tripleo-heat-templates/puppet/services/docker.yaml
Michele Baldessari dd9b008c11 Make the minor update for docker idempotent
Via Ic08468854ce92e81cd84bd6c86a6b672b5a9d49b we fixed the problem of
docker being restarted when puppet triggers a change while pacemaker is
up and running. That approach, while more correct than what existed
previously, is still suboptimal because we are stopping all docker
containers even though we don't have to.

Let's detect if applying the profile::base::docker manifest would
introduce any changes and also detect if the docker rpm is going to be
updated. If one of the two conditions is true we need to stop
containers.

This way rerunning the update workflow on a node should be much less
disruptive. Tested this and correctly observed that the first run did
correctly stopped the docker containers whereas subsequent runs did not
stop containers.

Change-Id: I9176da730b0156d06e2a1ef5f2fcc061e2a6abf6
Related-Bug: #1747851
2018-02-26 17:41:02 +01:00

147 lines
6.0 KiB
YAML

heat_template_version: queens
description: >
Configures docker on the host
parameters:
DockerInsecureRegistryAddress:
description: Optional. The IP Address and Port of an insecure docker
namespace that will be configured in /etc/sysconfig/docker.
The value can be multiple addresses separated by commas.
type: comma_delimited_list
default: []
DockerRegistryMirror:
description: Optional. Configure a registry-mirror in the /etc/docker/daemon.json file.
default: ''
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
Debug:
type: boolean
default: false
description: Set to True to enable debugging on all services.
DockerDebug:
default: ''
description: Set to True to enable debugging Docker services.
type: string
constraints:
- allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE']
DockerOptions:
default: '--log-driver=journald --signature-verification=false --iptables=false --live-restore'
description: Options that are used to startup the docker service.
type: string
DeploymentUser:
default: ''
description: User added to the docker group in order to use container commands.
type: string
conditions:
insecure_registry_is_empty: {equals : [{get_param: DockerInsecureRegistryAddress}, []]}
insecure_registry_mirror_is_empty: {equals : [{get_param: DockerRegistryMirror}, '']}
service_debug_unset: {equals : [{get_param: DockerDebug}, '']}
deployment_user_is_empty: {equals : [{get_param: DeploymentUser}, '']}
outputs:
role_data:
description: Role data for the docker service
value:
service_name: docker
config_settings:
map_merge:
- tripleo::profile::base::docker::configure_network: true
tripleo::profile::base::docker::network_options: "--bip=172.31.0.1/24"
tripleo::profile::base::docker::docker_options: {get_param: DockerOptions}
tripleo::profile::base::docker::debug:
if:
- service_debug_unset
- {get_param: Debug }
- {get_param: DockerDebug}
-
if:
- insecure_registry_is_empty
- {}
- tripleo::profile::base::docker::insecure_registries: {get_param: DockerInsecureRegistryAddress}
-
if:
- insecure_registry_mirror_is_empty
- {}
- tripleo::profile::base::docker::registry_mirror: {get_param: DockerRegistryMirror}
-
if:
- deployment_user_is_empty
- {}
- tripleo::profile::base::docker::deployment_user: {get_param: DeploymentUser}
step_config: |
include ::tripleo::profile::base::docker
upgrade_tasks:
- name: Install docker packages on upgrade if missing
when: step|int == 3
yum: name=docker state=latest
update_tasks:
block:
- name: Detect if puppet on the docker profile would restart the service
# Note that due to https://tickets.puppetlabs.com/browse/PUP-686 --noop
# always exits 0, so we cannot rely on that to detect if puppet is going to change stuff
shell: |
puppet apply --noop --summarize --detailed-exitcodes --verbose \
--modulepath /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules \
--color=false -e "class { 'tripleo::profile::base::docker': step => 1, }" 2>&1 | \
awk -F ":" '/Out of sync:/ { print $2}'
register: puppet_docker_noop_output
failed_when: false
- name: Is docker going to be updated
shell: yum check-update docker
register: docker_check_update
failed_when: docker_check_update.rc not in [0, 100]
changed_when: docker_check_update.rc == 100
- name: Set docker_rpm_needs_update fact
set_fact: docker_rpm_needs_update={{ docker_check_update.rc == 100 }}
- name: Set puppet_docker_is_outofsync fact
set_fact: puppet_docker_is_outofsync={{ puppet_docker_noop_output.stdout|trim|int >= 1 }}
- name: Stop all containers
# xargs is preferable to docker stop $(docker ps -q) as that might generate a
# a too long command line
shell: docker ps -q | xargs --no-run-if-empty -n1 docker stop
when: puppet_docker_is_outofsync or docker_rpm_needs_update
- name: Stop docker
service:
name: docker
state: stopped
when: puppet_docker_is_outofsync or docker_rpm_needs_update
- name: Update the docker package
yum: name=docker state=latest update_cache=yes # cache for tripleo/+bug/1703830
when: docker_rpm_needs_update
- name: Apply puppet which will start the service again
shell: |
puppet apply --detailed-exitcodes --verbose \
--modulepath /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules \
-e "class { 'tripleo::profile::base::docker': step => 1, }"
register: puppet_docker_apply
failed_when: puppet_docker_apply.rc not in [0, 2]
changed_when: puppet_docker_apply.rc == 2
when: step|int == 2