tripleo-heat-templates/deployment/cinder/cinder-common-container-puppet.yaml
Cédric Jeanneret 0875895553 Replace svirt_sandbox_file_t by container_file_t
While they are, at SELinux level, exactly the same (one is an alias to
the other), the "container_file_t" name is easier to understand (and
shorter to write).

A second pass in a couple of days or weeks will be needed in order to
change files that were merged after this first pass.

Change-Id: Ib4b3e65dbaeb5894403301251866b9817240a9d5
2020-02-07 13:33:20 +01:00

208 lines
7.2 KiB
YAML

heat_template_version: rocky
description: >
Provides the list of Docker volumes and environment to be used by the
CinderVolume and CinderBackup services. The same list is used for
HA and non-HA deployments.
parameters:
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
CinderVolumeOptVolumes:
default: []
description: list of optional volumes to be mounted
type: comma_delimited_list
CinderVolumeOptEnvVars:
default: {}
description: hash of optional environment variables
type: json
CinderEnableIscsiBackend:
default: true
description: Whether to enable or not the Iscsi backend for Cinder
type: boolean
CinderLVMLoopDeviceSize:
default: 10280
description: The size of the loopback file used by the cinder LVM driver.
type: number
MultipathdEnable:
default: false
description: Whether to enable the multipath daemon
type: boolean
conditions:
multipathd_enabled: {equals: [{get_param: MultipathdEnable}, true]}
resources:
ContainersCommon:
type: ../containers-common.yaml
outputs:
cinder_common_host_prep_tasks:
description: Common host prep tasks for cinder-volume and cinder-backup services
value: &cinder_common_host_prep_tasks
- name: create persistent directories
file:
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/cinder, 'setype': container_file_t, 'mode': '0750' }
- { 'path': /var/lib/cinder, 'setype': container_file_t }
- name: ensure ceph configurations exist
file:
path: /etc/ceph
state: directory
cinder_volume_host_prep_tasks:
description: Host prep tasks for the cinder-volume service (HA or non-HA)
value:
list_concat:
- *cinder_common_host_prep_tasks
-
- name: cinder_enable_iscsi_backend fact
set_fact:
cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend}
- when: cinder_enable_iscsi_backend|bool
block:
- name: ensure LVM rpm dependencies are installed
package:
name: lvm2
state: latest
- name: cinder create LVM volume group dd
command:
list_join:
- ''
- - 'dd if=/dev/zero of=/var/lib/cinder/cinder-volumes bs=1 count=0 seek='
- str_replace:
template: VALUE
params:
VALUE: {get_param: CinderLVMLoopDeviceSize}
- 'M'
args:
creates: /var/lib/cinder/cinder-volumes
- name: cinder create LVM volume group
shell: |
if ! losetup /dev/loop2; then
losetup /dev/loop2 /var/lib/cinder/cinder-volumes
fi
if ! pvdisplay | grep cinder-volumes; then
pvcreate /dev/loop2
fi
if ! vgdisplay | grep cinder-volumes; then
vgcreate cinder-volumes /dev/loop2
fi
args:
executable: /bin/bash
creates: /dev/loop2
- name: cinder create service to run losetup for LVM on startup
copy:
dest: /etc/systemd/system/cinder-lvm-losetup.service
content: |
[Unit]
Description=Cinder LVM losetup
After=syslog.target
[Service]
Type=oneshot
ExecStart=/bin/bash -c '/sbin/losetup /dev/loop2 || /sbin/losetup /dev/loop2 /var/lib/cinder/cinder-volumes'
ExecStop=/bin/bash -c '/sbin/losetup -d /dev/loop2'
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
- name: cinder enable the LVM losetup service
systemd:
name: cinder-lvm-losetup
enabled: yes
daemon_reload: yes
cinder_volume_volumes:
description: Volumes for the cinder-volume container (HA or non-HA)
value:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_param: CinderVolumeOptVolumes}
-
- /var/lib/kolla/config_files/cinder_volume.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/cinder:/var/lib/kolla/config_files/src:ro
- /etc/iscsi:/var/lib/kolla/config_files/src-iscsid:ro
- /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
- /lib/modules:/lib/modules:ro
- /dev/:/dev/
- /run/:/run/
- /sys:/sys
- /var/lib/cinder:/var/lib/cinder:z
- /var/lib/iscsi:/var/lib/iscsi:z
- /var/log/containers/cinder:/var/log/cinder:z
-
if:
- multipathd_enabled
- - /etc/multipath:/etc/multipath:z
- /etc/multipath.conf:/etc/multipath.conf:ro
- []
cinder_volume_environment:
description: Docker environment for the cinder-volume container (HA or non-HA)
value:
map_merge:
- {get_param: CinderVolumeOptEnvVars}
- KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
cinder_backup_host_prep_tasks:
description: Host prep tasks for the cinder-backup service (HA or non-HA)
value: *cinder_common_host_prep_tasks
cinder_backup_volumes:
description: Volumes for the cinder-backup container (HA or non-HA)
value:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/cinder_backup.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/cinder:/var/lib/kolla/config_files/src:ro
- /etc/iscsi:/var/lib/kolla/config_files/src-iscsid:ro
- /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
- /dev/:/dev/
- /run/:/run/
- /sys:/sys
- /lib/modules:/lib/modules:ro
- /var/lib/cinder:/var/lib/cinder:z
- /var/lib/iscsi:/var/lib/iscsi:z
- /var/log/containers/cinder:/var/log/cinder:z
-
if:
- multipathd_enabled
- - /etc/multipath:/etc/multipath:z
- []
cinder_backup_environment:
description: Docker environment for the cinder-backup container (HA or non-HA)
value:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS