You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
225 lines
7.9 KiB
225 lines
7.9 KiB
heat_template_version: rocky |
|
|
|
description: > |
|
OpenStack containerized Nova Migration Target service |
|
|
|
parameters: |
|
ContainerNovaComputeImage: |
|
description: image |
|
type: string |
|
ContainerNovaLibvirtConfigImage: |
|
description: The container image to use for the nova_libvirt config_volume |
|
type: string |
|
ServiceData: |
|
default: {} |
|
description: Dictionary packing service data |
|
type: json |
|
ServiceNetMap: |
|
default: {} |
|
description: Mapping of service_name -> network name. Typically set |
|
via parameter_defaults in the resource registry. This |
|
mapping overrides those in ServiceNetMapDefaults. |
|
type: json |
|
RoleName: |
|
default: '' |
|
description: Role name on which the service is applied |
|
type: string |
|
RoleParameters: |
|
default: {} |
|
description: Parameters specific to the role |
|
type: json |
|
EndpointMap: |
|
default: {} |
|
description: Mapping of service endpoint -> protocol. Typically set |
|
via parameter_defaults in the resource registry. |
|
type: json |
|
DockerNovaMigrationSshdPort: |
|
default: 2022 |
|
description: Port that dockerized nova migration target sshd service |
|
binds to. |
|
type: number |
|
MigrationSshKey: |
|
type: json |
|
description: > |
|
SSH key for migration. |
|
Expects a dictionary with keys 'public_key' and 'private_key'. |
|
Values should be identical to SSH public/private key files. |
|
default: |
|
public_key: '' |
|
private_key: '' |
|
MigrationSshPort: |
|
default: 2022 |
|
description: Target port for migration over ssh |
|
type: number |
|
NovaNfsEnabled: |
|
default: false |
|
description: Whether to enable or not the NFS backend for Nova |
|
type: boolean |
|
tags: |
|
- role_specific |
|
|
|
resources: |
|
|
|
ContainersCommon: |
|
type: ../containers-common.yaml |
|
|
|
SshdBase: |
|
type: ../../deployment/sshd/sshd-baremetal-puppet.yaml |
|
properties: |
|
EndpointMap: {get_param: EndpointMap} |
|
ServiceNetMap: {get_param: ServiceNetMap} |
|
RoleName: {get_param: RoleName} |
|
RoleParameters: {get_param: RoleParameters} |
|
|
|
conditions: |
|
nova_nfs_enabled: |
|
or: |
|
- and: |
|
- equals: [{get_param: NovaNfsEnabled}, true] |
|
- equals: [{get_param: [RoleParameters, NovaNfsEnabled]}, ''] |
|
- equals: [{get_param: [RoleParameters, NovaNfsEnabled]}, true] |
|
|
|
outputs: |
|
role_data: |
|
description: Role data for the Nova Migration Target service. |
|
value: |
|
service_name: nova_migration_target |
|
firewall_rules: |
|
map_merge: |
|
- map_merge: |
|
repeat: |
|
for_each: |
|
<%net_cidr%>: |
|
get_param: |
|
- ServiceData |
|
- net_cidr_map |
|
- {get_param: [ServiceNetMap, NovaLibvirtNetwork]} |
|
template: |
|
'113 nova_migration_target accept libvirt subnet <%net_cidr%>': |
|
source: <%net_cidr%> |
|
proto: 'tcp' |
|
dport: {get_param: MigrationSshPort} |
|
- map_merge: |
|
repeat: |
|
for_each: |
|
<%net_cidr%>: |
|
get_param: |
|
- ServiceData |
|
- net_cidr_map |
|
- {get_param: [ServiceNetMap, NovaApiNetwork]} |
|
template: |
|
'113 nova_migration_target accept api subnet <%net_cidr%>': |
|
source: <%net_cidr%> |
|
proto: 'tcp' |
|
dport: {get_param: MigrationSshPort} |
|
config_settings: |
|
map_merge: |
|
- get_attr: [SshdBase, role_data, config_settings] |
|
- tripleo::profile::base::nova::migration::target::ssh_authorized_keys: |
|
- {get_param: [ MigrationSshKey, public_key ]} |
