1e318b569e
We have non fatal errors in the upgrade jobs execution if the logs folder is not created when adding the readme.txt file to clarify the possible locations of the logs. Closes-Bug: 1811708 Change-Id: Ibc0a266bdc6630eaf34bfadeff21f7bd72fa75ad
473 lines
20 KiB
YAML
473 lines
20 KiB
YAML
heat_template_version: rocky
|
|
|
|
description: >
|
|
OpenStack containerized Redis services
|
|
|
|
parameters:
|
|
DockerRedisImage:
|
|
description: image
|
|
type: string
|
|
DockerRedisConfigImage:
|
|
description: The container image to use for the redis config_volume
|
|
type: string
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
ConfigDebug:
|
|
default: false
|
|
description: Whether to run config management (e.g. Puppet) in debug mode.
|
|
type: boolean
|
|
EnableInternalTLS:
|
|
type: boolean
|
|
default: false
|
|
RedisIPv6:
|
|
default: false
|
|
description: Enable IPv6 in Redis
|
|
type: boolean
|
|
PcmkConfigRestartTimeout:
|
|
default: 600
|
|
description: Time in seconds to wait for a pcmk resource to restart when
|
|
a config change is detected and the resource is being restarted
|
|
type: number
|
|
ContainerCli:
|
|
type: string
|
|
default: 'docker'
|
|
description: CLI tool used to manage containers.
|
|
constraints:
|
|
- allowed_values: ['docker', 'podman']
|
|
DeployIdentifier:
|
|
default: ''
|
|
type: string
|
|
description: >
|
|
Setting this to a unique value will re-run any deployment tasks which
|
|
perform configuration on a Heat stack-update.
|
|
|
|
conditions:
|
|
puppet_debug_enabled: {get_param: ConfigDebug}
|
|
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
|
redis_ipv6: {get_param: RedisIPv6}
|
|
|
|
resources:
|
|
|
|
ContainersCommon:
|
|
type: ../../containers-common.yaml
|
|
|
|
RedisBase:
|
|
type: ../../../../puppet/services/database/redis.yaml
|
|
properties:
|
|
EndpointMap: {get_param: EndpointMap}
|
|
ServiceData: {get_param: ServiceData}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
RoleName: {get_param: RoleName}
|
|
RoleParameters: {get_param: RoleParameters}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Redis API role.
|
|
value:
|
|
service_name: {get_attr: [RedisBase, role_data, service_name]}
|
|
config_settings:
|
|
map_merge:
|
|
- {get_attr: [RedisBase, role_data, config_settings]}
|
|
- redis::service_manage: false
|
|
redis::notify_service: false
|
|
redis::managed_by_cluster_manager: true
|
|
tripleo::profile::pacemaker::database::redis_bundle::redis_docker_image: &redis_image_pcmklatest
|
|
list_join:
|
|
- ':'
|
|
- - yaql:
|
|
data: {get_param: DockerRedisImage}
|
|
expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0]
|
|
- 'pcmklatest'
|
|
tripleo::profile::pacemaker::database::redis_bundle::control_port: 3124
|
|
tripleo::profile::pacemaker::database::redis_bundle::container_backend: {get_param: ContainerCli}
|
|
tripleo::redis::firewall_rules:
|
|
'108 redis-bundle':
|
|
dport:
|
|
- 3124
|
|
- 6379
|
|
- 26379
|
|
tripleo::stunnel::manage_service: false
|
|
tripleo::stunnel::foreground: 'yes'
|
|
tripleo::profile::pacemaker::database::redis_bundle::tls_proxy_bind_ip:
|
|
str_replace:
|
|
template:
|
|
"%{hiera('$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, RedisNetwork]}
|
|
tripleo::profile::pacemaker::database::redis_bundle::tls_proxy_fqdn:
|
|
str_replace:
|
|
template:
|
|
"%{hiera('fqdn_$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, RedisNetwork]}
|
|
tripleo::profile::pacemaker::database::redis_bundle::tls_proxy_port: 6379
|
|
- if:
|
|
- internal_tls_enabled
|
|
- redis::extra_config_file: "/etc/redis-tls.conf"
|
