openstack/tripleo-heat-templates
Code Issues Proposed changes
eb245497ef
tripleo-heat-templates/deployment/containers-common.yaml
Michele Baldessari f90eb2caa7 Fix deployment on pacemaker remote nodes 
Currently an HA deployment making use of PacemakerRemote for any HA role
will fail with the following:
2020-01-16 08:40:22.707 33489 DEBUG paunch [  ] Start container mysql_restart_bundle as mysql_restart_bundle.
2020-01-16 08:40:22.708 33489 DEBUG paunch [  ] Path seperator found in volume (/etc/corosync/corosync.conf), but did not exist on the file system
2020-01-16 08:40:22.708 33489 ERROR paunch [  ] /etc/corosync/corosync.conf is not a valid volume source
...
2020-01-16 08:40:53.026 33489 ERROR paunch [  ] The following containers failed validations and were not started: mysql_restart_bundle

The reason for this is that via I92d4ddf2feeac06ce14468ae928c283f3fd04f45 (HA: fix
<service>_restart_bundle with minor update workflow), we consolidated
all the restart bundles into a single place inside
containers-common.yaml but we forgot to conditionalize the inclusion of
the /etc/corosync/corosync.conf bind mount. In fact this bind mount is
not needed since we started using RHEL/CentOS 8 (i.e. since the podman
introduction). See I399098bf734aa3b2862e1713d4b1f429d180afbc (Fix pcmk
remote podman bundle restarts) for more context

Tested in a composable HA deployment where the Messaging and the
Database roles were using PacemakerRemote and correctly deployed the
environment (which would previously fail):
[root@messaging-0 ~]# crm_mon -1 |grep -e database -e messaging
RemoteOnline: [ database-0 database-1 database-2 messaging-0 messaging-1 messaging-2 ]
 database-0     (ocf::pacemaker:remote):        Started controller-0
 database-1     (ocf::pacemaker:remote):        Started controller-1
 database-2     (ocf::pacemaker:remote):        Started controller-2
 messaging-0    (ocf::pacemaker:remote):        Started controller-0
 messaging-1    (ocf::pacemaker:remote):        Started controller-1
 messaging-2    (ocf::pacemaker:remote):        Started controller-2
 galera-bundle-0      (ocf:💓galera):        Master database-0
 galera-bundle-1      (ocf:💓galera):        Master database-1
 galera-bundle-2      (ocf:💓galera):        Master database-2
 rabbitmq-bundle-0    (ocf:💓rabbitmq-cluster):      Started messaging-0
 rabbitmq-bundle-1    (ocf:💓rabbitmq-cluster):      Started messaging-1
 rabbitmq-bundle-2    (ocf:💓rabbitmq-cluster):      Started messaging-2

Change-Id: I7766a75414bf8db75ccd233677e9ffe13ff28e23
Closes-Bug: #1859945
(cherry picked from commit a30342f253)
2020-01-18 07:46:41 +00:00

180 lines
5.7 KiB
YAML
Raw Blame History

heat_template_version: rocky
description: >
Contains a static list of common things necessary for containers
parameters:
# Required parameters
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EnableInternalTLS:
type: boolean
default: false
InternalTLSCAFile:
default: '/etc/ipa/ca.crt'
type: string
description: Specifies the default CA cert to use if TLS is used for
services in the internal network.
RpcPort:
default: 5672
description: The network port for messaging backend
type: number
PcmkConfigRestartTimeout:
default: 600
description: Time in seconds to wait for a pacemaker resource to restart when
a config change is detected and the resource is being restarted
type: number
ContainerCli:
type: string
default: 'podman'
description: CLI tool used to manage containers.
constraints:
- allowed_values: ['docker', 'podman']
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
docker_enabled: {equals: [{get_param: ContainerCli}, 'docker']}
outputs:
container_config_scripts:
description: Shared container config scripts
value:
container_puppet_apply.sh:
mode: "0700"
content: |
#!/bin/bash
set -eux
STEP=$1
TAGS=$2
CONFIG=$3
EXTRA_ARGS=${4:-''}
if [ -d /tmp/puppet-etc ]; then
# ignore copy failures as these may be the same file depending on docker mounts
cp -a /tmp/puppet-etc/* /etc/puppet || true
fi
echo "{\"step\": ${STEP}}" > /etc/puppet/hieradata/docker_puppet.json
# $::deployment_type in puppet-tripleo
export FACTER_deployment_type=containers
set +e
puppet apply $EXTRA_ARGS \
--verbose \
--detailed-exitcodes \
--summarize \
--color=false \
--modulepath /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules \
--tags $TAGS \
-e "noop_resource('package'); ${CONFIG}"
rc=$?
set -e
set +ux
if [ $rc -eq 2 -o $rc -eq 0 ]; then
exit 0
fi
exit $rc
pyshim.sh:
mode: "0755"
content: { get_file: ../container_config_scripts/pyshim.sh }
pacemaker_restart_bundle.sh:
mode: "0755"
content:
str_replace:
template: { get_file: ../container_config_scripts/pacemaker_restart_bundle.sh }
params:
__PCMKTIMEOUT__: {get_param: PcmkConfigRestartTimeout}
volumes_base:
description: Base volume list
value: &volumes_base
list_concat:
- - /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
# OpenSSL trusted CAs
- /etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:ro
- /etc/pki/ca-trust/source/anchors:/etc/pki/ca-trust/source/anchors:ro
- /etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro
- /etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro
- /etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro
# Syslog socket
- /dev/log:/dev/log
- if:
- internal_tls_enabled
- - list_join:
- ':'
- - {get_param: InternalTLSCAFile}
- {get_param: InternalTLSCAFile}
- 'ro'
- null
volumes:
description: Common volumes for the containers.
value:
list_concat:
- *volumes_base
- - /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro
# required for bootstrap_host_exec
- /etc/puppet:/etc/puppet:ro
pacemaker_restart_volumes:
description: Common volumes for the pacemaker restart containers.
value:
list_concat:
- *volumes_base
- - /var/lib/container-config-scripts/pacemaker_restart_bundle.sh:/pacemaker_restart_bundle.sh:ro
- /dev/shm:/dev/shm:rw
# required for bootstrap_host_exec, facter
- /etc/puppet:/etc/puppet:ro
- if:
- docker_enabled
- - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro
- null
container_puppet_apply_volumes:
description: Common volumes needed to run the container_puppet_apply.sh from container_config_scripts
value:
list_concat:
- *volumes_base
- - /var/lib/container-config-scripts/container_puppet_apply.sh:/container_puppet_apply.sh:ro
# container_puppet_apply.sh will copy this to /etc/puppet in the container
- /etc/puppet:/tmp/puppet-etc:ro
- /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
healthcheck_rpc_port:
description: healthcheck command that probes the RpcPort
value:
test:
str_replace:
template:
'/openstack/healthcheck RPCPORT'
params:
RPCPORT: {get_param: RpcPort}
View Git Blame Copy Permalink