openstack/tripleo-heat-templates
Code Issues Proposed changes
b17267791a
tripleo-heat-templates/deployment/cinder/cinder-volume-pacemaker-puppet.yaml
Michele Baldessari 4f56371f91 pcs commands on host: cinder backup/volume 
This implements the creation of the haproxy bundle on the host.
The testing protocol used is documented in the depends-on.

The reason for adding a post_update task is that during a minor update
the deployment tasks are not run during the node update procedure but
only during the final converge. So we ran the role again there to make
sure that any config change will trigger a restart during the minor
update, so the disruption is only local to the single node being
updated. If we did not do this a final converge could potentially
trigger a global restart of HA bundles which would be quite disruptive.

Depends-On: Iaa7e89f0d25221c2a6ef0b81eb88a6f496f01696
Change-Id: Ia4399b632257e693fb2c516e487856331149589d
Related-Bug: #1863442
(cherry picked from commit f37f21f31d)
2020-09-11 10:20:22 +02:00

386 lines
17 KiB
YAML
Raw Blame History

heat_template_version: rocky
description: >
OpenStack containerized Cinder Volume service
parameters:
ContainerCinderVolumeImage:
description: image
type: string
ContainerCinderConfigImage:
description: The container image to use for the cinder config_volume
type: string
ClusterCommonTag:
default: false
description: When set to false, a pacemaker service is configured
to use a floating tag for its container image name,
e.g. 'REGISTRY/NAMESPACE/IMAGENAME:pcmklatest'. When
set to true, the service uses a floating prefix as
well, e.g. 'cluster.common.tag/IMAGENAME:pcmklatest'.
type: boolean
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
ConfigDebug:
default: false
description: Whether to run config management (e.g. Puppet) in debug mode.
type: boolean
ContainerCli:
type: string
default: 'podman'
description: CLI tool used to manage containers.
constraints:
- allowed_values: ['docker', 'podman']
DeployIdentifier:
default: ''
type: string
description: >
Setting this to a unique value will re-run any deployment tasks which
perform configuration on a Heat stack-update.
CinderVolumeLoggingSource:
type: json
default:
tag: openstack.cinder.volume
file: /var/log/containers/cinder/cinder-volume.log
conditions:
docker_enabled: {equals: [{get_param: ContainerCli}, 'docker']}
common_tag_enabled: {equals: [{get_param: ClusterCommonTag}, true]}
resources:
ContainersCommon:
type: ../containers-common.yaml
MySQLClient:
type: ../database/mysql-client.yaml
CinderBase:
type: ./cinder-volume-container-puppet.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
CinderCommon:
type: ./cinder-common-container-puppet.yaml
outputs:
role_data:
description: Role data for the Cinder Volume role.
value:
service_name: cinder_volume
firewall_rules: {get_attr: [CinderBase, role_data, firewall_rules]}
monitoring_subscription: {get_attr: [CinderBase, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [CinderBase, role_data, config_settings]
- tripleo::profile::base::lvm::enable_udev: false
tripleo::profile::pacemaker::cinder::volume_bundle::cinder_volume_docker_image: &cinder_volume_image_pcmklatest
yaql:
data:
if:
- common_tag_enabled
- yaql:
data: {get_param: ContainerCinderVolumeImage}
expression: concat("cluster.common.tag/", $.data.rightSplit(separator => "/", maxSplits => 1)[1])
- {get_param: ContainerCinderVolumeImage}
expression: concat($.data.rightSplit(separator => ":", maxSplits => 1)[0], ":pcmklatest")
tripleo::profile::pacemaker::cinder::volume_bundle::docker_volumes: {get_attr: [CinderCommon, cinder_volume_volumes]}
tripleo::profile::pacemaker::cinder::volume_bundle::docker_environment: {get_attr: [CinderCommon, cinder_volume_environment]}
tripleo::profile::pacemaker::cinder::volume_bundle::container_backend: {get_param: ContainerCli}
cinder::volume::manage_service: false
cinder::volume::enabled: false
cinder::backend_host: hostgroup
service_config_settings:
map_merge:
- get_attr: [CinderBase, role_data, service_config_settings]
- rsyslog:
tripleo_logging_sources_cinder_volume:
- {get_param: CinderVolumeLoggingSource}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: cinder
puppet_tags: cinder_config,file,concat,file_line
step_config:
list_join:
- "\n"
- - "include tripleo::profile::base::lvm"
- - "include tripleo::profile::pacemaker::cinder::volume"
- get_attr: [MySQLClient, role_data, step_config]
config_image: {get_param: ContainerCinderConfigImage}
kolla_config:
/var/lib/kolla/config_files/cinder_volume.json:
command: /usr/bin/cinder-volume --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
- source: "/var/lib/kolla/config_files/src-ceph/"
dest: "/etc/ceph/"
merge: true
preserve_properties: true
- source: "/var/lib/kolla/config_files/src-iscsid/*"
dest: "/etc/iscsi/"
