d1035703b7
The tripleo-docker-rm role has been replaced by tripleo-container-rm [0].
This role will identify the docker engine via the container_cli variable
and perform a deletion of that container. However, these tasks inside the
post_upgrade_tasks section were thought to remove the old docker containers
after upgrading from rocky to stein, in which podman starts to be the
container engine by default.
For that reason, we need to ensure that the container engine in which the
containers are removed is docker, as otherwise we will be removing the
podman container and the deployment steps will fail.
Closes-Bug: #1836531
[0] - 2135446a35
Depends-On: https://review.opendev.org/#/c/671698/
Change-Id: Ib139a1d77f71fc32a49c9878d1b4a6d07564e9dc
262 lines
9.6 KiB
YAML
262 lines
9.6 KiB
YAML
heat_template_version: rocky
|
|
|
|
description: >
|
|
Containerized Sensu client service.
|
|
This service is deprecated and will be remove in future releases.
|
|
|
|
parameters:
|
|
ContainerSensuClientImage:
|
|
description: image
|
|
type: string
|
|
ContainerSensuConfigImage:
|
|
description: The container image to use for the sensu config_volume
|
|
type: string
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
SensuDockerCheckCommand:
|
|
type: string
|
|
default: |
|
|
output=''
|
|
for i in $(docker ps --format '{{.ID}}'); do
|
|
if result=$(docker inspect --format='{{.State.Health.Status}}' $i 2>/dev/null); then
|
|
if [ "$result" != 'healthy' ]; then
|
|
output="${output} ; $(docker inspect --format='{{.Name}}' $i) ($i): $(docker inspect --format='{{(index .State.Health.Log 0).Output}}' $i)";
|
|
fi
|
|
fi
|
|
done
|
|
if [ ! -z "${output}" ]; then
|
|
echo ${output:3} && exit 2;
|
|
fi
|
|
SensuPodmanCheckCommand:
|
|
type: string
|
|
default: |
|
|
output=''
|
|
for i in $(systemctl list-timers --no-pager --no-legend "tripleo*healthcheck.timer" | awk '{print $14}'); do
|
|
i=${i%.timer}
|
|
if result=$(systemctl show $i --property=ActiveState | awk '{split($0,a,/=/); print a[2]}'); then
|
|
if [ "$result" == 'failed' ]; then
|
|
timestamp=$(systemctl show $i --property=InactiveEnterTimestamp | awk '{print $2, $3}' )
|
|
log=$(journalctl -u $i -t podman --since "${timestamp}" --no-pager --output=cat --directory /var/log/journal)
|
|
if [ ! -z "$output" ]; then
|
|
output="$i: $log ; $output"
|
|
else
|
|
output="$i: $log"
|
|
fi
|
|
fi
|
|
fi
|
|
done
|
|
if [ ! -z "${output}" ]; then
|
|
echo ${output:3} && exit 2;
|
|
fi
|
|
SensuDockerCheckInterval:
|
|
type: number
|
|
description: The frequency in seconds the docker health check is executed.
|
|
default: 10
|
|
SensuDockerCheckHandlers:
|
|
default: []
|
|
description: The Sensu event handler to use for events
|
|
created by the docker health check.
|
|
type: comma_delimited_list
|
|
SensuDockerCheckOccurrences:
|
|
type: number
|
|
description: The number of event occurrences before sensu-plugin-aware handler should take action.
|
|
default: 3
|
|
SensuDockerCheckRefresh:
|
|
type: number
|
|
description: The number of seconds sensu-plugin-aware handlers should wait before taking second action.
|
|
default: 90
|
|
ContainerCli:
|
|
type: string
|
|
default: 'podman'
|
|
description: CLI tool used to manage containers.
|
|
constraints:
|
|
- allowed_values: ['docker', 'podman']
|
|
AdminPassword:
|
|
description: The password for the keystone admin account, used for monitoring, querying neutron etc.
|
|
type: string
|
|
hidden: true
|
|
KeystoneRegion:
|
|
default: 'regionOne'
|
|
description: Keystone region for endpoint
|
|
type: string
|
|
SensuClientCustomConfig:
|
|
default: {}
|
|
description: Hash containing custom sensu-client variables.
|
|
type: json
|
|
label: Custom configuration for Sensu Client variables
|
|
|
|
conditions:
|
|
docker_enabled: {equals: [{get_param: ContainerCli}, 'docker']}
|
|
|
|
resources:
|
|
ContainersCommon:
|
|
type: ../../containers-common.yaml
|
|
|
|
SensuBase:
|
|
type: ./sensu-base.yaml
|
|
properties:
|
|
ServiceData: {get_param: ServiceData}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
EndpointMap: {get_param: EndpointMap}
|
|
RoleName: {get_param: RoleName}
|
|
RoleParameters: {get_param: RoleParameters}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Sensu client role.
