4cbae84c75
When upgrading from Rocky to Stein we moved also from using the docker container engine into Podman. To ensure that every single docker container was removed after the upgrade a post_upgrade task was added which made use of the tripleo-docker-rm role that removed the container. In this cycle, from Stein to Train both the Undercloud and Overcloud work with Podman, so there is no need to remove any docker container anymore. This patch removes all the tripleo-docker-rm post-upgrade task and in those services which only included a single task, the post-upgrade-tasks section is also erased. Change-Id: I5c9ab55ec6ff332056a426a76e150ea3c9063c6e
258 lines
9.6 KiB
YAML
258 lines
9.6 KiB
YAML
heat_template_version: rocky
|
|
|
|
description: >
|
|
OpenStack containerized Mistral Executor service
|
|
|
|
parameters:
|
|
ContainerMistralExecutorImage:
|
|
description: image
|
|
type: string
|
|
DockerMistralExecutorUlimit:
|
|
default: ['nofile=1024']
|
|
description: ulimit for Mistral Executor Container
|
|
type: comma_delimited_list
|
|
ContainerMistralConfigImage:
|
|
description: The container image to use for the mistral config_volume
|
|
type: string
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
MistralExecutorVolumes:
|
|
default: []
|
|
description: List of additional volumes to mount into the mistral-executor container
|
|
type: comma_delimited_list
|
|
MistralExecutorExtraVolumes:
|
|
default: []
|
|
description: List of user-provided additional volumes to mount into the mistral-executor container
|
|
type: comma_delimited_list
|
|
UndercloudConfigFilePath:
|
|
default: ''
|
|
description: Configuration file for Undercloud, needed by TripleO Validations.
|
|
type: string
|
|
ContainerCli:
|
|
type: string
|
|
default: 'podman'
|
|
description: CLI tool used to manage containers.
|
|
constraints:
|
|
- allowed_values: ['docker', 'podman']
|
|
MistralDockerGroup:
|
|
default: false
|
|
description: Add the mistral user to the docker group to allow actions to perform docker operations.
|
|
type: boolean
|
|
TripleoAdminUser:
|
|
default: 'tripleo-admin'
|
|
description: Name of user which manages the hosts
|
|
type: string
|
|
MountBackupFilesystemPaths:
|
|
default: false
|
|
description: Set to True to mount all directories stated in BackupFilesystemPaths
|
|
type: boolean
|
|
BackupBaseMountpoint:
|
|
default: '/backup'
|
|
description: Absolute paths to directory, which will use as a base directory for all mounted directories marked for backup
|
|
type: string
|
|
BackupFilesystemPaths:
|
|
description: Absolute paths to directories, which should be included during filesystem backup on undercloud
|
|
type: json
|
|
default:
|
|
- /etc/hiera.yaml
|
|
- /etc/puppet/
|
|
- /var/lib/config-data/
|
|
|
|
conditions:
|
|
docker_enabled: {equals: [{get_param: ContainerCli}, 'docker']}
|
|
mount_backup_filesystem: {equals : [{get_param: MountBackupFilesystemPaths}, true]}
|
|
|
|
resources:
|
|
|
|
ContainersCommon:
|
|
type: ../containers-common.yaml
|
|
|
|
MySQLClient:
|
|
type: ../database/mysql-client.yaml
|
|
|
|
MistralBase:
|
|
type: ./mistral-base.yaml
|
|
properties:
|
|
EndpointMap: {get_param: EndpointMap}
|
|
ServiceData: {get_param: ServiceData}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
RoleName: {get_param: RoleName}
|
|
RoleParameters: {get_param: RoleParameters}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Mistral Executor role.
|
|
value:
|
|
service_name: mistral_executor
|
|
config_settings:
|
|
map_merge:
|
|
- get_attr: [MistralBase, role_data, config_settings]
