c992964f10
The best effort pre-upgrade online data migrations were an attempt to
mitigate possible user errors if users forget to run the online data
migrations explicitly during the previous upgrade. However, they ended
up causing more problems than good:
* If user follows docs, they are unnecessary.
* If the containers for the services aren't running, they will get
silently ignored already. This was done to facilitate re-runs of
failed upgrade steps and prevent false failures. If the upgrade
includes an operating system change, the pre-upgrade migrations will
simply not run.
* However, if the containers for the services are running but the
database is not running or is not functional for some reason, the
migration will be attempted and the upgrade will get stuck. This
leads to confusing errors not really related to the root cause of
the problem, and non-straightforward breakages where the fix might
otherwise be just to re-run the upgrade.
For the above reasons this commit removes the pre-upgrade just-in-case
online data migrations. We should be running them only as documented
in the upgrade workflow.
Change-Id: I5d3cc863f138d4f1a915e8a2060dd9ed1d577f37
Closes-Bug: #1841590
(cherry picked from commit cd23d2054e
)
435 lines
17 KiB
YAML
435 lines
17 KiB
YAML
heat_template_version: rocky
|
|
|
|
description: >
|
|
OpenStack containerized Cinder API service
|
|
|
|
parameters:
|
|
DockerCinderApiImage:
|
|
description: image
|
|
type: string
|
|
DockerCinderConfigImage:
|
|
description: The container image to use for the cinder config_volume
|
|
type: string
|
|
CinderApiLoggingSource:
|
|
type: json
|
|
default:
|
|
tag: openstack.cinder.api
|
|
path: /var/log/containers/cinder/cinder-api.log
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
EnableInternalTLS:
|
|
type: boolean
|
|
default: false
|
|
CinderDefaultVolumeType:
|
|
default: tripleo
|
|
description: The name of Cinder's default volume type.
|
|
type: string
|
|
CinderEnableDBPurge:
|
|
default: true
|
|
description: |
|
|
Whether to create cron job for purging soft deleted rows in Cinder database.
|
|
type: boolean
|
|
CinderPassword:
|
|
description: The password for the cinder service and db account.
|
|
type: string
|
|
hidden: true
|
|
KeystoneRegion:
|
|
type: string
|
|
default: 'regionOne'
|
|
description: Keystone region for endpoint
|
|
MonitoringSubscriptionCinderApi:
|
|
default: 'overcloud-cinder-api'
|
|
type: string
|
|
CinderWorkers:
|
|
type: string
|
|
description: Set the number of workers for cinder::wsgi::apache
|
|
default: '%{::os_workers}'
|
|
CinderApiPolicies:
|
|
description: |
|
|
A hash of policies to configure for Cinder API.
|
|
e.g. { cinder-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
|
|
default: {}
|
|
type: json
|
|
NotificationDriver:
|
|
type: string
|
|
default: 'messagingv2'
|
|
description: Driver or drivers to handle sending notifications.
|
|
|
|
conditions:
|
|
|
|
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
|
cinder_workers_zero: {equals : [{get_param: CinderWorkers}, 0]}
|
|
|
|
resources:
|
|
|
|
ContainersCommon:
|
|
type: ../containers-common.yaml
|
|
|
|
MySQLClient:
|
|
type: ../database/mysql-client.yaml
|
|
|
|
CinderBase:
|
|
type: ./cinder-base.yaml
|
|
properties:
|
|
EndpointMap: {get_param: EndpointMap}
|
|
ServiceData: {get_param: ServiceData}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
RoleName: {get_param: RoleName}
|
|
RoleParameters: {get_param: RoleParameters}
|
|
|
|
ApacheServiceBase:
|
|
type: ../../deployment/apache/apache-baremetal-puppet.yaml
|
|
properties:
|
|
ServiceData: {get_param: ServiceData}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
EndpointMap: {get_param: EndpointMap}
|
|
RoleName: {get_param: RoleName}
|
|
RoleParameters: {get_param: RoleParameters}
|
|
EnableInternalTLS: {get_param: EnableInternalTLS}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Cinder API role.
