openstack/tripleo-heat-templates
Code Issues Proposed changes

step2: flatten nova service configuration

Browse Source 
This change combines the previous puppet and docker files
into a single file that performs the docker service installation
and configuration. With this patch the baremetal version of
nova has been removed.

Change-Id: Ia41a6adf9fda2d6be8f1b5ac57854381b7f92ce7
This commit is contained in:
Jill Rouleau 2019-01-25 14:00:15 -07:00 committed by Juan Antonio Osorio Robles
parent 9689f6ed06
commit 98ecf97609
11 changed files with 570 additions and 629 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
docker/services/nova-compute-common.yaml → deployment/nova/nova-compute-common-container-puppet.yaml
View File

431
puppet/services/nova-compute.yaml → deployment/nova/nova-compute-container-puppet.yaml
View File

@ -1,9 +1,24 @@
heat_template_version: rocky heat_template_version: rocky
description: > description: >
OpenStack Nova Compute service configured with Puppet OpenStack containerized Nova Compute service
parameters: parameters:
DockerNovaComputeImage:
description: image
type: string
DockerNovaLibvirtConfigImage:
description: The container image to use for the nova_libvirt config_volume
type: string
DockerNovaComputeUlimit:
default: ['nofile=1024']
description: ulimit for Nova Compute Container
type: comma_delimited_list
NovaComputeLoggingSource:
type: json
default:
tag: openstack.nova.compute
path: /var/log/containers/nova/nova-compute.log
ServiceData: ServiceData:
default: {} default: {}
description: Dictionary packing service data description: Dictionary packing service data
@ -30,8 +45,13 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry. via parameter_defaults in the resource registry.
type: json type: json
NovaRbdPoolName: DockerNovaMigrationSshdPort:
default: vms default: 2022
description: Port that dockerized nova migration target sshd service
binds to.
type: number
CephClientUserName:
default: openstack
type: string type: string
CephClusterName: CephClusterName:
type: string type: string
@ -42,8 +62,22 @@ parameters:
description: > description: >
The Ceph cluster name must be at least 1 character and contain only The Ceph cluster name must be at least 1 character and contain only
letters and numbers. letters and numbers.
CephClientUserName: NovaComputeOptVolumes:
default: openstack default: []
description: list of optional vo
type: comma_delimited_list
NovaComputeOptEnvVars:
default: []
description: list of optional en
type: comma_delimited_list
EnableInstanceHA:
default: false
description: Whether to enable an Instance Ha configurarion or not.
This setup requires the Compute role to have the
PacemakerRemote service added to it.
type: boolean
NovaRbdPoolName:
default: vms
type: string type: string
CephClientKey: CephClientKey:
description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
@ -124,11 +158,6 @@ parameters:
MonitoringSubscriptionNovaCompute: MonitoringSubscriptionNovaCompute:
default: 'overcloud-nova-compute' default: 'overcloud-nova-compute'
type: string type: string
NovaComputeLoggingSource:
type: json
default:
tag: openstack.nova.compute
path: /var/log/nova/nova-compute.log
UpgradeLevelNovaCompute: UpgradeLevelNovaCompute:
type: string type: string
description: Nova Compute upgrade level description: Nova Compute upgrade level
@ -213,22 +242,39 @@ parameters:
type: string type: string
tags: tags:
- role_specific - role_specific
DeployIdentifier:
conditions: default: ''
enable_live_migration_tunnelled: type: string
or: description: >
- equals: [{get_param: NovaNfsEnabled}, true] Setting this to a unique value will re-run any deployment tasks which
- equals: [{get_param: NovaEnableRbdBackend}, true] perform configuration on a Heat stack-update.
libvirt_file_backed_memory_enabled:
not:
or:
- equals: [{get_param: NovaLibvirtFileBackedMemory}, '']
- equals: [{get_param: NovaLibvirtFileBackedMemory}, 0]
resources: resources:
ContainersCommon:
type: ../../docker/services/containers-common.yaml
MySQLClient:
type: ../../deployment/database/mysql-client.yaml
NovaComputeCommon:
type: ./nova-compute-common-container-puppet.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
NovaLogging:
type: OS::TripleO::Services::Logging::NovaCommon
properties:
DockerNovaImage: {get_param: DockerNovaComputeImage}
NovaServiceName: 'compute'
NovaBase: NovaBase:
type: ./nova-base.yaml type: ../../puppet/services/nova-base.yaml
properties: properties:
ServiceData: {get_param: ServiceData} ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap} ServiceNetMap: {get_param: ServiceNetMap}
@ -271,6 +317,20 @@ resources:
NovaLibvirtVolumeUseMultipath: {get_param: NovaLibvirtVolumeUseMultipath} NovaLibvirtVolumeUseMultipath: {get_param: NovaLibvirtVolumeUseMultipath}
NovaHWMachineType: {get_param: NovaHWMachineType} NovaHWMachineType: {get_param: NovaHWMachineType}
conditions:
enable_instance_ha: {equals: [{get_param: EnableInstanceHA}, true]}
enable_live_migration_tunnelled:
or:
- equals: [{get_param: NovaNfsEnabled}, true]
- equals: [{get_param: NovaEnableRbdBackend}, true]
libvirt_file_backed_memory_enabled:
not:
or:
- equals: [{get_param: NovaLibvirtFileBackedMemory}, '']
- equals: [{get_param: NovaLibvirtFileBackedMemory}, 0]
outputs: outputs:
role_data: role_data:
description: Role data for the Nova Compute service. description: Role data for the Nova Compute service.
@ -279,6 +339,7 @@ outputs:
monitoring_subscription: {get_param: MonitoringSubscriptionNovaCompute} monitoring_subscription: {get_param: MonitoringSubscriptionNovaCompute}
