tripleo-heat-templates/docker/services/nova-api.yaml
Alex Schultz 096fa87741 Explicitly manage http configs
Previously the kolla config is merging the existing apache configuration
files in the container with our generated ones. This can lead to extra
configurations in the containers that we are not expecting. This change
updates the kolla configs to not merge the httpd conf.d folder so we only
end up with our expected configurations.

Change-Id: Ibb9bbeb12e73b2cf8887554f461873e42532edd7
Related-Bug: 1813084
2019-01-24 11:08:28 -07:00

512 lines
19 KiB
YAML

heat_template_version: rocky
description: >
OpenStack containerized Nova API service
parameters:
DockerNovaApiImage:
description: image
type: string
DockerNovaConfigImage:
description: The container image to use for the nova config_volume
type: string
NovaApiLoggingSource:
type: json
default:
tag: openstack.nova.api
path: /var/log/containers/nova/nova-api.log
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EnableInternalTLS:
type: boolean
default: false
NovaDbSyncTimeout:
default: 300
description: Timeout for Nova db sync
type: number
UpgradeRemoveUnusedPackages:
default: false
description: Remove package if the service is being disabled during upgrade
type: boolean
DeployIdentifier:
default: ''
type: string
description: >
Setting this to a unique value will re-run any deployment tasks which
perform configuration on a Heat stack-update.
NovaPassword:
description: The password for the nova service and db account
type: string
hidden: true
MysqlIPv6:
default: false
description: Enable IPv6 in MySQL
type: boolean
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
mysql_ipv6_use_ip_address:
and:
- {equals: [{get_param: MysqlIPv6}, true]}
- {equals: [{get_param: EnableInternalTLS}, false]}
resources:
ContainersCommon:
type: ./containers-common.yaml
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
NovaApiBase:
type: ../../puppet/services/nova-api.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
NovaApiLogging:
type: OS::TripleO::Services::Logging::NovaApi
outputs:
role_data:
description: Role data for the Nova API role.
value:
service_name: {get_attr: [NovaApiBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [NovaApiBase, role_data, config_settings]
- get_attr: [NovaApiLogging, config_settings]
- apache::default_vhost: false
service_config_settings:
map_merge:
- get_attr: [NovaApiBase, role_data, service_config_settings]
- fluentd:
tripleo_fluentd_groups_nova_api:
- nova
tripleo_fluentd_sources_nova_api:
- {get_param: NovaApiLoggingSource}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: nova
puppet_tags: nova_config
step_config:
list_join:
- "\n"
- - "['Nova_cell_v2'].each |String $val| { noop_resource($val) }"
- {get_attr: [NovaApiBase, role_data, step_config]}
- {get_attr: [MySQLClient, role_data, step_config]}
config_image: {get_param: DockerNovaConfigImage}
kolla_config:
/var/lib/kolla/config_files/nova_api.json:
command: /usr/sbin/httpd -DFOREGROUND
config_files:
- source: "/var/lib/kolla/config_files/src/etc/httpd/conf.d"
dest: "/etc/httpd/conf.d"
merge: false
preserve_properties: true
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/nova
owner: nova:nova
recurse: true
/var/lib/kolla/config_files/nova_api_cron.json:
command: /usr/sbin/crond -n
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/nova
owner: nova:nova
recurse: true
docker_config_scripts:
nova_api_ensure_default_cell.sh:
mode: "0700"
content:
str_replace:
template: |
#!/bin/bash
DEFID=$(nova-manage cell_v2 list_cells | sed -e '1,3d' -e '$d' | awk -F ' *| *' '$2 == "default" {print $4}')
if [ "$DEFID" ]; then
echo "(cellv2) Updating default cell_v2 cell $DEFID"
su nova -s /bin/bash -c "/usr/bin/nova-manage cell_v2 update_cell --cell_uuid $DEFID --name=default --database_connection='CELLDB' --transport-url='TRANSPORTURL'"
else
echo "(cellv2) Creating default cell_v2 cell"
su nova -s /bin/bash -c "/usr/bin/nova-manage cell_v2 create_cell --name=default --database_connection='CELLDB' --transport-url='TRANSPORTURL'"
fi
params:
CELLDB:
list_join:
- ''
- - '{scheme}'
- '://'
- '{username}'
- ':'
- '{password}'
- '@'
-
if:
- mysql_ipv6_use_ip_address
- '[{hostname}]'
- '{hostname}'
- '/'
- 'nova'
- '?'