|
tripleo::profile::pacemaker::database::redis_bundle::extra_config_file: "/etc/redis-tls.conf"
|
|
tripleo::profile::pacemaker::database::redis_bundle::tls_tunnel_base_port: 6660
|
|
tripleo::profile::pacemaker::database::redis_bundle::tls_tunnel_local_name:
|
|
if:
|
|
- redis_ipv6
|
|
- '::1'
|
|
- '127.0.0.1'
|
|
- {}
|
|
service_config_settings: {get_attr: [RedisBase, role_data, service_config_settings]}
|
|
# BEGIN DOCKER SETTINGS
|
|
puppet_config:
|
|
config_volume: 'redis'
|
|
# NOTE: we need the exec tag to copy /etc/redis.conf.puppet to
|
|
# /etc/redis.conf
|
|
# https://github.com/arioch/puppet-redis/commit/1c004143223e660cbd433422ff8194508aab9763
|
|
puppet_tags: 'exec'
|
|
step_config: 'include ::tripleo::profile::pacemaker::database::redis_bundle'
|
|
config_image: &redis_config_image {get_param: DockerRedisConfigImage}
|
|
kolla_config:
|
|
/var/lib/kolla/config_files/redis.json:
|
|
command: /usr/sbin/pacemaker_remoted
|
|
config_files:
|
|
- dest: /etc/libqb/force-filesystem-sockets
|
|
source: /dev/null
|
|
owner: root
|
|
perm: '0644'
|
|
- source: "/var/lib/kolla/config_files/src/*"
|
|
dest: "/"
|
|
merge: true
|
|
preserve_properties: true
|
|
optional: true
|
|
permissions:
|
|
- path: /var/run/redis
|
|
owner: redis:redis
|
|
recurse: true
|
|
- path: /var/lib/redis
|
|
owner: redis:redis
|
|
recurse: true
|
|
- path: /var/log/redis
|
|
owner: redis:redis
|
|
recurse: true
|
|
/var/lib/kolla/config_files/redis_tls_proxy.json:
|
|
command: stunnel /etc/stunnel/stunnel.conf
|
|
config_files:
|
|
- source: "/var/lib/kolla/config_files/src/*"
|
|
dest: "/"
|
|
merge: true
|
|
preserve_properties: true
|
|
- source: "/var/lib/kolla/config_files/src-tls/*"
|
|
dest: "/"
|
|
merge: true
|
|
optional: true
|
|
preserve_properties: true
|
|
permissions:
|
|
- path: /etc/pki/tls/certs/redis.crt
|
|
owner: root:root
|
|
perm: '0600'
|
|
optional: true
|
|
- path: /etc/pki/tls/private/redis.key
|
|
owner: root:root
|
|
perm: '0600'
|
|
optional: true
|
|
docker_config_scripts: {get_attr: [ContainersCommon, docker_config_scripts]}
|
|
docker_config:
|
|
step_2:
|
|
map_merge:
|
|
- redis_restart_bundle:
|
|
start_order: 1
|
|
config_volume: redis
|
|
detach: false
|
|
net: host
|
|
ipc: host
|
|
user: root
|
|
command:
|
|
- '/usr/bin/bootstrap_host_exec'
|
|
- 'redis'
|
|
- str_replace:
|
|
template:
|
|
'if /usr/sbin/pcs resource show redis-bundle; then /usr/sbin/pcs resource restart --wait=PCMKTIMEOUT redis-bundle; echo "redis-bundle restart invoked"; fi'
|
|
params:
|
|
PCMKTIMEOUT: {get_param: PcmkConfigRestartTimeout}
|
|
image: {get_param: DockerRedisConfigImage}
|
|
volumes:
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, volumes]}
|
|
-
|
|
- /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro
|
|
- /var/lib/config-data/puppet-generated/redis/:/var/lib/kolla/config_files/src:ro
|
|
- redis_init_bundle:
|
|
start_order: 2
|
|
detach: false
|
|
net: host
|
|
ipc: host
|
|
user: root
|
|
config_volume: 'redis_init_bundle'
|
|
command: # '/docker_puppet_apply.sh "STEP" "TAGS" "CONFIG" "DEBUG"'
|
|
list_concat:
|
|
- - '/docker_puppet_apply.sh'
|
|
- '2'
|
|
- 'file,file_line,concat,augeas,pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation'
|
|
- 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::database::redis_bundle'
|
|
- if:
|
|
- puppet_debug_enabled
|
|
- - '--debug'
|
|
- - ''
|
|
image: *redis_config_image
|
|
volumes:
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, docker_puppet_apply_volumes]}
|
|
- - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro
|
|
environment:
