openstack/tripleo-heat-templates
Code Issues Proposed changes
a94f17d98c
tripleo-heat-templates/deployment/iscsid/iscsid-container-puppet.yaml
ramishra 7f195ff9a8 Remove DefaultPasswords interface 
This was mainly there as an legacy interface which was
for internal use. Now that we pull the passwords from
the existing environment and don't use it, we can drop
this.

Reduces a number of heat resources.

Change-Id: If83d0f3d72a229d737a45b2fd37507dc11a04649
2021-02-12 11:38:44 +05:30

172 lines
6.1 KiB
YAML
Raw Blame History

heat_template_version: rocky
description: >
OpenStack containerized Iscsid service
parameters:
ContainerIscsidImage:
description: image
type: string
ContainerIscsidConfigImage:
description: The container image to use for the iscsid config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
LVMFilterEnabled:
default: false
description: Enables configuration of LVM2 with a filter so that devices not
in use on the host or explicitly allowed are ignored by
LVM2. Can be configured per-role.
When disabled, the proposed lvm.conf file will be created
regardless and left in /tmp/tripleo_lvmfilter.conf for
debugging purposes.
type: boolean
tags:
- role_specific
LVMFilterAllowlist:
default: []
description: A list of block devices which should be allowed in the LVM2
`global_filter`. Supports regular expressions, like `/dev/sd.*`
and can be configured per-role. Any block device in use at boot
time will be automatically allowed.
type: comma_delimited_list
tags:
- role_specific
LVMFilterDenylist:
default: ['.*']
description: A list of block devices which should be disallowed in the LVM2
`global_filter`. Supports regular expressions, like `/dev/sd.*`
and can be configured per-role.
type: comma_delimited_list
tags:
- role_specific
resources:
ContainersCommon:
type: ../containers-common.yaml
RoleParametersValue:
type: OS::Heat::Value
properties:
type: json
value:
map_replace:
- map_replace:
- tripleo_tripleo_lvmfilter_enabled: LVMFilterEnabled
tripleo_tripleo_lvmfilter_devices_allowlist: LVMFilterAllowlist
tripleo_tripleo_lvmfilter_devices_denylist: LVMFilterDenylist
- values: {get_param: [RoleParameters]}
- values:
LVMFilterEnabled: {get_param: LVMFilterEnabled}
LVMFilterAllowlist: {get_param: LVMFilterAllowlist}
LVMFilterDenylist: {get_param: LVMFilterDenylist}
outputs:
role_data:
description: Role data for the Iscsid role.
value:
service_name: iscsid
config_settings: {}
service_config_settings: {}
deploy_steps_tasks:
- name: Run lvmfilter role
include_role:
name: tripleo_lvmfilter
when:
- step|int == 1
ansible_group_vars: {get_attr: [RoleParametersValue, value]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: iscsid
puppet_tags: iscsid_config
step_config: |
include tripleo::profile::base::iscsid
config_image: {get_param: ContainerIscsidConfigImage}
volumes:
# NOTE(bogdando) Containerized or running on baremetal services
# on a node must use the same iSCSI Qualified Name (IQN).
# However, overcloud nodes must have a unique IQN. Allow full
# (write) access to /etc/iscsi so that puppet ensures the IQN
# is unique and is reset once, and only once.
- /etc/iscsi:/etc/iscsi:z
kolla_config:
/var/lib/kolla/config_files/iscsid.json:
command: /usr/sbin/iscsid -f
config_files:
- source: "/var/lib/kolla/config_files/src-iscsid/*"
dest: "/etc/iscsi/"
merge: true
preserve_properties: true
docker_config:
step_3:
iscsid:
start_order: 2
image: {get_param: ContainerIscsidImage}
net: host
privileged: true
restart: always
healthcheck:
test: /openstack/healthcheck
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/iscsid.json:/var/lib/kolla/config_files/config.json:ro
- /dev/:/dev/
- /run/:/run/
- /sys:/sys
- /lib/modules:/lib/modules:ro
- /etc/iscsi:/var/lib/kolla/config_files/src-iscsid:ro
- /etc/target:/etc/target:z
- /var/lib/iscsi:/var/lib/iscsi:z
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
host_prep_tasks:
- name: create persistent directories
file:
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /etc/iscsi, 'setype': container_file_t }
- { 'path': /etc/target, 'setype': container_file_t }
- { 'path': /var/lib/iscsi, 'setype': container_file_t }
- name: stat /lib/systemd/system/iscsid.socket
stat: path=/lib/systemd/system/iscsid.socket
register: stat_iscsid_socket
- name: Stop and disable iscsid.socket service
service: name=iscsid.socket state=stopped enabled=no
when: stat_iscsid_socket.stat.exists
- name: Check if iscsi.service is enabled
command: systemctl is-enabled --quiet iscsi.service
failed_when: false
register: iscsi_service_enabled_result
- name: Stop iscsi.service
service: name=iscsi.service state=stopped enabled=no
when:
- iscsi_service_enabled_result is changed
- iscsi_service_enabled_result.rc == 0
upgrade_tasks: []
View Git Blame Copy Permalink