tripleo-heat-templates/deployment/cinder/cinder-volume-container-puppet.yaml
James Slagle e701077c96 Add CinderEtcdLocalConnect parameter
The parameter, when set to true, will configure cinder-volume to connect
to Etcd through the node's own local IP on the Etcd network, instead of
a VIP on the network.

This is useful when deploying cinder-volume in an A/A configuration at
an edge site with the HCI roles. As Etcd and cinder-volume are both
running on the same node (typically 3 nodes configured the same), then
each node can just connect directly to Etcd without having to go through
a VIP. Additionally, we have no VIP management at the edge sites
presently.

Change-Id: I8a8825ecff9fc99b5de7390075470356397d85a2
implements: blueprint split-controlplane-templates
2019-04-15 17:46:22 -04:00

363 lines
14 KiB
YAML

heat_template_version: rocky
description: >
OpenStack containerized Cinder Volume service
parameters:
DockerCinderVolumeImage:
description: image
type: string
DockerCinderConfigImage:
description: The container image to use for the cinder config_volume
type: string
DockerCinderVolumeUlimit:
default: ['nofile=131072']
description: ulimit for Cinder Volume Container
type: comma_delimited_list
CinderVolumeLoggingSource:
type: json
default:
tag: openstack.cinder.volume
path: /var/log/containers/cinder/cinder-volume.log
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
CephClientUserName:
default: openstack
type: string
CephClusterName:
type: string
default: ceph
description: The Ceph cluster name.
constraints:
- allowed_pattern: "[a-zA-Z0-9]+"
description: >
The Ceph cluster name must be at least 1 character and contain only
letters and numbers.
CinderVolumeCluster:
default: ''
description: >
The cluster name used for deploying the cinder-volume service in an
active-active (A/A) configuration. This configuration requires the
Cinder backend drivers support A/A, and the cinder-volume service not
be managed by pacemaker. If these criteria are not met then the cluster
name must be left blank.
type: string
CinderEnableNfsBackend:
default: false
description: Whether to enable or not the NFS backend for Cinder
type: boolean
CinderEnableIscsiBackend:
default: true
description: Whether to enable or not the Iscsi backend for Cinder
type: boolean
CinderEnableRbdBackend:
default: false
description: Whether to enable or not the Rbd backend for Cinder
type: boolean
CinderISCSIAvailabilityZone:
default: ''
description: >
The availability zone of the Iscsi Cinder backend.
When set, it overrides the default CinderStorageAvailabilityZone.
type: string
CinderISCSIHelper:
default: lioadm
description: The iSCSI helper to use with cinder.
type: string
CinderISCSIProtocol:
default: iscsi
description: Whether to use TCP ('iscsi') or iSER RDMA ('iser') for iSCSI
type: string
CinderLVMLoopDeviceSize:
default: 10280
description: The size of the loopback file used by the cinder LVM driver.
type: number
CinderNfsAvailabilityZone:
default: ''
description: >
The availability zone of the NFS Cinder backend.
When set, it overrides the default CinderStorageAvailabilityZone.
type: string
CinderNfsMountOptions:
default: ''
description: >
Mount options for NFS mounts used by Cinder NFS backend. Effective
when CinderEnableNfsBackend is true.
type: string
CinderNfsServers:
default: ''
description: >
NFS servers used by Cinder NFS backend. Effective when
CinderEnableNfsBackend is true.
type: comma_delimited_list
CinderNfsSnapshotSupport:
default: true
description: >
Whether to enable support for snapshots in the NFS driver. Effective
when CinderEnableNfsBackend is true.
type: boolean
CinderNasSecureFileOperations:
default: false
description: >
Controls whether security enhanced NFS file operations are enabled.
Valid values are 'auto', 'true' or 'false'. Effective when
CinderEnableNfsBackend is true.
type: string
CinderNasSecureFilePermissions:
default: false
description: >
Controls whether security enhanced NFS file permissions are enabled.
Valid values are 'auto', 'true' or 'false'. Effective when
CinderEnableNfsBackend is true.
type: string
CinderRbdAvailabilityZone:
default: ''
description: >
The availability zone of the RBD Cinder backend.
When set, it overrides the default CinderStorageAvailabilityZone.
type: string
CinderRbdPoolName:
default: volumes
type: string
CinderRbdExtraPools:
default: []
description: >
List of extra Ceph pools for use with RBD backends for Cinder. An
extra Cinder RBD backend driver is created for each pool in the
list. This is in addition to the standard RBD backend driver
associated with the CinderRbdPoolName.
type: comma_delimited_list
CephClusterFSID:
type: string
description: The Ceph cluster FSID. Must be a UUID.
MonitoringSubscriptionCinderVolume:
default: 'overcloud-cinder-volume'
type: string
CinderEtcdLocalConnect:
default: false
type: boolean
description: When running Cinder A/A, whether to connect to Etcd
via the local IP for the Etcd network. If set to true, the ip
on the local node will be used. If set to false, the VIP on the Etcd
network will be used instead. Defaults to false.
resources:
ContainersCommon:
type: ../../docker/services/containers-common.yaml
MySQLClient:
type: ../database/mysql-client.yaml
CinderBase:
type: ./cinder-base.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
CinderCommon:
type: ./cinder-common-container-puppet.yaml
outputs:
role_data:
description: Role data for the Cinder Volume role.
value:
service_name: cinder_volume
monitoring_subscription: {get_param: MonitoringSubscriptionCinderVolume}
