2017-04-25 10:55:25 +03:00
heat_template_version : pike
2016-06-15 06:46:44 +00:00
description : >
OpenStack Libvirt Service
parameters :
2017-06-23 18:21:43 +02:00
DockerNovaLibvirtImage :
2016-06-15 06:46:44 +00:00
description : image
2017-01-03 22:21:44 -05:00
type : string
# we configure libvirt via the nova-compute container due to coupling
# in the puppet modules
2017-06-23 18:21:43 +02:00
DockerNovaLibvirtConfigImage :
description : The container image to use for the nova_libvirt config_volume
2016-06-15 06:46:44 +00:00
type : string
2017-06-22 17:25:03 +02:00
ServiceData :
default : {}
description : Dictionary packing service data
type : json
2016-06-15 06:46:44 +00:00
ServiceNetMap :
default : {}
description : Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type : json
DefaultPasswords :
default : {}
type : json
2017-02-24 06:27:58 -05:00
RoleName :
default : ''
description : Role name on which the service is applied
type : string
RoleParameters :
default : {}
description : Parameters specific to the role
2017-05-15 19:06:09 +02:00
type : json
2016-06-15 06:46:44 +00:00
EndpointMap :
default : {}
description : Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type : json
2017-06-08 00:55:41 +01:00
EnableInternalTLS :
type : boolean
default : false
UseTLSTransportForLiveMigration :
type : boolean
default : true
description : If set to true and if EnableInternalTLS is enabled, it will
set the libvirt URI's transport to tls and configure the
relevant keys for libvirt.
2017-06-08 00:17:53 +01:00
DockerNovaMigrationSshdPort :
default : 2022
description : Port that dockerized nova migration target sshd service
binds to.
type : number
2017-08-09 12:13:46 +02:00
NovaEnableRbdBackend :
default : false
description : Whether to enable or not the Rbd backend for Nova
type : boolean
CinderEnableRbdBackend :
default : false
description : Whether to enable or not the Rbd backend for Cinder
type : boolean
CephClientKey :
description : The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring.
type : string
hidden : true
CephClusterFSID :
type : string
description : The Ceph cluster FSID. Must be a UUID.
2017-06-08 00:55:41 +01:00
conditions :
use_tls_for_live_migration :
and :
- equals :
- {get_param : EnableInternalTLS}
- true
- equals :
- {get_param : UseTLSTransportForLiveMigration}
- true
2016-06-15 06:46:44 +00:00
2017-08-09 12:13:46 +02:00
need_libvirt_secret :
or :
- equals :
- {get_param : NovaEnableRbdBackend}
- true
- equals :
- {get_param : CinderEnableRbdBackend}
- true
2016-06-15 06:46:44 +00:00
resources :
2017-04-13 13:46:31 +00:00
ContainersCommon :
type : ./containers-common.yaml
2017-07-07 10:44:26 -04:00
MySQLClient :
type : ../../puppet/services/database/mysql-client.yaml
2016-06-15 06:46:44 +00:00
NovaLibvirtBase :
type : ../../puppet/services/nova-libvirt.yaml
properties :
EndpointMap : {get_param : EndpointMap}
2017-06-22 17:25:03 +02:00
ServiceData : {get_param : ServiceData}
2017-01-03 22:21:44 -05:00
ServiceNetMap : {get_param : ServiceNetMap}
DefaultPasswords : {get_param : DefaultPasswords}
2017-02-24 06:27:58 -05:00
RoleName : {get_param : RoleName}
RoleParameters : {get_param : RoleParameters}
2017-06-08 00:17:53 +01:00
MigrationSshPort : {get_param : DockerNovaMigrationSshdPort}
2016-06-15 06:46:44 +00:00
outputs :
role_data :
description : Role data for the Libvirt service.
value :
2017-01-03 22:21:44 -05:00
service_name : {get_attr : [ NovaLibvirtBase, role_data, service_name]}
Don't attempt to configure live migration
When configuring nova containers via puppet, the puppet class chain
includes a class for live migration, which configures live migration
aspects in nova and libvirt.