config_settings: config_settings:
map_merge: map_merge:
- get_attr: [NovaLogging, config_settings]
- get_attr: [NovaBase, role_data, config_settings] - get_attr: [NovaBase, role_data, config_settings]
- get_attr: [RoleParametersValue, value] - get_attr: [RoleParametersValue, value]
- nova::compute::libvirt::manage_libvirt_services: false - nova::compute::libvirt::manage_libvirt_services: false
@ -355,11 +416,6 @@ outputs:
- libvirt_file_backed_memory_enabled - libvirt_file_backed_memory_enabled
- '1.0' - '1.0'
- null - null
step_config: |
# TODO(emilien): figure how to deal with libvirt profile.
# We'll probably treat it like we do with Neutron plugins.
# Until then, just include it in the default nova-compute role.
include tripleo::profile::base::nova::compute::libvirt
service_config_settings: service_config_settings:
fluentd: fluentd:
tripleo_fluentd_groups_nova_compute: tripleo_fluentd_groups_nova_compute:
@ -370,55 +426,234 @@ outputs:
tripleo.collectd.plugins.nova_compute: tripleo.collectd.plugins.nova_compute:
- virt - virt
collectd::plugin::virt::connection: 'qemu:///system' collectd::plugin::virt::connection: 'qemu:///system'
puppet_config:
config_volume: nova_libvirt
puppet_tags: nova_config,nova_paste_api_ini
step_config:
list_join:
- "\n"
- - # TODO(emilien): figure how to deal with libvirt profile.
# We'll probably treat it like we do with Neutron plugins.
# Until then, just include it in the default nova-compute role.
include tripleo::profile::base::nova::compute::libvirt
- {get_attr: [MySQLClient, role_data, step_config]}
config_image: {get_param: DockerNovaLibvirtConfigImage}
kolla_config:
/var/lib/kolla/config_files/nova_compute.json:
command:
list_join:
- ' '
- - if:
- enable_instance_ha
- /var/lib/nova/instanceha/check-run-nova-compute
- /usr/bin/nova-compute
- get_attr: [NovaLogging, cmd_extra_args]
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
- source: "/var/lib/kolla/config_files/src-iscsid/*"
dest: "/etc/iscsi/"
merge: true
preserve_properties: true
- source: "/var/lib/kolla/config_files/src-ceph/"
dest: "/etc/ceph/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/nova
owner: nova:nova
recurse: true
- path:
str_replace:
template: /etc/ceph/CLUSTER.client.USER.keyring
params:
CLUSTER: {get_param: CephClusterName}
USER: {get_param: CephClientUserName}
owner: nova:nova
perm: '0600'
docker_config_scripts:
map_merge:
- {get_attr: [ContainersCommon, docker_config_scripts]}
- {get_attr: [NovaComputeCommon, docker_config_scripts]}
docker_config:
step_3:
nova_statedir_owner:
image: &nova_compute_image {get_param: DockerNovaComputeImage}
net: none
user: root
privileged: false
detach: false
volumes:
- /var/lib/nova:/var/lib/nova:shared,z
- /var/lib/docker-config-scripts/:/docker-config-scripts/:z
command: "/docker-config-scripts/pyshim.sh /docker-config-scripts/nova_statedir_ownership.py"
environment:
# NOTE: this should force this container to re-run on each
# update (scale-out, etc.)
- list_join:
- ''
- - 'TRIPLEO_DEPLOY_IDENTIFIER='
- {get_param: DeployIdentifier}
step_4:
nova_wait_for_placement_service:
start_order: 2
image: *nova_compute_image
user: root
net: host
privileged: false
detach: false
volumes:
- /var/lib/docker-config-scripts/:/docker-config-scripts/:z
- /var/lib/config-data/puppet-generated/nova_libvirt/etc/nova:/etc/nova:ro
command: "/docker-config-scripts/pyshim.sh /docker-config-scripts/nova_wait_for_placement_service.py"
nova_compute:
start_order: 3
image: *nova_compute_image
ulimit: {get_param: DockerNovaComputeUlimit}
ipc: host
net: host
privileged: true
user: nova
restart: always
healthcheck:
test:
list_join:
- ' '
- - '/openstack/healthcheck'
- yaql:
expression: str($.data.port)
data:
port: {get_attr: [NovaBase, role_data, config_settings, 'nova::rabbit_port']}
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [NovaLogging, volumes]}
- {get_param: NovaComputeOptVolumes}
-
- /var/lib/kolla/config_files/nova_compute.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/nova_libvirt/:/var/lib/kolla/config_files/src:ro
- /etc/iscsi:/var/lib/kolla/config_files/src-iscsid:ro
- /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
- /dev:/dev
- /lib/modules:/lib/modules:ro
- /run:/run
- /var/lib/iscsi:/var/lib/iscsi:z
- /var/lib/nova:/var/lib/nova:shared,z
- /var/lib/libvirt:/var/lib/libvirt:shared,z
- /sys/class/net:/sys/class/net
- /sys/bus/pci:/sys/bus/pci
environment:
list_concat:
- {get_param: NovaComputeOptEnvVars}
-
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
step_5:
nova_cellv2_discover_hosts:
start_order: 0
image: *nova_compute_image
net: host
detach: false
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/nova_libvirt/etc/nova/:/etc/nova/:ro
- /var/log/containers/nova:/var/log/nova
- /var/lib/docker-config-scripts/:/docker-config-scripts/
user: root
command: "/docker-config-scripts/pyshim.sh /docker-config-scripts/nova_cell_v2_discover_host.py"
host_prep_tasks: host_prep_tasks:
- name: Mount Nova NFS Share list_concat:
vars: - {get_attr: [NovaLogging, host_prep_tasks]}
nfs_backend_enable: {get_param: NovaNfsEnabled} - - name: Mount Nova NFS Share
nfs_share: {get_param: NovaNfsShare} vars:
nfs_options: {get_param: NovaNfsOptions} nfs_backend_enable: {get_param: NovaNfsEnabled}
mount: name=/var/lib/nova/instances src="{{nfs_share}}" fstype=nfs4 opts="_netdev,bg,{{nfs_options}},vers=4,nfsvers=4" state=mounted nfs_share: {get_param: NovaNfsShare}
when: nfs_backend_enable|bool nfs_options: {get_param: NovaNfsOptions}
