openstack/tripleo-heat-templates
Code Issues Proposed changes
e87fcba49d
tripleo-heat-templates/docker/services/ironic-conductor.yaml
Emilien Macchi b3a7cfc43f ansible: replace yum module by package module when possible 
Problem: RHEL and CentOS8 will deprecate the usage of Yum.

From DNF release note:
DNF is the next upcoming major version of yum, a package
manager for RPM-based Linux distributions.
It roughly maintains CLI compatibility with YUM and defines a strict API for
extensions.

Solution: Use "package" Ansible module instead of "yum".

"package" module is smarter when it comes to detect with package manager
runs on the system. The goal of this patch is to support both yum/dnf
(dnf will be the default in rhel/centos 8) from a single ansible module.

Change-Id: I8e67d6f053e8790fdd0eb52a42035dca3051999e
2018-07-21 00:17:25 +00:00

271 lines
11 KiB
YAML
Raw Blame History

heat_template_version: rocky
description: >
OpenStack containerized Ironic Conductor service
parameters:
DockerIronicConductorImage:
description: image
type: string
DockerIronicConfigImage:
description: The container image to use for the ironic config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
IronicConfigureSwiftTempUrlKey:
default: true
description: Whether to configure Swift temporary URLs for use with
the "direct" and "ansible" deploy interfaces.
type: boolean
UpgradeRemoveUnusedPackages:
default: false
description: Remove package if the service is being disabled during upgrade
type: boolean
conditions:
configure_swift_temp_url: {equals: [{get_param: IronicConfigureSwiftTempUrlKey}, true]}
resources:
ContainersCommon:
type: ./containers-common.yaml
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
IronicConductorBase:
type: ../../puppet/services/ironic-conductor.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Ironic Conductor role.
value:
service_name: {get_attr: [IronicConductorBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [IronicConductorBase, role_data, config_settings]
# to avoid hard linking errors we store these on the same
# volume/device as the ironic master_path
# https://github.com/docker/docker/issues/7457
- ironic::drivers::pxe::tftp_root: /var/lib/ironic/tftpboot
- ironic::drivers::pxe::tftp_master_path: /var/lib/ironic/tftpboot/master_images
- ironic::pxe::tftp_root: /var/lib/ironic/tftpboot
- ironic::pxe::http_root: /var/lib/ironic/httpboot
- ironic::conductor::http_root: /var/lib/ironic/httpboot
logging_source: {get_attr: [IronicConductorBase, role_data, logging_source]}
logging_groups: {get_attr: [IronicConductorBase, role_data, logging_groups]}
service_config_settings: {get_attr: [IronicConductorBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: ironic
puppet_tags: ironic_config
step_config:
list_join:
- "\n"
- - {get_attr: [IronicConductorBase, role_data, step_config]}
- {get_attr: [MySQLClient, role_data, step_config]}
config_image: {get_param: DockerIronicConfigImage}
kolla_config:
/var/lib/kolla/config_files/ironic_conductor.json:
command: /usr/bin/ironic-conductor
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/lib/ironic
owner: ironic:ironic
recurse: true
- path: /var/log/ironic
owner: ironic:ironic
recurse: true
docker_config_scripts:
create_swift_temp_url_key.sh:
mode: "0700"
content: |
#!/bin/bash
export OS_PROJECT_DOMAIN_NAME=$(crudini --get /etc/ironic/ironic.conf swift project_domain_name)
export OS_USER_DOMAIN_NAME=$(crudini --get /etc/ironic/ironic.conf swift user_domain_name)
export OS_PROJECT_NAME=$(crudini --get /etc/ironic/ironic.conf swift project_name)
export OS_USERNAME=$(crudini --get /etc/ironic/ironic.conf swift username)
export OS_PASSWORD=$(crudini --get /etc/ironic/ironic.conf swift password)
export OS_AUTH_URL=$(crudini --get /etc/ironic/ironic.conf swift auth_url)
export OS_AUTH_TYPE=password
export OS_IDENTITY_API_VERSION=3
echo "Check if a temporary URL key already exists"
KEY_SET=$(openstack object store account show -c properties -f value 2>/dev/null | tr ',' '\n' | grep Temp-Url-Key || true)
if [ -z $KEY_SET ]; then
echo "Creating a new temporary URL for project $OS_PROJECT_NAME"
SWIFT_TEMP_URL_KEY=$(uuidgen | sha1sum | awk '{print $1}')
openstack object store account set --property "Temp-URL-Key=$SWIFT_TEMP_URL_KEY" || exit 1