|
|
# Note: the hiera parameter will only work if the TripleO validations
|
|
# are run from Mistral Executor container. If the parameter is
|
|
# needed on the host, it'll have to be defined somewhere else too.
|
|
# The hiera param is set to the same value as the bind mound location
|
|
# of the file inside the container.
|
|
- tripleo_undercloud_conf_file: '/var/lib/mistral/undercloud.conf'
|
|
tripleo::profile::base::mistral::executor::docker_group: {get_param: MistralDockerGroup}
|
|
service_config_settings: {get_attr: [MistralBase, role_data, service_config_settings]}
|
|
# BEGIN DOCKER SETTINGS
|
|
puppet_config:
|
|
config_volume: mistral
|
|
puppet_tags: mistral_config,user,group
|
|
step_config:
|
|
list_join:
|
|
- "\n"
|
|
- - include ::tripleo::profile::base::mistral::executor
|
|
- {get_attr: [MySQLClient, role_data, step_config]}
|
|
config_image: {get_param: ContainerMistralConfigImage}
|
|
volumes:
|
|
list_concat:
|
|
-
|
|
if:
|
|
- docker_enabled
|
|
- - /var/run/docker.sock:/var/run/docker.sock:rw
|
|
- null
|
|
kolla_config:
|
|
/var/lib/kolla/config_files/mistral_executor.json:
|
|
command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/executor.log --server=executor
|
|
config_files:
|
|
list_concat:
|
|
- - source: "/var/lib/kolla/config_files/src/*"
|
|
dest: "/"
|
|
merge: true
|
|
preserve_properties: true
|
|
permissions:
|
|
- path: /var/log/mistral
|
|
owner: mistral:mistral
|
|
recurse: true
|
|
- path: /var/lib/mistral
|
|
owner: mistral:mistral
|
|
recurse: true
|
|
docker_config:
|
|
step_4:
|
|
mistral_executor:
|
|
image: {get_param: ContainerMistralExecutorImage}
|
|
ulimit: {get_param: DockerMistralExecutorUlimit}
|
|
net: host
|
|
privileged: false
|
|
restart: always
|
|
healthcheck: {get_attr: [ContainersCommon, healthcheck_rpc_port]}
|
|
volumes:
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, volumes]}
|
|
-
|
|
- /var/lib/kolla/config_files/mistral_executor.json:/var/lib/kolla/config_files/config.json:ro
|
|
- /var/lib/config-data/puppet-generated/mistral/:/var/lib/kolla/config_files/src:ro
|
|
- /run:/run
|
|
- /var/log/containers/mistral:/var/log/mistral:z
|
|
- /var/lib/mistral:/var/lib/mistral:z
|
|
- /usr/share/ansible/:/usr/share/ansible/:ro
|
|
- /var/lib/config-data/puppet-generated:/var/lib/config-data/puppet-generated:ro
|
|
- /usr/share/openstack-tripleo-validations:/usr/share/openstack-tripleo-validations:ro
|
|
- /usr/share/openstack-tripleo-heat-templates:/usr/share/openstack-tripleo-heat-templates:ro
|
|
- {get_param: MistralExecutorVolumes}
|
|
- {get_param: MistralExecutorExtraVolumes}
|
|
- - str_replace:
|
|
template:
|
|
'/home/tripleo-admin:/home/tripleo-admin'
|
|
params:
|
|
tripleo-admin: {get_param: TripleoAdminUser}
|
|
- if:
|
|
- mount_backup_filesystem
|
|
- repeat:
|
|
for_each:
|
|
PATH: {get_param: BackupFilesystemPaths}
|
|
template:
|
|
list_join:
|
|
- ':'
|
|
- - 'PATH'
|
|
- list_join:
|
|
- '/'
|
|
- - {get_param: BackupBaseMountpoint}
|
|
- 'PATH'
|
|
- 'ro'
|
|
expression: >
|
|
($.data.paths + $.data.extra_plugins)
|
|
.flatten().distinct()
|
|
|
|
- null
|
|
environment:
|
|
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
|
|
env_file: /etc/environment
|
|
host_prep_tasks:
|
|
- set_fact:
|
|
tripleo_admin_user: {get_param: TripleoAdminUser}
|
|
undercloud_cfg_file: {get_param: UndercloudConfigFilePath}
|
|
- import_role:
|
|
name: tripleo-create-admin
|
|
tasks_from: create_user.yml
|
|
vars:
|
|
tripleo_admin_generate_key: true
|
|
- name: create persistent directories
|
|
file:
|
|
path: "{{ item.path }}"
|
|
state: directory
|
|
setype: "{{ item.setype }}"
|
|
with_items:
|
|
- { 'path': /var/log/containers/mistral, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
|
- { 'path': /var/lib/mistral, 'setype': svirt_sandbox_file_t }
|
|
- name: create mistral/.ssh directory
|
|
file:
|
|
path: /var/lib/mistral/.ssh
|
|
state: directory
|
|
mode: 0700
|
|
- name: copy tripleo-admin private key to /var/lib/mistral/.ssh
|
|
copy:
|
|
remote_src: yes
|
|
src: /home/{{ tripleo_admin_user }}/.ssh/id_rsa
|
|
dest: /var/lib/mistral/.ssh/{{ tripleo_admin_user }}-rsa
|
|
mode: 0600
|
|
- name: copy undercloud.conf to /var/lib/mistral/
|
|
when: undercloud_cfg_file != ''
|
|
copy:
|
|
src: "{{ undercloud_cfg_file }}"
|
|
dest: /var/lib/mistral/undercloud.conf
|
|
mode: 0444
|
|
setype: svirt_sandbox_file_t
|
|
local_follow: true
|
|
- name: create ceph-ansible source directory
|
|
file:
|
|
path: /usr/share/ceph-ansible
|
|
state: directory
|
|
setype: svirt_sandbox_file_t
|
|
- name: create octavia-amphora-images directory
|
|
file:
|
|
path: /usr/share/openstack-octavia-amphora-images
|
|
state: directory
|
|
setype: svirt_sandbox_file_t
|
|
- name: enable virt_sandbox_use_netlink for healthcheck
|
|
seboolean:
|
|
name: virt_sandbox_use_netlink
|
|
persistent: yes
|
|
state: yes
|