Some of the libvirt config parts try to notify Service[libvirt], but
that service definition is only included in nova-libvirt service, it's
not included in the control plan nova services. However, our hieradata
is currently global on the node, it's not per-service, which means even
though only nova-compute and nova-libvirt service set
tripleo::profile::base::nova::manage_migration: true
this hiera setting is applied to all containers running puppet, most
notably the ones which configure nova control plane services. As a
result, configuration of nova control plane services failed, and in turn
the whole deployment failed.
This commit disables the libvirt part of live migration config until we
implement some better solution (e.g. hieradata separation between
different puppet containers, or move the libvirt config parts only to
nova-compute manifests in puppet-tripleo).
Change-Id: I0328406607d451e6bdce4d92c441c03648925fa7
Closes-Bug: #1684107
2017-04-20 11:25:23 +02:00
config_settings :
2017-06-08 00:17:53 +01:00
get_attr : [ NovaLibvirtBase, role_data, config_settings]
2017-03-01 03:09:31 +00:00
step_config : &step_config
2017-07-07 10:44:26 -04:00
list_join :
- "\n"
- - {get_attr : [ NovaLibvirtBase, role_data, step_config]}
- {get_attr : [ MySQLClient, role_data, step_config]}
2017-03-01 03:09:31 +00:00
puppet_config :
config_volume : nova_libvirt
2017-08-09 12:13:46 +02:00
puppet_tags : libvirtd_config,nova_config,file
2017-03-01 03:09:31 +00:00
step_config : *step_config
2017-07-12 11:41:57 +12:00
config_image : {get_param : DockerNovaLibvirtConfigImage}
2017-01-03 21:57:14 -05:00
kolla_config :
2017-06-07 15:35:55 +02:00
/var/lib/kolla/config_files/nova_libvirt.json :
2017-06-08 00:55:41 +01:00
command :
if :
- use_tls_for_live_migration
- /usr/sbin/libvirtd --listen --config /etc/libvirt/libvirtd.conf
- /usr/sbin/libvirtd --config /etc/libvirt/libvirtd.conf
2017-06-21 16:02:55 +02:00
config_files :
- source : "/var/lib/kolla/config_files/src/*"
dest : "/"
merge : true
preserve_properties : true
2017-07-11 12:20:05 +02:00
- source : "/var/lib/kolla/config_files/src-ceph/"
dest : "/etc/ceph/"
merge : true
preserve_properties : true
2017-05-30 15:49:51 +02:00
/var/lib/kolla/config_files/nova_virtlogd.json :
command : /usr/sbin/virtlogd --config /etc/libvirt/virtlogd.conf
config_files :
- source : "/var/lib/kolla/config_files/src/*"
dest : "/"
merge : true
preserve_properties : true
2017-03-07 17:12:36 +01:00
permissions :
- path : /var/log/nova
owner : nova:nova
recurse : true
2016-06-15 06:46:44 +00:00
docker_config :
2017-01-03 22:21:44 -05:00
step_3 :
2017-05-30 15:49:51 +02:00
nova_virtlogd :
start_order : 0
image : {get_param : DockerNovaLibvirtImage}
net : host
pid : host
privileged : true
restart : always
volumes :
list_concat :
- {get_attr : [ ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/nova_virtlogd.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/nova_libvirt/:/var/lib/kolla/config_files/src:ro
- /lib/modules:/lib/modules:ro
- /dev:/dev
- /run:/run
- /sys/fs/cgroup:/sys/fs/cgroup
- /var/lib/nova:/var/lib/nova