|
|
value:
|
|
service_name: sensu_client
|
|
config_settings:
|
|
map_merge:
|
|
- get_attr: [SensuBase, role_data, config_settings]
|
|
- sensu::api: false
|
|
sensu::client: true
|
|
sensu::server: false
|
|
sensu::client_custom:
|
|
map_merge:
|
|
- {get_param: SensuClientCustomConfig}
|
|
- openstack:
|
|
username: 'admin'
|
|
password: {get_param: AdminPassword}
|
|
auth_url: {get_param: [EndpointMap, KeystoneInternal, uri]}
|
|
tenant_name: 'admin'
|
|
region: {get_param: KeystoneRegion}
|
|
- sensu::checks:
|
|
check-container-health:
|
|
standalone: true
|
|
command:
|
|
if:
|
|
- docker_enabled
|
|
- {get_param: SensuDockerCheckCommand}
|
|
- {get_param: SensuPodmanCheckCommand}
|
|
interval: {get_param: SensuDockerCheckInterval}
|
|
handlers: {get_param: SensuDockerCheckHandlers}
|
|
occurrences: {get_param: SensuDockerCheckOccurrences}
|
|
refresh: {get_param: SensuDockerCheckRefresh}
|
|
service_config_settings: {}
|
|
# BEGIN DOCKER SETTINGS
|
|
puppet_config:
|
|
config_volume: sensu
|
|
puppet_tags: sensu_rabbitmq_config,sensu_client_config,sensu_check_config,sensu_check
|
|
step_config: include ::tripleo::profile::base::monitoring::sensu
|
|
config_image: {get_param: ContainerSensuConfigImage}
|
|
kolla_config:
|
|
/var/lib/kolla/config_files/sensu-client.json:
|
|
command: /usr/bin/sensu-client -d /etc/sensu/conf.d/ -l /var/log/sensu/sensu-client.log
|
|
config_files:
|
|
- source: "/var/lib/kolla/config_files/src/*"
|
|
dest: "/"
|
|
merge: true
|
|
preserve_properties: true
|
|
permissions:
|
|
- path: /var/log/sensu
|
|
owner: sensu:sensu
|
|
recurse: true
|
|
docker_config:
|
|
step_3:
|
|
sensu_client:
|
|
image: {get_param: ContainerSensuClientImage}
|
|
net: host
|
|
privileged: true
|
|
# NOTE(mmagr) kolla image changes the user to 'sensu', we need it
|
|
# to be root have rw permission to docker.sock to run successfully
|
|
# "docker inspect" command
|
|
user: root
|
|
restart: always
|
|
healthcheck:
|
|
test:
|
|
list_join:
|
|
- ' '
|
|
- - '/openstack/healthcheck'
|
|
- yaql:
|
|
expression: >
|
|
switch(bool($.data.cluster) => $.data.cluster, bool($.data.single_node) => $.data.single_node).select($.port).distinct().join(' ')
|
|
data:
|
|
cluster: {get_attr: [SensuBase, role_data, config_settings, 'sensu::rabbitmq_cluster']}
|
|
single_node: [{port: {get_attr: [SensuBase, role_data, config_settings, 'sensu::rabbitmq_port']}}]
|
|
volumes:
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, volumes]}
|
|
-
|
|
if:
|
|
- docker_enabled
|
|
- - /var/run/docker.sock:/var/run/docker.sock:rw
|
|
- - /var/log/journal:/var/log/journal:ro
|
|
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
|
- /run:/run:rw
|
|
- /usr/lib/systemd/system:/usr/lib/systemd/system:ro
|
|
- - /var/lib/kolla/config_files/sensu-client.json:/var/lib/kolla/config_files/config.json:ro
|
|
- /var/lib/config-data/puppet-generated/sensu/:/var/lib/kolla/config_files/src:ro
|
|
- /var/log/containers/sensu:/var/log/sensu:rw
|
|
environment:
|
|
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
|
host_prep_tasks:
|
|
- name: create persistent directories
|
|
file:
|
|
path: "{{ item.path }}"
|
|
state: directory
|
|
setype: "{{ item.setype }}"
|
|
with_items:
|
|
- { 'path': /var/log/containers/sensu, 'setype': svirt_sandbox_file_t }
|
|
- { 'path': /var/log/sensu, 'setype': svirt_sandbox_file_t }
|
|
- name: sensu logs readme
|
|
copy:
|
|
dest: /var/log/sensu/readme.txt
|
|
content: |
|
|
Log files from sensu containers can be found under
|
|
/var/log/containers/sensu.
|
|
ignore_errors: true
|
|
# TODO: Removal of package
|
|
upgrade_tasks: []
|
|
post_upgrade_tasks:
|
|
- when: step|int == 1
|
|
import_role:
|
|
name: tripleo-docker-rm
|
|
vars:
|
|
containers_to_rm:
|
|
- sensu_client
|
|
tripleo_container_cli: "docker"
|
|
fast_forward_upgrade_tasks:
|
|
- when:
|
|
- step|int == 0
|
|
- release == 'ocata'
|
|
block:
|
|
- name: Check if sensu client is deployed
|
|
command: systemctl is-enabled --quiet sensu-client
|
|
ignore_errors: True
|
|
register: sensu_enabled_result
|
|
- name: Set fact sensu_enabled
|
|
set_fact:
|
|
sensu_enabled: "{{ sensu_enabled_result.rc == 0 }}"
|
|
- name: Stop and disable sensu-client service
|
|
when:
|
|
- step|int == 1
|
|
- release == 'ocata'
|
|
- sensu_enabled|bool
|
|
service: name=sensu-client state=stopped enabled=no
|