fcc225159a
Add cleanup tasks for Ironic, Keystone Mistral and Zaqar, so when upgrading an undercloud to be containerized, an operator can also cleanup these services rpms. Depends-On: I2af99d8bad58f12bd895b473ecb84e4f2091f738 Change-Id: I7e257cece9fa3bdd9f2d1be08ccdf5c681213149
264 lines
11 KiB
YAML
264 lines
11 KiB
YAML
heat_template_version: rocky
|
|
|
|
description: >
|
|
OpenStack containerized Ironic Conductor service
|
|
|
|
parameters:
|
|
DockerIronicConductorImage:
|
|
description: image
|
|
type: string
|
|
DockerIronicConfigImage:
|
|
description: The container image to use for the ironic config_volume
|
|
type: string
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
IronicConfigureSwiftTempUrlKey:
|
|
default: true
|
|
description: Whether to configure Swift temporary URLs for use with
|
|
the "direct" and "ansible" deploy interfaces.
|
|
type: boolean
|
|
UpgradeRemoveUnusedPackages:
|
|
default: false
|
|
description: Remove package if the service is being disabled during upgrade
|
|
type: boolean
|
|
|
|
conditions:
|
|
configure_swift_temp_url: {equals: [{get_param: IronicConfigureSwiftTempUrlKey}, true]}
|
|
|
|
resources:
|
|
|
|
ContainersCommon:
|
|
type: ./containers-common.yaml
|
|
|
|
MySQLClient:
|
|
type: ../../puppet/services/database/mysql-client.yaml
|
|
|
|
IronicConductorBase:
|
|
type: ../../puppet/services/ironic-conductor.yaml
|
|
properties:
|
|
EndpointMap: {get_param: EndpointMap}
|
|
ServiceData: {get_param: ServiceData}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
RoleName: {get_param: RoleName}
|
|
RoleParameters: {get_param: RoleParameters}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Ironic Conductor role.
|
|
value:
|
|
service_name: {get_attr: [IronicConductorBase, role_data, service_name]}
|
|
config_settings:
|
|
map_merge:
|
|
- get_attr: [IronicConductorBase, role_data, config_settings]
|
|
# to avoid hard linking errors we store these on the same
|
|
# volume/device as the ironic master_path
|
|
# https://github.com/docker/docker/issues/7457
|
|
- ironic::drivers::pxe::tftp_root: /var/lib/ironic/tftpboot
|
|
- ironic::drivers::pxe::tftp_master_path: /var/lib/ironic/tftpboot/master_images
|
|
- ironic::pxe::tftp_root: /var/lib/ironic/tftpboot
|
|
- ironic::pxe::http_root: /var/lib/ironic/httpboot
|
|
- ironic::conductor::http_root: /var/lib/ironic/httpboot
|
|
logging_source: {get_attr: [IronicConductorBase, role_data, logging_source]}
|
|
logging_groups: {get_attr: [IronicConductorBase, role_data, logging_groups]}
|
|
service_config_settings: {get_attr: [IronicConductorBase, role_data, service_config_settings]}
|
|
# BEGIN DOCKER SETTINGS
|
|
puppet_config:
|
|
config_volume: ironic
|
|
puppet_tags: ironic_config
|
|
step_config:
|
|
list_join:
|
|
- "\n"
|
|
- - {get_attr: [IronicConductorBase, role_data, step_config]}
|
|
- {get_attr: [MySQLClient, role_data, step_config]}
|
|
config_image: {get_param: DockerIronicConfigImage}
|
|
kolla_config:
|
|
/var/lib/kolla/config_files/ironic_conductor.json:
|
|
command: /usr/bin/ironic-conductor
|
|
config_files:
|
|
- source: "/var/lib/kolla/config_files/src/*"
|
|
dest: "/"
|
|
merge: true
|
|
preserve_properties: true
|
|
permissions:
|
|
- path: /var/lib/ironic
|
|
owner: ironic:ironic
|
|
recurse: true
|
|
- path: /var/log/ironic
|
|
owner: ironic:ironic
|
|
recurse: true
|
|
docker_config_scripts:
|
|
create_swift_temp_url_key.sh:
|
|
mode: "0700"
|
|
content: |
|
|
#!/bin/bash
|
|
export OS_PROJECT_DOMAIN_NAME=$(crudini --get /etc/ironic/ironic.conf swift project_domain_name)
|
|
export OS_USER_DOMAIN_NAME=$(crudini --get /etc/ironic/ironic.conf swift user_domain_name)
|
|
export OS_PROJECT_NAME=$(crudini --get /etc/ironic/ironic.conf swift project_name)
|
|
export OS_USERNAME=$(crudini --get /etc/ironic/ironic.conf swift username)
|
|
export OS_PASSWORD=$(crudini --get /etc/ironic/ironic.conf swift password)
|
|
export OS_AUTH_URL=$(crudini --get /etc/ironic/ironic.conf swift auth_url)
|
|
export OS_AUTH_TYPE=password
|
|
export OS_IDENTITY_API_VERSION=3
|
|
|
|
echo "Check if a temporary URL key already exists"
|
|
KEY_SET=$(openstack object store account show -c properties -f value 2>/dev/null | tr ',' '\n' | grep Temp-Url-Key || true)
|
|
if [ -z $KEY_SET ]; then
|
|
echo "Creating a new temporary URL for project $OS_PROJECT_NAME"
|
|
SWIFT_TEMP_URL_KEY=$(uuidgen | sha1sum | awk '{print $1}')
|
|
openstack object store account set --property "Temp-URL-Key=$SWIFT_TEMP_URL_KEY" || exit 1
|
|
fi
|
|
docker_config:
|
|
step_4:
|
|
map_merge:
|
|
- if:
|
|
- configure_swift_temp_url
|
|
- create_swift_temp_url_key:
|
|
start_order: 70
|
|
image: &ironic_conductor_image {get_param: DockerIronicConductorImage}
|
|
net: host
|
|
detach: false
|
|
volumes:
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, volumes]}
|
|
-
|
|
- /var/lib/config-data/puppet-generated/ironic/etc/ironic:/etc/ironic:ro
|
|
- /var/lib/docker-config-scripts/create_swift_temp_url_key.sh:/create_swift_temp_url_key.sh:ro
|
|
user: root
|
|
command: "/usr/bin/bootstrap_host_exec ironic_conductor /create_swift_temp_url_key.sh"
|
|
- {}
|
|
- ironic_conductor:
|
|
start_order: 80
|
|
image: *ironic_conductor_image
|
|
net: host
|
|
privileged: true
|
|
restart: always
|
|
healthcheck:
|
|
test: /openstack/healthcheck
|
|
volumes:
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, volumes]}
|
|
-
|
|
- /var/lib/kolla/config_files/ironic_conductor.json:/var/lib/kolla/config_files/config.json:ro
|
|
- /var/lib/config-data/puppet-generated/ironic/:/var/lib/kolla/config_files/src:ro
|
|
- /lib/modules:/lib/modules:ro
|
|
- /sys:/sys
|
|
- /dev:/dev
|
|
- /run:/run #shared?
