096fa87741
Previously the kolla config is merging the existing apache configuration files in the container with our generated ones. This can lead to extra configurations in the containers that we are not expecting. This change updates the kolla configs to not merge the httpd conf.d folder so we only end up with our expected configurations. Change-Id: Ibb9bbeb12e73b2cf8887554f461873e42532edd7 Related-Bug: 1813084
512 lines
19 KiB
YAML
512 lines
19 KiB
YAML
heat_template_version: rocky
|
|
|
|
description: >
|
|
OpenStack containerized Nova API service
|
|
|
|
parameters:
|
|
DockerNovaApiImage:
|
|
description: image
|
|
type: string
|
|
DockerNovaConfigImage:
|
|
description: The container image to use for the nova config_volume
|
|
type: string
|
|
NovaApiLoggingSource:
|
|
type: json
|
|
default:
|
|
tag: openstack.nova.api
|
|
path: /var/log/containers/nova/nova-api.log
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
EnableInternalTLS:
|
|
type: boolean
|
|
default: false
|
|
NovaDbSyncTimeout:
|
|
default: 300
|
|
description: Timeout for Nova db sync
|
|
type: number
|
|
UpgradeRemoveUnusedPackages:
|
|
default: false
|
|
description: Remove package if the service is being disabled during upgrade
|
|
type: boolean
|
|
DeployIdentifier:
|
|
default: ''
|
|
type: string
|
|
description: >
|
|
Setting this to a unique value will re-run any deployment tasks which
|
|
perform configuration on a Heat stack-update.
|
|
NovaPassword:
|
|
description: The password for the nova service and db account
|
|
type: string
|
|
hidden: true
|
|
MysqlIPv6:
|
|
default: false
|
|
description: Enable IPv6 in MySQL
|
|
type: boolean
|
|
|
|
conditions:
|
|
|
|
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
|
|
|
mysql_ipv6_use_ip_address:
|
|
and:
|
|
- {equals: [{get_param: MysqlIPv6}, true]}
|
|
- {equals: [{get_param: EnableInternalTLS}, false]}
|
|
|
|
resources:
|
|
|
|
ContainersCommon:
|
|
type: ./containers-common.yaml
|
|
|
|
MySQLClient:
|
|
type: ../../puppet/services/database/mysql-client.yaml
|
|
|
|
NovaApiBase:
|
|
type: ../../puppet/services/nova-api.yaml
|
|
properties:
|
|
EndpointMap: {get_param: EndpointMap}
|
|
ServiceData: {get_param: ServiceData}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
RoleName: {get_param: RoleName}
|
|
RoleParameters: {get_param: RoleParameters}
|
|
|
|
NovaApiLogging:
|
|
type: OS::TripleO::Services::Logging::NovaApi
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Nova API role.
|
|
value:
|
|
service_name: {get_attr: [NovaApiBase, role_data, service_name]}
|
|
config_settings:
|
|
map_merge:
|
|
- get_attr: [NovaApiBase, role_data, config_settings]
|
|
- get_attr: [NovaApiLogging, config_settings]
|
|
- apache::default_vhost: false
|
|
service_config_settings:
|
|
map_merge:
|
|
- get_attr: [NovaApiBase, role_data, service_config_settings]
|
|
- fluentd:
|
|
tripleo_fluentd_groups_nova_api:
|
|
- nova
|
|
tripleo_fluentd_sources_nova_api:
|
|
- {get_param: NovaApiLoggingSource}
|
|
# BEGIN DOCKER SETTINGS
|
|
puppet_config:
|
|
config_volume: nova
|
|
puppet_tags: nova_config
|
|
step_config:
|
|
list_join:
|
|
- "\n"
|
|
- - "['Nova_cell_v2'].each |String $val| { noop_resource($val) }"
|
|
- {get_attr: [NovaApiBase, role_data, step_config]}
|
|
- {get_attr: [MySQLClient, role_data, step_config]}
