6d2901345a
Most of the services are either missing or using deprecated tags for paste deploy configuration. Add those for us to be able to customize paste deploy. Also, removes the unnecessary tag from nova-compute. Change-Id: I699b9283c7dbdb59923007488b4ac6c359d6eced
293 lines
11 KiB
YAML
293 lines
11 KiB
YAML
heat_template_version: wallaby
|
|
|
|
description: >
|
|
OpenStack containerized Nova Metadata service
|
|
|
|
parameters:
|
|
ContainerNovaMetadataImage:
|
|
description: image
|
|
type: string
|
|
ContainerNovaMetadataConfigImage:
|
|
description: The container image to use for the nova config_volume
|
|
type: string
|
|
NovaMetadataLoggingSource:
|
|
type: json
|
|
default:
|
|
tag: openstack.nova.api.metadata
|
|
file: /var/log/containers/nova/nova-metadata-api.log
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. Use
|
|
parameter_merge_strategies to merge it with the defaults.
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
EnableInternalTLS:
|
|
type: boolean
|
|
default: false
|
|
NovaWorkers:
|
|
default: 0
|
|
description: Number of workers for Nova services.
|
|
type: number
|
|
NovaPassword:
|
|
description: The password for the nova service and db account
|
|
type: string
|
|
hidden: true
|
|
KeystoneRegion:
|
|
type: string
|
|
default: 'regionOne'
|
|
description: Keystone region for endpoint
|
|
NeutronMetadataProxySharedSecret:
|
|
description: Shared secret to prevent spoofing
|
|
type: string
|
|
hidden: true
|
|
MonitoringSubscriptionNovaMetadata:
|
|
default: 'overcloud-nova-metadata'
|
|
type: string
|
|
NovaLocalMetadataPerCell:
|
|
default: false
|
|
description: >
|
|
Indicates that the nova-metadata API service has been deployed
|
|
per-cell, so that we can have better performance and data isolation in a
|
|
multi-cell deployment. Users should consider the use of this configuration
|
|
depending on how neutron is setup. If networks span cells, you might need
|
|
to run nova-metadata API service globally. If your networks are segmented
|
|
along cell boundaries, then you can run nova-metadata API service per cell.
|
|
When running nova-metadata API service per cell, you should also configure
|
|
each Neutron metadata-agent to point to the corresponding nova-metadata API
|
|
service.
|
|
type: boolean
|
|
MemcacheUseAdvancedPool:
|
|
type: boolean
|
|
description: |
|
|
Use the advanced (eventlet safe) memcached client pool.
|
|
default: true
|
|
|
|
conditions:
|
|
nova_workers_set:
|
|
not: {equals : [{get_param: NovaWorkers}, 0]}
|
|
is_neutron_shared_metadata_notempty: {not: {equals: [{get_param: NeutronMetadataProxySharedSecret}, '']}}
|
|
|
|
resources:
|
|
ContainersCommon:
|
|
type: ../containers-common.yaml
|
|
|
|
MySQLClient:
|
|
type: ../../deployment/database/mysql-client.yaml
|
|
|
|
NovaMetadataLogging:
|
|
type: OS::TripleO::Services::Logging::NovaMetadata
|
|
|
|
ApacheServiceBase:
|
|
type: ../../deployment/apache/apache-baremetal-puppet.yaml
|
|
properties:
|
|
ServiceData: {get_param: ServiceData}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
EndpointMap: {get_param: EndpointMap}
|
|
RoleName: {get_param: RoleName}
|
|
RoleParameters: {get_param: RoleParameters}
|
|
EnableInternalTLS: {get_param: EnableInternalTLS}
|
|
|
|
NovaBase:
|
|
type: ./nova-base-puppet.yaml
|
|
properties:
|
|
ServiceData: {get_param: ServiceData}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
EndpointMap: {get_param: EndpointMap}
|
|
RoleName: {get_param: RoleName}
|
|
RoleParameters: {get_param: RoleParameters}
|
|
|
|
NovaApiDBClient:
|
|
type: ./nova-apidb-client-puppet.yaml
|
|
properties:
|
|
ServiceData: {get_param: ServiceData}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
EndpointMap: {get_param: EndpointMap}
|
|
RoleName: {get_param: RoleName}
|
|
RoleParameters: {get_param: RoleParameters}
|
|
|
|
NovaDBClient:
|
|
type: ./nova-db-client-puppet.yaml
|
|
properties:
|
|
ServiceData: {get_param: ServiceData}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
EndpointMap: {get_param: EndpointMap}
|
|
RoleName: {get_param: RoleName}
|
|
RoleParameters: {get_param: RoleParameters}
|
|
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Nova Metadata service.
