openstack/tripleo-heat-templates
Code Issues Proposed changes
e90b0d898e
tripleo-heat-templates/deployment/cinder/cinder-api-container-puppet.yaml
Jiri Stransky c992964f10 Remove pre-upgrade best-effort online data migrations 
The best effort pre-upgrade online data migrations were an attempt to
mitigate possible user errors if users forget to run the online data
migrations explicitly during the previous upgrade. However, they ended
up causing more problems than good:

* If user follows docs, they are unnecessary.

* If the containers for the services aren't running, they will get
  silently ignored already. This was done to facilitate re-runs of
  failed upgrade steps and prevent false failures. If the upgrade
  includes an operating system change, the pre-upgrade migrations will
  simply not run.

* However, if the containers for the services are running but the
  database is not running or is not functional for some reason, the
  migration will be attempted and the upgrade will get stuck. This
  leads to confusing errors not really related to the root cause of
  the problem, and non-straightforward breakages where the fix might
  otherwise be just to re-run the upgrade.

For the above reasons this commit removes the pre-upgrade just-in-case
online data migrations. We should be running them only as documented
in the upgrade workflow.

Change-Id: I5d3cc863f138d4f1a915e8a2060dd9ed1d577f37
Closes-Bug: #1841590
(cherry picked from commit cd23d2054e)
2019-08-27 16:19:06 +02:00