|
|
config_image: {get_param: DockerNovaConfigImage}
|
|
kolla_config:
|
|
/var/lib/kolla/config_files/nova_api.json:
|
|
command: /usr/sbin/httpd -DFOREGROUND
|
|
config_files:
|
|
- source: "/var/lib/kolla/config_files/src/etc/httpd/conf.d"
|
|
dest: "/etc/httpd/conf.d"
|
|
merge: false
|
|
preserve_properties: true
|
|
- source: "/var/lib/kolla/config_files/src/*"
|
|
dest: "/"
|
|
merge: true
|
|
preserve_properties: true
|
|
permissions:
|
|
- path: /var/log/nova
|
|
owner: nova:nova
|
|
recurse: true
|
|
/var/lib/kolla/config_files/nova_api_cron.json:
|
|
command: /usr/sbin/crond -n
|
|
config_files:
|
|
- source: "/var/lib/kolla/config_files/src/*"
|
|
dest: "/"
|
|
merge: true
|
|
preserve_properties: true
|
|
permissions:
|
|
- path: /var/log/nova
|
|
owner: nova:nova
|
|
recurse: true
|
|
docker_config_scripts:
|
|
nova_api_ensure_default_cell.sh:
|
|
mode: "0700"
|
|
content:
|
|
str_replace:
|
|
template: |
|
|
#!/bin/bash
|
|
DEFID=$(nova-manage cell_v2 list_cells | sed -e '1,3d' -e '$d' | awk -F ' *| *' '$2 == "default" {print $4}')
|
|
if [ "$DEFID" ]; then
|
|
echo "(cellv2) Updating default cell_v2 cell $DEFID"
|
|
su nova -s /bin/bash -c "/usr/bin/nova-manage cell_v2 update_cell --cell_uuid $DEFID --name=default --database_connection='CELLDB' --transport-url='TRANSPORTURL'"
|
|
else
|
|
echo "(cellv2) Creating default cell_v2 cell"
|
|
su nova -s /bin/bash -c "/usr/bin/nova-manage cell_v2 create_cell --name=default --database_connection='CELLDB' --transport-url='TRANSPORTURL'"
|
|
fi
|
|
params:
|
|
CELLDB:
|
|
list_join:
|
|
- ''
|
|
- - '{scheme}'
|
|
- '://'
|
|
- '{username}'
|
|
- ':'
|
|
- '{password}'
|
|
- '@'
|
|
-
|
|
if:
|
|
- mysql_ipv6_use_ip_address
|
|
- '[{hostname}]'
|
|
- '{hostname}'
|
|
- '/'
|
|
- 'nova'
|
|
- '?'
|
|
- '{query}'
|
|
TRANSPORTURL:
|
|
list_join:
|
|
- ''
|
|
- - '$(hiera -c /etc/puppet/hiera.yaml oslo_messaging_rpc_scheme rabbit)'
|
|
- '://'
|
|
- '{username}'
|
|
- ':'
|
|
- '{password}'
|
|
- '@'
|
|
- '{hostname}'
|
|
- ':$(hiera -c /etc/puppet/hiera.yaml oslo_messaging_rpc_port 5672)'
|
|
- '/'
|
|
- '?'
|
|
- '{query}'
|
|
docker_config:
|
|
step_2:
|
|
get_attr: [NovaApiLogging, docker_config, step_2]
|
|
step_3:
|
|
nova_api_db_sync:
|
|
start_order: 0
|
|
image: &nova_api_image {get_param: DockerNovaApiImage}
|
|
net: host
|
|
detach: false
|
|
user: root
|
|
volumes: &nova_api_bootstrap_volumes
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, volumes]}
|
|
- {get_attr: [NovaApiLogging, volumes]}
|
|
-
|
|
- /var/lib/config-data/nova/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
|
|
- /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro
|
|
command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage api_db sync'"
|
|
nova_api_map_cell0:
|
|
start_order: 1
|
|
image: *nova_api_image
|
|
net: host
|
|
detach: false
|
|
user: root
|
|
volumes: *nova_api_bootstrap_volumes
|
|
command:
|
|
str_replace:
|
|
template: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 map_cell0 --database_connection=\"CELL0DB\"'"
|
|
params:
|
|
CELL0DB:
|
|
list_join:
|
|
- ''
|
|
- - '{scheme}'
|
|
- '://'
|
|
- '{username}'
|
|
- ':'
|
|
- '{password}'
|
|
- '@'
|
|
-
|
|
if:
|
|
- mysql_ipv6_use_ip_address
|
|
- '[{hostname}]'
|
|
- '{hostname}'
|
|
- '/'
|
|
- 'nova_cell0'
|
|
- '?'