|
|
value:
|
|
service_name: nova_metadata
|
|
firewall_rules:
|
|
'139 nova_metadata':
|
|
dport:
|
|
- 8775
|
|
- 13775
|
|
monitoring_subscription: {get_param: MonitoringSubscriptionNovaMetadata}
|
|
config_settings:
|
|
map_merge:
|
|
- get_attr: [NovaBase, role_data, config_settings]
|
|
- if:
|
|
- not: {get_param: NovaLocalMetadataPerCell}
|
|
- {get_attr: [NovaApiDBClient, role_data, config_settings]}
|
|
- get_attr: [NovaDBClient, role_data, config_settings]
|
|
- get_attr: [ApacheServiceBase, role_data, config_settings]
|
|
- get_attr: [NovaMetadataLogging, config_settings]
|
|
- apache::default_vhost: false
|
|
- nova::keystone::authtoken::project_name: 'service'
|
|
nova::keystone::authtoken::password: {get_param: NovaPassword}
|
|
nova::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
|
nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
|
|
nova::keystone::authtoken::region_name: {get_param: KeystoneRegion}
|
|
nova::keystone::authtoken::interface: 'internal'
|
|
nova::keystone::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool}
|
|
nova::wsgi::apache_metadata::api_port: '8775'
|
|
nova::wsgi::apache_metadata::ssl: {get_param: EnableInternalTLS}
|
|
nova::metadata::local_metadata_per_cell: {get_param: NovaLocalMetadataPerCell}
|
|
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
|
|
# for the given network; replacement examples (eg. for internal_api):
|
|
# internal_api -> IP
|
|
# internal_api_uri -> [IP]
|
|
# internal_api_subnet - > IP/CIDR
|
|
nova::wsgi::apache_metadata::bind_host:
|
|
str_replace:
|
|
template:
|
|
"%{hiera('$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]}
|
|
nova::wsgi::apache_metadata::servername:
|
|
str_replace:
|
|
template:
|
|
"%{hiera('fqdn_$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]}
|
|
nova::wsgi::apache_metadata::workers:
|
|
if:
|
|
- nova_workers_set
|
|
- {get_param: NovaWorkers}
|
|
nova::metadata::neutron_metadata_proxy_shared_secret:
|
|
if:
|
|
- is_neutron_shared_metadata_notempty
|
|
- {get_param: NeutronMetadataProxySharedSecret}
|
|
service_config_settings:
|
|
rabbitmq: {get_attr: [NovaBase, role_data, service_config_settings], rabbitmq}
|
|
mysql:
|
|
map_merge:
|
|
- if:
|
|
- not: {get_param: NovaLocalMetadataPerCell}
|
|
- get_attr: [NovaApiDBClient, role_data, service_config_settings, mysql]
|
|
- get_attr: [NovaDBClient, role_data, service_config_settings, mysql]
|
|
rsyslog:
|
|
tripleo_logging_sources_nova_metadata:
|
|
- {get_param: NovaMetadataLoggingSource}
|
|
# BEGIN DOCKER SETTINGS
|
|
puppet_config:
|
|
config_volume: nova_metadata
|
|
puppet_tags: nova_config,nova_api_paste_ini
|
|
step_config:
|
|
list_join:
|
|
- "\n"
|
|
- - include tripleo::profile::base::nova::metadata
|
|
- {get_attr: [MySQLClient, role_data, step_config]}
|
|
config_image: {get_param: ContainerNovaMetadataConfigImage}
|
|
kolla_config:
|
|
/var/lib/kolla/config_files/nova_metadata.json:
|
|
command: /usr/sbin/httpd -DFOREGROUND
|
|
config_files:
|
|
- source: "/var/lib/kolla/config_files/src/etc/httpd/conf.d"
|
|
dest: "/etc/httpd/conf.d"
|
|
merge: false
|
|
preserve_properties: true
|
|
- source: "/var/lib/kolla/config_files/src/etc/httpd/conf.modules.d"
|
|
dest: "/etc/httpd/conf.modules.d"
|
|
merge: false
|
|
preserve_properties: true
|
|
- source: "/var/lib/kolla/config_files/src/*"
|
|
dest: "/"
|
|
merge: true
|
|
preserve_properties: true
|
|
permissions:
|
|
- path: /var/log/nova
|
|
owner: nova:nova
|
|
recurse: true
|
|
docker_config:
|
|
step_2:
|
|
get_attr: [NovaMetadataLogging, docker_config, step_2]
|
|
step_4:
|
|
nova_metadata:
|
|
start_order: 2
|
|
image: {get_param: ContainerNovaMetadataImage}
|
|
net: host
|
|
user: root
|
|
restart: always
|
|
healthcheck:
|
|
test: /openstack/healthcheck
|
|
volumes:
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, volumes]}
|
|
- {get_attr: [NovaMetadataLogging, volumes]}
|
|
- - /var/lib/kolla/config_files/nova_metadata.json:/var/lib/kolla/config_files/config.json:ro
|
|
- /var/lib/config-data/puppet-generated/nova_metadata:/var/lib/kolla/config_files/src:ro
|
|
- if:
|
|
- {get_param: EnableInternalTLS}
|
|
- - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
|
|
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
|
|
environment:
|
|
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
|
|
deploy_steps_tasks:
|
|
list_concat:
|
|
- get_attr: [ApacheServiceBase, role_data, deploy_steps_tasks]
|
|
- - name: validate nova-metadata container state
|
|
containers.podman.podman_container_info:
|
|
name: nova_metadata
|
|
register: nova_metadata_infos
|
|
failed_when:
|
|
- nova_metadata_infos.containers.0.Healthcheck.Status is defined
|
|
- "'healthy' not in nova_metadata_infos.containers.0.Healthcheck.Status"
|
|
retries: 10
|
|
delay: 30
|
|
tags:
|
|
- opendev-validation
|
|
- opendev-validation-nova
|
|
when:
|
|
- container_cli == 'podman'
|
|
- not container_healthcheck_disabled
|
|
- step|int == 5
|
|
host_prep_tasks: {get_attr: [NovaMetadataLogging, host_prep_tasks]}
|
|
metadata_settings:
|
|
get_attr: [ApacheServiceBase, role_data, metadata_settings]
|
|
external_upgrade_tasks:
|
|
- when:
|
|
- step|int == 1
|
|
tags:
|
|
- never
|
|
- system_upgrade_transfer_data
|
|
- system_upgrade_stop_services
|
|
block:
|
|
- name: Stop nova metadata container
|
|
import_role:
|
|
name: tripleo_container_stop
|
|
vars:
|
|
tripleo_containers_to_stop:
|
|
- nova_metadata
|
|
tripleo_delegate_to: "{{ groups['nova_metadata'] | default([]) }}"
|