json:/var/lib/kolla/config_files/config.json:ro
|
|
- /var/lib/config-data/puppet-generated/octavia/:/var/lib/kolla/config_files/src:ro
|
|
- /var/log/containers/octavia:/var/log/octavia:z
|
|
environment:
|
|
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
|
|
host_prep_tasks:
|
|
- name: create persistent directories
|
|
file:
|
|
path: "{{ item.path }}"
|
|
state: directory
|
|
setype: "{{ item.setype }}"
|
|
with_items:
|
|
- { 'path': /var/log/containers/octavia, 'setype': svirt_sandbox_file_t }
|
|
- { 'path': /var/log/octavia, 'setype': svirt_sandbox_file_t }
|
|
- name: octavia logs readme
|
|
copy:
|
|
dest: /var/log/octavia/readme.txt
|
|
content: |
|
|
Log files from octavia containers can be found under
|
|
/var/log/containers/octavia and /var/log/containers/httpd/octavia-api.
|
|
ignore_errors: true
|