|
|
- '{query}'
|
|
nova_api_ensure_default_cell:
|
|
start_order: 2
|
|
image: *nova_api_image
|
|
net: host
|
|
detach: false
|
|
volumes:
|
|
list_concat:
|
|
- *nova_api_bootstrap_volumes
|
|
-
|
|
- /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro
|
|
- /var/lib/docker-config-scripts/nova_api_ensure_default_cell.sh:/nova_api_ensure_default_cell.sh:ro
|
|
user: root
|
|
command: "/usr/bin/bootstrap_host_exec nova_api /nova_api_ensure_default_cell.sh"
|
|
nova_db_sync:
|
|
start_order: 3
|
|
image: *nova_api_image
|
|
net: host
|
|
detach: false
|
|
volumes: *nova_api_bootstrap_volumes
|
|
user: root
|
|
command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage db sync'"
|
|
step_4:
|
|
nova_api:
|
|
start_order: 2
|
|
image: *nova_api_image
|
|
net: host
|
|
user: root
|
|
privileged: true
|
|
restart: always
|
|
healthcheck:
|
|
test: /openstack/healthcheck
|
|
volumes:
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, volumes]}
|
|
- {get_attr: [NovaApiLogging, volumes]}
|
|
-
|
|
- /var/lib/kolla/config_files/nova_api.json:/var/lib/kolla/config_files/config.json:ro
|
|
- /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro
|
|
-
|
|
if:
|
|
- internal_tls_enabled
|
|
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
|
|
- ''
|
|
-
|
|
if:
|
|
- internal_tls_enabled
|
|
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
|
|
- ''
|
|
environment:
|
|
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
|
nova_api_cron:
|
|
image: *nova_api_image
|
|
net: host
|
|
user: root
|
|
privileged: false
|
|
restart: always
|
|
volumes:
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, volumes]}
|
|
- {get_attr: [NovaApiLogging, volumes]}
|
|
-
|
|
- /var/lib/kolla/config_files/nova_api_cron.json:/var/lib/kolla/config_files/config.json:ro
|
|
- /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro
|
|
environment:
|
|
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
|
metadata_settings:
|
|
get_attr: [NovaApiBase, role_data, metadata_settings]
|
|
host_prep_tasks: {get_attr: [NovaApiLogging, host_prep_tasks]}
|
|
upgrade_tasks:
|
|
- when: step|int == 0
|
|
tags: common
|
|
block:
|
|
- name: set is_nova_api_bootstrap_node fact
|
|
set_fact: is_nova_api_bootstrap_node={{nova_api_short_bootstrap_node_name|lower == ansible_hostname|lower}}
|
|
- name: Ensure all online data migrations for Nova have been applied
|
|
shell: |
|
|
if {{ container_cli }} ps | grep nova_api; then
|
|
{{ container_cli }} exec nova_api nova-manage db online_data_migrations
|
|
# handle situation when container_cli is podman but
|
|
# the containers are still under docker
|
|
elif docker ps | grep nova_api; then
|
|
docker exec nova_api nova-manage db online_data_migrations
|
|
fi
|
|
tags: pre-upgrade
|
|
when: is_nova_api_bootstrap_node|bool
|
|
- when: step|int == 3
|
|
block:
|
|
- name: Set fact for removal of openstack-nova-api package
|
|
set_fact:
|
|
remove_nova_api_package: {get_param: UpgradeRemoveUnusedPackages}
|
|
- name: Remove openstack-nova-api package if operator requests it
|
|
package: name=openstack-nova-api state=removed
|
|
ignore_errors: True
|
|
when:
|
|
- remove_nova_api_package|bool
|
|
external_upgrade_tasks:
|
|
- when: step|int == 1
|
|
block:
|
|
- name: Online data migration for Nova
|
|
command: "{{ container_cli }} exec nova_api nova-manage db online_data_migrations"
|
|
delegate_to: "{{ groups['nova_api'][0] }}"
|
|
become: true
|
|
tags:
|
|
- online_upgrade
|
|
- online_upgrade_nova
|
|
post_upgrade_tasks:
|
|
- when: step|int == 1
|
|
import_role:
|
|
name: tripleo-docker-rm
|
|
vars:
|
|
containers_to_rm:
|
|
- nova_api
|
|
- nova_api_cron
|
|
fast_forward_upgrade_tasks:
|
|
- when:
|
|
- step|int == 0
|
|
- release == 'ocata'
|
|
block:
|
|
- name: Check if nova-api is deployed
|
|
command: systemctl is-enabled --quiet openstack-nova-api
|
|
ignore_errors: True
|
|
register: nova_api_enabled_result
|
|
- name: Set fact nova_api_enabled
|
|
set_fact:
|
|
nova_api_enabled: "{{ nova_api_enabled_result.rc == 0 }}"
|
|
- name: Stop openstack-nova-api service
|
|
service: name=openstack-nova-api state=stopped
|
|
when:
|
|
- step|int == 1
|
|
- nova_api_enabled|bool
|
|
- release == 'ocata'
|
|
- name: Extra migration for nova tripleo/+bug/1656791
|
|
command: nova-manage db online_data_migrations
|
|
when:
|
|
- step|int == 5
|
|
- release == 'ocata'
|
|
- is_bootstrap_node|bool
|
|
- name: Update nova packages
|
|
package:
|
|
name: '*nova*'
|
|
state: latest
|
|
when:
|
|
- step|int == 6
|
|
- is_bootstrap_node|bool
|
|
#FIXME(lyarwood): Use puppet to do this?
