tripleo-heat-templates/docker/services/pacemaker/manila-share.yaml
Damien Ciabrini f37c06cd9d Fix update of pacemaker container images during major upgrade
Currently, the idiomatic "download image and retag to pcmklatest"
happens at step 2 during upgrade. This doesn't work if the stack
is already containerized before the upgrade, because pacemaker
is still running at step 2.

Reshuffle the steps at which the various upgrade tasks are run,
while keeping the ordering guarantees of the upgrade flow:

  . Deletion of non-containerized resources happens at step 1,
    to allow calling pcs while pacemaker is running.
  . Pacemaker is stopped at step 2.
  . Docker images for containerized resources are upgraded at
    step 3, after the cluster is guaranteed to be stopped.
  . Pacemaker is restarted at step 4 as before, once we know
    that all resources have been upgraded, yum packages updated
    and any potential docker restart has been executed.

Also change the way we detect containerized resources, so that
the predicate still remains valid past step 2 when pacemaker
has been stopped and has deleted its containerized resources.

Change-Id: I85e11dd93c7fd2c42e71b467f46b0044d4516524
2018-03-20 22:36:31 +00:00

231 lines
9.1 KiB
YAML

heat_template_version: queens
description: >
OpenStack containerized Manila Share service
parameters:
DockerManilaShareImage:
description: image
type: string
DockerManilaConfigImage:
description: image
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
ConfigDebug:
default: false
description: Whether to run config management (e.g. Puppet) in debug mode.
type: boolean
conditions:
puppet_debug_enabled: {get_param: ConfigDebug}
resources:
ContainersCommon:
type: ../containers-common.yaml
MySQLClient:
type: ../../../puppet/services/database/mysql-client.yaml
ManilaBase:
type: ../../../puppet/services/pacemaker/manila-share.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Manila Share role.
value:
service_name: {get_attr: [ManilaBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [ManilaBase, role_data, config_settings]
- tripleo::profile::pacemaker::manila::share_bundle::manila_share_docker_image: &manila_share_image_pcmklatest
list_join:
- ':'
- - yaql:
data: {get_param: DockerManilaShareImage}
expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0]
- 'pcmklatest'
manila::share::manage_service: false
manila::share::enabled: false
manila::host: hostgroup
logging_source: {get_attr: [ManilaBase, role_data, logging_source]}
logging_groups: {get_attr: [ManilaBase, role_data, logging_groups]}
service_config_settings: {get_attr: [ManilaBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: manila
puppet_tags: manila_config,file,concat,file_line
step_config:
list_join:
- "\n"
- - {get_attr: [ManilaBase, role_data, step_config]}
- {get_attr: [MySQLClient, role_data, step_config]}
config_image: {get_param: DockerManilaConfigImage}
kolla_config:
/var/lib/kolla/config_files/manila_share.json:
command: /usr/bin/manila-share --config-file /usr/share/manila/manila-dist.conf --config-file /etc/manila/manila.conf
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/manila
owner: manila:manila
recurse: true
docker_config_scripts: {get_attr: [ContainersCommon, docker_config_scripts]}
docker_config:
step_1:
manila_share_image_tag:
start_order: 1
detach: false
net: host
user: root
command:
- '/bin/bash'
- '-c'
- str_replace:
template:
"/usr/bin/docker tag 'MANILASHARE_IMAGE' 'MANILASHARE_IMAGE_PCMKLATEST'"
params:
MANILASHARE_IMAGE: {get_param: DockerManilaShareImage}
MANILASHARE_IMAGE_PCMKLATEST: *manila_share_image_pcmklatest
image: {get_param: DockerManilaShareImage}
volumes:
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
- /dev/shm:/dev/shm:rw
- /etc/sysconfig/docker:/etc/sysconfig/docker:ro
- /usr/bin:/usr/bin:ro
- /var/run/docker.sock:/var/run/docker.sock:rw
step_3:
manila_share_init_logs:
start_order: 0
image: {get_param: DockerManilaShareImage}
privileged: false
user: root
volumes:
- /var/log/containers/manila:/var/log/manila
command: ['/bin/bash', '-c', 'chown -R manila:manila /var/log/manila']
step_5:
manila_share_init_bundle:
start_order: 0
detach: false
net: host
user: root
command: # '/docker_puppet_apply.sh "STEP" "TAGS" "CONFIG" "DEBUG"'
list_concat:
- - '/docker_puppet_apply.sh'
- '5'
- 'pacemaker_constraint,file,file_line,concat,augeas,pacemaker::resource::bundle,pacemaker::property,pacemaker::constraint::location'
- 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::manila::share_bundle'
- if:
- puppet_debug_enabled
- - '--debug'
- - ''
image: {get_param: DockerManilaShareImage}
volumes:
list_concat:
- {get_attr: [ContainersCommon, docker_puppet_apply_volumes]}
- - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro
- /dev/shm:/dev/shm:rw
host_prep_tasks:
- name: create persistent directories
file:
path: "{{ item }}"
state: directory
with_items:
- /var/log/containers/manila
- /var/lib/manila
- name: manila logs readme
copy:
dest: /var/log/manila/readme.txt
content: |
Log files from manila containers can be found under
/var/log/containers/manila and /var/log/containers/httpd/manila-api.
ignore_errors: true
update_tasks:
- name: Manila-Share fetch and retag container image for pacemaker
when: step|int == 2
block: &manila_share_fetch_retag_container_tasks
- name: Get docker Manila-Share image
set_fact:
docker_image: {get_param: DockerManilaShareImage}
docker_image_latest: *manila_share_image_pcmklatest
- name: Get previous Manila-Share image id
shell: "docker images | awk '/manila-share.* pcmklatest/{print $3}'"
register: manila_share_image_id
- block:
- name: Get a list of container using Manila-Share image
shell: "docker ps -a -q -f 'ancestor={{manila_share_image_id.stdout}}'"
register: manila-share_containers_to_destroy
# It will be recreated with the delpoy step.
- name: Remove any container using the same Manila-Share image
shell: "docker rm -fv {{item}}"
with_items: "{{ manila_share_containers_to_destroy.stdout_lines }}"
- name: Remove previous Manila-Share images
shell: "docker rmi -f {{manila_share_image_id.stdout}}"
when:
- manila_share_image_id.stdout != ''
- name: Pull latest Manila-Share images
command: "docker pull {{docker_image}}"
- name: Retag pcmklatest to latest Manila-Share image
shell: "docker tag {{docker_image}} {{docker_image_latest}}"
# Got to check that pacemaker_is_active is working fine with bundle.
# TODO: pacemaker_is_active resource doesn't support bundle.
upgrade_tasks:
- name: Get docker Manila-Share image
set_fact:
docker_image_latest: *manila_share_image_pcmklatest
- name: Check for Manila-Share Kolla configuration
stat:
path: /var/lib/config-data/puppet-generated/manila
register: manila_share_kolla_config
- name: Check if Manila-Share is already containerized
set_fact:
manila_share_containerized: "{{manila_share_kolla_config.stat.isdir | default(false)}}"
- name: Manila-Share baremetal to container upgrade tasks
when:
- step|int == 1
- not manila_share_containerized|bool
block:
- name: Stop and disable manila_share service
service: name=openstack-manila-share state=stopped enabled=no
- name: Retag the pacemaker image if containerized
when:
- step|int == 3
- manila_share_containerized|bool
block: *manila_share_fetch_retag_container_tasks