|
|
# NOTE: this should force this container to re-run on each
|
|
# update (scale-out, etc.)
|
|
- list_join:
|
|
- ''
|
|
- - 'TRIPLEO_DEPLOY_IDENTIFIER='
|
|
- {get_param: DeployIdentifier}
|
|
- if:
|
|
- internal_tls_enabled
|
|
- redis_tls_proxy:
|
|
start_order: 3
|
|
image: *redis_image_pcmklatest
|
|
net: host
|
|
user: root
|
|
restart: always
|
|
volumes:
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, volumes]}
|
|
-
|
|
- /var/lib/kolla/config_files/redis_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro
|
|
- /var/lib/config-data/puppet-generated/redis/:/var/lib/kolla/config_files/src:ro
|
|
- /etc/pki/tls/certs/redis.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/redis.crt:ro
|
|
- /etc/pki/tls/private/redis.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/redis.key:ro
|
|
environment:
|
|
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
|
- {}
|
|
metadata_settings:
|
|
get_attr: [RedisBase, role_data, metadata_settings]
|
|
host_prep_tasks:
|
|
- name: create persistent directories
|
|
file:
|
|
path: "{{ item.path }}"
|
|
state: directory
|
|
setype: "{{ item.setype }}"
|
|
with_items:
|
|
- { 'path': /var/lib/redis, 'setype': svirt_sandbox_file_t }
|
|
- { 'path': /var/log/containers/redis, 'setype': svirt_sandbox_file_t }
|
|
- { 'path': /var/run/redis, 'setype': svirt_sandbox_file_t }
|
|
- { 'path': /var/log/redis, 'setype': svirt_sandbox_file_t }
|
|
- name: redis logs readme
|
|
copy:
|
|
dest: /var/log/redis/readme.txt
|
|
content: |
|
|
Log files from redis containers can be found under
|
|
/var/log/containers/redis.
|
|
ignore_errors: true
|
|
deploy_steps_tasks:
|
|
- name: Redis tag container image for pacemaker
|
|
when: step|int == 1
|
|
import_role:
|
|
name: tripleo-container-tag
|
|
vars:
|
|
container_image: {get_param: DockerRedisImage}
|
|
container_image_latest: *redis_image_pcmklatest
|
|
update_tasks:
|
|
- name: Redis fetch and retag container image for pacemaker
|
|
when: step|int == 2
|
|
block: &redis_fetch_retag_container_tasks
|
|
- name: Get docker Redis image
|
|
set_fact:
|
|
docker_image: {get_param: DockerRedisImage}
|
|
docker_image_latest: *redis_image_pcmklatest
|
|
- name: Get previous Redis image id
|
|
shell: "{{container_cli}} images | awk '/redis.* pcmklatest/{print $3}' | uniq"
|
|
register: redis_image_id
|
|
- block:
|
|
- name: Get a list of container using Redis image
|
|
shell: "{{container_cli}} ps -a -q -f 'ancestor={{redis_image_id.stdout}}'"
|
|
register: redis_containers_to_destroy
|
|
# It will be recreated with the delpoy step.
|
|
- name: Remove any container using the same Redis image
|
|
shell: "{{container_cli}} rm -fv {{item}}"
|
|
with_items: "{{ redis_containers_to_destroy.stdout_lines }}"
|
|
- name: Remove previous Redis images
|
|
shell: "{{container_cli}} rmi -f {{redis_image_id.stdout}}"
|
|
when:
|
|
- redis_image_id.stdout != ''
|
|
- name: Pull latest Redis images
|
|
command: "docker pull {{docker_image}}"
|
|
- name: Retag pcmklatest to latest Redis image
|
|
import_role:
|
|
name: tripleo-container-tag
|
|
vars:
|
|
container_image: "{{docker_image}}"
|
|
container_image_latest: "{{docker_image_latest}}"
|
|
# Got to check that pacemaker_is_active is working fine with bundle.
|
|
# TODO: pacemaker_is_active resource doesn't support bundle.
|
|
upgrade_tasks:
|
|
- when: step|int == 0
|
|
tags: common
|
|
block:
|
|
- name: Get docker redis image
|
|
set_fact:
|
|
redis_docker_image_latest: *redis_image_pcmklatest
|
|
- name: Check for redis Kolla configuration
|
|
stat:
|
|
path: /var/lib/config-data/puppet-generated/redis
|
|
register: redis_kolla_config
|
|
- name: Check if redis is already containerized
|
|
set_fact:
|
|
redis_containerized: "{{redis_kolla_config.stat.isdir | default(false)}}"
|
|
- name: set is_redis_bootstrap_node fact
|
|
set_fact: is_redis_bootstrap_node={{redis_short_bootstrap_node_name|lower == ansible_hostname|lower}}
|
|
- name: Prepare the switch to new redis container image name in pacemaker
|
|
when: redis_containerized|bool
|
|
block:
|
|
- name: Get redis image id currently used by pacemaker
|
|
shell: "{{container_cli}} images | awk '/redis.* pcmklatest/{print $3}' | uniq"
|
|
register: redis_current_pcmklatest_id
|
|
- name: Temporarily tag the current redis image id with the upgraded image name
|
|
import_role:
|
|
name: tripleo-container-tag
|
|
vars:
|
|
container_image: "{{redis_current_pcmklatest_id.stdout}}"
|
|
container_image_latest: "{{redis_docker_image_latest}}"
|
|
when: redis_current_pcmklatest_id.stdout != ''
|
|
- name: Check redis-bundle cluster resource status
|
|
pacemaker_resource:
|
|
resource: redis-bundle
|
|
state: show
|
|
check_mode: false
|
|
ignore_errors: true
|
|
register: redis_pcs_res_result
|
|
- name: Set fact redis_pcs_res
|
|
set_fact:
|
|
redis_pcs_res: "{{redis_pcs_res_result|succeeded}}"
|
|
- name: redis baremetal to container upgrade tasks
|
|
when:
|
|
- step|int == 1
|
|
- not redis_containerized|bool
|
|
block:
|
|
- name: Check cluster resource status of redis
|
|
pacemaker_resource:
|
|
resource: {get_attr: [RedisBase, role_data, service_name]}
|
|
state: show
|
|
check_mode: false
|
|
ignore_errors: true
|
|
register: redis_res
|
|
- when: (is_redis_bootstrap_node) and (redis_res|succeeded)
|
|
block:
|
|
- name: Disable the redis cluster resource
|
|
pacemaker_resource:
|
|
resource: {get_attr: [RedisBase, role_data, service_name]}
|
|
state: disable
|
|
wait_for_resource: true
|
|
register: output
|
|
retries: 5
|
|
until: output.rc == 0
|
|
- name: Delete the stopped redis cluster resource.
