openstack/tripleo-heat-templates
Code Issues Proposed changes
a269c1a5a6
tripleo-heat-templates/puppet/services/gnocchi-api.yaml
Jiri Stransky 54fb81ecd9 Prevent service bootstrap node facts from colliding with each other 
Many services currently set an `is_bootstrap_node` fact, meaning they
override each other's results when the fact is being set. As long as
the fact doesn't belong into a particular step but it's executed on
every step, nothing bad happens, as the correct is_bootstrap_node
setting directly precedes any service upgrade tasks. However, we
intend to put the fact setting into step 0 in change
Ib04b051e8f4275e06be0cafa81e2111c9cced9b7 and at that point the name
collision would break upgrades (only one service would "win" in
setting the is_bootstrap_node fact).

This patch changes the is_bootstrap_node facts in upgrade_tasks to use
per-service naming.

Note that fast_forward_upgrade_tasks use their own is_boostrap_node
logic. We've uncovered some weirdness there while looking into the
is_boostrap_node issue, but the fix is not a low hanging fruit and
likely we'll be completely redoing the FFU tasks for Q->T
upgrade. So the FFU tasks are left alone for now.

Change-Id: I9c585d3cb282b7e4eb0bacb3cf6909e04a9a495e
Closes-Bug: #1810408
2019-01-03 17:27:27 +01:00

199 lines
7.9 KiB
YAML
Raw Blame History

heat_template_version: rocky
description: >
Gnocchi service configured with Puppet
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
GnocchiPassword:
description: The password for the gnocchi service and db account.
type: string
hidden: true
GnocchiBackend:
default: swift
description: The short name of the Gnocchi backend to use. Should be one
of swift, rbd, file or s3.
type: string
constraints:
- allowed_values: ['swift', 'file', 'rbd', 's3']
GnocchiIncomingStorageDriver:
default: redis
description: Storage driver to use for incoming metric data
type: string
KeystoneRegion:
type: string
default: 'regionOne'
description: Keystone region for endpoint
MonitoringSubscriptionGnocchiApi:
default: 'overcloud-gnocchi-api'
type: string
GnocchiApiLoggingSource:
type: json
default:
tag: openstack.gnocchi.api
path: /var/log/gnocchi/app.log
EnableInternalTLS:
type: boolean
default: false
GnocchiApiPolicies:
description: |
A hash of policies to configure for Gnocchi API.
e.g. { gnocchi-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
default: {}
type: json
GnocchiCorsAllowedOrigin:
type: string
default: ''
description: Indicate whether this resource may be shared with the domain received in the request
"origin" header.
conditions:
cors_allowed_origin_unset: {equals : [{get_param: GnocchiCorsAllowedOrigin}, '']}
resources:
GnocchiServiceBase:
type: ./gnocchi-base.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
ApacheServiceBase:
type: ./apache.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
EnableInternalTLS: {get_param: EnableInternalTLS}
outputs:
role_data:
description: Role data for the Gnocchi role.
value:
service_name: gnocchi_api
monitoring_subscription: {get_param: MonitoringSubscriptionGnocchiApi}
config_settings:
map_merge:
- get_attr: [ApacheServiceBase, role_data, config_settings]
- get_attr: [GnocchiServiceBase, role_data, config_settings]
-
if:
- cors_allowed_origin_unset
- {}
- gnocchi::cors::allowed_origin: {get_param: GnocchiCorsAllowedOrigin}
gnocchi::api::middlewares: 'oslo_middleware.cors.CORS'
- tripleo::gnocchi_api::firewall_rules:
'129 gnocchi-api':
dport:
- 8041
- 13041
gnocchi::api::enabled: true
gnocchi::api::enable_proxy_headers_parsing: true
gnocchi::api::service_name: 'httpd'
gnocchi::policy::policies: {get_param: GnocchiApiPolicies}
gnocchi::cors::max_age: 3600
gnocchi::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token'
gnocchi::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma'
gnocchi::cors::allow_methods: 'GET,POST,PUT,DELETE,OPTIONS,PATCH'
gnocchi::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
gnocchi::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
gnocchi::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
gnocchi::keystone::authtoken::password: {get_param: GnocchiPassword}
gnocchi::keystone::authtoken::project_name: 'service'
gnocchi::keystone::authtoken::user_domain_name: 'Default'
gnocchi::keystone::authtoken::project_domain_name: 'Default'
gnocchi::wsgi::apache::ssl: {get_param: EnableInternalTLS}
gnocchi::wsgi::apache::servername:
str_replace:
template:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, GnocchiApiNetwork]}
tripleo::profile::base::gnocchi::api::gnocchi_backend: {get_param: GnocchiBackend}
tripleo::profile::base::gnocchi::api::incoming_storage_driver: {get_param: GnocchiIncomingStorageDriver}
# NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
gnocchi::wsgi::apache::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, GnocchiApiNetwork]}
gnocchi::wsgi::apache::wsgi_process_display_name: 'gnocchi_wsgi'
step_config: |
include ::tripleo::profile::base::gnocchi::api
service_config_settings:
fluentd:
tripleo_fluentd_groups_gnocchi_api:
- gnocchi
tripleo_fluentd_sources_gnocchi_api:
- {get_param: GnocchiApiLoggingSource}
keystone:
gnocchi::keystone::auth::admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] }
gnocchi::keystone::auth::internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]}
gnocchi::keystone::auth::password: {get_param: GnocchiPassword}
gnocchi::keystone::auth::public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] }
gnocchi::keystone::auth::region: {get_param: KeystoneRegion}
gnocchi::keystone::auth::tenant: 'service'
mysql:
gnocchi::db::mysql::password: {get_param: GnocchiPassword}
gnocchi::db::mysql::user: gnocchi
gnocchi::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
gnocchi::db::mysql::dbname: gnocchi
gnocchi::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks:
list_concat:
- get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
-
- name: Stop gnocchi_api service (running under httpd)
when: step|int == 1
service: name=httpd state=stopped
- name: set is_gnocchi_api_bootstrap_node fact
tags: common
set_fact: is_gnocchi_api_bootstrap_node={{gnocchi_api_short_bootstrap_node_name|lower == ansible_hostname|lower}}
- name: Setup gnocchi db during upgrade
command: gnocchi-upgrade
when:
- step|int == 5
- is_gnocchi_api_bootstrap_node|bool
View Git Blame Copy Permalink