tripleo-heat-templates/docker/services/nova-compute.yaml
Juan Antonio Osorio Robles ad81fba15d Mount mysql client configuration in nova cell discovery container
Without this it will ignore the TLS options (like the CA), and will fail
when TLS everywhere is enabled.

Change-Id: Ic0aa06afc61cf4536d476b429ac6cbf1a05dbfe0
Closes-Bug: #1813148
2019-01-24 15:50:45 +02:00

355 lines
13 KiB
YAML

heat_template_version: rocky
description: >
OpenStack containerized Nova Compute service
parameters:
DockerNovaComputeImage:
description: image
type: string
DockerNovaLibvirtConfigImage:
description: The container image to use for the nova_libvirt config_volume
type: string
DockerNovaComputeUlimit:
default: ['nofile=1024']
description: ulimit for Nova Compute Container
type: comma_delimited_list
NovaComputeLoggingSource:
type: json
default:
tag: openstack.nova.compute
path: /var/log/containers/nova/nova-compute.log
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
DockerNovaMigrationSshdPort:
default: 2022
description: Port that dockerized nova migration target sshd service
binds to.
type: number
CephClientUserName:
default: openstack
type: string
CephClusterName:
type: string
default: ceph
description: The Ceph cluster name.
constraints:
- allowed_pattern: "[a-zA-Z0-9]+"
description: >
The Ceph cluster name must be at least 1 character and contain only
letters and numbers.
NovaComputeOptVolumes:
default: []
description: list of optional vo
type: comma_delimited_list
NovaComputeOptEnvVars:
default: []
description: list of optional en
type: comma_delimited_list
EnableInstanceHA:
default: false
description: Whether to enable an Instance Ha configurarion or not.
This setup requires the Compute role to have the
PacemakerRemote service added to it.
type: boolean
resources:
ContainersCommon:
type: ./containers-common.yaml
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
NovaComputeCommon:
type: ./nova-compute-common.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
NovaComputeBase:
type: ../../puppet/services/nova-compute.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
NovaLogging:
type: OS::TripleO::Services::Logging::NovaCommon
properties:
DockerNovaImage: {get_param: DockerNovaComputeImage}
NovaServiceName: 'compute'
conditions:
enable_instance_ha: {equals: [{get_param: EnableInstanceHA}, true]}
outputs:
role_data:
description: Role data for the Nova Compute service.
value:
service_name: {get_attr: [NovaComputeBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [NovaComputeBase, role_data, config_settings]
- get_attr: [NovaLogging, config_settings]
service_config_settings:
map_merge:
- get_attr: [NovaComputeBase, role_data, service_config_settings]
- fluentd:
tripleo_fluentd_groups_nova_compute:
- nova
tripleo_fluentd_sources_nova_compute:
- {get_param: NovaComputeLoggingSource}
puppet_config:
config_volume: nova_libvirt
puppet_tags: nova_config,nova_paste_api_ini
step_config:
list_join:
- "\n"
- - {get_attr: [NovaComputeBase, role_data, step_config]}
- {get_attr: [MySQLClient, role_data, step_config]}
config_image: {get_param: DockerNovaLibvirtConfigImage}
kolla_config:
/var/lib/kolla/config_files/nova_compute.json:
command:
list_join:
- ' '
- - if:
- enable_instance_ha
- /var/lib/nova/instanceha/check-run-nova-compute
- /usr/bin/nova-compute
- get_attr: [NovaLogging, cmd_extra_args]
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
- source: "/var/lib/kolla/config_files/src-iscsid/*"
dest: "/etc/iscsi/"
merge: true
preserve_properties: true
- source: "/var/lib/kolla/config_files/src-ceph/"
dest: "/etc/ceph/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/nova
owner: nova:nova
recurse: true
- path:
str_replace:
template: /etc/ceph/CLUSTER.client.USER.keyring
params:
CLUSTER: {get_param: CephClusterName}
USER: {get_param: CephClientUserName}
owner: nova:nova
perm: '0600'
docker_config_scripts:
map_merge:
- {get_attr: [ContainersCommon, docker_config_scripts]}
- {get_attr: [NovaComputeCommon, docker_config_scripts]}
docker_config:
step_3:
nova_statedir_owner:
image: &nova_compute_image {get_param: DockerNovaComputeImage}
net: none
user: root
privileged: false
detach: false
volumes:
- /var/lib/nova:/var/lib/nova:shared,z
- /var/lib/docker-config-scripts/:/docker-config-scripts/:z
command: "/docker-config-scripts/pyshim.sh /docker-config-scripts/nova_statedir_ownership.py"
step_4:
nova_wait_for_placement_service:
start_order: 2
image: *nova_compute_image
user: root
net: host
privileged: false
