0223e9ab63
This change implements missing external_upgrade_tasks for non-pcmk services of manila and cinder, to ensure that we don't have mixed versions of controller services running at the same time during upgrade. These tasks should have been implemented in the initial patch[1], but missed at that time unfortunately. [1]8529ce60daChange-Id: I35ea4354a7448a23d6517f9777ed022caa79347a (cherry picked from commit60c22c38cc)
372 lines
14 KiB
YAML
372 lines
14 KiB
YAML
heat_template_version: rocky
|
|
|
|
description: >
|
|
OpenStack containerized Cinder Volume service
|
|
|
|
parameters:
|
|
ContainerCinderVolumeImage:
|
|
description: image
|
|
type: string
|
|
ContainerCinderConfigImage:
|
|
description: The container image to use for the cinder config_volume
|
|
type: string
|
|
DockerCinderVolumeUlimit:
|
|
default: ['nofile=131072']
|
|
description: ulimit for Cinder Volume Container
|
|
type: comma_delimited_list
|
|
CinderVolumeLoggingSource:
|
|
type: json
|
|
default:
|
|
tag: openstack.cinder.volume
|
|
file: /var/log/containers/cinder/cinder-volume.log
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
CephClientUserName:
|
|
default: openstack
|
|
type: string
|
|
CephClusterName:
|
|
type: string
|
|
default: ceph
|
|
description: The Ceph cluster name.
|
|
constraints:
|
|
- allowed_pattern: "[a-zA-Z0-9]+"
|
|
description: >
|
|
The Ceph cluster name must be at least 1 character and contain only
|
|
letters and numbers.
|
|
CinderVolumeCluster:
|
|
default: ''
|
|
description: >
|
|
The cluster name used for deploying the cinder-volume service in an
|
|
active-active (A/A) configuration. This configuration requires the
|
|
Cinder backend drivers support A/A, and the cinder-volume service not
|
|
be managed by pacemaker. If these criteria are not met then the cluster
|
|
name must be left blank.
|
|
type: string
|
|
CinderEnableNfsBackend:
|
|
default: false
|
|
description: Whether to enable or not the NFS backend for Cinder
|
|
type: boolean
|
|
CinderEnableIscsiBackend:
|
|
default: true
|
|
description: Whether to enable or not the Iscsi backend for Cinder
|
|
type: boolean
|
|
CinderEnableRbdBackend:
|
|
default: false
|
|
description: Whether to enable or not the Rbd backend for Cinder
|
|
type: boolean
|
|
CinderISCSIAvailabilityZone:
|
|
default: ''
|
|
description: >
|
|
The availability zone of the Iscsi Cinder backend.
|
|
When set, it overrides the default CinderStorageAvailabilityZone.
|
|
type: string
|
|
CinderISCSIHelper:
|
|
default: lioadm
|
|
description: The iSCSI helper to use with cinder.
|
|
type: string
|
|
CinderISCSIProtocol:
|
|
default: iscsi
|
|
description: Whether to use TCP ('iscsi') or iSER RDMA ('iser') for iSCSI
|
|
type: string
|
|
CinderNfsAvailabilityZone:
|
|
default: ''
|
|
description: >
|
|
The availability zone of the NFS Cinder backend.
|
|
When set, it overrides the default CinderStorageAvailabilityZone.
|
|
type: string
|
|
CinderNfsMountOptions:
|
|
default: 'context=system_u:object_r:container_file_t:s0'
|
|
description: >
|
|
Mount options for NFS mounts used by Cinder NFS backend. Effective
|
|
when CinderEnableNfsBackend is true.
|
|
type: string
|
|
CinderNfsServers:
|
|
default: ''
|
|
description: >
|
|
NFS servers used by Cinder NFS backend. Effective when
|
|
CinderEnableNfsBackend is true.
|
|
type: comma_delimited_list
|
|
CinderNfsSnapshotSupport:
|
|
default: true
|
|
description: >
|
|
Whether to enable support for snapshots in the NFS driver. Effective
|
|
when CinderEnableNfsBackend is true.
