openstack/tripleo-heat-templates
Code Issues Proposed changes
c2536e22f1
tripleo-heat-templates/docker/services/cinder-volume.yaml
yatin 70276931a4 Set ulimit for nova-compute and cinder-volume 
Nova compute and cinder volume uses oslo concurrency
processuitls.execute to run privileged commands.
Containers inherit file descriptor limit from docker daemon
(currently:1048576) which is too high and leads to performance
issue. This patch sets nofile limit to 1024 for nova compute
and 131072 for cinder volume, which is reasonable as before
containers nova compute used host defaults i.e 1024 and cinder
volume systemctl override([1]) i.e 131072. Also updated neutron
l3, dhcp and ovs agent to use Parameters for ulimit configuration.

[1] https://review.rdoproject.org/r/#/c/1360/.

Closes-Bug: #1762455
Related-Bug: #1760471
Related-Bug: #1757556
Change-Id: I4d4b36de32f8a8e311efd87ea1c4095c5568dec4
2018-04-12 11:14:02 +05:30

260 lines
9.1 KiB
YAML
Raw Blame History

heat_template_version: queens
description: >
OpenStack containerized Cinder Volume service
parameters:
DockerCinderVolumeImage:
description: image
type: string
DockerCinderConfigImage:
description: The container image to use for the cinder config_volume
type: string
DockerCinderVolumeUlimit:
default: ['nofile=131072']
description: ulimit for Cinder Volume Container
type: comma_delimited_list
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
# custom parameters for the Cinder volume role
CinderEnableIscsiBackend:
default: true
description: Whether to enable or not the Iscsi backend for Cinder
type: boolean
CinderLVMLoopDeviceSize:
default: 10280
description: The size of the loopback file used by the cinder LVM driver.
type: number
UpgradeRemoveUnusedPackages:
default: false
description: Remove package if the service is being disabled during upgrade
type: boolean
CephClientUserName:
default: openstack
type: string
CephClusterName:
type: string
default: ceph
description: The Ceph cluster name.
constraints:
- allowed_pattern: "[a-zA-Z0-9]+"
description: >
The Ceph cluster name must be at least 1 character and contain only
letters and numbers.
resources:
ContainersCommon:
type: ./containers-common.yaml
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
CinderBase:
type: ../../puppet/services/cinder-volume.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
CinderCommon:
type: ./cinder-common.yaml
outputs:
role_data:
description: Role data for the Cinder Volume role.
value:
service_name: {get_attr: [CinderBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [CinderBase, role_data, config_settings]
- tripleo::profile::base::lvm::enable_udev: false
logging_source: {get_attr: [CinderBase, role_data, logging_source]}
logging_groups: {get_attr: [CinderBase, role_data, logging_groups]}
service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: cinder
puppet_tags: cinder_config,file,concat,file_line
step_config:
list_join:
- "\n"
- - "include ::tripleo::profile::base::lvm"
- get_attr: [CinderBase, role_data, step_config]
- get_attr: [MySQLClient, role_data, step_config]
config_image: {get_param: DockerCinderConfigImage}
kolla_config:
/var/lib/kolla/config_files/cinder_volume.json:
command: /usr/bin/cinder-volume --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
- source: "/var/lib/kolla/config_files/src-ceph/"
dest: "/etc/ceph/"
merge: true
preserve_properties: true
- source: "/var/lib/kolla/config_files/src-iscsid/*"
dest: "/etc/iscsi/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/cinder
owner: cinder:cinder
recurse: true
- path:
str_replace:
template: /etc/ceph/CLUSTER.client.USER.keyring
params:
CLUSTER: {get_param: CephClusterName}
USER: {get_param: CephClientUserName}
owner: cinder:cinder
perm: '0600'
docker_config:
step_3:
cinder_volume_init_logs:
start_order: 0
image: &cinder_volume_image {get_param: DockerCinderVolumeImage}
privileged: false
user: root
volumes:
- /var/log/containers/cinder:/var/log/cinder
command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder']
step_4:
cinder_volume:
image: *cinder_volume_image
ulimit: {get_param: DockerCinderVolumeUlimit}
ipc: host
net: host
privileged: true
restart: always
healthcheck:
test: /openstack/healthcheck
volumes: {get_attr: [CinderCommon, cinder_volume_volumes]}
environment: {get_attr: [CinderCommon, cinder_volume_environment]}
host_prep_tasks:
- name: create persistent directories
file:
path: "{{ item }}"
state: directory
with_items:
- /var/log/containers/cinder
- /var/lib/cinder
- name: cinder logs readme
copy:
dest: /var/log/cinder/readme.txt
content: |
Log files from cinder containers can be found under
/var/log/containers/cinder and /var/log/containers/httpd/cinder-api.
ignore_errors: true
- name: ensure ceph configurations exist
file:
path: /etc/ceph
state: directory
- name: cinder_enable_iscsi_backend fact
set_fact:
cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend}
- name: cinder create LVM volume group dd
command:
list_join:
- ''
- - 'dd if=/dev/zero of=/var/lib/cinder/cinder-volumes bs=1 count=0 seek='
- str_replace:
template: VALUE
params:
VALUE: {get_param: CinderLVMLoopDeviceSize}
- 'M'
args:
creates: /var/lib/cinder/cinder-volumes
when: cinder_enable_iscsi_backend
- name: cinder create LVM volume group
shell: |
if ! losetup /dev/loop2; then
losetup /dev/loop2 /var/lib/cinder/cinder-volumes
fi
if ! pvdisplay | grep cinder-volumes; then
pvcreate /dev/loop2
fi
if ! vgdisplay | grep cinder-volumes; then
vgcreate cinder-volumes /dev/loop2
fi
args:
executable: /bin/bash
creates: /dev/loop2
when: cinder_enable_iscsi_backend
upgrade_tasks:
- name: Check if cinder_volume is deployed
command: systemctl is-enabled openstack-cinder-volume
tags: common
ignore_errors: True
register: cinder_volume_enabled
- name: "PreUpgrade step0,validation: Check service openstack-cinder-volume is running"
shell: systemctl is-active --quiet openstack-cinder-volume
when:
- step|int == 0
- cinder_volume_enabled.rc == 0
tags: validation
- name: Stop and disable cinder_volume service
when:
- step|int == 2
- cinder_volume_enabled.rc == 0
service: name=openstack-cinder-volume state=stopped enabled=no
- name: Set fact for removal of openstack-cinder package
when: step|int == 2
set_fact:
remove_cinder_package: {get_param: UpgradeRemoveUnusedPackages}
- name: Remove openstack-cinder package if operator requests it
yum: name=openstack-cinder state=removed
ignore_errors: True
when:
- step|int == 2
- remove_cinder_package|bool
fast_forward_upgrade_tasks:
- name: Check if cinder_volume is deployed
command: systemctl is-enabled --quiet openstack-cinder-volume
ignore_errors: True
register: cinder_volume_enabled_result
when:
- step|int == 0
- release == 'ocata'
- name: Set fact cinder_volume_enabled
set_fact:
cinder_volume_enabled: "{{ cinder_volume_enabled_result.rc == 0 }}"
when:
- step|int == 0
- release == 'ocata'
- name: Stop openstack-cinder-volume
service: name=openstack-cinder-volume state=stopped enabled=no
when:
- step|int == 1
- release == 'ocata'
- cinder_volume_enabled|bool
View Git Blame Copy Permalink