- name: is Nova Resume Guests State On Host Boot enabled mount: name=/var/lib/nova/instances src="{{nfs_share}}" fstype=nfs4 opts="_netdev,bg,{{nfs_options}},vers=4,nfsvers=4" state=mounted
set_fact: when: nfs_backend_enable|bool
resume_guests_state_on_host_boot_enabled: {get_param: NovaResumeGuestsStateOnHostBoot} - name: is Nova Resume Guests State On Host Boot enabled
- name: install libvirt-guests systemd unit file set_fact:
when: resume_guests_state_on_host_boot_enabled|bool resume_guests_state_on_host_boot_enabled: {get_param: NovaResumeGuestsStateOnHostBoot}
block: - name: install libvirt-guests systemd unit file
- name: libvirt-guests unit to stop nova_api container before shutdown VMs when: resume_guests_state_on_host_boot_enabled|bool
copy: block:
dest: /etc/systemd/system/libvirt-guests.service - name: libvirt-guests unit to stop nova_api container before shutdown VMs
content: | copy:
[Unit] dest: /etc/systemd/system/libvirt-guests.service
Description=Suspend/Resume Running libvirt Guests content: |
Requires=virt-guest-shutdown.target [Unit]
After=network.target Description=Suspend/Resume Running libvirt Guests
After=time-sync.target Requires=virt-guest-shutdown.target
After=virt-guest-shutdown.target After=network.target
After=docker.service After=time-sync.target
After=paunch-container-shutdown.service After=virt-guest-shutdown.target
After=rhel-push-plugin.service After=docker.service
Documentation=man:libvirtd(8) After=paunch-container-shutdown.service
Documentation=https://libvirt.org After=rhel-push-plugin.service
Documentation=man:libvirtd(8)
Documentation=https://libvirt.org
[Service] [Service]
EnvironmentFile=-/etc/sysconfig/libvirt-guests EnvironmentFile=-/etc/sysconfig/libvirt-guests
# Hack just call traditional service until we factor # Hack just call traditional service until we factor
# out the code # out the code
ExecStart=/usr/libexec/libvirt-guests.sh start ExecStart=/usr/libexec/libvirt-guests.sh start
ExecStop=/bin/{{container_cli}} stop nova_compute ExecStop=/bin/{{container_cli}} stop nova_compute
ExecStop=/usr/libexec/libvirt-guests.sh stop ExecStop=/usr/libexec/libvirt-guests.sh stop
Type=oneshot Type=oneshot
RemainAfterExit=yes RemainAfterExit=yes
StandardOutput=journal+console StandardOutput=journal+console
TimeoutStopSec=0 TimeoutStopSec=0
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target
- name: libvirt-guests enable VM shutdown on compute reboot/shutdown - name: libvirt-guests enable VM shutdown on compute reboot/shutdown
systemd: systemd:
name: libvirt-guests name: libvirt-guests
enabled: yes enabled: yes
daemon_reload: yes daemon_reload: yes
- name: create persistent directories
file:
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/lib/nova, 'setype': svirt_sandbox_file_t }
- { 'path': /var/lib/nova/instances, 'setype': svirt_sandbox_file_t }
- { 'path': /var/lib/libvirt, 'setype': svirt_sandbox_file_t }
- name: ensure ceph configurations exist
file:
path: /etc/ceph
state: directory
- name: is Instance HA enabled
set_fact:
instance_ha_enabled: {get_param: EnableInstanceHA}
- name: enable virt_sandbox_use_netlink for healthcheck
seboolean:
name: virt_sandbox_use_netlink
persistent: yes
state: yes
- name: install Instance HA recovery script
when: instance_ha_enabled|bool
block:
- name: prepare Instance HA script directory
file:
path: /var/lib/nova/instanceha
state: directory
- name: install Instance HA script that runs nova-compute
copy:
content: {get_file: ../../extraconfig/tasks/instanceha/check-run-nova-compute}
dest: /var/lib/nova/instanceha/check-run-nova-compute
mode: 0755
- name: Get list of instance HA compute nodes
command: hiera -c /etc/puppet/hiera.yaml compute_instanceha_short_node_names
register: iha_nodes
- name: If instance HA is enabled on the node activate the evacuation completed check
file: path=/var/lib/nova/instanceha/enabled state=touch
when: iha_nodes.stdout|lower | search('"'+ansible_hostname|lower+'"')
upgrade_tasks: upgrade_tasks:
- name: Stop nova-compute service - name: Stop nova-compute service
when: step|int == 1 when: step|int == 1
@ -438,3 +673,51 @@ outputs:
- name: Start nova-compute service - name: Start nova-compute service
when: step|int == 6 when: step|int == 6
service: name=openstack-nova-compute state=started service: name=openstack-nova-compute state=started
- name: Remove openstack-nova-compute and python-nova package during upgrade
package:
name:
- openstack-nova-compute
- python-nova
state: removed
ignore_errors: True
when: step|int == 2
update_tasks:
- name: Remove openstack-nova-compute and python-nova package during upgrade
package:
name:
- openstack-nova-compute
- python-nova
state: removed
ignore_errors: True
when: step|int == 2
post_upgrade_tasks:
- when: step|int == 1
import_role:
name: tripleo-docker-rm
vars:
containers_to_rm:
- nova_compute
fast_forward_upgrade_tasks:
- when:
- step|int == 0
- release == 'ocata'
block:
- name: Check if nova-compute is deployed
command: systemctl is-enabled --quiet openstack-nova-compute
ignore_errors: True
register: nova_compute_enabled_result
- name: Set fact nova_compute_enabled
set_fact:
nova_compute_enabled: "{{ nova_compute_enabled_result.rc == 0 }}"
- when:
- step|int == 1
- release == 'ocata'
block:
- name: Stop and disable nova-compute service
service: name=openstack-nova-compute state=stopped
when:
- nova_compute_enabled|bool
- name: Set upgrade marker in nova statedir
file: path=/var/lib/nova/upgrade_marker state=touch owner=nova group=nova
when:
- nova_compute_enabled|bool

