openstack/tripleo-heat-templates
Code Issues Proposed changes
ea6fc8f95d
tripleo-heat-templates/docker/services/cinder-volume.yaml
Alex Schultz 7d24a21b89 Revert "Set proper setype for service directories" 
This reverts commit 606ce4bc56.

Rather than include this large change to try and get selinux
working. Let's just back it all out.

Change-Id: I85ceb7c170fffb88f22cd4ac9f58ed75a733786d
Related-Bug: #1811713
2019-01-18 19:40:17 +00:00

221 lines
7.9 KiB
YAML
Raw Blame History

heat_template_version: rocky
description: >
OpenStack containerized Cinder Volume service
parameters:
DockerCinderVolumeImage:
description: image
type: string
DockerCinderConfigImage:
description: The container image to use for the cinder config_volume
type: string
DockerCinderVolumeUlimit:
default: ['nofile=131072']
description: ulimit for Cinder Volume Container
type: comma_delimited_list
CinderVolumeLoggingSource:
type: json
default:
tag: openstack.cinder.volume
path: /var/log/containers/cinder/cinder-volume.log
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
UpgradeRemoveUnusedPackages:
default: false
description: Remove package if the service is being disabled during upgrade
type: boolean
CephClientUserName:
default: openstack
type: string
CephClusterName:
type: string
default: ceph
description: The Ceph cluster name.
constraints:
- allowed_pattern: "[a-zA-Z0-9]+"
description: >
The Ceph cluster name must be at least 1 character and contain only
letters and numbers.
resources:
ContainersCommon:
type: ./containers-common.yaml
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
CinderBase:
type: ../../puppet/services/cinder-volume.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
CinderCommon:
type: ./cinder-common.yaml
outputs:
role_data:
description: Role data for the Cinder Volume role.
value:
service_name: {get_attr: [CinderBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [CinderBase, role_data, config_settings]
- tripleo::profile::base::lvm::enable_udev: false
logging_source: {get_attr: [CinderBase, role_data, logging_source]}
logging_groups: {get_attr: [CinderBase, role_data, logging_groups]}
service_config_settings:
map_merge:
- get_attr: [CinderBase, role_data, service_config_settings]
- fluentd:
tripleo_fluentd_groups_cinder_volume:
- cinder
tripleo_fluentd_sources_cinder_volume:
- {get_param: CinderVolumeLoggingSource}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: cinder
puppet_tags: cinder_config,file,concat,file_line
step_config:
list_join:
- "\n"
- - "include ::tripleo::profile::base::lvm"
- get_attr: [CinderBase, role_data, step_config]
- get_attr: [MySQLClient, role_data, step_config]
config_image: {get_param: DockerCinderConfigImage}
kolla_config:
/var/lib/kolla/config_files/cinder_volume.json:
command: /usr/bin/cinder-volume --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
- source: "/var/lib/kolla/config_files/src-ceph/"
dest: "/etc/ceph/"
merge: true
preserve_properties: true
- source: "/var/lib/kolla/config_files/src-iscsid/*"
dest: "/etc/iscsi/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/cinder
owner: cinder:cinder
recurse: true
- path:
str_replace:
template: /etc/ceph/CLUSTER.client.USER.keyring
params:
CLUSTER: {get_param: CephClusterName}
USER: {get_param: CephClientUserName}
owner: cinder:cinder
perm: '0600'
docker_config:
step_3:
cinder_volume_init_logs:
start_order: 0
image: &cinder_volume_image {get_param: DockerCinderVolumeImage}
privileged: false
user: root
volumes:
- /var/log/containers/cinder:/var/log/cinder
command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder']
step_4:
cinder_volume:
image: *cinder_volume_image
ulimit: {get_param: DockerCinderVolumeUlimit}
ipc: host
net: host
privileged: true
restart: always
healthcheck:
test:
list_join:
- ' '
- - '/openstack/healthcheck'
- yaql:
expression: str($.data.port)
data:
port: {get_attr: [CinderBase, role_data, config_settings, 'cinder::rabbit_port']}
volumes: {get_attr: [CinderCommon, cinder_volume_volumes]}
environment: {get_attr: [CinderCommon, cinder_volume_environment]}
host_prep_tasks: {get_attr: [CinderCommon, cinder_volume_host_prep_tasks]}
upgrade_tasks:
- when: step|int == 0
tags: common
block:
- name: Check if cinder_volume is deployed
command: systemctl is-enabled openstack-cinder-volume
ignore_errors: True
register: cinder_volume_enabled_result
- name: Set fact cinder_volume_enabled
set_fact:
cinder_volume_enabled: "{{ cinder_volume_enabled_result.rc == 0 }}"
- name: "PreUpgrade step0,validation: Check service openstack-cinder-volume is running"
shell: systemctl is-active --quiet openstack-cinder-volume
when: cinder_volume_enabled|bool
tags: validation
- when: step|int == 2
block:
- name: Stop and disable cinder_volume service
when: cinder_volume_enabled|bool
service: name=openstack-cinder-volume state=stopped enabled=no
- when: step|int == 3
block:
- name: Set fact for removal of openstack-cinder package
set_fact:
remove_cinder_package: {get_param: UpgradeRemoveUnusedPackages}
- name: Remove openstack-cinder package if operator requests it
package: name=openstack-cinder state=removed
ignore_errors: True
when: remove_cinder_package|bool
fast_forward_upgrade_tasks:
- when:
- step|int == 0
- release == 'ocata'
block:
- name: Check if cinder_volume is deployed
command: systemctl is-enabled --quiet openstack-cinder-volume
ignore_errors: True
register: cinder_volume_enabled_result
- name: Set fact cinder_volume_enabled
set_fact:
cinder_volume_enabled: "{{ cinder_volume_enabled_result.rc == 0 }}"
- name: Stop openstack-cinder-volume
service: name=openstack-cinder-volume state=stopped enabled=no
when:
- step|int == 1
- release == 'ocata'
- cinder_volume_enabled|bool
View Git Blame Copy Permalink