- /var/run/libvirt:/var/run/libvirt
- /var/lib/libvirt:/var/lib/libvirt
- /etc/libvirt/qemu:/etc/libvirt/qemu:ro
- /var/log/libvirt/qemu:/var/log/libvirt/qemu
environment :
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
2016-06-15 06:46:44 +00:00
nova_libvirt :
2017-05-30 15:49:51 +02:00
start_order : 1
2017-07-12 11:41:57 +12:00
image : {get_param : DockerNovaLibvirtImage}
2016-06-15 06:46:44 +00:00
net : host
pid : host
privileged : true
restart : always
volumes :
2017-04-25 10:55:25 +03:00
list_concat :
- {get_attr : [ ContainersCommon, volumes]}
-
2017-06-07 15:35:55 +02:00
- /var/lib/kolla/config_files/nova_libvirt.json:/var/lib/kolla/config_files/config.json:ro
2017-06-21 16:02:55 +02:00
- /var/lib/config-data/puppet-generated/nova_libvirt/:/var/lib/kolla/config_files/src:ro
2017-07-11 12:20:05 +02:00
- /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
2017-04-25 10:55:25 +03:00
- /lib/modules:/lib/modules:ro
- /dev:/dev
- /run:/run
- /sys/fs/cgroup:/sys/fs/cgroup
- /var/lib/nova:/var/lib/nova
2017-08-09 12:13:46 +02:00
- /etc/libvirt:/etc/libvirt
2017-04-25 10:55:25 +03:00
- /var/run/libvirt:/var/run/libvirt
- /var/lib/libvirt:/var/lib/libvirt
2017-05-26 13:53:30 +02:00
- /var/log/libvirt/qemu:/var/log/libvirt/qemu:ro
2017-03-07 17:12:36 +01:00
- /var/log/containers/nova:/var/log/nova
2016-06-15 06:46:44 +00:00
environment :
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
2017-08-09 12:13:46 +02:00
step_4 :
if :
- need_libvirt_secret
- nova_libvirt_init_secret :
detach : false
image : {get_param : DockerNovaLibvirtImage}
privileged : false
user : root
volumes :
list_concat :
- {get_attr : [ ContainersCommon, volumes]}
-
- /var/lib/config-data/puppet-generated/nova_libvirt/etc/nova:/etc/nova:ro
- /etc/libvirt:/etc/libvirt
- /var/run/libvirt:/var/run/libvirt
- /var/lib/libvirt:/var/lib/libvirt
command :
- /bin/bash
- -c
- str_replace :
template : /usr/bin/virsh secret-define --file /etc/nova/secret.xml && /usr/bin/virsh secret-set-value --secret 'SECRET_UUID' --base64 'SECRET_KEY'
params :
SECRET_UUID : {get_param : CephClusterFSID}
SECRET_KEY : {get_param : CephClientKey}
- {}
2017-03-08 16:20:04 +01:00
host_prep_tasks :
- name : create libvirt persistent data directories
file :
path : "{{ item }}"
state : directory
with_items :
2017-08-09 12:13:46 +02:00
- /etc/libvirt
2017-07-19 15:15:42 +02:00
- /etc/libvirt/secrets
2017-03-08 16:20:04 +01:00
- /etc/libvirt/qemu
- /var/lib/libvirt
2017-03-07 17:12:36 +01:00
- /var/log/containers/nova
2017-07-11 12:20:05 +02:00
- name : ensure ceph configurations exist
file :
path : /etc/ceph
state : directory
2017-05-30 17:29:51 +02:00
- name : check if libvirt is installed
command : /usr/bin/rpm -q libvirt-daemon
failed_when : false
register : libvirt_installed
- name : make sure libvirt services are disabled
service :
name : "{{ item }}"
state : stopped
enabled : no
with_items :
- libvirtd.service
- virtlogd.socket
when : libvirt_installed.rc == 0
2017-03-22 12:10:24 +01:00
upgrade_tasks :
- name : Stop and disable libvirtd service
tags : step2
service : name=libvirtd state=stopped enabled=no