8
deployment/nova/nova-ironic-container-puppet.yaml
View File

@ -54,7 +54,7 @@ resources:
type: ../../deployment/database/mysql-client.yaml type: ../../deployment/database/mysql-client.yaml
NovaComputeCommon: NovaComputeCommon:
type: ../../docker/services/nova-compute-common.yaml type: ./nova-compute-common-container-puppet.yaml
properties: properties:
EndpointMap: {get_param: EndpointMap} EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData} ServiceData: {get_param: ServiceData}
@ -95,9 +95,9 @@ outputs:
puppet_tags: nova_config,nova_paste_api_ini puppet_tags: nova_config,nova_paste_api_ini
step_config: step_config:
list_join: list_join:
- "\n" - "\n"
- - include tripleo::profile::base::nova::compute::ironic - - include tripleo::profile::base::nova::compute::ironic
- {get_attr: [MySQLClient, role_data, step_config]} - {get_attr: [MySQLClient, role_data, step_config]}
config_image: {get_param: DockerNovaConfigImage} config_image: {get_param: DockerNovaConfigImage}
kolla_config: kolla_config:
/var/lib/kolla/config_files/nova_ironic.json: /var/lib/kolla/config_files/nova_ironic.json:

212
docker/services/nova-libvirt.yaml → deployment/nova/nova-libvirt-container-puppet.yaml
View File

@ -160,6 +160,37 @@ parameters:
description: CLI tool used to manage containers. description: CLI tool used to manage containers.
constraints: constraints:
- allowed_values: ['docker', 'podman'] - allowed_values: ['docker', 'podman']
NovaComputeLibvirtType:
type: string
default: kvm
LibvirtEnabledPerfEvents:
type: comma_delimited_list
default: []
description: This is a performance event list which could be used as monitor.
For example - ``enabled_perf_events = cmt, mbml, mbmt``
The supported events list can be found in
https://libvirt.org/html/libvirt-libvirt-domain.html ,
which you may need to search key words ``VIR_PERF_PARAM_*``
MonitoringSubscriptionNovaLibvirt:
default: 'overcloud-nova-libvirt'
type: string
MigrationSshKey:
type: json
description: >
SSH key for migration.
Expects a dictionary with keys 'public_key' and 'private_key'.
Values should be identical to SSH public/private key files.
default:
public_key: ''
private_key: ''
MigrationSshPort:
default: 2022
description: Target port for migration over ssh
type: number
LibvirtTLSPassword:
description: The password for the libvirt service when TLS is enabled
type: string
hidden: true
conditions: conditions:
@ -242,41 +273,177 @@ resources:
ContainersCommon: ContainersCommon:
type: ./containers-common.yaml type: ../../docker/services/containers-common.yaml
MySQLClient: MySQLClient:
type: ../../deployment/database/mysql-client.yaml type: ../../deployment/database/mysql-client.yaml
NovaLibvirtBase: NovaLibvirtLogging:
type: ../../puppet/services/nova-libvirt.yaml type: OS::TripleO::Services::Logging::NovaLibvirt
NovaBase:
type: ../../puppet/services/nova-base.yaml
properties: properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData} ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap} ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords} DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName} RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters} RoleParameters: {get_param: RoleParameters}
NovaLibvirtLogging:
type: OS::TripleO::Services::Logging::NovaLibvirt
outputs: outputs:
role_data: role_data:
description: Role data for the Libvirt service. description: Role data for the Libvirt service.
value: value:
service_name: {get_attr: [NovaLibvirtBase, role_data, service_name]} service_name: nova_libvirt
config_settings: config_settings:
map_merge: map_merge:
- get_attr: [NovaLibvirtBase, role_data, config_settings] - get_attr: [NovaBase, role_data, config_settings]
- get_attr: [RoleParametersValue, value]
- get_attr: [NovaLibvirtLogging, config_settings] - get_attr: [NovaLibvirtLogging, config_settings]
# we include ::nova::compute::libvirt::services in nova/libvirt profile
- nova::compute::libvirt::manage_libvirt_services: false
# we manage migration in nova common puppet profile
nova::compute::libvirt::migration_support: false
nova::compute::rbd::libvirt_images_rbd_ceph_conf:
list_join:
- ''
- - '/etc/ceph/'
- {get_param: CephClusterName}
- '.conf'
nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName}
nova::compute::rbd::rbd_keyring:
list_join:
- '.'
- - 'client'
- {get_param: CephClientUserName}
nova::compute::rbd::libvirt_rbd_secret_key: {get_param: CephClientKey}
nova::compute::rbd::libvirt_rbd_secret_uuid: {get_param: CephClusterFSID}
tripleo::profile::base::nova::migration::client::libvirt_enabled: true
tripleo::profile::base::nova::migration::client::ssh_private_key: {get_param: [ MigrationSshKey, private_key ]}
tripleo::profile::base::nova::migration::client::ssh_port: {get_param: MigrationSshPort}
nova::compute::libvirt::services::libvirt_virt_type: {get_param: NovaComputeLibvirtType}
nova::compute::libvirt::libvirt_virt_type: {get_param: NovaComputeLibvirtType}
nova::compute::libvirt::libvirt_enabled_perf_events: {get_param: LibvirtEnabledPerfEvents}
nova::compute::libvirt::qemu::configure_qemu: true
nova::compute::libvirt::qemu::max_files: 32768
nova::compute::libvirt::qemu::max_processes: 131072
nova::migration::qemu::configure_qemu: true
nova::migration::qemu::migration_port_min: 61152
nova::migration::qemu::migration_port_max: 61215
nova::compute::libvirt::vncserver_listen:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
rbd_persistent_storage: {get_param: CinderEnableRbdBackend}
tripleo::nova_libvirt::firewall_rules:
'200 nova_libvirt':
dport:
- 16514
- '61152-61215'
- '5900-6923'
-
if:
- use_tls_for_live_migration
-
generate_service_certificates: true
tripleo::profile::base::nova::migration::client::libvirt_tls: true
tripleo::profile::base::nova::libvirt::tls_password: {get_param: [LibvirtTLSPassword]}
nova::migration::libvirt::listen_address:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
nova::migration::libvirt::live_migration_inbound_addr:
str_replace:
template:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
tripleo::certmonger::ca::libvirt::origin_ca_pem:
if:
- libvirt_specific_ca_unset
- get_param: InternalTLSCAFile
- get_param: LibvirtCACert
tripleo::certmonger::libvirt_dirs::certificate_dir: '/etc/pki/libvirt'
tripleo::certmonger::libvirt_dirs::key_dir: '/etc/pki/libvirt/private'
libvirt_certificates_specs:
libvirt-server-cert:
service_certificate: '/etc/pki/libvirt/servercert.pem'
service_key: '/etc/pki/libvirt/private/serverkey.pem'
hostname:
str_replace:
template: "%{hiera('fqdn_NETWORK')}"
params:
NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
principal:
str_replace:
template: "libvirt/%{hiera('fqdn_NETWORK')}"
params:
NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
libvirt-client-cert:
service_certificate: '/etc/pki/libvirt/clientcert.pem'
service_key: '/etc/pki/libvirt/private/clientkey.pem'
hostname:
str_replace:
template: "%{hiera('fqdn_NETWORK')}"
params:
NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
principal:
str_replace:
template: "libvirt/%{hiera('fqdn_NETWORK')}"
params:
NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
-
nova::migration::libvirt::live_migration_inbound_addr:
str_replace:
template:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
-
if:
- use_tls_for_vnc
-
nova::compute::libvirt::qemu::vnc_tls: true
nova::compute::libvirt::qemu::vnc_tls_verify: true
generate_service_certificates: true
tripleo::certmonger::ca::libvirt_vnc::origin_ca_pem:
if:
- libvirt_vnc_specific_ca_unset
- get_param: InternalTLSVncCAFile
- get_param: LibvirtVncCACert
tripleo::certmonger::libvirt_vnc_dirs::certificate_dir: '/etc/pki/libvirt-vnc'
libvirt_vnc_certificates_specs:
libvirt-vnc-server-cert:
cacertfile:
if:
- libvirt_vnc_specific_ca_unset
- get_param: InternalTLSVncCAFile
- null
service_certificate: '/etc/pki/libvirt-vnc/server-cert.pem'
service_key: '/etc/pki/libvirt-vnc/server-key.pem'
hostname:
str_replace:
template: "%{hiera('fqdn_NETWORK')}"
params:
NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
principal:
str_replace:
template: "libvirt-vnc/%{hiera('fqdn_NETWORK')}"
params:
NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
- {}
puppet_config: puppet_config:
config_volume: nova_libvirt config_volume: nova_libvirt
puppet_tags: libvirtd_config,nova_config,file,libvirt_tls_password puppet_tags: libvirtd_config,nova_config,file,libvirt_tls_password
step_config: step_config:
list_join: list_join:
- "\n" - "\n"
- - {get_attr: [NovaLibvirtBase, role_data, step_config]} - - include tripleo::profile::base::nova::libvirt
- {get_attr: [MySQLClient, role_data, step_config]} - {get_attr: [MySQLClient, role_data, step_config]}
config_image: {get_param: DockerNovaLibvirtConfigImage} config_image: {get_param: DockerNovaLibvirtConfigImage}
kolla_config: kolla_config:
@ -564,7 +731,28 @@ outputs:
content: | content: |
d /var/run/libvirt 0755 root root - - d /var/run/libvirt 0755 root root - -
metadata_settings: metadata_settings:
get_attr: [NovaLibvirtBase, role_data, metadata_settings] list_concat:
- if:
- use_tls_for_live_migration
-
- service: libvirt
network: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
type: node
- null
- if:
- use_tls_for_vnc
-
- service: libvirt-vnc
network: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
type: node
- null
- if:
- use_tls_for_nbd
-
- service: qemu
network: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
type: node
- null
upgrade_tasks: [] upgrade_tasks: []
post_upgrade_tasks: post_upgrade_tasks:
- when: step|int == 1 - when: step|int == 1