config_settings:
map_merge:
- get_attr: [CinderBase, role_data, config_settings]
- tripleo::profile::base::lvm::enable_udev: false
- tripleo::profile::base::cinder::volume::cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend}
tripleo::profile::base::cinder::volume::cinder_enable_nfs_backend: {get_param: CinderEnableNfsBackend}
tripleo::profile::base::cinder::volume::cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend}
tripleo::profile::base::cinder::volume::cinder_volume_cluster: {get_param: CinderVolumeCluster}
tripleo::profile::base::cinder::volume::nfs::cinder_nfs_mount_options: {get_param: CinderNfsMountOptions}
tripleo::profile::base::cinder::volume::nfs::cinder_nfs_servers: {get_param: CinderNfsServers}
tripleo::profile::base::cinder::volume::nfs::cinder_nfs_snapshot_support: {get_param: CinderNfsSnapshotSupport}
tripleo::profile::base::cinder::volume::nfs::cinder_nas_secure_file_operations: {get_param: CinderNasSecureFileOperations}
tripleo::profile::base::cinder::volume::nfs::cinder_nas_secure_file_permissions: {get_param: CinderNasSecureFilePermissions}
tripleo::profile::base::cinder::volume::iscsi::cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize}
tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_helper: {get_param: CinderISCSIHelper}
tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_protocol: {get_param: CinderISCSIProtocol}
tripleo::profile::base::cinder::volume::rbd::cinder_rbd_ceph_conf:
list_join:
- ''
- - '/etc/ceph/'
- {get_param: CephClusterName}
- '.conf'
tripleo::profile::base::cinder::volume::rbd::cinder_rbd_pool_name: {get_param: CinderRbdPoolName}
tripleo::profile::base::cinder::volume::rbd::cinder_rbd_extra_pools: {get_param: CinderRbdExtraPools}
tripleo::profile::base::cinder::volume::rbd::cinder_rbd_secret_uuid: {get_param: CephClusterFSID}
tripleo::profile::base::cinder::volume::rbd::cinder_rbd_user_name: {get_param: CephClientUserName}
tripleo::cinder_volume::firewall_rules:
'120 iscsi initiator':
dport: 3260
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, CinderIscsiNetwork]}
-
if:
- {equals : [{get_param: CinderISCSIAvailabilityZone}, '']}
- {}
- tripleo::profile::base::cinder::volume::iscsi::backend_availability_zone: {get_param: CinderISCSIAvailabilityZone}
-
if:
- {equals : [{get_param: CinderNfsAvailabilityZone}, '']}
- {}
- tripleo::profile::base::cinder::volume::nfs::backend_availability_zone: {get_param: CinderNfsAvailabilityZone}
-
if:
- {equals : [{get_param: CinderRbdAvailabilityZone}, '']}
- {}
- tripleo::profile::base::cinder::volume::rbd::backend_availability_zone: {get_param: CinderRbdAvailabilityZone}
-
if:
- {equals : [{get_param: CinderEtcdLocalConnect}, true]}
- tripleo::profile::base::cinder::volume::etcd_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, EtcdNetwork]}
- {}
service_config_settings:
map_merge:
- get_attr: [CinderBase, role_data, service_config_settings]
- fluentd:
tripleo_fluentd_groups_cinder_volume:
- cinder
tripleo_fluentd_sources_cinder_volume:
- {get_param: CinderVolumeLoggingSource}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: cinder
puppet_tags: cinder_config,file,concat,file_line
step_config:
list_join:
- "\n"
- - "include ::tripleo::profile::base::lvm"
- "include ::tripleo::profile::base::cinder::volume"
- get_attr: [MySQLClient, role_data, step_config]
config_image: {get_param: DockerCinderConfigImage}
kolla_config:
/var/lib/kolla/config_files/cinder_volume.json:
command: /usr/bin/cinder-volume --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
- source: "/var/lib/kolla/config_files/src-ceph/"
dest: "/etc/ceph/"
merge: true
preserve_properties: true
- source: "/var/lib/kolla/config_files/src-iscsid/*"
dest: "/etc/iscsi/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/cinder
owner: cinder:cinder
recurse: true
- path:
str_replace:
template: /etc/ceph/CLUSTER.client.USER.keyring
params:
CLUSTER: {get_param: CephClusterName}
USER: {get_param: CephClientUserName}
owner: cinder:cinder
perm: '0600'
docker_config:
step_3:
cinder_volume_init_logs:
start_order: 0
image: &cinder_volume_image {get_param: DockerCinderVolumeImage}
net: none
privileged: false
user: root
volumes:
- /var/log/containers/cinder:/var/log/cinder:z
command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder']
step_4:
cinder_volume:
image: *cinder_volume_image
ulimit: {get_param: DockerCinderVolumeUlimit}
ipc: host
net: host
privileged: true
restart: always
healthcheck:
test:
list_join:
- ' '
- - '/openstack/healthcheck'
- yaql:
expression: str($.data.port)
data:
port: {get_attr: [CinderBase, role_data, config_settings, 'cinder::rabbit_port']}
volumes: {get_attr: [CinderCommon, cinder_volume_volumes]}
environment: {get_attr: [CinderCommon, cinder_volume_environment]}
host_prep_tasks: {get_attr: [CinderCommon, cinder_volume_host_prep_tasks]}
post_upgrade_tasks:
- when: step|int == 1
import_role:
name: tripleo-docker-rm
vars:
containers_to_rm:
- cinder_volume
fast_forward_upgrade_tasks:
- when:
- step|int == 0
- release == 'ocata'
block:
- name: Check if cinder_volume is deployed
command: systemctl is-enabled --quiet openstack-cinder-volume
ignore_errors: True
register: cinder_volume_enabled_result
- name: Set fact cinder_volume_enabled
set_fact:
cinder_volume_enabled: "{{ cinder_volume_enabled_result.rc == 0 }}"
- name: Stop openstack-cinder-volume
service: name=openstack-cinder-volume state=stopped enabled=no
when:
- step|int == 1
- release == 'ocata'
- cinder_volume_enabled|bool