|
tripleo::profile::base::nova::migration::target::ssh_localaddrs: |
|
- "%{hiera('cold_migration_ssh_inbound_addr')}" |
|
- "%{hiera('live_migration_ssh_inbound_addr')}" |
|
live_migration_ssh_inbound_addr: |
|
str_replace: |
|
template: |
|
"%{hiera('$NETWORK')}" |
|
params: |
|
$NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]} |
|
cold_migration_ssh_inbound_addr: |
|
str_replace: |
|
template: |
|
"%{hiera('$NETWORK')}" |
|
params: |
|
$NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]} |
|
tripleo::profile::base::sshd::port: |
|
- 22 |
|
puppet_config: |
|
config_volume: nova_libvirt |
|
step_config: |
|
list_join: |
|
- "\n" |
|
- - get_attr: [SshdBase, role_data, step_config] |
|
- include tripleo::profile::base::nova::migration::target |
|
config_image: {get_param: ContainerNovaLibvirtConfigImage} |
|
kolla_config: |
|
/var/lib/kolla/config_files/nova-migration-target.json: |
|
command: |
|
str_replace: |
|
template: "/usr/sbin/sshd -D -p SSHDPORT" |
|
params: |
|
SSHDPORT: {get_param: DockerNovaMigrationSshdPort} |
|
config_files: |
|
- source: "/var/lib/kolla/config_files/src/*" |
|
dest: "/" |
|
merge: true |
|
preserve_properties: true |
|
- source: /host-ssh/ssh_host_*_key |
|
dest: /etc/ssh/ |
|
owner: "root" |
|
perm: "0600" |
|
host_prep_tasks: |
|
# Let's use loop here even for one item, maybe we'll need some more |
|
# directories later. |
|
- name: Create libvirt persistent data directories |
|
file: |
|
path: "{{ item.path }}" |
|
state: directory |
|
setype: "{{ item.setype }}" |
|
loop: |
|
- { 'path': /run/libvirt, 'setype': virt_var_run_t } |
|
- name: ensure /run/libvirt is present upon reboot |
|
copy: |
|
dest: /etc/tmpfiles.d/run-libvirt.conf |
|
content: | |
|
d /run/libvirt 0755 root root - - |
|
docker_config: |
|
step_4: |
|
nova_migration_target: |
|
image: {get_param: ContainerNovaComputeImage} |
|
net: host |
|
privileged: true |
|
user: root |
|
restart: always |
|
healthcheck: |
|
test: /openstack/healthcheck |
|
volumes: |
|
list_concat: |
|
- {get_attr: [ContainersCommon, volumes]} |
|
- |
|
- /var/lib/kolla/config_files/nova-migration-target.json:/var/lib/kolla/config_files/config.json:ro |
|
- /var/lib/config-data/puppet-generated/nova_libvirt:/var/lib/kolla/config_files/src:ro |
|
- /etc/ssh/:/host-ssh/:ro |
|
- /run/libvirt:/run/libvirt:shared,z |
|
- /var/lib/nova:/var/lib/nova:shared |
|
environment: |
|
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS |
|
deploy_steps_tasks: |
|
- name: validate nova-migration-target container state |
|
podman_container_info: |
|
name: nova_migration_target |
|
register: nova_migration_target_infos |
|
failed_when: |
|
- nova_migration_target_infos.containers.0.Healthcheck.Status is defined |
|
- "'healthy' not in nova_migration_target_infos.containers.0.Healthcheck.Status" |
|
retries: 10 |
|
delay: 30 |
|
tags: |
|
- opendev-validation |
|
- opendev-validation-nova |
|
when: |
|
- container_cli == 'podman' |
|
- not container_healthcheck_disabled |
|
- step|int == 5 |
|
update_tasks: |
|
- name: nova_migration_target_tmpfile_cleanup |
|
when: step|int == 1 |
|
block: &nova_migration_target_tmpfile_cleanup |
|
- name: Remove old tmpfiles.d config |
|
file: |
|
path: /etc/tmpfiles.d/var-run-libvirt.conf |
|
state: absent |
|
upgrade_tasks: |
|
- name: nova_migration_target_tmpfile_cleanup |
|
when: step|int == 1 |
|
block: *nova_migration_target_tmpfile_cleanup
|
|
|