fi
docker_config:
step_4:
map_merge:
- if:
- configure_swift_temp_url
- create_swift_temp_url_key:
start_order: 70
image: &ironic_conductor_image {get_param: DockerIronicConductorImage}
net: host
detach: false
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/puppet-generated/ironic/etc/ironic:/etc/ironic:ro
- /var/lib/docker-config-scripts/create_swift_temp_url_key.sh:/create_swift_temp_url_key.sh:ro
user: root
command: "/usr/bin/bootstrap_host_exec ironic_conductor /create_swift_temp_url_key.sh"
- {}
- ironic_conductor:
start_order: 80
image: *ironic_conductor_image
net: host
privileged: true
restart: always
healthcheck:
test: /openstack/healthcheck
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ironic_conductor.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/ironic/:/var/lib/kolla/config_files/src:ro
- /lib/modules:/lib/modules:ro
- /sys:/sys
- /dev:/dev
- /run:/run #shared?
- /var/lib/ironic:/var/lib/ironic:shared
- /var/log/containers/ironic:/var/log/ironic
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent directories
file:
path: "{{ item }}"
state: directory
with_items:
- /var/log/containers/ironic
- /var/lib/ironic
- name: ironic logs readme
copy:
dest: /var/log/ironic/readme.txt
content: |
Log files from ironic containers can be found under
/var/log/containers/ironic and /var/log/containers/httpd/ironic-*.
ignore_errors: true
- name: stat /httpboot
stat: path=/httpboot
register: stat_httpboot
- name: stat /tftpboot
stat: path=/tftpboot
register: stat_tftpboot
- name: stat /var/lib/ironic/httpboot
stat: path=/var/lib/ironic/httpboot
register: stat_ironic_httpboot
- name: stat /var/lib/ironic/tftpboot
stat: path=/var/lib/ironic/tftpboot
register: stat_ironic_tftpboot
# cannot use 'copy' module as with 'remote_src' it doesn't support recursion
- name: migrate /httpboot to containerized (if applicable)
command: /bin/cp -R /httpboot /var/lib/ironic/httpboot
when: stat_httpboot.stat.exists and not stat_ironic_httpboot.stat.exists
- name: migrate /tftpboot to containerized (if applicable)
command: /bin/cp -R /tftpboot /var/lib/ironic/tftpboot
when: stat_tftpboot.stat.exists and not stat_ironic_tftpboot.stat.exists
# Even if there was nothing to copy from original locations,
# we need to create the dirs before starting the containers
- name: ensure ironic pxe directories exist
file:
path: /var/lib/ironic/{{ item }}
state: directory
with_items:
- httpboot
- tftpboot
upgrade_tasks:
- when: step|int == 0
tags: common
block:
- name: Check if ironic_conductor is deployed
command: systemctl is-enabled --quiet openstack-ironic-conductor
ignore_errors: True
register: ironic_conductor_enabled_result
- name: Set fact ironic_conductor_enabled
set_fact:
ironic_conductor_enabled: "{{ ironic_conductor_enabled_result.rc == 0 }}"
- name: "PreUpgrade step0,validation: Check service openstack-ironic-conductor is running"
command: systemctl is-active --quiet openstack-ironic-conductor
tags: validation
when: ironic_conductor_enabled|bool
- when: step|int == 2
block:
- name: Stop and disable ironic_conductor service
when: ironic_conductor_enabled|bool
service: name=openstack-ironic-conductor state=stopped enabled=no
- name: Set fact for removal of openstack-ironic-conductor package
set_fact:
remove_ironic_conductor_package: {get_param: UpgradeRemoveUnusedPackages}
- name: Remove openstack-ironic-conductor package if operator requests it
package: name=openstack-ironic-conductor state=removed
ignore_errors: True
when: remove_ironic_conductor_package|bool
fast_forward_upgrade_tasks:
- block:
- name: Check if ironic_conductor is deployed
command: systemctl is-enabled --quiet openstack-ironic-conductor
ignore_errors: True
register: ironic_conductor_enabled_result
- name: Set fact ironic_conductor_enabled
set_fact:
ironic_conductor_enabled: "{{ ironic_conductor_enabled_result.rc == 0 }}"
when:
- step|int == 0
- release == 'ocata'
- name: Stop openstack-ironic-conductor
service: name=openstack-ironic-conductor state=stopped enabled=no
when:
- step|int == 1
- release == 'ocata'
- ironic_conductor_enabled|bool
- name: Ironic packages update
package:
name: 'openstack-ironic*'
state: latest
when:
- step|int == 6
- is_bootstrap_node|bool
View Git Blame Copy Permalink