merge: true
preserve_properties: true
# NOTE(abishop): no need to copy any src-tls/* files or set ownership
# of etcd's TLS certificate and key. The etcd service is only used by
# cinder-volume when it's running active/active, and *not* when it's
# under pcmk control.
permissions:
- path: /var/log/cinder
owner: cinder:cinder
recurse: true
container_config_scripts: {get_attr: [ContainersCommon, container_config_scripts]}
docker_config:
step_3:
cinder_volume_init_logs:
start_order: 0
image: {get_param: ContainerCinderVolumeImage}
net: none
privileged: false
user: root
volumes:
- /var/log/containers/cinder:/var/log/cinder
command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder']
host_prep_tasks: {get_attr: [CinderCommon, cinder_volume_host_prep_tasks]}
deploy_steps_tasks:
- name: Cinder Volume tag container image for pacemaker
when: step|int == 1
import_role:
name: tripleo_container_tag
vars:
container_image: {get_param: ContainerCinderVolumeImage}
container_image_latest: *cinder_volume_image_pcmklatest
- name: Cinder Volume HA Wrappers Step
when: step|int == 5
block: &cinder_volume_puppet_bundle
- name: Cinder volume puppet bundle
import_role:
name: tripleo_ha_wrapper
vars:
tripleo_ha_wrapper_service_name: cinder_volume
tripleo_ha_wrapper_resource_name: openstack-cinder-volume
tripleo_ha_wrapper_bundle_name: openstack-cinder-volume
tripleo_ha_wrapper_resource_state: _ Started
tripleo_ha_wrapper_puppet_config_volume: cinder
tripleo_ha_wrapper_puppet_execute: 'include ::tripleo::profile::base::pacemaker; include ::tripleo::profile::pacemaker::cinder::volume_bundle'
tripleo_ha_wrapper_puppet_tags: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ip,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation'
tripleo_ha_wrapper_puppet_debug: {get_param: ConfigDebug}
update_tasks:
- name: Tear-down non-HA cinder_volume container
when:
- step|int == 1
block: &cinder_volume_teardown_nonha
- name: Remove non-HA cinder_volume container
include_role:
name: tripleo_container_rm
vars:
tripleo_container_cli: "{{ container_cli }}"
tripleo_containers_to_rm:
- cinder_volume
- name: cinder_volume fetch and retag container image for pacemaker
when: step|int == 2
block: &cinder_volume_fetch_retag_container_tasks
- name: Get container cinder_volume image
set_fact:
cinder_volume_image: {get_param: ContainerCinderVolumeImage}
cinder_volume_image_latest: *cinder_volume_image_pcmklatest
- name: Pull latest cinder_volume images
command: "{{container_cli}} pull {{cinder_volume_image}}"
- name: Get previous cinder_volume image id
shell: "{{container_cli}} inspect --format '{{'{{'}}.Id{{'}}'}}' {{cinder_volume_image_latest}}"
register: old_cinder_volume_image_id
failed_when: false
- name: Get new cinder_volume image id
shell: "{{container_cli}} inspect --format '{{'{{'}}.Id{{'}}'}}' {{cinder_volume_image}}"
register: new_cinder_volume_image_id
- name: Retag pcmklatest to latest cinder_volume image
include_role:
name: tripleo_container_tag
vars:
container_image: "{{cinder_volume_image}}"
container_image_latest: "{{cinder_volume_image_latest}}"
when:
- old_cinder_volume_image_id.stdout != new_cinder_volume_image_id.stdout
post_update_tasks:
- name: Cinder volume bundle post update
when: step|int == 1
block: *cinder_volume_puppet_bundle
vars:
tripleo_ha_wrapper_minor_update: true
upgrade_tasks:
- name: Tear-down non-HA cinder_volume container
when:
- step|int == 0
block: *cinder_volume_teardown_nonha
- name: Prepare switch of cinder_volume image name
when:
- step|int == 0
block:
- name: Get cinder_volume image id currently used by pacemaker
shell: "pcs resource config openstack-cinder-volume | grep -Eo 'image=[^ ]+' | awk -F= '{print $2;}'"
register: cinder_volume_image_current_res
failed_when: false
- name: cinder_volume image facts
set_fact:
cinder_volume_image_latest: *cinder_volume_image_pcmklatest
cinder_volume_image_current: "{{cinder_volume_image_current_res.stdout}}"
- name: Temporarily tag the current cinder_volume image id with the upgraded image name
import_role:
name: tripleo_container_tag
vars:
container_image: "{{cinder_volume_image_current}}"
container_image_latest: "{{cinder_volume_image_latest}}"
pull_image: false
when:
- cinder_volume_image_current != ''