435 lines
17 KiB
YAML
Raw Blame History

heat_template_version: rocky
description: >
OpenStack containerized Cinder API service
parameters:
DockerCinderApiImage:
description: image
type: string
DockerCinderConfigImage:
description: The container image to use for the cinder config_volume
type: string
CinderApiLoggingSource:
type: json
default:
tag: openstack.cinder.api
path: /var/log/containers/cinder/cinder-api.log
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EnableInternalTLS:
type: boolean
default: false
CinderDefaultVolumeType:
default: tripleo
description: The name of Cinder's default volume type.
type: string
CinderEnableDBPurge:
default: true
description: |
Whether to create cron job for purging soft deleted rows in Cinder database.
type: boolean
CinderPassword:
description: The password for the cinder service and db account.
type: string
hidden: true
KeystoneRegion:
type: string
default: 'regionOne'
description: Keystone region for endpoint
MonitoringSubscriptionCinderApi:
default: 'overcloud-cinder-api'
type: string
CinderWorkers:
type: string
description: Set the number of workers for cinder::wsgi::apache
default: '%{::os_workers}'
CinderApiPolicies:
description: |
A hash of policies to configure for Cinder API.
e.g. { cinder-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
default: {}
type: json
NotificationDriver:
type: string
default: 'messagingv2'
description: Driver or drivers to handle sending notifications.
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
cinder_workers_zero: {equals : [{get_param: CinderWorkers}, 0]}
resources:
ContainersCommon:
type: ../containers-common.yaml
MySQLClient:
type: ../database/mysql-client.yaml
CinderBase:
type: ./cinder-base.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
ApacheServiceBase:
type: ../../deployment/apache/apache-baremetal-puppet.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
EnableInternalTLS: {get_param: EnableInternalTLS}
outputs:
role_data:
description: Role data for the Cinder API role.
value:
service_name: cinder_api
monitoring_subscription: {get_param: MonitoringSubscriptionCinderApi}
config_settings:
map_merge:
- get_attr: [CinderBase, role_data, config_settings]
- get_attr: [ApacheServiceBase, role_data, config_settings]
- cinder::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
cinder::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
cinder::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
cinder::keystone::authtoken::password: {get_param: CinderPassword}
cinder::keystone::authtoken::project_name: 'service'
cinder::keystone::authtoken::user_domain_name: 'Default'
cinder::keystone::authtoken::project_domain_name: 'Default'
cinder::policy::policies: {get_param: CinderApiPolicies}
cinder::ceilometer::notification_driver: {get_param: NotificationDriver}
cinder::api::default_volume_type: {get_param: CinderDefaultVolumeType}
cinder::api::enable_proxy_headers_parsing: true
cinder::api::nova_catalog_info: 'compute:nova:internalURL'
# TODO(emilien) move it to puppet-cinder
cinder::config:
DEFAULT/swift_catalog_info:
value: 'object-store:swift:internalURL'
tripleo::profile::base::cinder::cinder_enable_db_purge: {get_param: CinderEnableDBPurge}
tripleo::cinder_api::firewall_rules:
'119 cinder':
dport:
- 8776
- 13776
cinder::api::bind_host:
str_replace:
template:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, CinderApiNetwork]}
cinder::wsgi::apache::ssl: {get_param: EnableInternalTLS}
cinder::api::service_name: 'httpd'
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
cinder::wsgi::apache::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, CinderApiNetwork]}
-
cinder::wsgi::apache::servername:
str_replace:
template:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, CinderApiNetwork]}
-
if:
- cinder_workers_zero
- {}
- cinder::wsgi::apache::workers: {get_param: CinderWorkers}
service_config_settings:
map_merge:
- get_attr: [CinderBase, role_data, service_config_settings]
- fluentd:
tripleo_fluentd_groups_cinder_api:
- cinder
tripleo_fluentd_sources_cinder_api:
- {get_param: CinderApiLoggingSource}
keystone:
cinder::keystone::auth::tenant: 'service'
cinder::keystone::auth::public_url: {get_param: [EndpointMap, CinderPublic, uri]}
cinder::keystone::auth::internal_url: {get_param: [EndpointMap, CinderInternal, uri]}
cinder::keystone::auth::admin_url: {get_param: [EndpointMap, CinderAdmin, uri]}
cinder::keystone::auth::public_url_v2: {get_param: [EndpointMap, CinderV2Public, uri]}
cinder::keystone::auth::internal_url_v2: {get_param: [EndpointMap, CinderV2Internal, uri]}
cinder::keystone::auth::admin_url_v2: {get_param: [EndpointMap, CinderV2Admin, uri]}
cinder::keystone::auth::public_url_v3: {get_param: [EndpointMap, CinderV3Public, uri]}
cinder::keystone::auth::internal_url_v3: {get_param: [EndpointMap, CinderV3Internal, uri]}
cinder::keystone::auth::admin_url_v3: {get_param: [EndpointMap, CinderV3Admin, uri]}
cinder::keystone::auth::password: {get_param: CinderPassword}
cinder::keystone::auth::region: {get_param: KeystoneRegion}
mysql:
cinder::db::mysql::password: {get_param: CinderPassword}
cinder::db::mysql::user: cinder
cinder::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
cinder::db::mysql::dbname: cinder
cinder::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: cinder
puppet_tags: cinder_config,cinder_type,file,concat,file_line
step_config:
list_join:
- "\n"
- - "include ::tripleo::profile::base::cinder::api"