|
|
type: boolean
|
|
CinderNasSecureFileOperations:
|
|
default: false
|
|
description: >
|
|
Controls whether security enhanced NFS file operations are enabled.
|
|
Valid values are 'auto', 'true' or 'false'. Effective when
|
|
CinderEnableNfsBackend is true.
|
|
type: string
|
|
CinderNasSecureFilePermissions:
|
|
default: false
|
|
description: >
|
|
Controls whether security enhanced NFS file permissions are enabled.
|
|
Valid values are 'auto', 'true' or 'false'. Effective when
|
|
CinderEnableNfsBackend is true.
|
|
type: string
|
|
CinderRbdAvailabilityZone:
|
|
default: ''
|
|
description: >
|
|
The availability zone of the RBD Cinder backend.
|
|
When set, it overrides the default CinderStorageAvailabilityZone.
|
|
type: string
|
|
CinderRbdPoolName:
|
|
default: volumes
|
|
type: string
|
|
CinderRbdExtraPools:
|
|
default: []
|
|
description: >
|
|
List of extra Ceph pools for use with RBD backends for Cinder. An
|
|
extra Cinder RBD backend driver is created for each pool in the
|
|
list. This is in addition to the standard RBD backend driver
|
|
associated with the CinderRbdPoolName.
|
|
type: comma_delimited_list
|
|
|
|
CinderRbdFlattenVolumeFromSnapshot:
|
|
default: false
|
|
description: >
|
|
Whether RBD volumes created from a snapshot should be flattened
|
|
in order to remove a dependency on the snapshot.
|
|
type: boolean
|
|
CephClusterFSID:
|
|
type: string
|
|
description: The Ceph cluster FSID. Must be a UUID.
|
|
MonitoringSubscriptionCinderVolume:
|
|
default: 'overcloud-cinder-volume'
|
|
type: string
|
|
CinderEtcdLocalConnect:
|
|
default: false
|
|
type: boolean
|
|
description: When running Cinder A/A, whether to connect to Etcd
|
|
via the local IP for the Etcd network. If set to true, the ip
|
|
on the local node will be used. If set to false, the VIP on the Etcd
|
|
network will be used instead. Defaults to false.
|
|
EnableInternalTLS:
|
|
type: boolean
|
|
default: false
|
|
EnableEtcdInternalTLS:
|
|
description: Controls whether etcd and the cinder-volume service use TLS
|
|
for cinder's lock manager, even when the rest of the internal
|
|
API network is using TLS.
|
|
type: boolean
|
|
default: false
|
|
|
|
conditions:
|
|
|
|
cvol_active_active_tls_enabled:
|
|
and:
|
|
- not: {equals: [{get_param: CinderVolumeCluster}, '']}
|
|
- equals: [{get_param: EnableInternalTLS}, true]
|
|
- equals: [{get_param: EnableEtcdInternalTLS}, true]
|
|
|
|
resources:
|
|
|
|
ContainersCommon:
|
|
type: ../containers-common.yaml
|
|
|
|
MySQLClient:
|
|
type: ../database/mysql-client.yaml
|
|
|
|
CinderBase:
|
|
type: ./cinder-base.yaml
|
|
properties:
|
|
EndpointMap: {get_param: EndpointMap}
|
|
ServiceData: {get_param: ServiceData}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
RoleName: {get_param: RoleName}
|
|
RoleParameters: {get_param: RoleParameters}
|
|
|
|
CinderCommon:
|
|
type: ./cinder-common-container-puppet.yaml
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Cinder Volume role.
