190420f1bb
Currently the <service>Workers parameters are implemented in different ways according to services. Because of this, these parameters enforce different type(number vs string) and behave differently for a specific value such as 0. These are quite confusing for users. This change introduces the standard implementation for all Workers parameters so that the parameters behave consistently in all services. This also introduces the following changes as side-effects. - Outdated description of some workers parameter is removed. Currently workers are limited to a certain number(such as 12) even in a system with many CPU cores - Default value of BarbicanWorkers is effectively lowered down to $::os_workers from $::processorcount, to use the consistent default workers for all services. Change-Id: Ie7a12a297e00efebca017d51afb9bf9e8c56ee50
214 lines
7.5 KiB
YAML
214 lines
7.5 KiB
YAML
heat_template_version: wallaby
|
|
|
|
description: >
|
|
OpenStack containerized Neutron Metadata agent
|
|
|
|
parameters:
|
|
ContainerNeutronMetadataImage:
|
|
description: image
|
|
type: string
|
|
tags:
|
|
- role_specific
|
|
ContainerNeutronConfigImage:
|
|
description: The container image to use for the neutron config_volume
|
|
type: string
|
|
tags:
|
|
- role_specific
|
|
NeutronMetadataAgentLoggingSource:
|
|
type: json
|
|
default:
|
|
tag: openstack.neutron.agent.metadata
|
|
file: /var/log/containers/neutron/metadata-agent.log
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. Use
|
|
parameter_merge_strategies to merge it with the defaults.
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
NeutronMetadataProxySharedSecret:
|
|
description: Shared secret to prevent spoofing
|
|
type: string
|
|
hidden: true
|
|
NeutronWorkers:
|
|
default: 0
|
|
description: |
|
|
Sets the number of worker processes for the neutron metadata agent. The
|
|
default value results in the configuration being left unset and a
|
|
system-dependent default will be chosen.
|
|
type: number
|
|
MonitoringSubscriptionNeutronMetadata:
|
|
default: 'overcloud-neutron-metadata'
|
|
type: string
|
|
Debug:
|
|
type: boolean
|
|
default: false
|
|
description: Set to True to enable debugging on all services.
|
|
NeutronMetadataAgentDebug:
|
|
default: false
|
|
description: Set to True to enable debugging for Neutron Metadata agent.
|
|
type: boolean
|
|
EnableInternalTLS:
|
|
type: boolean
|
|
default: false
|
|
|
|
conditions:
|
|
neutron_workers_set:
|
|
not: {equals : [{get_param: NeutronWorkers}, 0]}
|
|
neutron_shared_metadata_set:
|
|
not: {equals: [{get_param: NeutronMetadataProxySharedSecret}, '']}
|
|
|
|
resources:
|
|
ContainersCommon:
|
|
type: ../containers-common.yaml
|
|
|
|
NeutronBase:
|
|
type: ./neutron-base.yaml
|
|
properties:
|
|
EndpointMap: {get_param: EndpointMap}
|
|
ServiceData: {get_param: ServiceData}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
RoleName: {get_param: RoleName}
|
|
RoleParameters: {get_param: RoleParameters}
|
|
|
|
NeutronLogging:
|
|
type: OS::TripleO::Services::Logging::NeutronCommon
|
|
properties:
|
|
NeutronServiceName: metadata-agent
|
|
|
|
RoleParametersValue:
|
|
type: OS::Heat::Value
|
|
properties:
|
|
type: json
|
|
value:
|
|
map_replace:
|
|
- map_replace:
|
|
- ContainerNeutronMetadataImage: ContainerNeutronMetadataImage
|
|
ContainerNeutronConfigImage: ContainerNeutronConfigImage
|
|
- values: {get_param: [RoleParameters]}
|
|
- values:
|
|
ContainerNeutronMetadataImage: {get_param: ContainerNeutronMetadataImage}
|
|
