Code Review / apex-tripleo-heat-templates.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Refactor cellv2 host discovery logic to avoid races
[apex-tripleo-heat-templates.git] / docker / services / nova-api.yaml
1 heat_template_version: pike
2
3 description: >
4   OpenStack containerized Nova API service
5
6 parameters:
7   DockerNovaApiImage:
8     description: image
9     type: string
10   DockerNovaConfigImage:
11     description: The container image to use for the nova config_volume
12     type: string
13   EndpointMap:
14     default: {}
15     description: Mapping of service endpoint -> protocol. Typically set
16                  via parameter_defaults in the resource registry.
17     type: json
18   ServiceData:
19     default: {}
20     description: Dictionary packing service data
21     type: json
22   ServiceNetMap:
23     default: {}
24     description: Mapping of service_name -> network name. Typically set
25                  via parameter_defaults in the resource registry.  This
26                  mapping overrides those in ServiceNetMapDefaults.
27     type: json
28   DefaultPasswords:
29     default: {}
30     type: json
31   RoleName:
32     default: ''
33     description: Role name on which the service is applied
34     type: string
35   RoleParameters:
36     default: {}
37     description: Parameters specific to the role
38     type: json
39   EnableInternalTLS:
40     type: boolean
41     default: false
42   UpgradeRemoveUnusedPackages:
43     default: false
44     description: Remove package if the service is being disabled during upgrade
45     type: boolean
46
47 conditions:
48
49   internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
50
51 resources:
52
53   ContainersCommon:
54     type: ./containers-common.yaml
55
56   MySQLClient:
57     type: ../../puppet/services/database/mysql-client.yaml
58
59   NovaApiBase:
60     type: ../../puppet/services/nova-api.yaml
61     properties:
62       EndpointMap: {get_param: EndpointMap}
63       ServiceData: {get_param: ServiceData}
64       ServiceNetMap: {get_param: ServiceNetMap}
65       DefaultPasswords: {get_param: DefaultPasswords}
66       RoleName: {get_param: RoleName}
67       RoleParameters: {get_param: RoleParameters}
68
69 outputs:
70   role_data:
71     description: Role data for the Nova API role.
72     value:
73       service_name: {get_attr: [NovaApiBase, role_data, service_name]}
74       config_settings:
75         map_merge:
76           - get_attr: [NovaApiBase, role_data, config_settings]
77           - apache::default_vhost: false
78       logging_source: {get_attr: [NovaApiBase, role_data, logging_source]}
79       logging_groups: {get_attr: [NovaApiBase, role_data, logging_groups]}
80       step_config: &step_config
81         list_join:
82           - "\n"
83           - - "['Nova_cell_v2'].each |String $val| { noop_resource($val) }"
84             - {get_attr: [NovaApiBase, role_data, step_config]}
85             - {get_attr: [MySQLClient, role_data, step_config]}
86       service_config_settings: {get_attr: [NovaApiBase, role_data, service_config_settings]}
87       # BEGIN DOCKER SETTINGS
88       puppet_config:
89         config_volume: nova
90         puppet_tags: nova_config
91         step_config: *step_config
92         config_image: {get_param: DockerNovaConfigImage}
93       kolla_config:
94         /var/lib/kolla/config_files/nova_api.json:
95           command: /usr/sbin/httpd -DFOREGROUND
96           config_files:
97             - source: "/var/lib/kolla/config_files/src/*"
98               dest: "/"
99               merge: true
100               preserve_properties: true