|
|
value:
|
|
service_name: cinder_volume
|
|
firewall_rules:
|
|
'120 iscsi initiator':
|
|
dport: 3260
|
|
monitoring_subscription: {get_param: MonitoringSubscriptionCinderVolume}
|
|
config_settings:
|
|
map_merge:
|
|
- get_attr: [CinderBase, role_data, config_settings]
|
|
- tripleo::profile::base::lvm::enable_udev: false
|
|
- tripleo::profile::base::cinder::volume::cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend}
|
|
tripleo::profile::base::cinder::volume::cinder_enable_nfs_backend: {get_param: CinderEnableNfsBackend}
|
|
tripleo::profile::base::cinder::volume::cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend}
|
|
tripleo::profile::base::cinder::volume::cinder_volume_cluster: {get_param: CinderVolumeCluster}
|
|
tripleo::profile::base::cinder::volume::nfs::cinder_nfs_mount_options: {get_param: CinderNfsMountOptions}
|
|
tripleo::profile::base::cinder::volume::nfs::cinder_nfs_servers: {get_param: CinderNfsServers}
|
|
tripleo::profile::base::cinder::volume::nfs::cinder_nfs_snapshot_support: {get_param: CinderNfsSnapshotSupport}
|
|
tripleo::profile::base::cinder::volume::nfs::cinder_nas_secure_file_operations: {get_param: CinderNasSecureFileOperations}
|
|
tripleo::profile::base::cinder::volume::nfs::cinder_nas_secure_file_permissions: {get_param: CinderNasSecureFilePermissions}
|
|
tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_helper: {get_param: CinderISCSIHelper}
|
|
tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_protocol: {get_param: CinderISCSIProtocol}
|
|
tripleo::profile::base::cinder::volume::rbd::cinder_rbd_ceph_conf:
|
|
list_join:
|
|
- ''
|
|
- - '/etc/ceph/'
|
|
- {get_param: CephClusterName}
|
|
- '.conf'
|
|
tripleo::profile::base::cinder::volume::rbd::cinder_rbd_pool_name: {get_param: CinderRbdPoolName}
|
|
tripleo::profile::base::cinder::volume::rbd::cinder_rbd_extra_pools: {get_param: CinderRbdExtraPools}
|
|
tripleo::profile::base::cinder::volume::rbd::cinder_rbd_secret_uuid: {get_param: CephClusterFSID}
|
|
tripleo::profile::base::cinder::volume::rbd::cinder_rbd_user_name: {get_param: CephClientUserName}
|
|
tripleo::profile::base::cinder::volume::rbd::cinder_rbd_flatten_volume_from_snapshot: {get_param: CinderRbdFlattenVolumeFromSnapshot}
|
|
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
|
|
# for the given network; replacement examples (eg. for internal_api):
|
|
# internal_api -> IP
|
|
# internal_api_uri -> [IP]
|
|
# internal_api_subnet - > IP/CIDR
|
|
tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address:
|
|
str_replace:
|
|
template:
|
|
"%{hiera('$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, CinderIscsiNetwork]}
|
|
-
|
|
if:
|
|
- {equals : [{get_param: CinderISCSIAvailabilityZone}, '']}
|
|
- {}
|
|
- tripleo::profile::base::cinder::volume::iscsi::backend_availability_zone: {get_param: CinderISCSIAvailabilityZone}
|
|
-
|
|
if:
|
|
- {equals : [{get_param: CinderNfsAvailabilityZone}, '']}
|
|
- {}
|
|
- tripleo::profile::base::cinder::volume::nfs::backend_availability_zone: {get_param: CinderNfsAvailabilityZone}
|
|
-
|
|
if:
|
|
- {equals : [{get_param: CinderRbdAvailabilityZone}, '']}
|
|
- {}
|
|