|
|
value:
|
|
service_name: cinder_api
|
|
monitoring_subscription: {get_param: MonitoringSubscriptionCinderApi}
|
|
config_settings:
|
|
map_merge:
|
|
- get_attr: [CinderBase, role_data, config_settings]
|
|
- get_attr: [ApacheServiceBase, role_data, config_settings]
|
|
- cinder::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
|
cinder::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
|
cinder::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
|
cinder::keystone::authtoken::password: {get_param: CinderPassword}
|
|
cinder::keystone::authtoken::project_name: 'service'
|
|
cinder::keystone::authtoken::user_domain_name: 'Default'
|
|
cinder::keystone::authtoken::project_domain_name: 'Default'
|
|
cinder::policy::policies: {get_param: CinderApiPolicies}
|
|
cinder::ceilometer::notification_driver: {get_param: NotificationDriver}
|
|
cinder::api::default_volume_type: {get_param: CinderDefaultVolumeType}
|
|
cinder::api::enable_proxy_headers_parsing: true
|
|
|
|
cinder::api::nova_catalog_info: 'compute:nova:internalURL'
|
|
# TODO(emilien) move it to puppet-cinder
|
|
cinder::config:
|
|
DEFAULT/swift_catalog_info:
|
|
value: 'object-store:swift:internalURL'
|
|
tripleo::profile::base::cinder::cinder_enable_db_purge: {get_param: CinderEnableDBPurge}
|
|
tripleo::cinder_api::firewall_rules:
|
|
'119 cinder':
|
|
dport:
|
|
- 8776
|
|
- 13776
|
|
cinder::api::bind_host:
|
|
str_replace:
|
|
template:
|
|
"%{hiera('fqdn_$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, CinderApiNetwork]}
|
|
cinder::wsgi::apache::ssl: {get_param: EnableInternalTLS}
|
|
cinder::api::service_name: 'httpd'
|
|
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
|
|
# for the given network; replacement examples (eg. for internal_api):
|
|
# internal_api -> IP
|
|
# internal_api_uri -> [IP]
|
|
# internal_api_subnet - > IP/CIDR
|
|
cinder::wsgi::apache::bind_host:
|
|
str_replace:
|
|
template:
|
|
"%{hiera('$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, CinderApiNetwork]}
|
|
-
|
|
cinder::wsgi::apache::servername:
|
|
str_replace:
|
|
template:
|
|
"%{hiera('fqdn_$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, CinderApiNetwork]}
|
|
-
|
|
if:
|
|
- cinder_workers_zero
|
|
- {}
|
|
- cinder::wsgi::apache::workers: {get_param: CinderWorkers}
|
|
service_config_settings:
|
|
map_merge:
|
|
- get_attr: [CinderBase, role_data, service_config_settings]
|
|
- fluentd:
|
|
tripleo_fluentd_groups_cinder_api:
|
|
- cinder
|
|
tripleo_fluentd_sources_cinder_api:
|
|
- {get_param: CinderApiLoggingSource}
|
|
keystone:
|
|
cinder::keystone::auth::tenant: 'service'
|
|
cinder::keystone::auth::public_url: {get_param: [EndpointMap, CinderPublic, uri]}
|
|
cinder::keystone::auth::internal_url: {get_param: [EndpointMap, CinderInternal, uri]}
|
|
cinder::keystone::auth::admin_url: {get_param: [EndpointMap, CinderAdmin, uri]}
|
|
cinder::keystone::auth::public_url_v2: {get_param: [EndpointMap, CinderV2Public, uri]}
|
|
cinder::keystone::auth::internal_url_v2: {get_param: [EndpointMap, CinderV2Internal, uri]}
|
|
cinder::keystone::auth::admin_url_v2: {get_param: [EndpointMap, CinderV2Admin, uri]}
|
|
cinder::keystone::auth::public_url_v3: {get_param: [EndpointMap, CinderV3Public, uri]}
|
|
cinder::keystone::auth::internal_url_v3: {get_param: [EndpointMap, CinderV3Internal, uri]}
|
|
cinder::keystone::auth::admin_url_v3: {get_param: [EndpointMap, CinderV3Admin, uri]}
|
|
cinder::keystone::auth::password: {get_param: CinderPassword}
|
|
cinder::keystone::auth::region: {get_param: KeystoneRegion}
|
|
mysql:
|
|
cinder::db::mysql::password: {get_param: CinderPassword}
|
|
cinder::db::mysql::user: cinder
|
|
cinder::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
|
|
cinder::db::mysql::dbname: cinder
|
|