101           permissions:
102             - path: /var/log/nova
103               owner: nova:nova
104               recurse: true
105         /var/lib/kolla/config_files/nova_api_cron.json:
106           command: /usr/sbin/crond -n
107           config_files:
108             - source: "/var/lib/kolla/config_files/src/*"
109               dest: "/"
110               merge: true
111               preserve_properties: true
112           permissions:
113             - path: /var/log/nova
114               owner: nova:nova
115               recurse: true
116       docker_config_scripts:
117         nova_api_discover_hosts.sh:
118           mode: "0700"
119           content: |
120             #!/bin/bash
121             export OS_PROJECT_DOMAIN_NAME=$(crudini --get /etc/nova/nova.conf keystone_authtoken project_domain_name)
122             export OS_USER_DOMAIN_NAME=$(crudini --get /etc/nova/nova.conf keystone_authtoken user_domain_name)
123             export OS_PROJECT_NAME=$(crudini --get /etc/nova/nova.conf keystone_authtoken project_name)
124             export OS_USERNAME=$(crudini --get /etc/nova/nova.conf keystone_authtoken username)
125             export OS_PASSWORD=$(crudini --get /etc/nova/nova.conf keystone_authtoken password)
126             export OS_AUTH_URL=$(crudini --get /etc/nova/nova.conf keystone_authtoken auth_url)
127             export OS_AUTH_TYPE=password
128             export OS_IDENTITY_API_VERSION=3
129
130             echo "(cellv2) Running cell_v2 host discovery"
131             timeout=600
132             loop_wait=30
133             declare -A discoverable_hosts
134             for host in $(hiera -c /etc/puppet/hiera.yaml cellv2_discovery_hosts | sed -e '/^nil$/d' |  tr "," " "); do discoverable_hosts[$host]=1; done
135             timeout_at=$(( $(date +"%s") + ${timeout} ))
136             echo "(cellv2) Waiting ${timeout} seconds for hosts to register"
137             finished=0
138             while : ; do
139               for host in $(openstack -q compute service list -c 'Host' -c 'Zone' -f value | awk '$2 != "internal" { print $1 }'); do
140                 if (( discoverable_hosts[$host] == 1 )); then
141                   echo "(cellv2) compute node $host has registered"
142                   unset discoverable_hosts[$host]
143                 fi
144               done
145               finished=1
146               for host in "${!discoverable_hosts[@]}"; do
147                 if (( ${discoverable_hosts[$host]} == 1 )); then
148                   echo "(cellv2) compute node $host has not registered"
149                   finished=0
150                 fi
151               done
152               remaining=$(( $timeout_at - $(date +"%s") ))
153               if (( $finished == 1 )); then
154                 echo "(cellv2) All nodes registered"
155                 break
156               elif (( $remaining <= 0 )); then
157                 echo "(cellv2) WARNING: timeout waiting for nodes to register, running host discovery regardless"
158                 echo "(cellv2) Expected host list:" $(hiera -c /etc/puppet/hiera.yaml cellv2_discovery_hosts | sed -e '/^nil$/d' | sort -u |  tr ',' ' ')
159                 echo "(cellv2) Detected host list:" $(openstack -q compute service list -c 'Host' -c 'Zone' -f value | awk '$2 != "internal" { print $1 }' | sort -u | tr '\n', ' ')
160                 break
161               else
162                 echo "(cellv2) Waiting ${remaining} seconds for hosts to register"
163                 sleep $loop_wait
164               fi
165             done
166             echo "(cellv2) Running host discovery..."