4
puppet/services/nova-libvirt-guests.yaml → deployment/nova/nova-libvirt-guests-container-puppet.yaml
View File

@ -66,8 +66,6 @@ outputs:
description: Role data for libvirt-guests description: Role data for libvirt-guests
value: value:
service_name: nova_libvirt_guests service_name: nova_libvirt_guests
config_settings: config_settings: {get_attr: [RoleParametersValue, value]}
map_merge:
- get_attr: [RoleParametersValue, value]
step_config: | step_config: |
include ::tripleo::profile::base::nova::compute::libvirt_guests include ::tripleo::profile::base::nova::compute::libvirt_guests

367
docker/services/nova-compute.yaml
View File

@ -1,367 +0,0 @@
heat_template_version: rocky
description: >
OpenStack containerized Nova Compute service
parameters:
DockerNovaComputeImage:
description: image
type: string
DockerNovaLibvirtConfigImage:
description: The container image to use for the nova_libvirt config_volume
type: string
DockerNovaComputeUlimit:
default: ['nofile=1024']
description: ulimit for Nova Compute Container
type: comma_delimited_list
NovaComputeLoggingSource:
type: json
default:
tag: openstack.nova.compute
path: /var/log/containers/nova/nova-compute.log
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
DockerNovaMigrationSshdPort:
default: 2022
description: Port that dockerized nova migration target sshd service
binds to.
type: number
CephClientUserName:
default: openstack
type: string
CephClusterName:
type: string
default: ceph
description: The Ceph cluster name.
constraints:
- allowed_pattern: "[a-zA-Z0-9]+"
description: >
The Ceph cluster name must be at least 1 character and contain only
letters and numbers.
NovaComputeOptVolumes:
default: []
description: list of optional vo
type: comma_delimited_list
NovaComputeOptEnvVars:
default: []
description: list of optional en
type: comma_delimited_list
EnableInstanceHA:
default: false
description: Whether to enable an Instance Ha configurarion or not.
This setup requires the Compute role to have the
PacemakerRemote service added to it.
type: boolean
DeployIdentifier:
default: ''
type: string
description: >
Setting this to a unique value will re-run any deployment tasks which
perform configuration on a Heat stack-update.
resources:
ContainersCommon:
type: ./containers-common.yaml
MySQLClient:
type: ../../deployment/database/mysql-client.yaml
NovaComputeCommon:
type: ./nova-compute-common.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
NovaComputeBase:
type: ../../puppet/services/nova-compute.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
NovaLogging:
type: OS::TripleO::Services::Logging::NovaCommon
properties:
DockerNovaImage: {get_param: DockerNovaComputeImage}
NovaServiceName: 'compute'
conditions:
enable_instance_ha: {equals: [{get_param: EnableInstanceHA}, true]}
outputs:
role_data:
description: Role data for the Nova Compute service.
value:
service_name: {get_attr: [NovaComputeBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [NovaComputeBase, role_data, config_settings]
- get_attr: [NovaLogging, config_settings]
service_config_settings:
map_merge:
- get_attr: [NovaComputeBase, role_data, service_config_settings]
- fluentd:
tripleo_fluentd_groups_nova_compute:
- nova
tripleo_fluentd_sources_nova_compute:
- {get_param: NovaComputeLoggingSource}
puppet_config:
config_volume: nova_libvirt
puppet_tags: nova_config,nova_paste_api_ini
step_config:
list_join:
- "\n"
- - {get_attr: [NovaComputeBase, role_data, step_config]}
- {get_attr: [MySQLClient, role_data, step_config]}
config_image: {get_param: DockerNovaLibvirtConfigImage}
kolla_config:
/var/lib/kolla/config_files/nova_compute.json:
command:
list_join:
- ' '
- - if:
- enable_instance_ha
- /var/lib/nova/instanceha/check-run-nova-compute
- /usr/bin/nova-compute
- get_attr: [NovaLogging, cmd_extra_args]
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
- source: "/var/lib/kolla/config_files/src-iscsid/*"
dest: "/etc/iscsi/"
merge: true
preserve_properties: true
- source: "/var/lib/kolla/config_files/src-ceph/"
dest: "/etc/ceph/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/nova
owner: nova:nova
recurse: true
- path:
str_replace:
template: /etc/ceph/CLUSTER.client.USER.keyring
params:
CLUSTER: {get_param: CephClusterName}
USER: {get_param: CephClientUserName}
owner: nova:nova
perm: '0600'
docker_config_scripts:
map_merge:
- {get_attr: [ContainersCommon, docker_config_scripts]}
- {get_attr: [NovaComputeCommon, docker_config_scripts]}
docker_config:
step_3:
nova_statedir_owner:
image: &nova_compute_image {get_param: DockerNovaComputeImage}
net: none
user: root
privileged: false
detach: false
volumes:
- /var/lib/nova:/var/lib/nova:shared,z
- /var/lib/docker-config-scripts/:/docker-config-scripts/:z
command: "/docker-config-scripts/pyshim.sh /docker-config-scripts/nova_statedir_ownership.py"