- tripleo::profile::base::cinder::volume::rbd::backend_availability_zone: {get_param: CinderRbdAvailabilityZone}
|
|
-
|
|
if:
|
|
- {equals : [{get_param: CinderEtcdLocalConnect}, true]}
|
|
- tripleo::profile::base::cinder::volume::etcd_host:
|
|
str_replace:
|
|
template:
|
|
"%{hiera('$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, EtcdNetwork]}
|
|
- {}
|
|
service_config_settings:
|
|
map_merge:
|
|
- get_attr: [CinderBase, role_data, service_config_settings]
|
|
- rsyslog:
|
|
tripleo_logging_sources_cinder_volume:
|
|
- {get_param: CinderVolumeLoggingSource}
|
|
# BEGIN DOCKER SETTINGS
|
|
puppet_config:
|
|
config_volume: cinder
|
|
puppet_tags: cinder_config,file,concat,file_line
|
|
step_config:
|
|
list_join:
|
|
- "\n"
|
|
- - "include tripleo::profile::base::lvm"
|
|
- "include tripleo::profile::base::cinder::volume"
|
|
- get_attr: [MySQLClient, role_data, step_config]
|
|
config_image: {get_param: ContainerCinderConfigImage}
|
|
kolla_config:
|
|
/var/lib/kolla/config_files/cinder_volume.json:
|
|
command: /usr/bin/cinder-volume --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf
|
|
config_files:
|
|
- source: "/var/lib/kolla/config_files/src/*"
|
|
dest: "/"
|
|
merge: true
|
|
preserve_properties: true
|
|
- source: "/var/lib/kolla/config_files/src-ceph/"
|
|
dest: "/etc/ceph/"
|
|
merge: true
|
|
preserve_properties: true
|
|
- source: "/var/lib/kolla/config_files/src-iscsid/*"
|
|
dest: "/etc/iscsi/"
|
|
merge: true
|
|
preserve_properties: true
|
|
- source: "/var/lib/kolla/config_files/src-tls/*"
|
|
dest: "/"
|
|
merge: true
|
|
preserve_properties: true
|
|
optional: true
|
|
permissions:
|
|
- path: /var/log/cinder
|
|
owner: cinder:cinder
|
|
recurse: true
|
|
- path:
|
|
str_replace:
|
|
template: /etc/ceph/CLUSTER.client.USER.keyring
|
|
params:
|
|
CLUSTER: {get_param: CephClusterName}
|
|
USER: {get_param: CephClientUserName}
|
|
owner: cinder:cinder
|
|
perm: '0600'
|
|
- path: /etc/pki/tls/certs/etcd.crt
|
|
owner: cinder:cinder
|
|
- path: /etc/pki/tls/private/etcd.key
|
|
owner: cinder:cinder
|
|
docker_config:
|
|
step_3:
|
|
cinder_volume_init_logs:
|
|
start_order: 0
|
|
image: &cinder_volume_image {get_param: ContainerCinderVolumeImage}
|
|
net: none
|
|
privileged: false
|
|
user: root
|
|
volumes:
|
|
- /var/log/containers/cinder:/var/log/cinder:z
|
|
command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder']
|
|
step_4:
|
|
cinder_volume:
|
|
image: *cinder_volume_image
|
|
ulimit: {get_param: DockerCinderVolumeUlimit}
|
|
ipc: host
|
|
net: host
|
|
privileged: true
|
|
restart: always
|
|
healthcheck: {get_attr: [ContainersCommon, healthcheck_rpc_port]}
|
|
volumes: {get_attr: [CinderCommon, cinder_volume_volumes]}
|
|
environment: {get_attr: [CinderCommon, cinder_volume_environment]}
|
|
host_prep_tasks: {get_attr: [CinderCommon, cinder_volume_host_prep_tasks]}
|
|
external_upgrade_tasks:
|
|
- when:
|
|
- step|int == 1
|
|
tags:
|
|
- never
|
|
- system_upgrade_transfer_data
|
|
- system_upgrade_stop_services
|
|
block:
|
|
- name: Stop cinder volume container
|
|
import_role:
|
|
name: tripleo_container_stop
|
|
vars:
|
|
tripleo_containers_to_stop:
|
|
- cinder_volume
|
|
tripleo_delegate_to: "{{ groups['cinder_volume'] | default([]) }}"
|