ContainerNeutronConfigImage: {get_param: ContainerNeutronConfigImage}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for Neutron Metadata agent
|
|
value:
|
|
service_name: neutron_metadata
|
|
monitoring_subscription: {get_param: MonitoringSubscriptionNeutronMetadata}
|
|
config_settings:
|
|
map_merge:
|
|
- get_attr: [NeutronBase, role_data, config_settings]
|
|
- get_attr: [NeutronLogging, config_settings]
|
|
- neutron::agents::metadata::debug:
|
|
if:
|
|
- {get_param: NeutronMetadataAgentDebug}
|
|
- true
|
|
- {get_param: Debug}
|
|
neutron::agents::metadata::metadata_host:
|
|
str_replace:
|
|
template:
|
|
"%{lookup('cloud_name_$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]}
|
|
neutron::agents::metadata::metadata_protocol:
|
|
if:
|
|
- {get_param: EnableInternalTLS}
|
|
- 'https'
|
|
- 'http'
|
|
neutron::agents::metadata::metadata_workers:
|
|
if:
|
|
- neutron_workers_set
|
|
- {get_param: NeutronWorkers}
|
|
neutron::agents::metadata::shared_secret:
|
|
if:
|
|
- neutron_shared_metadata_set
|
|
- {get_param: NeutronMetadataProxySharedSecret}
|
|
service_config_settings:
|
|
map_merge:
|
|
- get_attr: [NeutronBase, role_data, service_config_settings]
|
|
- rsyslog:
|
|
tripleo_logging_sources_neutron_metadata:
|
|
- {get_param: NeutronMetadataAgentLoggingSource}
|
|
puppet_config:
|
|
puppet_tags: neutron_config,neutron_metadata_agent_config
|
|
config_volume: neutron
|
|
step_config: |
|
|
include tripleo::profile::base::neutron::metadata
|
|
config_image: {get_attr: [RoleParametersValue, value, ContainerNeutronConfigImage]}
|
|
kolla_config:
|
|
/var/lib/kolla/config_files/neutron_metadata_agent.json:
|
|
command:
|
|
list_join:
|
|
- ' '
|
|
- - /usr/bin/neutron-metadata-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/metadata_agent.ini --config-dir /etc/neutron/conf.d/common --config-dir /etc/neutron/conf.d/neutron-metadata-agent
|
|
- get_attr: [NeutronLogging, cmd_extra_args]
|
|
config_files:
|
|
- source: "/var/lib/kolla/config_files/src/*"
|
|
dest: "/"
|
|
merge: true
|
|
preserve_properties: true
|
|
permissions:
|
|
- path: /var/log/neutron
|
|
owner: neutron:neutron
|
|
recurse: true
|
|
- path: /var/lib/neutron
|
|
owner: neutron:neutron
|
|
recurse: true
|
|
docker_config:
|
|
step_4:
|
|
neutron_metadata_agent:
|
|
start_order: 10
|
|
image: {get_attr: [RoleParametersValue, value, ContainerNeutronMetadataImage]}
|
|
net: host
|
|
pid: host
|
|
cgroupns: host
|
|
privileged: true
|
|
restart: always
|
|
healthcheck: {get_attr: [ContainersCommon, healthcheck_rpc_port]}
|
|
volumes:
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, volumes]}
|
|
- {get_attr: [NeutronLogging, volumes]}
|
|
- - /var/lib/kolla/config_files/neutron_metadata_agent.json:/var/lib/kolla/config_files/config.json:ro
|
|
- /var/lib/config-data/puppet-generated/neutron:/var/lib/kolla/config_files/src:ro
|
|
- /lib/modules:/lib/modules:ro
|
|
- /var/lib/neutron:/var/lib/neutron:shared,z
|
|
environment:
|
|
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
|
|
metadata_settings:
|
|
get_attr: [NeutronBase, role_data, metadata_settings]
|
|
host_prep_tasks:
|
|
list_concat:
|
|
- {get_attr: [NeutronLogging, host_prep_tasks]}
|
|
- - name: create /var/lib/neutron
|
|
file:
|
|
path: /var/lib/neutron
|
|
state: directory
|
|
setype: container_file_t
|
|
- name: enable virt_sandbox_use_netlink for healthcheck
|
|
seboolean:
|
|
name: virt_sandbox_use_netlink
|
|
persistent: true
|
|
state: true
|
|
when:
|
|
- ansible_facts.selinux is defined
|
|
- ansible_facts.selinux.status == "enabled"
|
|
upgrade_tasks: []
|