- {get_attr: [MySQLClient, role_data, step_config]}
config_image: {get_param: DockerCinderConfigImage}
kolla_config:
/var/lib/kolla/config_files/cinder_api.json:
command: /usr/sbin/httpd -DFOREGROUND
config_files:
- source: "/var/lib/kolla/config_files/src/etc/httpd/conf.d"
dest: "/etc/httpd/conf.d"
merge: false
preserve_properties: true
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/cinder
owner: cinder:cinder
recurse: true
/var/lib/kolla/config_files/cinder_api_cron.json:
command: /usr/sbin/crond -n
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/cinder
owner: cinder:cinder
recurse: true
docker_config:
step_2:
cinder_api_init_logs:
image: &cinder_api_image {get_param: DockerCinderApiImage}
net: none
privileged: false
user: root
volumes:
- /var/log/containers/cinder:/var/log/cinder:z
- /var/log/containers/httpd/cinder-api:/var/log/httpd:z
command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder']
step_3:
cinder_api_db_sync:
image: *cinder_api_image
net: host
privileged: false
detach: false
user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/cinder/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/cinder/etc/cinder/:/etc/cinder/:ro
- /var/log/containers/cinder:/var/log/cinder:z
- /var/log/containers/httpd/cinder-api:/var/log/httpd:z
command:
- '/usr/bin/bootstrap_host_exec'
- 'cinder_api'
- "su cinder -s /bin/bash -c 'cinder-manage db sync --bump-versions'"
step_4:
cinder_api:
image: *cinder_api_image
net: host
privileged: false
restart: always
# NOTE(mandre) kolla image changes the user to 'cinder', we need it
# to be root to run httpd
user: root
healthcheck:
test: /openstack/healthcheck
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/cinder_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/cinder:/var/log/cinder:z
- /var/log/containers/httpd/cinder-api:/var/log/httpd:z
-
if:
- internal_tls_enabled
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
- ''
-
if:
- internal_tls_enabled
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
- ''
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
cinder_api_cron:
image: *cinder_api_image
net: host
user: root
privileged: false
restart: always
healthcheck:
test: '/usr/share/openstack-tripleo-common/healthcheck/cron cinder'
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/cinder_api_cron.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/cinder:/var/log/cinder:z
- /var/log/containers/httpd/cinder-api:/var/log/httpd:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
container_puppet_tasks:
# Create the default volume type after the cinder-api service is
# running. The puppet code will ensure this is only done once, on
# the bootstrap node.
step_4:
config_volume: 'cinder_init_tasks'
puppet_tags: cinder_config,cinder_type,file,concat,file_line
step_config: 'include ::tripleo::profile::base::cinder::api'
config_image: *cinder_api_image
volumes:
- /var/lib/config-data/cinder/etc/cinder/:/etc/cinder/:ro
metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings]
host_prep_tasks:
- name: create persistent directories
file:
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/cinder, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/httpd/cinder-api, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/cinder, 'setype': svirt_sandbox_file_t }
- name: cinder logs readme
copy:
dest: /var/log/cinder/readme.txt
content: |
Log files from cinder containers can be found under
/var/log/containers/cinder and /var/log/containers/httpd/cinder-api.
ignore_errors: true
post_upgrade_tasks:
- when: step|int == 1
import_role:
name: tripleo-docker-rm
vars:
containers_to_rm:
- cinder_api
- cinder_api_cron
external_upgrade_tasks:
- when: step|int == 1
block:
- name: Online data migration for Cinder
command: "{{ container_cli }} exec cinder_api cinder-manage db online_data_migrations"
delegate_to: "{{ groups['cinder_api'][0] }}"
become: true
tags:
- online_upgrade
- online_upgrade_cinder
- when:
- step|int == 1
tags:
- never
- system_upgrade_transfer_data
- system_upgrade_stop_services
block:
- name: Stop cinder api container
import_role:
name: tripleo-container-stop
vars:
tripleo_containers_to_stop:
- cinder_api
- cinder_api_cron
tripleo_delegate_to: "{{ groups['cinder_api'] | default([]) }}"
fast_forward_upgrade_tasks:
- when:
- step|int == 0
- release == 'ocata'
block:
- name: Check is cinder_api is deployed
command: systemctl is-enabled --quiet openstack-cinder-api
ignore_errors: True
register: cinder_api_enabled_result
- name: Set fact cinder_api_enabled
set_fact:
cinder_api_enabled: "{{ cinder_api_enabled_result.rc == 0 }}"
- name: Stop openstack-cinder-api
service: name=openstack-cinder-api state=stopped
when:
- step|int == 1
- release == 'ocata'
- cinder_api_enabled|bool
- name: Extra removal of services for cinder
shell: |
cinder-manage service list |\
grep -v Binary | tr '@' ' ' |\
awk '{print $1 " " $2}' |\
while read i ; do cinder-manage service remove $i ; done
when:
- step|int == 5
- release == 'pike'
- is_bootstrap_node|bool
- name: Extra migration for cinder
command: cinder-manage db online_data_migrations
when:
- step|int == 5
- release == 'pike'
- is_bootstrap_node|bool
- name: Cinder package update
package:
name: 'openstack-cinder*'
state: latest
when:
- step|int == 6
- is_bootstrap_node|bool
- name: Cinder db sync
command: cinder-manage db sync
when:
- step|int == 8
- is_bootstrap_node|bool
View Git Blame Copy Permalink