- '{query}'
TRANSPORTURL:
list_join:
- ''
- - '$(hiera -c /etc/puppet/hiera.yaml oslo_messaging_rpc_scheme rabbit)'
- '://'
- '{username}'
- ':'
- '{password}'
- '@'
- '{hostname}'
- ':$(hiera -c /etc/puppet/hiera.yaml oslo_messaging_rpc_port 5672)'
- '/'
- '?'
- '{query}'
docker_config:
step_2:
get_attr: [NovaApiLogging, docker_config, step_2]
step_3:
nova_api_db_sync:
start_order: 0
image: &nova_api_image {get_param: DockerNovaApiImage}
net: host
detach: false
user: root
volumes: &nova_api_bootstrap_volumes
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [NovaApiLogging, volumes]}
-
- /var/lib/config-data/nova/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro
command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage api_db sync'"
nova_api_map_cell0:
start_order: 1
image: *nova_api_image
net: host
detach: false
user: root
volumes: *nova_api_bootstrap_volumes
command:
str_replace:
template: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 map_cell0 --database_connection=\"CELL0DB\"'"
params:
CELL0DB:
list_join:
- ''
- - '{scheme}'
- '://'
- '{username}'
- ':'
- '{password}'
- '@'
-
if:
- mysql_ipv6_use_ip_address
- '[{hostname}]'
- '{hostname}'
- '/'
- 'nova_cell0'
- '?'
- '{query}'
nova_api_ensure_default_cell:
start_order: 2
image: *nova_api_image
net: host
detach: false
volumes:
list_concat:
- *nova_api_bootstrap_volumes
-
- /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro
- /var/lib/docker-config-scripts/nova_api_ensure_default_cell.sh:/nova_api_ensure_default_cell.sh:ro
user: root
command: "/usr/bin/bootstrap_host_exec nova_api /nova_api_ensure_default_cell.sh"
nova_db_sync:
start_order: 3
image: *nova_api_image
net: host
detach: false
volumes: *nova_api_bootstrap_volumes
user: root
command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage db sync'"
step_4:
nova_api:
start_order: 2
image: *nova_api_image
net: host
user: root
privileged: true
restart: always
healthcheck:
test: /openstack/healthcheck
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [NovaApiLogging, volumes]}
-
- /var/lib/kolla/config_files/nova_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro
-
if:
- internal_tls_enabled
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
- ''
-
if:
- internal_tls_enabled
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
- ''
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
nova_api_cron:
image: *nova_api_image
net: host
user: root
privileged: false
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [NovaApiLogging, volumes]}
-
- /var/lib/kolla/config_files/nova_api_cron.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
metadata_settings:
get_attr: [NovaApiBase, role_data, metadata_settings]
host_prep_tasks: {get_attr: [NovaApiLogging, host_prep_tasks]}
upgrade_tasks:
- when: step|int == 0
tags: common
block:
- name: set is_nova_api_bootstrap_node fact
set_fact: is_nova_api_bootstrap_node={{nova_api_short_bootstrap_node_name|lower == ansible_hostname|lower}}
- name: Ensure all online data migrations for Nova have been applied
shell: |
if {{ container_cli }} ps | grep nova_api; then
{{ container_cli }} exec nova_api nova-manage db online_data_migrations
# handle situation when container_cli is podman but
# the containers are still under docker
elif docker ps | grep nova_api; then
docker exec nova_api nova-manage db online_data_migrations
fi
tags: pre-upgrade
when: is_nova_api_bootstrap_node|bool
- when: step|int == 3
block:
- name: Set fact for removal of openstack-nova-api package
set_fact:
remove_nova_api_package: {get_param: UpgradeRemoveUnusedPackages}
- name: Remove openstack-nova-api package if operator requests it
package: name=openstack-nova-api state=removed
ignore_errors: True
when:
- remove_nova_api_package|bool
external_upgrade_tasks:
- when: step|int == 1
block:
- name: Online data migration for Nova
command: "{{ container_cli }} exec nova_api nova-manage db online_data_migrations"
delegate_to: "{{ groups['nova_api'][0] }}"
become: true
tags:
- online_upgrade
- online_upgrade_nova
post_upgrade_tasks:
- when: step|int == 1
import_role:
name: tripleo-docker-rm
vars:
containers_to_rm:
- nova_api
- nova_api_cron
fast_forward_upgrade_tasks:
- when:
- step|int == 0
- release == 'ocata'
block:
- name: Check if nova-api is deployed
command: systemctl is-enabled --quiet openstack-nova-api
ignore_errors: True
register: nova_api_enabled_result
- name: Set fact nova_api_enabled
set_fact:
nova_api_enabled: "{{ nova_api_enabled_result.rc == 0 }}"
- name: Stop openstack-nova-api service
service: name=openstack-nova-api state=stopped
when:
- step|int == 1
- nova_api_enabled|bool
- release == 'ocata'
- name: Extra migration for nova tripleo/+bug/1656791
command: nova-manage db online_data_migrations
when:
- step|int == 5
- release == 'ocata'
- is_bootstrap_node|bool
- name: Update nova packages
package:
name: '*nova*'
state: latest
when:
- step|int == 6
- is_bootstrap_node|bool
#FIXME(lyarwood): Use puppet to do this?