- cinder_volume_image_current != cinder_volume_image_latest
# During an OS Upgrade, the cluster may not exist so we use
# the shell module instead.
# TODO(odyssey4me):
# Fix the pacemaker_resource module to handle the exception
# for a non-existant cluster more gracefully.
- name: Check openstack-cinder-volume cluster resource status
shell: pcs resource config openstack-cinder-volume
changed_when: false
failed_when: false
register: cinder_volume_pcs_res_result
- name: Set fact cinder_volume_pcs_res
set_fact:
cinder_volume_pcs_res: "{{cinder_volume_pcs_res_result.rc == 0}}"
- name: set is_cinder_volume_bootstrap_node fact
tags: common
set_fact: is_cinder_volume_bootstrap_node={{cinder_volume_short_bootstrap_node_name|lower == ansible_hostname|lower}}
- name: Update cinder_volume pcs resource bundle for new container image
when:
- step|int == 1
- is_cinder_volume_bootstrap_node
- cinder_volume_pcs_res|bool
- cinder_volume_image_current != cinder_volume_image_latest
block:
- name: Disable the cinder_volume cluster resource before container upgrade
pacemaker_resource:
resource: openstack-cinder-volume
state: disable
wait_for_resource: true
register: output
retries: 5
until: output.rc == 0
- name: pcs resource bundle update cinder_volume for new container image name
command: "pcs resource bundle update openstack-cinder-volume container image={{cinder_volume_image_latest}}"
- name: Enable the cinder_volume cluster resource
pacemaker_resource:
resource: openstack-cinder-volume
state: enable
wait_for_resource: true
register: output
retries: 5
until: output.rc == 0
- name: Create hiera data to upgrade cinder_volume in a stepwise manner.
when:
- step|int == 1
- cluster_recreate|bool
block:
- name: set cinder_volume upgrade node facts in a single-node environment
set_fact:
cinder_volume_short_node_names_upgraded: "{{ cinder_volume_short_node_names }}"
cinder_volume_node_names_upgraded: "{{ cinder_volume_node_names }}"
cacheable: no
when: groups['cinder_volume'] | length <= 1
- name: set cinder_volume upgrade node facts from the limit option
set_fact:
cinder_volume_short_node_names_upgraded: "{{ cinder_volume_short_node_names_upgraded|default([]) + [item.split('.')[0]] }}"
cinder_volume_node_names_upgraded: "{{ cinder_volume_node_names_upgraded|default([]) + [item] }}"
cacheable: no
when:
- groups['cinder_volume'] | length > 1
- item.split('.')[0] in ansible_limit.split(':')
loop: "{{ cinder_volume_node_names | default([]) }}"
- fail:
msg: >
You can't upgrade cinder_volume without
staged upgrade. You need to use the limit option in order
to do so.
when: >-
cinder_volume_short_node_names_upgraded is not defined or
cinder_volume_short_node_names_upgraded | length == 0 or
cinder_volume_node_names_upgraded is not defined or
cinder_volume_node_names_upgraded | length == 0
- debug:
msg: "Prepare cinder_volume upgrade for {{ cinder_volume_short_node_names_upgraded }}"
- name: remove cinder_volume init container on upgrade-scaleup to force re-init
include_role:
name: tripleo_container_rm
vars:
tripleo_containers_to_rm:
- cinder_volume_init_bundle
when:
- cinder_volume_short_node_names_upgraded | length > 1
- name: add the cinder_volume short name to hiera data for the upgrade.
include_role:
name: tripleo_upgrade_hiera
tasks_from: set.yml
vars:
tripleo_upgrade_key: cinder_volume_short_node_names_override
tripleo_upgrade_value: "{{ cinder_volume_short_node_names_upgraded }}"
- name: add the cinder_volume long name to hiera data for the upgrade
include_role:
name: tripleo_upgrade_hiera
tasks_from: set.yml
vars:
tripleo_upgrade_key: cinder_volume_node_names_override
tripleo_upgrade_value: "{{ cinder_volume_node_names_upgraded }}"
- name: remove the extra hiera data needed for the upgrade.
include_role:
name: tripleo_upgrade_hiera
tasks_from: remove.yml
vars:
tripleo_upgrade_key: "{{ item }}"
loop:
- cinder_volume_short_node_names_override
- cinder_volume_node_names_override
when: cinder_volume_short_node_names_upgraded | length == cinder_volume_node_names | length
- name: Retag the pacemaker image if containerized
when:
- step|int == 3
block: *cinder_volume_fetch_retag_container_tasks
post_upgrade_tasks:
- name: Start cinder_volume service (pacemaker)
when: step|int == 1
pacemaker_resource:
resource: openstack-cinder-volume
state: enable
View Git Blame Copy Permalink