|
|
- when:
|
|
- step|int == 7
|
|
- release == 'ocata'
|
|
- is_bootstrap_node|bool
|
|
block:
|
|
- name: Create puppet manifest to set transport_url in nova.conf
|
|
copy:
|
|
dest: /root/nova-api_upgrade_manifest.pp
|
|
mode: 0600
|
|
content: >
|
|
$transport_url = os_transport_url({
|
|
'transport' => hiera('messaging_service_name', 'rabbit'),
|
|
'hosts' => any2array(hiera('rabbitmq_node_names', undef)),
|
|
'port' => sprintf('%s',hiera('nova::rabbit_port', '5672') ),
|
|
'username' => hiera('nova::rabbit_userid', 'guest'),
|
|
'password' => hiera('nova::rabbit_password'),
|
|
'ssl' => sprintf('%s', bool2num(str2bool(hiera('nova::rabbit_use_ssl', '0'))))
|
|
})
|
|
oslo::messaging::default { 'nova_config':
|
|
transport_url => $transport_url
|
|
}
|
|
|
|
- name: Run puppet apply to set tranport_url in nova.conf
|
|
command: puppet apply --modulepath /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules --detailed-exitcodes /root/nova-api_upgrade_manifest.pp
|
|
register: puppet_apply_nova_api_upgrade
|
|
failed_when: puppet_apply_nova_api_upgrade.rc not in [0,2]
|
|
changed_when: puppet_apply_nova_api_upgrade.rc == 2
|
|
- name: Setup cell_v2 (map cell0)
|
|
shell:
|
|
str_replace:
|
|
template: nova-manage cell_v2 map_cell0 --database_connection='CELL0DB' --transport-url="'TRANSPORTURL'"
|
|
params:
|
|
CELL0DB:
|
|
list_join:
|
|
- ''
|
|
- - '{scheme}'
|
|
- '://'
|
|
- '{username}'
|
|
- ':'
|
|
- '{password}'
|
|
- '@'
|
|
-
|
|
if:
|
|
- mysql_ipv6_use_ip_address
|
|
- '[{hostname}]'
|
|
- '{hostname}'
|
|
- '/'
|
|
- 'nova_cell0'
|
|
- '?'
|
|
- '{query}'
|
|
TRANSPORTURL:
|
|
list_join:
|
|
- ''
|
|
- - '$(hiera -c /etc/puppet/hiera.yaml oslo_messaging_rpc_scheme rabbit)'
|
|
- '://'
|
|
- '{username}'
|
|
- ':'
|
|
- '{password}'
|
|
- '@'
|
|
- '{hostname}'
|
|
- ':$(hiera -c /etc/puppet/hiera.yaml oslo_messaging_rpc_port 5672)'
|
|
- '/'
|
|
- '?'
|
|
- '{query}'
|
|
- name: Setup cell_v2 (create default cell)
|
|
# (owalsh) puppet-nova expects the cell name 'default'
|
|
shell:
|
|
str_replace:
|
|
template: nova-manage cell_v2 create_cell --name='default' --database_connection='CELLDB'
|
|
params:
|
|
CELLDB:
|
|
list_join:
|
|
- ''
|
|
- - '{scheme}'
|
|
- '://'
|
|
- '{username}'
|
|
- ':'
|
|
- '{password}'
|
|
- '@'
|
|
-
|
|
if:
|
|
- mysql_ipv6_use_ip_address
|
|
- '[{hostname}]'
|
|
- '{hostname}'
|
|
- '/'
|
|
- 'nova'
|
|
- '?'
|
|
- '{query}'
|
|
register: nova_api_create_cell
|
|
failed_when: nova_api_create_cell.rc not in [0,2]
|
|
changed_when: nova_api_create_cell.rc == 0
|
|
- name: Setup cell_v2 (sync nova/cell DB)
|
|
command: nova-manage db sync
|
|
async: {get_param: NovaDbSyncTimeout}
|
|
poll: 10
|
|
- name: Setup cell_v2 (get cell uuid)
|
|
shell: nova-manage cell_v2 list_cells | sed -e '1,3d' -e '$d' | awk -F ' *| *' '$2 == "default" {print $4}'
|
|
register: nova_api_cell_uuid
|
|
- name: Setup cell_v2 (migrate hosts)
|
|
command: nova-manage cell_v2 discover_hosts --cell_uuid {{nova_api_cell_uuid.stdout}} --verbose
|
|
- name: Setup cell_v2 (migrate instances)
|
|
command: nova-manage cell_v2 map_instances --cell_uuid {{nova_api_cell_uuid.stdout}}
|
|
- when:
|
|
- step|int == 8
|
|
- is_bootstrap_node|bool
|
|
block:
|
|
- name: Sync nova/cell DB
|
|
command: nova-manage db sync
|
|
async: {get_param: NovaDbSyncTimeout}
|
|
poll: 10
|
|
when:
|
|
- release == 'pike'
|
|
- name: Sync nova_api DB
|
|
command: nova-manage api_db sync
|
|
- name: Online data migration for nova
|
|
command: nova-manage db online_data_migrations
|