0cb45d65c6
Services that access database have to read an extra MySQL configuration file
/etc/my.cnf.d/tripleo.cnf which holds client-only settings, like client bind
address and SSL configuration. The configuration file is thus used by
containerized services, but also by non-containerized services that still
run on the host.
In order to generate that client configuration file appropriately both on the
host and for containers, 1) the MySQLClient service must be included by the
role; 2) every containerized service which uses the database must include the
mysql::client profile in the docker-puppet config generation step.
By including the mysql::client profile in each containerized service, we ensure
that any change in configuration file will be reflected in the service's
/var/lib/config-data/{service}, and that paunch will restart the service's
container automatically.
We now only rely on MySQLClient from puppet/services, to make it possible to
generate /etc/my.cnf.d/tripleo.cnf on the host, and to set the hiera keys that
drive the generation of that config file in containers via docker-puppet.
We include a new YAML validation step to ensure that any service which depends
on MySQL will initialize the mysql::client profile during the docker-puppet
step.
Change-Id: I0dab1dc9caef1e749f1c42cfefeba179caebc8d7
163 lines
5.9 KiB
YAML
163 lines
5.9 KiB
YAML
heat_template_version: pike
|
|
|
|
description: >
|
|
OpenStack containerized Ironic Conductor service
|
|
|
|
parameters:
|
|
DockerIronicConductorImage:
|
|
description: image
|
|
type: string
|
|
DockerIronicConfigImage:
|
|
description: The container image to use for the ironic config_volume
|
|
type: string
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
|
|
resources:
|
|
|
|
ContainersCommon:
|
|
type: ./containers-common.yaml
|
|
|
|
MySQLClient:
|
|
type: ../../puppet/services/database/mysql-client.yaml
|
|
|
|
IronicConductorBase:
|
|
type: ../../puppet/services/ironic-conductor.yaml
|
|
properties:
|
|
EndpointMap: {get_param: EndpointMap}
|
|
ServiceData: {get_param: ServiceData}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
RoleName: {get_param: RoleName}
|
|
RoleParameters: {get_param: RoleParameters}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Ironic Conductor role.
|
|
value:
|
|
service_name: {get_attr: [IronicConductorBase, role_data, service_name]}
|
|
config_settings:
|
|
map_merge:
|
|
- get_attr: [IronicConductorBase, role_data, config_settings]
|
|
# to avoid hard linking errors we store these on the same
|
|
# volume/device as the ironic master_path
|
|
# https://github.com/docker/docker/issues/7457
|
|
- ironic::drivers::pxe::tftp_root: /var/lib/ironic/tftpboot
|
|
- ironic::drivers::pxe::tftp_master_path: /var/lib/ironic/tftpboot/master_images
|
|
- ironic::pxe::tftp_root: /var/lib/ironic/tftpboot
|
|
- ironic::pxe::http_root: /var/lib/ironic/httpboot
|
|
- ironic::conductor::http_root: /var/lib/ironic/httpboot
|
|
step_config: &step_config
|
|
list_join:
|
|
- "\n"
|
|
- - {get_attr: [IronicConductorBase, role_data, step_config]}
|
|
- {get_attr: [MySQLClient, role_data, step_config]}
|
|
service_config_settings: {get_attr: [IronicConductorBase, role_data, service_config_settings]}
|
|
# BEGIN DOCKER SETTINGS
|
|
puppet_config:
|
|
config_volume: ironic
|
|
puppet_tags: ironic_config
|
|
step_config: *step_config
|
|
config_image: {get_param: DockerIronicConfigImage}
|
|
kolla_config:
|
|
/var/lib/kolla/config_files/ironic_conductor.json:
|
|
command: /usr/bin/ironic-conductor
|
|
config_files:
|
|
- source: "/var/lib/kolla/config_files/src/*"
|
|
dest: "/"
|
|
merge: true
|
|
preserve_properties: true
|
|
permissions:
|
|
- path: /var/lib/ironic
|
|
owner: ironic:ironic
|
|
recurse: true
|
|
- path: /var/log/ironic
|
|
owner: ironic:ironic
|
|
recurse: true
|
|
docker_config:
|
|
step_4:
|
|
ironic_conductor:
|
|
start_order: 80
|
|
image: {get_param: DockerIronicConductorImage}
|
|
net: host
|
|
privileged: true
|
|
restart: always
|
|
volumes:
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, volumes]}
|
|
-
|
|
- /var/lib/kolla/config_files/ironic_conductor.json:/var/lib/kolla/config_files/config.json:ro
|
|
- /var/lib/config-data/puppet-generated/ironic/:/var/lib/kolla/config_files/src:ro
|
|
- /lib/modules:/lib/modules:ro
|
|
- /sys:/sys
|
|
- /dev:/dev
|
|
- /run:/run #shared?
|
|
- /var/lib/ironic:/var/lib/ironic
|
|
- /var/log/containers/ironic:/var/log/ironic
|
|
environment:
|
|
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
|
host_prep_tasks:
|
|
- name: create persistent directories
|
|
file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
with_items:
|
|
- /var/log/containers/ironic
|
|
- /var/lib/ironic
|
|
- name: stat /httpboot
|
|
stat: path=/httpboot
|
|
register: stat_httpboot
|
|
- name: stat /tftpboot
|
|
stat: path=/tftpboot
|
|
register: stat_tftpboot
|
|
- name: stat /var/lib/ironic/httpboot
|
|
stat: path=/var/lib/ironic/httpboot
|
|
register: stat_ironic_httpboot
|
|
- name: stat /var/lib/ironic/tftpboot
|
|
stat: path=/var/lib/ironic/tftpboot
|
|
register: stat_ironic_tftpboot
|
|
# cannot use 'copy' module as with 'remote_src' it doesn't support recursion
|
|
- name: migrate /httpboot to containerized (if applicable)
|
|
command: /bin/cp -R /httpboot /var/lib/ironic/httpboot
|
|
when: stat_httpboot.stat.exists and not stat_ironic_httpboot.stat.exists
|
|
- name: migrate /tftpboot to containerized (if applicable)
|
|
command: /bin/cp -R /tftpboot /var/lib/ironic/tftpboot
|
|
when: stat_tftpboot.stat.exists and not stat_ironic_tftpboot.stat.exists
|
|
# Even if there was nothing to copy from original locations,
|
|
# we need to create the dirs before starting the containers
|
|
- name: ensure ironic pxe directories exist
|
|
file:
|
|
path: /var/lib/ironic/{{ item }}
|
|
state: directory
|
|
with_items:
|
|
- httpboot
|
|
- tftpboot
|
|
upgrade_tasks:
|
|
- name: Stop and disable ironic_conductor service
|
|
tags: step2
|
|
service: name=openstack-ironic-conductor state=stopped enabled=no
|