cinder::db::mysql::allowed_hosts:
|
|
- '%'
|
|
- "%{hiera('mysql_bind_host')}"
|
|
# BEGIN DOCKER SETTINGS
|
|
puppet_config:
|
|
config_volume: cinder
|
|
puppet_tags: cinder_config,cinder_type,file,concat,file_line
|
|
step_config:
|
|
list_join:
|
|
- "\n"
|
|
- - "include ::tripleo::profile::base::cinder::api"
|
|
- {get_attr: [MySQLClient, role_data, step_config]}
|
|
config_image: {get_param: DockerCinderConfigImage}
|
|
kolla_config:
|
|
/var/lib/kolla/config_files/cinder_api.json:
|
|
command: /usr/sbin/httpd -DFOREGROUND
|
|
config_files:
|
|
- source: "/var/lib/kolla/config_files/src/etc/httpd/conf.d"
|
|
dest: "/etc/httpd/conf.d"
|
|
merge: false
|
|
preserve_properties: true
|
|
- source: "/var/lib/kolla/config_files/src/*"
|
|
dest: "/"
|
|
merge: true
|
|
preserve_properties: true
|
|
permissions:
|
|
- path: /var/log/cinder
|
|
owner: cinder:cinder
|
|
recurse: true
|
|
/var/lib/kolla/config_files/cinder_api_cron.json:
|
|
command: /usr/sbin/crond -n
|
|
config_files:
|
|
- source: "/var/lib/kolla/config_files/src/*"
|
|
dest: "/"
|
|
merge: true
|
|
preserve_properties: true
|
|
permissions:
|
|
- path: /var/log/cinder
|
|
owner: cinder:cinder
|
|
recurse: true
|
|
docker_config:
|
|
step_2:
|
|
cinder_api_init_logs:
|
|
image: &cinder_api_image {get_param: DockerCinderApiImage}
|
|
net: none
|
|
privileged: false
|
|
user: root
|
|
volumes:
|
|
- /var/log/containers/cinder:/var/log/cinder:z
|
|
- /var/log/containers/httpd/cinder-api:/var/log/httpd:z
|
|
command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder']
|
|
step_3:
|
|
cinder_api_db_sync:
|
|
image: *cinder_api_image
|
|
net: host
|
|
privileged: false
|
|
detach: false
|
|
user: root
|
|
volumes:
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, volumes]}
|
|
-
|
|
- /var/lib/config-data/cinder/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
|
|
- /var/lib/config-data/cinder/etc/cinder/:/etc/cinder/:ro
|
|
- /var/log/containers/cinder:/var/log/cinder:z
|
|
- /var/log/containers/httpd/cinder-api:/var/log/httpd:z
|
|
command:
|
|
- '/usr/bin/bootstrap_host_exec'
|
|
- 'cinder_api'
|
|
- "su cinder -s /bin/bash -c 'cinder-manage db sync --bump-versions'"
|
|
step_4:
|
|
cinder_api:
|
|
image: *cinder_api_image
|
|
net: host
|
|
privileged: false
|
|
restart: always
|
|
# NOTE(mandre) kolla image changes the user to 'cinder', we need it
|
|
# to be root to run httpd
|
|
user: root
|
|
healthcheck:
|
|
test: /openstack/healthcheck
|
|
volumes:
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, volumes]}
|
|
-
|
|
- /var/lib/kolla/config_files/cinder_api.json:/var/lib/kolla/config_files/config.json:ro
|
|
- /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro
|
|
- /var/log/containers/cinder:/var/log/cinder:z
|
|
- /var/log/containers/httpd/cinder-api:/var/log/httpd:z
|
|
-
|
|
if:
|
|
- internal_tls_enabled
|
|
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
|
|
- ''
|
|
-
|
|
if:
|
|
- internal_tls_enabled
|
|
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
|
|
- ''
|
|
environment:
|
|
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
|
cinder_api_cron:
|
|
image: *cinder_api_image
|
|
net: host
|
|
user: root
|
|
privileged: false
|
|
restart: always
|
|
healthcheck:
|
|
test: '/usr/share/openstack-tripleo-common/healthcheck/cron cinder'
|
|
volumes:
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, volumes]}
|
|
-
|
|
- /var/lib/kolla/config_files/cinder_api_cron.json:/var/lib/kolla/config_files/config.json:ro
|
|
- /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro
|
|
- /var/log/containers/cinder:/var/log/cinder:z
|
|
- /var/log/containers/httpd/cinder-api:/var/log/httpd:z
|
|
environment:
|
|
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
|
container_puppet_tasks:
