3df6a4204a
When deploying a composable HA overcloud with a database role split off
to separate nodes we could observe a deployment failure due to galera
never starting up properly.
The reason for this was that instead of having the firewall rules for
the galera bundle applied (i.e. those with the extra control-port for
the bundle), we would see the firewall rules for the BM galera service.
E.g. we would see the following on the host:
tripleo.mysql.firewall_rules: {
104 mysql galera: {
dport: [ 873, 3306, 4444, 4567, 4568, 9200 ]
Instead of the correct mysq bundle firewall rules:
tripleo.mysql.firewall_rules:
104 mysql galera-bundle:
dport: [ 873, 3123, 3306, 4444, 4567, 4568, 9200 ]
The reason for this is the following piece of code in
https://github.com/openstack/tripleo-heat-templates/blob/master/docker/services/pacemaker/clustercheck.yaml#L62:
...
MysqlPuppetBase:
type: ../../../puppet/services/pacemaker/database/mysql.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Containerized service clustercheck using composable services.
value:
service_name: clustercheck
config_settings: {get_attr: [MysqlPuppetBase, role_data, config_settings]}
logging_source: {get_attr: [MysqlPuppetBase, role_data, logging_source]}
...
Depending on the ordering of the clustercheck service within the role
(before or after the mysql service), the above code will override the
tripleo.mysql.firewall_rules with the wrong rules because we derive from
puppet/services/... which contain the BM firewall rules.
Let's just switch to derive from the docker service so we do not risk
getting the wrong firewall rules during the map_merge.
Tested this change successfully on a composable HA with split-off DB
nodes.
Change-Id: Ie87b327fe7981d905f8762d3944a0e950dbd0bfa
Closes-Bug: #1728918
103 lines
3.6 KiB
YAML
103 lines
3.6 KiB
YAML
heat_template_version: pike
|
|
|
|
description: >
|
|
MySQL HA clustercheck service deployment using puppet
|
|
This service is used by HAProxy in a HA scenario to report whether
|
|
the local galera node is synced
|
|
|
|
parameters:
|
|
DockerClustercheckImage:
|
|
description: image
|
|
type: string
|
|
DockerClustercheckConfigImage:
|
|
description: The container image to use for the clustercheck config_volume
|
|
type: string
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
|
|
resources:
|
|
|
|
ContainersCommon:
|
|
type: ../containers-common.yaml
|
|
|
|
# We import from the corresponding docker service because otherwise we risk
|
|
# rewriting the tripleo.mysql.firewall_rules key with the baremetal firewall
|
|
# rules (see LP#1728918)
|
|
MysqlPuppetBase:
|
|
type: ../../../docker/services/pacemaker/database/mysql.yaml
|
|
properties:
|
|
EndpointMap: {get_param: EndpointMap}
|
|
ServiceData: {get_param: ServiceData}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
RoleName: {get_param: RoleName}
|
|
RoleParameters: {get_param: RoleParameters}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Containerized service clustercheck using composable services.
|
|
value:
|
|
service_name: clustercheck
|
|
config_settings: {get_attr: [MysqlPuppetBase, role_data, config_settings]}
|
|
logging_source: {get_attr: [MysqlPuppetBase, role_data, logging_source]}
|
|
logging_groups: {get_attr: [MysqlPuppetBase, role_data, logging_groups]}
|
|
step_config: "include ::tripleo::profile::pacemaker::clustercheck"
|
|
# BEGIN DOCKER SETTINGS #
|
|
puppet_config:
|
|
config_volume: clustercheck
|
|
puppet_tags: file # set this even though file is the default
|
|
step_config: "include ::tripleo::profile::pacemaker::clustercheck"
|
|
config_image: {get_param: DockerClustercheckConfigImage}
|
|
kolla_config:
|
|
/var/lib/kolla/config_files/clustercheck.json:
|
|
command: /usr/sbin/xinetd -dontfork
|
|
config_files:
|
|
- source: "/var/lib/kolla/config_files/src/*"
|
|
dest: "/"
|
|
merge: true
|
|
preserve_properties: true
|
|
docker_config:
|
|
step_2:
|
|
clustercheck:
|
|
start_order: 1
|
|
image: {get_param: DockerClustercheckImage}
|
|
restart: always
|
|
net: host
|
|
volumes:
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, volumes]}
|
|
-
|
|
- /var/lib/kolla/config_files/clustercheck.json:/var/lib/kolla/config_files/config.json
|
|
- /var/lib/config-data/puppet-generated/clustercheck/:/var/lib/kolla/config_files/src:ro
|
|
- /var/lib/mysql:/var/lib/mysql
|
|
environment:
|
|
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
|
host_prep_tasks:
|
|
upgrade_tasks:
|
|
update_tasks:
|
|
# Nothing: It's not managed by pacemaker, so let paunch do it.
|