|
|
pacemaker_resource:
|
|
resource: {get_attr: [RedisBase, role_data, service_name]}
|
|
state: delete
|
|
wait_for_resource: true
|
|
register: output
|
|
retries: 5
|
|
until: output.rc == 0
|
|
- name: Disable redis service
|
|
service: name=redis enabled=no
|
|
- name: Update redis-bundle pcs resource bundle for new container image
|
|
when:
|
|
- step|int == 1
|
|
- redis_containerized|bool
|
|
- is_redis_bootstrap_node
|
|
- redis_pcs_res|bool
|
|
block:
|
|
- name: Disable the redis cluster resource before container upgrade
|
|
pacemaker_resource:
|
|
resource: redis-bundle
|
|
state: disable
|
|
wait_for_resource: true
|
|
register: output
|
|
retries: 5
|
|
until: output.rc == 0
|
|
- name: Move redis logging to /var/log/containers
|
|
block:
|
|
- name: Check redis logging configuration in pacemaker
|
|
command: cibadmin --query --xpath "//storage-mapping[@id='redis-log' and @source-dir='/var/log/containers/redis']"
|
|
ignore_errors: true
|
|
register: redis_logs_moved
|
|
- name: Change redis logging configuration in pacemaker
|
|
# rc == 6 means the configuration doesn't exist in the CIB
|
|
when: redis_logs_moved.rc == 6
|
|
block:
|
|
- name: Remove old bind mount for logging in the redis bundle
|
|
command: pcs resource bundle update redis-bundle storage-map remove redis-log
|
|
- name: Add a bind mount for logging in the redis bundle
|
|
command: pcs resource bundle update redis-bundle storage-map add id=redis-log source-dir=/var/log/containers/redis target-dir=/var/log/redis options=rw
|
|
- name: Update the redis bundle to use the new container image name
|
|
command: "pcs resource bundle update redis-bundle container image={{redis_docker_image_latest}}"
|
|
- name: Enable the redis cluster resource
|
|
pacemaker_resource:
|
|
resource: redis-bundle
|
|
state: enable
|
|
wait_for_resource: true
|
|
register: output
|
|
retries: 5
|
|
until: output.rc == 0
|
|
- name: Retag the pacemaker image if containerized
|
|
when:
|
|
- step|int == 3
|
|
- redis_containerized|bool
|
|
block: *redis_fetch_retag_container_tasks
|
|
fast_forward_upgrade_tasks:
|
|
- when:
|
|
- step|int == 0
|
|
- release == 'ocata'
|
|
- is_bootstrap_node|bool
|
|
block:
|
|
- name: Check cluster resource status of redis
|
|
pacemaker_resource:
|
|
resource: {get_attr: [RedisBase, role_data, service_name]}
|
|
state: show
|
|
check_mode: false
|
|
ignore_errors: true
|
|
register: redis_res_result
|
|
- name: Set fact redis_res
|
|
set_fact:
|
|
redis_res: "{{ redis_res_result.rc == 0 }}"
|
|
- name: Disable the redis cluster resource
|
|
pacemaker_resource:
|
|
resource: {get_attr: [RedisBase, role_data, service_name]}
|
|
state: disable
|
|
wait_for_resource: true
|
|
register: redis_output
|
|
retries: 5
|
|
until: redis_output.rc == 0
|
|
when:
|
|
- step|int == 2
|
|
- release == 'ocata'
|
|
- is_bootstrap_node|bool
|
|
- redis_res|bool
|