|
|
# Create the default volume type after the cinder-api service is
|
|
# running. The puppet code will ensure this is only done once, on
|
|
# the bootstrap node.
|
|
step_4:
|
|
config_volume: 'cinder_init_tasks'
|
|
puppet_tags: cinder_config,cinder_type,file,concat,file_line
|
|
step_config: 'include ::tripleo::profile::base::cinder::api'
|
|
config_image: *cinder_api_image
|
|
volumes:
|
|
- /var/lib/config-data/cinder/etc/cinder/:/etc/cinder/:ro
|
|
|
|
metadata_settings:
|
|
get_attr: [ApacheServiceBase, role_data, metadata_settings]
|
|
host_prep_tasks:
|
|
- name: create persistent directories
|
|
file:
|
|
path: "{{ item.path }}"
|
|
state: directory
|
|
setype: "{{ item.setype }}"
|
|
with_items:
|
|
- { 'path': /var/log/containers/cinder, 'setype': svirt_sandbox_file_t }
|
|
- { 'path': /var/log/containers/httpd/cinder-api, 'setype': svirt_sandbox_file_t }
|
|
- { 'path': /var/log/cinder, 'setype': svirt_sandbox_file_t }
|
|
- name: cinder logs readme
|
|
copy:
|
|
dest: /var/log/cinder/readme.txt
|
|
content: |
|
|
Log files from cinder containers can be found under
|
|
/var/log/containers/cinder and /var/log/containers/httpd/cinder-api.
|
|
ignore_errors: true
|
|
post_upgrade_tasks:
|
|
- when: step|int == 1
|
|
import_role:
|
|
name: tripleo-docker-rm
|
|
vars:
|
|
containers_to_rm:
|
|
- cinder_api
|
|
- cinder_api_cron
|
|
external_upgrade_tasks:
|
|
- when: step|int == 1
|
|
block:
|
|
- name: Online data migration for Cinder
|
|
command: "{{ container_cli }} exec cinder_api cinder-manage db online_data_migrations"
|
|
delegate_to: "{{ groups['cinder_api'][0] }}"
|
|
become: true
|
|
tags:
|
|
- online_upgrade
|
|
- online_upgrade_cinder
|
|
- when:
|
|
- step|int == 1
|
|
tags:
|
|
- never
|
|
- system_upgrade_transfer_data
|
|
- system_upgrade_stop_services
|
|
block:
|
|
- name: Stop cinder api container
|
|
import_role:
|
|
name: tripleo-container-stop
|
|
vars:
|
|
tripleo_containers_to_stop:
|
|
- cinder_api
|
|
- cinder_api_cron
|
|
tripleo_delegate_to: "{{ groups['cinder_api'] | default([]) }}"
|
|
fast_forward_upgrade_tasks:
|
|
- when:
|
|
- step|int == 0
|
|
- release == 'ocata'
|
|
block:
|
|
- name: Check is cinder_api is deployed
|
|
command: systemctl is-enabled --quiet openstack-cinder-api
|
|
ignore_errors: True
|
|
register: cinder_api_enabled_result
|
|
- name: Set fact cinder_api_enabled
|
|
set_fact:
|
|
cinder_api_enabled: "{{ cinder_api_enabled_result.rc == 0 }}"
|
|
- name: Stop openstack-cinder-api
|
|
service: name=openstack-cinder-api state=stopped
|
|
when:
|
|
- step|int == 1
|
|
- release == 'ocata'
|
|
- cinder_api_enabled|bool
|
|
- name: Extra removal of services for cinder
|
|
shell: |
|
|
cinder-manage service list |\
|
|
grep -v Binary | tr '@' ' ' |\
|
|
awk '{print $1 " " $2}' |\
|
|
while read i ; do cinder-manage service remove $i ; done
|
|
when:
|
|
- step|int == 5
|
|
- release == 'pike'
|
|
- is_bootstrap_node|bool
|
|
- name: Extra migration for cinder
|
|
command: cinder-manage db online_data_migrations
|
|
when:
|
|
- step|int == 5
|
|
- release == 'pike'
|
|
- is_bootstrap_node|bool
|
|
- name: Cinder package update
|
|
package:
|
|
name: 'openstack-cinder*'
|
|
state: latest
|
|
when:
|
|
- step|int == 6
|
|
- is_bootstrap_node|bool
|
|
- name: Cinder db sync
|
|
command: cinder-manage db sync
|
|
when:
|
|
- step|int == 8
|
|
- is_bootstrap_node|bool
|