|
|
- /var/lib/ironic:/var/lib/ironic
|
|
- /var/log/containers/ironic:/var/log/ironic
|
|
environment:
|
|
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
|
host_prep_tasks:
|
|
- name: create persistent directories
|
|
file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
with_items:
|
|
- /var/log/containers/ironic
|
|
- /var/lib/ironic
|
|
- name: ironic logs readme
|
|
copy:
|
|
dest: /var/log/ironic/readme.txt
|
|
content: |
|
|
Log files from ironic containers can be found under
|
|
/var/log/containers/ironic and /var/log/containers/httpd/ironic-*.
|
|
ignore_errors: true
|
|
- name: stat /httpboot
|
|
stat: path=/httpboot
|
|
register: stat_httpboot
|
|
- name: stat /tftpboot
|
|
stat: path=/tftpboot
|
|
register: stat_tftpboot
|
|
- name: stat /var/lib/ironic/httpboot
|
|
stat: path=/var/lib/ironic/httpboot
|
|
register: stat_ironic_httpboot
|
|
- name: stat /var/lib/ironic/tftpboot
|
|
stat: path=/var/lib/ironic/tftpboot
|
|
register: stat_ironic_tftpboot
|
|
# cannot use 'copy' module as with 'remote_src' it doesn't support recursion
|
|
- name: migrate /httpboot to containerized (if applicable)
|
|
command: /bin/cp -R /httpboot /var/lib/ironic/httpboot
|
|
when: stat_httpboot.stat.exists and not stat_ironic_httpboot.stat.exists
|
|
- name: migrate /tftpboot to containerized (if applicable)
|
|
command: /bin/cp -R /tftpboot /var/lib/ironic/tftpboot
|
|
when: stat_tftpboot.stat.exists and not stat_ironic_tftpboot.stat.exists
|
|
# Even if there was nothing to copy from original locations,
|
|
# we need to create the dirs before starting the containers
|
|
- name: ensure ironic pxe directories exist
|
|
file:
|
|
path: /var/lib/ironic/{{ item }}
|
|
state: directory
|
|
with_items:
|
|
- httpboot
|
|
- tftpboot
|
|
upgrade_tasks:
|
|
- when: step|int == 0
|
|
tags: common
|
|
block:
|
|
- name: Check if ironic_conductor is deployed
|
|
command: systemctl is-enabled --quiet openstack-ironic-conductor
|
|
ignore_errors: True
|
|
register: ironic_conductor_enabled_result
|
|
- name: Set fact ironic_conductor_enabled
|
|
set_fact:
|
|
ironic_conductor_enabled: "{{ ironic_conductor_enabled_result.rc == 0 }}"
|
|
- name: "PreUpgrade step0,validation: Check service openstack-ironic-conductor is running"
|
|
command: systemctl is-active --quiet openstack-ironic-conductor
|
|
tags: validation
|
|
when: ironic_conductor_enabled|bool
|
|
- when: step|int == 2
|
|
block:
|
|
- name: Stop and disable ironic_conductor service
|
|
when: ironic_conductor_enabled|bool
|
|
service: name=openstack-ironic-conductor state=stopped enabled=no
|
|
- name: Set fact for removal of openstack-ironic-conductor package
|
|
set_fact:
|
|
remove_ironic_conductor_package: {get_param: UpgradeRemoveUnusedPackages}
|
|
- name: Remove openstack-ironic-conductor package if operator requests it
|
|
yum: name=openstack-ironic-conductor state=removed
|
|
ignore_errors: True
|
|
when: remove_ironic_conductor_package|bool
|
|
fast_forward_upgrade_tasks:
|
|
- block:
|
|
- name: Check if ironic_conductor is deployed
|
|
command: systemctl is-enabled --quiet openstack-ironic-conductor
|
|
ignore_errors: True
|
|
register: ironic_conductor_enabled_result
|
|
- name: Set fact ironic_conductor_enabled
|
|
set_fact:
|
|
ironic_conductor_enabled: "{{ ironic_conductor_enabled_result.rc == 0 }}"
|
|
when:
|
|
- step|int == 0
|
|
- release == 'ocata'
|
|
- name: Stop openstack-ironic-conductor
|
|
service: name=openstack-ironic-conductor state=stopped enabled=no
|
|
when:
|
|
- step|int == 1
|
|
- release == 'ocata'
|
|
- ironic_conductor_enabled|bool
|