167             su nova -s /bin/bash -c "/usr/bin/nova-manage cell_v2 discover_hosts --verbose"
168       docker_config:
169         # db sync runs before permissions set by kolla_config
170         step_2:
171           nova_init_logs:
172             image: &nova_api_image {get_param: DockerNovaApiImage}
173             privileged: false
174             user: root
175             volumes:
176               - /var/log/containers/nova:/var/log/nova
177               - /var/log/containers/httpd/nova-api:/var/log/httpd
178             command: ['/bin/bash', '-c', 'chown -R nova:nova /var/log/nova']
179         step_3:
180           nova_api_db_sync:
181             start_order: 0
182             image: *nova_api_image
183             net: host
184             detach: false
185             user: root
186             volumes: &nova_api_bootstrap_volumes
187               list_concat:
188                 - {get_attr: [ContainersCommon, volumes]}
189                 -
190                   - /var/lib/config-data/nova/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
191                   - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro
192                   - /var/log/containers/nova:/var/log/nova
193                   - /var/log/containers/httpd/nova-api:/var/log/httpd
194             command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage api_db sync'"
195           # FIXME: we probably want to wait on the 'cell_v2 update' in order for this
196           # to be capable of upgrading a baremetal setup. This is to ensure the name
197           # of the cell is 'default'
198           nova_api_map_cell0:
199             start_order: 1
200             image: *nova_api_image
201             net: host
202             detach: false
203             user: root
204             volumes: *nova_api_bootstrap_volumes
205             command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 map_cell0'"
206           nova_api_create_default_cell:
207             start_order: 2
208             image: *nova_api_image
209             net: host
210             detach: false
211             volumes: *nova_api_bootstrap_volumes
212             # NOTE: allowing the exit code 2 is a dirty way of making
213             # this idempotent (if the resource already exists a conflict
214             # is raised)
215             exit_codes: [0,2]
216             user: root
217             command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 create_cell --name=default'"
218           nova_db_sync:
219             start_order: 3
220             image: *nova_api_image
221             net: host
222             detach: false
223             volumes: *nova_api_bootstrap_volumes
224             user: root
225             command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage db sync'"
226         step_4:
227           nova_api:
228             start_order: 2
229             image: *nova_api_image
230             net: host
231             user: root
232             privileged: true
233             restart: always
234             volumes:
235               list_concat:
236                 - {get_attr: [ContainersCommon, volumes]}
237                 -
238                   - /var/lib/kolla/config_files/nova_api.json:/var/lib/kolla/config_files/config.json:ro
239                   - /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro
240                   - /var/log/containers/nova:/var/log/nova
241                   - /var/log/containers/httpd/nova-api:/var/log/httpd
242                   -
243                     if:
244                       - internal_tls_enabled
245                       - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
246                       - ''
247                   -
248                     if:
249                       - internal_tls_enabled
250                       - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
251                       - ''
252             environment:
253               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
254           nova_api_cron:
255             image: *nova_api_image
256             net: host
257             user: root
258             privileged: false
259             restart: always
260             healthcheck:
261               test: /bin/true
262             volumes:
263               list_concat:
264                 - {get_attr: [ContainersCommon, volumes]}
265                 -
266                   - /var/lib/kolla/config_files/nova_api_cron.json:/var/lib/kolla/config_files/config.json:ro
267                   - /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro
268                   - /var/log/containers/nova:/var/log/nova
269                   - /var/log/containers/httpd/nova-api:/var/log/httpd
270             environment:
271               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
272         step_5:
273           nova_api_discover_hosts:
274             start_order: 1
275             image: *nova_api_image
276             net: host
277             detach: false
278             volumes:
279               list_concat:
280                 - *nova_api_bootstrap_volumes
281                 -
282                   - /var/lib/config-data/nova/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
283                   - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro
284                   - /var/log/containers/nova:/var/log/nova
285                   - /var/lib/docker-config-scripts/nova_api_discover_hosts.sh:/nova_api_discover_hosts.sh:ro
286             user: root
287             command: "/usr/bin/bootstrap_host_exec nova_api /nova_api_discover_hosts.sh"
288       metadata_settings:
289         get_attr: [NovaApiBase, role_data, metadata_settings]
290       host_prep_tasks:
291         - name: create persistent logs directory
292           file:
293             path: "{{ item }}"
294             state: directory
295           with_items:
296             - /var/log/containers/nova
297             - /var/log/containers/httpd/nova-api
298       upgrade_tasks:
299         - name: Stop and disable nova_api service
300           tags: step2
301           service: name=openstack-nova-api state=stopped enabled=no
302         - name: Remove openstack-nova-api package if operator requests it
303           yum: name=openstack-nova-api state=removed
304           tags: step2
305           ignore_errors: True
306           when: {get_param: UpgradeRemoveUnusedPackages}
307         - name: remove old nova cron jobs
308           tags: step2
309           file:
310             path: /var/spool/cron/nova
311             state: absent