tripleo-heat-templates/deployment/octavia/octavia-health-manager-container-puppet.yaml
Gregory Thiemonge 36f9cc78c8 Set octavia services' stop grace period to 300sec
Octavia worker, house-keeping and health-monitor serivices may use some
long taskflow's flows to handle load balancers and amphorae (launch VMs,
etc...). Those flows should not be interrupted when restarting those
services (i.e when updating an overcloud, or restarting services because
of certificates rotation), it might cause resource leaks that cannot be
fixed by an admin.

As default container stop timeout is defined to 10 seconds, this timeout
value needs to be increased for octavia services (except octavia api) to
ensure a graceful shutdown.
This new value has been set to 300 seconds according to the octavia
worker default configuration introduced in
https://review.opendev.org/#/c/684201/

Closes-Bug: #1855684
Change-Id: I8911a79328769c910d03168cfa5a421d0dd0f9b6
(cherry picked from commit c595835776)
2020-01-23 08:38:30 +00:00

167 lines
6.3 KiB
YAML

heat_template_version: rocky
description: >
OpenStack Octavia health-manager service configured with Puppet
parameters:
ContainerOctaviaHealthManagerImage:
description: image
type: string
ContainerOctaviaConfigImage:
description: The container image to use for the octavia config_volume
type: string
OctaviaHealthManagerLoggingSource:
type: json
default:
tag: openstack.octavia.health-manager
file: /var/log/containers/octavia/health-manager.log
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
MonitoringSubscriptionOctaviaHealthManager:
default: 'overcloud-octavia-health-manager'
type: string
OctaviaHeartbeatKey:
type: string
description: Key to identify heartbeat messages for amphorae.
hidden: true
OctaviaMgmtPortDevName:
type: string
default: "o-hm0"
description: Name of the octavia management network interface using
for communication between octavia worker/health-manager
with the amphora machine.
resources:
ContainersCommon:
type: ../containers-common.yaml
MySQLClient:
type: ../database/mysql-client.yaml
OctaviaBase:
type: ./octavia-base.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Octavia health-manager role.
value:
service_name: octavia_health_manager
monitoring_subscription: {get_param: MonitoringSubscriptionOctaviaHealthManager}
config_settings:
map_merge:
- get_attr: [OctaviaBase, role_data, config_settings]
- octavia::health_manager::heartbeat_key: {get_param: OctaviaHeartbeatKey}
tripleo::octavia_health_manager::firewall_rules:
'200 octavia health manager interface':
proto: udp
dport: 5555
iniface: {get_param: OctaviaMgmtPortDevName}
service_config_settings:
rsyslog:
tripleo_logging_sources_octavia_health_manager:
- {get_param: OctaviaHealthManagerLoggingSource}
# BEGIN DOCKER SETTINGS #
puppet_config:
config_volume: octavia
puppet_tags: octavia_config
step_config:
list_join:
- "\n"
- - "include tripleo::profile::base::octavia::health_manager"
- {get_attr: [MySQLClient, role_data, step_config]}
config_image: {get_param: ContainerOctaviaConfigImage}
kolla_config:
/var/lib/kolla/config_files/octavia_health_manager.json:
command: /usr/bin/octavia-health-manager --config-file /usr/share/octavia/octavia-dist.conf --config-file /etc/octavia/octavia.conf --config-file /etc/octavia/post-deploy.conf --log-file /var/log/octavia/health-manager.log --config-dir /etc/octavia/conf.d/octavia-health-manager
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/octavia
owner: octavia:octavia
recurse: true
docker_config:
step_2:
octavia_health_manager_init_dirs:
start_order: 0
image: &octavia_health_manager_image {get_param: ContainerOctaviaHealthManagerImage}
user: root
net: none
volumes:
# NOTE(mandre) we need extra dir for the service in /etc/octavia/conf.d
# It is normally created as part of the RPM install, but it is
# missing here because we use the same config_volume for all
# octavia services, hence the same container image to generate
# configuration.
- /var/lib/config-data/puppet-generated/octavia/etc/octavia:/etc/octavia/:z
command: ['/bin/bash', '-c', 'mkdir -p /etc/octavia/conf.d/octavia-health-manager; chown -R octavia:octavia /etc/octavia/conf.d/octavia-health-manager']
step_5:
octavia_health_manager:
start_order: 2
stop_grace_period: 300
image: *octavia_health_manager_image
net: host
privileged: false
restart: always
healthcheck:
test: /openstack/healthcheck
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/octavia_health_manager.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/octavia/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/octavia:/var/log/octavia:z
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
host_prep_tasks:
- name: create persistent directories
file:
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/octavia, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/octavia, 'setype': svirt_sandbox_file_t }
- name: octavia logs readme
copy:
dest: /var/log/octavia/readme.txt
content: |
Log files from octavia containers can be found under
/var/log/containers/octavia and /var/log/containers/httpd/octavia-api.
ignore_errors: true