- when:
- step|int == 7
- release == 'ocata'
- is_bootstrap_node|bool
block:
- name: Create puppet manifest to set transport_url in nova.conf
copy:
dest: /root/nova-api_upgrade_manifest.pp
mode: 0600
content: >
$transport_url = os_transport_url({
'transport' => hiera('messaging_service_name', 'rabbit'),
'hosts' => any2array(hiera('rabbitmq_node_names', undef)),
'port' => sprintf('%s',hiera('nova::rabbit_port', '5672') ),
'username' => hiera('nova::rabbit_userid', 'guest'),
'password' => hiera('nova::rabbit_password'),
'ssl' => sprintf('%s', bool2num(str2bool(hiera('nova::rabbit_use_ssl', '0'))))
})
oslo::messaging::default { 'nova_config':
transport_url => $transport_url
}
- name: Run puppet apply to set tranport_url in nova.conf
command: puppet apply --modulepath /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules --detailed-exitcodes /root/nova-api_upgrade_manifest.pp
register: puppet_apply_nova_api_upgrade
failed_when: puppet_apply_nova_api_upgrade.rc not in [0,2]
changed_when: puppet_apply_nova_api_upgrade.rc == 2
- name: Setup cell_v2 (map cell0)
shell:
str_replace:
template: nova-manage cell_v2 map_cell0 --database_connection='CELL0DB' --transport-url="'TRANSPORTURL'"
params:
CELL0DB:
list_join:
- ''
- - '{scheme}'
- '://'
- '{username}'
- ':'
- '{password}'
- '@'
-
if:
- mysql_ipv6_use_ip_address
- '[{hostname}]'
- '{hostname}'
- '/'
- 'nova_cell0'
- '?'
- '{query}'
TRANSPORTURL:
list_join:
- ''
- - '$(hiera -c /etc/puppet/hiera.yaml oslo_messaging_rpc_scheme rabbit)'
- '://'
- '{username}'
- ':'
- '{password}'
- '@'
- '{hostname}'
- ':$(hiera -c /etc/puppet/hiera.yaml oslo_messaging_rpc_port 5672)'
- '/'
- '?'
- '{query}'
- name: Setup cell_v2 (create default cell)
# (owalsh) puppet-nova expects the cell name 'default'
shell:
str_replace:
template: nova-manage cell_v2 create_cell --name='default' --database_connection='CELLDB'
params:
CELLDB:
list_join:
- ''
- - '{scheme}'
- '://'
- '{username}'
- ':'
- '{password}'
- '@'
-
if:
- mysql_ipv6_use_ip_address
- '[{hostname}]'
- '{hostname}'
- '/'
- 'nova'
- '?'
- '{query}'
register: nova_api_create_cell
failed_when: nova_api_create_cell.rc not in [0,2]
changed_when: nova_api_create_cell.rc == 0
- name: Setup cell_v2 (sync nova/cell DB)
command: nova-manage db sync
async: {get_param: NovaDbSyncTimeout}
poll: 10
- name: Setup cell_v2 (get cell uuid)
shell: nova-manage cell_v2 list_cells | sed -e '1,3d' -e '$d' | awk -F ' *| *' '$2 == "default" {print $4}'
register: nova_api_cell_uuid
- name: Setup cell_v2 (migrate hosts)
command: nova-manage cell_v2 discover_hosts --cell_uuid {{nova_api_cell_uuid.stdout}} --verbose
- name: Setup cell_v2 (migrate instances)
command: nova-manage cell_v2 map_instances --cell_uuid {{nova_api_cell_uuid.stdout}}
- when:
- step|int == 8
- is_bootstrap_node|bool
block:
- name: Sync nova/cell DB
command: nova-manage db sync
async: {get_param: NovaDbSyncTimeout}
poll: 10
when:
- release == 'pike'
- name: Sync nova_api DB
command: nova-manage api_db sync
- name: Online data migration for nova
command: nova-manage db online_data_migrations