environment:
# NOTE: this should force this container to re-run on each
# update (scale-out, etc.)
- list_join:
- ''
- - 'TRIPLEO_DEPLOY_IDENTIFIER='
- {get_param: DeployIdentifier}
step_4:
nova_wait_for_placement_service:
start_order: 2
image: *nova_compute_image
user: root
net: host
privileged: false
detach: false
volumes:
- /var/lib/docker-config-scripts/:/docker-config-scripts/:z
- /var/lib/config-data/puppet-generated/nova_libvirt/etc/nova:/etc/nova:ro
command: "/docker-config-scripts/pyshim.sh /docker-config-scripts/nova_wait_for_placement_service.py"
nova_compute:
start_order: 3
image: *nova_compute_image
ulimit: {get_param: DockerNovaComputeUlimit}
ipc: host
net: host
privileged: true
user: nova
restart: always
healthcheck:
test:
list_join:
- ' '
- - '/openstack/healthcheck'
- yaql:
expression: str($.data.port)
data:
port: {get_attr: [NovaComputeBase, role_data, config_settings, 'nova::rabbit_port']}
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [NovaLogging, volumes]}
- {get_param: NovaComputeOptVolumes}
-
- /var/lib/kolla/config_files/nova_compute.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/nova_libvirt/:/var/lib/kolla/config_files/src:ro
- /etc/iscsi:/var/lib/kolla/config_files/src-iscsid:ro
- /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
- /dev:/dev
- /lib/modules:/lib/modules:ro
- /run:/run
- /var/lib/iscsi:/var/lib/iscsi:z
- /var/lib/nova:/var/lib/nova:shared,z
- /var/lib/libvirt:/var/lib/libvirt:shared,z
- /sys/class/net:/sys/class/net
- /sys/bus/pci:/sys/bus/pci
environment:
list_concat:
- {get_param: NovaComputeOptEnvVars}
-
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
step_5:
nova_cellv2_discover_hosts:
start_order: 0
image: *nova_compute_image
net: host
detach: false
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/nova_libvirt/etc/my.cnf.d/:/etc/my.cnf.d/:ro
- /var/lib/config-data/nova_libvirt/etc/nova/:/etc/nova/:ro
- /var/log/containers/nova:/var/log/nova
- /var/lib/docker-config-scripts/:/docker-config-scripts/
user: root
command: "/docker-config-scripts/pyshim.sh /docker-config-scripts/nova_cell_v2_discover_host.py"
host_prep_tasks:
list_concat:
- {get_attr: [NovaLogging, host_prep_tasks]}
- {get_attr: [NovaComputeBase, role_data, host_prep_tasks]}
- - name: create persistent directories
file:
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/lib/nova, 'setype': svirt_sandbox_file_t }
- { 'path': /var/lib/nova/instances, 'setype': svirt_sandbox_file_t }
- { 'path': /var/lib/libvirt, 'setype': svirt_sandbox_file_t }
- name: ensure ceph configurations exist
file:
path: /etc/ceph
state: directory
- name: is Instance HA enabled
set_fact:
instance_ha_enabled: {get_param: EnableInstanceHA}
- name: enable virt_sandbox_use_netlink for healthcheck
seboolean:
name: virt_sandbox_use_netlink
persistent: yes
state: yes
- name: install Instance HA recovery script
when: instance_ha_enabled|bool
block:
- name: prepare Instance HA script directory
file:
path: /var/lib/nova/instanceha
state: directory
- name: install Instance HA script that runs nova-compute
copy:
content: {get_file: ../../extraconfig/tasks/instanceha/check-run-nova-compute}
dest: /var/lib/nova/instanceha/check-run-nova-compute
mode: 0755
- name: Get list of instance HA compute nodes
command: hiera -c /etc/puppet/hiera.yaml compute_instanceha_short_node_names
register: iha_nodes
- name: If instance HA is enabled on the node activate the evacuation completed check
file: path=/var/lib/nova/instanceha/enabled state=touch
when: iha_nodes.stdout|lower | search('"'+ansible_hostname|lower+'"')
upgrade_tasks:
- name: Remove openstack-nova-compute and python-nova package during upgrade
package:
name:
- openstack-nova-compute
- python-nova
state: removed
ignore_errors: True
when: step|int == 2
update_tasks:
- name: Remove openstack-nova-compute and python-nova package during upgrade
package:
name:
- openstack-nova-compute
- python-nova
state: removed
ignore_errors: True
when: step|int == 2
post_upgrade_tasks:
- when: step|int == 1
import_role:
name: tripleo-docker-rm
vars:
containers_to_rm:
- nova_compute
fast_forward_upgrade_tasks:
- when:
- step|int == 0
- release == 'ocata'
block:
- name: Check if nova-compute is deployed
command: systemctl is-enabled --quiet openstack-nova-compute
ignore_errors: True
register: nova_compute_enabled_result
- name: Set fact nova_compute_enabled
set_fact:
nova_compute_enabled: "{{ nova_compute_enabled_result.rc == 0 }}"
- when:
- step|int == 1
- release == 'ocata'
block:
- name: Stop and disable nova-compute service
service: name=openstack-nova-compute state=stopped
when:
- nova_compute_enabled|bool
- name: Set upgrade marker in nova statedir
file: path=/var/lib/nova/upgrade_marker state=touch owner=nova group=nova
when:
- nova_compute_enabled|bool