detach: false
volumes:
- /var/lib/docker-config-scripts/:/docker-config-scripts/:z
- /var/lib/config-data/puppet-generated/nova_libvirt/etc/nova:/etc/nova:ro
command: "/docker-config-scripts/pyshim.sh /docker-config-scripts/nova_wait_for_placement_service.py"
nova_compute:
start_order: 3
image: *nova_compute_image
ulimit: {get_param: DockerNovaComputeUlimit}
ipc: host
net: host
privileged: true
user: nova
restart: always
healthcheck:
test:
list_join:
- ' '
- - '/openstack/healthcheck'
- yaql:
expression: str($.data.port)
data:
port: {get_attr: [NovaComputeBase, role_data, config_settings, 'nova::rabbit_port']}
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [NovaLogging, volumes]}
- {get_param: NovaComputeOptVolumes}
-
- /var/lib/kolla/config_files/nova_compute.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/nova_libvirt/:/var/lib/kolla/config_files/src:ro
- /etc/iscsi:/var/lib/kolla/config_files/src-iscsid:ro
- /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
- /dev:/dev
- /lib/modules:/lib/modules:ro
- /run:/run
- /var/lib/iscsi:/var/lib/iscsi:z
- /var/lib/nova:/var/lib/nova:shared,z
- /var/lib/libvirt:/var/lib/libvirt:shared,z
- /sys/class/net:/sys/class/net
- /sys/bus/pci:/sys/bus/pci
environment:
list_concat:
- {get_param: NovaComputeOptEnvVars}
-
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
step_5:
nova_cellv2_discover_hosts:
start_order: 0
image: *nova_compute_image
net: host
detach: false
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/nova_libvirt/etc/my.cnf.d/:/etc/my.cnf.d/:ro
- /var/lib/config-data/nova_libvirt/etc/nova/:/etc/nova/:ro
- /var/log/containers/nova:/var/log/nova
- /var/lib/docker-config-scripts/:/docker-config-scripts/
user: root
command: "/docker-config-scripts/pyshim.sh /docker-config-scripts/nova_cell_v2_discover_host.py"
host_prep_tasks:
list_concat:
- {get_attr: [NovaLogging, host_prep_tasks]}
- {get_attr: [NovaComputeBase, role_data, host_prep_tasks]}
- - name: create persistent directories
file:
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/lib/nova, 'setype': svirt_sandbox_file_t }
- { 'path': /var/lib/nova/instances, 'setype': svirt_sandbox_file_t }
- { 'path': /var/lib/libvirt, 'setype': svirt_sandbox_file_t }
- name: ensure ceph configurations exist
file:
path: /etc/ceph
state: directory
- name: is Instance HA enabled
set_fact:
instance_ha_enabled: {get_param: EnableInstanceHA}
- name: enable virt_sandbox_use_netlink for healthcheck
seboolean:
name: virt_sandbox_use_netlink
persistent: yes
state: yes
- name: install Instance HA recovery script
when: instance_ha_enabled|bool
block:
- name: prepare Instance HA script directory
file:
path: /var/lib/nova/instanceha
state: directory
- name: install Instance HA script that runs nova-compute
copy:
content: {get_file: ../../extraconfig/tasks/instanceha/check-run-nova-compute}
dest: /var/lib/nova/instanceha/check-run-nova-compute
mode: 0755
- name: Get list of instance HA compute nodes
command: hiera -c /etc/puppet/hiera.yaml compute_instanceha_short_node_names
register: iha_nodes
- name: If instance HA is enabled on the node activate the evacuation completed check
file: path=/var/lib/nova/instanceha/enabled state=touch
when: iha_nodes.stdout|lower | search('"'+ansible_hostname|lower+'"')
upgrade_tasks:
- name: Remove openstack-nova-compute and python-nova package during upgrade
package:
name:
- openstack-nova-compute
- python-nova
state: removed
ignore_errors: True
when: step|int == 2
update_tasks:
- name: Remove openstack-nova-compute and python-nova package during upgrade
package:
name:
- openstack-nova-compute
- python-nova
state: removed
ignore_errors: True
when: step|int == 2
post_upgrade_tasks:
- when: step|int == 1
import_role:
name: tripleo-docker-rm
vars:
containers_to_rm:
- nova_compute
fast_forward_upgrade_tasks:
- when:
- step|int == 0
- release == 'ocata'
block:
- name: Check if nova-compute is deployed
command: systemctl is-enabled --quiet openstack-nova-compute
ignore_errors: True
register: nova_compute_enabled_result
- name: Set fact nova_compute_enabled
set_fact:
nova_compute_enabled: "{{ nova_compute_enabled_result.rc == 0 }}"
- when:
- step|int == 1
- release == 'ocata'
block:
- name: Stop and disable nova-compute service
service: name=openstack-nova-compute state=stopped
when:
- nova_compute_enabled|bool
- name: Set upgrade marker in nova statedir
file: path=/var/lib/nova/upgrade_marker state=touch owner=nova group=nova
when:
- nova_compute_enabled|bool