openstack/tripleo-heat-templates
Code Issues Proposed changes
tripleo-heat-templates/deployment/nova/nova-conductor-container-puppet.yaml
Emilien Macchi 7064cd8e90 nova: use systemd to check container healthchecks 
Instead of running "podman exec" to test the container healthchecks, we
should rather rely on the status of systemd timers which reflect the
real state of the healthchecks, since they run under a specific user and
pid.

Also, we should only test the healthchecks if
ContainerHealthcheckDisabled is set to False.

Change-Id: I2c044e3d2af7f747acde5ad3bf256386b8c550a3
Closes-Bug: #1842687
2019-09-06 15:05:33 +05:30

258 lines
8.8 KiB
YAML
Raw Blame History

heat_template_version: rocky
description: >
OpenStack containerized Nova Conductor service
parameters:
ContainerNovaConductorImage:
description: image
type: string
ContainerNovaConfigImage:
description: The container image to use for the nova config_volume
type: string
NovaConductorLoggingSource:
type: json
default:
tag: openstack.nova.conductor
file: /var/log/containers/nova/nova-conductor.log
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
NovaWorkers:
default: 0
description: Number of workers for Nova services.
type: number
MonitoringSubscriptionNovaConductor:
default: 'overcloud-nova-conductor'
type: string
NovaPassword:
description: The password for the nova service and db account
type: string
hidden: true
NovaEnableNUMALiveMigration:
default: false
description: Whether to enable or not the live migration for NUMA topology instances.
type: boolean
tags:
- role_specific
conditions:
nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]}
resources:
ContainersCommon:
type: ../containers-common.yaml
MySQLClient:
type: ../../deployment/database/mysql-client.yaml
NovaLogging:
type: OS::TripleO::Services::Logging::NovaCommon
properties:
ContainerNovaImage: {get_param: ContainerNovaConductorImage}
NovaServiceName: 'conductor'
NovaBase:
type: ./nova-base-puppet.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
RoleParametersValue:
type: OS::Heat::Value
properties:
type: json
value:
map_replace:
- map_replace:
- nova::workarounds::enable_numa_live_migration: NovaEnableNUMALiveMigration
- values: {get_param: [RoleParameters]}
- values:
NovaEnableNUMALiveMigration: {get_param: NovaEnableNUMALiveMigration}
outputs:
role_data:
description: Role data for the Nova Conductor service.
value:
service_name: nova_conductor
monitoring_subscription: {get_param: MonitoringSubscriptionNovaConductor}
config_settings:
map_merge:
- {get_attr: [NovaBase, role_data, config_settings]}
- {get_attr: [NovaLogging, config_settings]}
- {get_attr: [RoleParametersValue, value]}
-
if:
- nova_workers_zero
- {}
- nova::conductor::workers: {get_param: NovaWorkers}
service_config_settings:
rsyslog:
tripleo_logging_sources_nova_conductor:
- {get_param: NovaConductorLoggingSource}
mysql:
map_merge:
- {get_attr: [NovaBase, role_data, service_config_settings, mysql]}
- nova::db::mysql::password: {get_param: NovaPassword}
nova::db::mysql::user: nova
nova::db::mysql::host: {get_param: [EndpointMap, MysqlCellInternal, host_nobrackets]}
nova::db::mysql::dbname: nova
nova::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: nova
puppet_tags: nova_config
step_config:
list_join:
- "\n"
- - include tripleo::profile::base::nova::conductor
- {get_attr: [MySQLClient, role_data, step_config]}
config_image: {get_param: ContainerNovaConfigImage}
kolla_config:
/var/lib/kolla/config_files/nova_conductor.json:
command:
list_join:
- ' '
- - /usr/bin/nova-conductor
- get_attr: [NovaLogging, cmd_extra_args]
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/nova
owner: nova:nova
recurse: true
docker_config:
step_2:
get_attr: [NovaLogging, docker_config, step_2]
step_3:
nova_db_sync:
image: &nova_conductor_image {get_param: ContainerNovaConductorImage}
start_order: 3 # Runs after nova-api tasks if installed on this host
net: host
detach: false
volumes: &nova_conductor_bootstrap_volumes
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [NovaLogging, volumes]}
-
- /var/lib/config-data/nova/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro
user: root
command: "/usr/bin/bootstrap_host_exec nova_conductor su nova -s /bin/bash -c '/usr/bin/nova-manage db sync'"
step_4:
nova_conductor:
image: *nova_conductor_image
net: host
privileged: false
restart: always
healthcheck:
test: /openstack/healthcheck
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [NovaLogging, volumes]}
-
- /var/lib/kolla/config_files/nova_conductor.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
deploy_steps_tasks:
- name: validate nova conductor container state
when:
- not container_healthcheck_disabled
- step|int == 5
tags:
- opendev-validation
- opendev-validation-nova
block:
- name: Get nova-conductor healthcheck status
register: nova_conductor_healthcheck_state
systemd:
name: tripleo_nova_conductor_healthcheck
- name: Fail if nova-conductor healthcheck report failed status
fail:
msg: nova-conductor isn't working (healthcheck failed)
when: nova_conductor_healthcheck_state.status.ExecMainStatus != '0'
host_prep_tasks:
list_concat:
- {get_attr: [NovaLogging, host_prep_tasks]}
- - name: enable virt_sandbox_use_netlink for healthcheck
seboolean:
name: virt_sandbox_use_netlink
persistent: yes
state: yes
post_upgrade_tasks:
- when: step|int == 1
import_role:
name: tripleo-docker-rm
vars:
containers_to_rm:
- nova_conductor
tripleo_container_cli: "docker"
external_upgrade_tasks:
- when:
- step|int == 1
tags:
- never
- system_upgrade_transfer_data
- system_upgrade_stop_services
block:
- name: Stop nova conductor container
import_role:
name: tripleo-container-stop
vars:
tripleo_containers_to_stop:
- nova_conductor
tripleo_delegate_to: "{{ groups['nova_conductor'] | default([]) }}"
fast_forward_upgrade_tasks:
- when:
- step|int == 0
- release == 'ocata'
block:
- name: Check if nova_conductor is deployed
command: systemctl is-enabled --quiet openstack-nova-conductor
ignore_errors: True
register: nova_conductor_enabled_result
- name: Set fact nova_conductor_enabled
set_fact:
nova_conductor_enabled: "{{ nova_conductor_enabled_result.rc == 0 }}"
- name: Stop and disable nova_conductor service
service: name=openstack-nova-conductor state=stopped
when:
- step|int == 1
- release == 'ocata'
- nova_conductor_enabled|bool
View Git Blame Copy Permalink