4
environments/baremetal-services.yaml
View File

@ -38,10 +38,10 @@ resource_registry:
OS::TripleO::Services::NeutronOvsAgent: ../deployment/neutron/neutron-ovs-agent-container-puppet.yaml OS::TripleO::Services::NeutronOvsAgent: ../deployment/neutron/neutron-ovs-agent-container-puppet.yaml
OS::TripleO::Services::NeutronServer: ../deployment/neutron/neutron-api-container-puppet.yaml OS::TripleO::Services::NeutronServer: ../deployment/neutron/neutron-api-container-puppet.yaml
OS::TripleO::Services::NovaApi: ../puppet/services/nova-api.yaml OS::TripleO::Services::NovaApi: ../puppet/services/nova-api.yaml
OS::TripleO::Services::NovaCompute: ../puppet/services/nova-compute.yaml OS::TripleO::Services::NovaCompute: ../deployment/nova/nova-compute-container-puppet.yaml
OS::TripleO::Services::NovaConductor: ../puppet/services/nova-conductor.yaml OS::TripleO::Services::NovaConductor: ../puppet/services/nova-conductor.yaml
OS::TripleO::Services::NovaConsoleauth: ../deployment/nova/nova-consoleauth.yaml OS::TripleO::Services::NovaConsoleauth: ../deployment/nova/nova-consoleauth.yaml
OS::TripleO::Services::NovaLibvirt: ../puppet/services/nova-libvirt.yaml OS::TripleO::Services::NovaLibvirt: ../deployment/nova/nova-libvirt-container-puppet.yaml
OS::TripleO::Services::NovaMetadata: ../deployment/nova/nova-metadata-container-puppet.yaml OS::TripleO::Services::NovaMetadata: ../deployment/nova/nova-metadata-container-puppet.yaml
OS::TripleO::Services::NovaMigrationTarget: ../deployment/nova/nova-migration-target-container-puppet.yaml OS::TripleO::Services::NovaMigrationTarget: ../deployment/nova/nova-migration-target-container-puppet.yaml
OS::TripleO::Services::NovaPlacement: ../puppet/services/nova-placement.yaml OS::TripleO::Services::NovaPlacement: ../puppet/services/nova-placement.yaml

4
environments/computealt.yaml
View File

@ -8,8 +8,8 @@ resource_registry:
# If enabling fluentd you'll need provide the following in a specific resource_registry # If enabling fluentd you'll need provide the following in a specific resource_registry
# OS::TripleO::Services::FluentdAlt: ../puppet/services/logging/fluentd.yaml # OS::TripleO::Services::FluentdAlt: ../puppet/services/logging/fluentd.yaml
OS::TripleO::Services::IscsidAlt: ../deployment/iscsid/iscsid-container-puppet.yaml OS::TripleO::Services::IscsidAlt: ../deployment/iscsid/iscsid-container-puppet.yaml
OS::TripleO::Services::NovaComputeAlt: ../puppet/services/nova-compute.yaml OS::TripleO::Services::NovaComputeAlt: ../deployment/nova/nova-compute-container-puppet.yaml
OS::TripleO::Services::NovaLibvirtAlt: ../puppet/services/nova-libvirt.yaml OS::TripleO::Services::NovaLibvirtAlt: ../deployment/nova/nova-libvirt-container-puppet.yaml
OS::TripleO::Services::NovaMigrationTargetAlt: ../deployment/nova/nova-migration-target-container-puppet.yaml OS::TripleO::Services::NovaMigrationTargetAlt: ../deployment/nova/nova-migration-target-container-puppet.yaml
OS::TripleO::Services::SensuClientAlt: OS::Heat::None OS::TripleO::Services::SensuClientAlt: OS::Heat::None
# If enabling monitoring you'll need provide the following in a specific resource_registry # If enabling monitoring you'll need provide the following in a specific resource_registry

