tripleo-heat-templates/deployment/mistral/mistral-executor-container-puppet.yaml
Jose Luis Franco Arza 4cbae84c75 Get rid of docker removing in post_upgrade tasks.
When upgrading from Rocky to Stein we moved also from using the docker
container engine into Podman. To ensure that every single docker container
was removed after the upgrade a post_upgrade task was added which made
use of the tripleo-docker-rm role that removed the container. In this cycle,
from Stein to Train both the Undercloud and Overcloud work with Podman, so
there is no need to remove any docker container anymore.

This patch removes all the tripleo-docker-rm post-upgrade task and in those
services which only included a single task, the post-upgrade-tasks section
is also erased.

Change-Id: I5c9ab55ec6ff332056a426a76e150ea3c9063c6e
2019-11-12 16:33:38 +01:00

258 lines
9.6 KiB
YAML

heat_template_version: rocky
description: >
OpenStack containerized Mistral Executor service
parameters:
ContainerMistralExecutorImage:
description: image
type: string
DockerMistralExecutorUlimit:
default: ['nofile=1024']
description: ulimit for Mistral Executor Container
type: comma_delimited_list
ContainerMistralConfigImage:
description: The container image to use for the mistral config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
MistralExecutorVolumes:
default: []
description: List of additional volumes to mount into the mistral-executor container
type: comma_delimited_list
MistralExecutorExtraVolumes:
default: []
description: List of user-provided additional volumes to mount into the mistral-executor container
type: comma_delimited_list
UndercloudConfigFilePath:
default: ''
description: Configuration file for Undercloud, needed by TripleO Validations.
type: string
ContainerCli:
type: string
default: 'podman'
description: CLI tool used to manage containers.
constraints:
- allowed_values: ['docker', 'podman']
MistralDockerGroup:
default: false
description: Add the mistral user to the docker group to allow actions to perform docker operations.
type: boolean
TripleoAdminUser:
default: 'tripleo-admin'
description: Name of user which manages the hosts
type: string
MountBackupFilesystemPaths:
default: false
description: Set to True to mount all directories stated in BackupFilesystemPaths
type: boolean
BackupBaseMountpoint:
default: '/backup'
description: Absolute paths to directory, which will use as a base directory for all mounted directories marked for backup
type: string
BackupFilesystemPaths:
description: Absolute paths to directories, which should be included during filesystem backup on undercloud
type: json
default:
- /etc/hiera.yaml
- /etc/puppet/
- /var/lib/config-data/
conditions:
docker_enabled: {equals: [{get_param: ContainerCli}, 'docker']}
mount_backup_filesystem: {equals : [{get_param: MountBackupFilesystemPaths}, true]}
resources:
ContainersCommon:
type: ../containers-common.yaml
MySQLClient:
type: ../database/mysql-client.yaml
MistralBase:
type: ./mistral-base.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Mistral Executor role.
value:
service_name: mistral_executor
config_settings:
map_merge:
- get_attr: [MistralBase, role_data, config_settings]
# Note: the hiera parameter will only work if the TripleO validations
# are run from Mistral Executor container. If the parameter is
# needed on the host, it'll have to be defined somewhere else too.
# The hiera param is set to the same value as the bind mound location
# of the file inside the container.
- tripleo_undercloud_conf_file: '/var/lib/mistral/undercloud.conf'
tripleo::profile::base::mistral::executor::docker_group: {get_param: MistralDockerGroup}
service_config_settings: {get_attr: [MistralBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: mistral
puppet_tags: mistral_config,user,group
step_config:
list_join:
- "\n"
- - include ::tripleo::profile::base::mistral::executor
- {get_attr: [MySQLClient, role_data, step_config]}
config_image: {get_param: ContainerMistralConfigImage}
volumes:
list_concat:
-
if:
- docker_enabled
- - /var/run/docker.sock:/var/run/docker.sock:rw
- null
kolla_config:
/var/lib/kolla/config_files/mistral_executor.json:
command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/executor.log --server=executor
config_files:
list_concat:
- - source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/mistral
owner: mistral:mistral
recurse: true
- path: /var/lib/mistral
owner: mistral:mistral
recurse: true
docker_config:
step_4:
mistral_executor:
image: {get_param: ContainerMistralExecutorImage}
ulimit: {get_param: DockerMistralExecutorUlimit}
net: host
privileged: false
restart: always
healthcheck: {get_attr: [ContainersCommon, healthcheck_rpc_port]}
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/mistral_executor.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/mistral/:/var/lib/kolla/config_files/src:ro
- /run:/run
- /var/log/containers/mistral:/var/log/mistral:z
- /var/lib/mistral:/var/lib/mistral:z
- /usr/share/ansible/:/usr/share/ansible/:ro
- /var/lib/config-data/puppet-generated:/var/lib/config-data/puppet-generated:ro
- /usr/share/openstack-tripleo-validations:/usr/share/openstack-tripleo-validations:ro
- /usr/share/openstack-tripleo-heat-templates:/usr/share/openstack-tripleo-heat-templates:ro
- {get_param: MistralExecutorVolumes}
- {get_param: MistralExecutorExtraVolumes}
- - str_replace:
template:
'/home/tripleo-admin:/home/tripleo-admin'
params:
tripleo-admin: {get_param: TripleoAdminUser}
- if:
- mount_backup_filesystem
- repeat:
for_each:
PATH: {get_param: BackupFilesystemPaths}
template:
list_join:
- ':'
- - 'PATH'
- list_join:
- '/'
- - {get_param: BackupBaseMountpoint}
- 'PATH'
- 'ro'
expression: >
($.data.paths + $.data.extra_plugins)
.flatten().distinct()
- null
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
env_file: /etc/environment
host_prep_tasks:
- set_fact:
tripleo_admin_user: {get_param: TripleoAdminUser}
undercloud_cfg_file: {get_param: UndercloudConfigFilePath}
- import_role:
name: tripleo-create-admin
tasks_from: create_user.yml
vars:
tripleo_admin_generate_key: true
- name: create persistent directories
file:
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/mistral, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/lib/mistral, 'setype': svirt_sandbox_file_t }
- name: create mistral/.ssh directory
file:
path: /var/lib/mistral/.ssh
state: directory
mode: 0700
- name: copy tripleo-admin private key to /var/lib/mistral/.ssh
copy:
remote_src: yes
src: /home/{{ tripleo_admin_user }}/.ssh/id_rsa
dest: /var/lib/mistral/.ssh/{{ tripleo_admin_user }}-rsa
mode: 0600
- name: copy undercloud.conf to /var/lib/mistral/
when: undercloud_cfg_file != ''
copy:
src: "{{ undercloud_cfg_file }}"
dest: /var/lib/mistral/undercloud.conf
mode: 0444
setype: svirt_sandbox_file_t
local_follow: true
- name: create ceph-ansible source directory
file:
path: /usr/share/ceph-ansible
state: directory
setype: svirt_sandbox_file_t
- name: create octavia-amphora-images directory
file:
path: /usr/share/openstack-octavia-amphora-images
state: directory
setype: svirt_sandbox_file_t
- name: enable virt_sandbox_use_netlink for healthcheck
seboolean:
name: virt_sandbox_use_netlink
persistent: yes
state: yes