6
overcloud-resource-registry-puppet.j2.yaml
View File

@ -192,11 +192,11 @@ resource_registry:
OS::TripleO::Services::Sshd: deployment/sshd/sshd-baremetal-puppet.yaml OS::TripleO::Services::Sshd: deployment/sshd/sshd-baremetal-puppet.yaml
OS::TripleO::Services::Redis: docker/services/database/redis.yaml OS::TripleO::Services::Redis: docker/services/database/redis.yaml
OS::TripleO::Services::NovaApi: docker/services/nova-api.yaml OS::TripleO::Services::NovaApi: docker/services/nova-api.yaml
OS::TripleO::Services::NovaCompute: docker/services/nova-compute.yaml OS::TripleO::Services::NovaCompute: deployment/nova/nova-compute-container-puppet.yaml
OS::TripleO::Services::NovaConductor: docker/services/nova-conductor.yaml OS::TripleO::Services::NovaConductor: docker/services/nova-conductor.yaml
OS::TripleO::Services::NovaConsoleauth: deployment/nova/nova-consoleauth-container-puppet.yaml OS::TripleO::Services::NovaConsoleauth: deployment/nova/nova-consoleauth-container-puppet.yaml
OS::TripleO::Services::NovaLibvirt: docker/services/nova-libvirt.yaml OS::TripleO::Services::NovaLibvirt: deployment/nova/nova-libvirt-container-puppet.yaml
OS::TripleO::Services::NovaLibvirtGuests: puppet/services/nova-libvirt-guests.yaml OS::TripleO::Services::NovaLibvirtGuests: deployment/nova/nova-libvirt-guests-container-puppet.yaml
OS::TripleO::Services::NovaMetadata: deployment/nova/nova-metadata-container-puppet.yaml OS::TripleO::Services::NovaMetadata: deployment/nova/nova-metadata-container-puppet.yaml
OS::TripleO::Services::NovaMigrationTarget: deployment/nova/nova-migration-target-container-puppet.yaml OS::TripleO::Services::NovaMigrationTarget: deployment/nova/nova-migration-target-container-puppet.yaml
OS::TripleO::Services::NovaPlacement: docker/services/nova-placement.yaml OS::TripleO::Services::NovaPlacement: docker/services/nova-placement.yaml

161
puppet/services/nova-metadata.yaml
View File

@ -1,161 +0,0 @@
heat_template_version: rocky
description: >
OpenStack Nova Metadata API service configured with Puppet
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
NovaWorkers:
default: 0
description: Number of workers for Nova services.
type: number
NovaPassword:
description: The password for the nova service and db account
type: string
hidden: true
KeystoneRegion:
type: string
default: 'regionOne'
description: Keystone region for endpoint
NeutronMetadataProxySharedSecret:
description: Shared secret to prevent spoofing
type: string
hidden: true
MonitoringSubscriptionNovaMetadata:
default: 'overcloud-nova-metadata'
type: string
NovaMetadataLoggingSource:
type: json
default:
tag: openstack.nova.metadata
path: /var/log/httpd/nova_metadata_wsgi_error_ssl.log
EnableInternalTLS:
type: boolean
default: false
conditions:
nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]}
is_neutron_shared_metadata_notempty: {not: {equals: [{get_param: NeutronMetadataProxySharedSecret}, '']}}
resources:
ApacheServiceBase:
type: ./apache.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
EnableInternalTLS: {get_param: EnableInternalTLS}
NovaBase:
type: ./nova-base.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Nova Metadata service.
value:
service_name: nova_metadata
monitoring_subscription: {get_param: MonitoringSubscriptionNovaMetadata}
config_settings:
map_merge:
- get_attr: [NovaBase, role_data, config_settings]
- get_attr: [ApacheServiceBase, role_data, config_settings]
- tripleo::nova_placement::firewall_rules:
'139 nova_metadata':
dport:
- 8775
- 13775
nova::keystone::authtoken::project_name: 'service'
nova::keystone::authtoken::password: {get_param: NovaPassword}
nova::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
nova::metadata::enable_proxy_headers_parsing: true
nova_metadata_wsgi_enabled: true
nova::wsgi::apache_metadata::api_port: '8775'
nova::wsgi::apache_metadata::ssl: {get_param: EnableInternalTLS}
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
nova::wsgi::apache_metadata::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]}
nova::wsgi::apache_metadata::servername:
str_replace:
template:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]}
-
if:
- nova_workers_zero
- {}
- nova::wsgi::apache_metadata::workers: {get_param: NovaWorkers}
-
if:
- is_neutron_shared_metadata_notempty
- nova::metadata::neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
- {}
step_config: |
include tripleo::profile::base::nova::metadata
service_config_settings:
fluentd:
tripleo_fluentd_groups_nova_metadata:
- nova
tripleo_fluentd_sources_nova_metadata:
- {get_param: NovaMetadataLoggingSource}
keystone:
nova::keystone::auth::tenant: 'service'
nova::keystone::auth::public_url: {get_param: [EndpointMap, NovaPublic, uri]}
nova::keystone::auth::internal_url: {get_param: [EndpointMap, NovaInternal, uri]}
nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]}
nova::keystone::auth::password: {get_param: NovaPassword}
nova::keystone::auth::region: {get_param: KeystoneRegion}
mysql:
map_merge:
- {get_attr: [NovaBase, role_data, service_config_settings, mysql]}
- nova::db::mysql_api::password: {get_param: NovaPassword}
nova::db::mysql_api::user: nova_api
nova::db::mysql_api::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
nova::db::mysql_api::dbname: nova_api
nova::db::mysql_api::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"

2
sample-env-generator/storage.yaml
View File

@ -45,7 +45,7 @@ environments:
name: storage/nova-nfs name: storage/nova-nfs
title: Enable Nova NFS Backend title: Enable Nova NFS Backend
files: files:
puppet/services/nova-compute.yaml: deployment/nova/nova-compute-container-puppet.yaml:
parameters: parameters:
- NovaNfsEnabled - NovaNfsEnabled
- NovaNfsShare - NovaNfsShare