docker/services/nova-libvirt.yaml

   1 heat_template_version: pike
   2
   3 description: >
   4   OpenStack Libvirt Service
   5
   6 parameters:
   7   DockerNovaLibvirtImage:
   8     description: image
   9     type: string
  10   # we configure libvirt via the nova-compute container due to coupling
  11   # in the puppet modules
  12   DockerNovaLibvirtConfigImage:
  13     description: The container image to use for the nova_libvirt config_volume
  14     type: string
  15   EnablePackageInstall:
  16     default: 'false'
  17     description: Set to true to enable package installation at deploy time
  18     type: boolean
  19   ServiceData:
  20     default: {}
  21     description: Dictionary packing service data
  22     type: json
  23   ServiceNetMap:
  24     default: {}
  25     description: Mapping of service_name -> network name. Typically set
  26                  via parameter_defaults in the resource registry.  This
  27                  mapping overrides those in ServiceNetMapDefaults.
  28     type: json
  29   DefaultPasswords:
  30     default: {}
  31     type: json
  32   RoleName:
  33     default: ''
  34     description: Role name on which the service is applied
  35     type: string
  36   RoleParameters:
  37     default: {}
  38     description: Parameters specific to the role
  39     type: json
  40   EndpointMap:
  41     default: {}
  42     description: Mapping of service endpoint -> protocol. Typically set
  43                  via parameter_defaults in the resource registry.
  44     type: json
  45   EnableInternalTLS:
  46     type: boolean
  47     default: false
  48   UseTLSTransportForLiveMigration:
  49     type: boolean
  50     default: true
  51     description: If set to true and if EnableInternalTLS is enabled, it will
  52                  set the libvirt URI's transport to tls and configure the
  53                  relevant keys for libvirt.
  54   DockerNovaMigrationSshdPort:
  55     default: 2022
  56     description: Port that dockerized nova migration target sshd service
  57                  binds to.
  58     type: number
  59   NovaEnableRbdBackend:
  60     default: false
  61     description: Whether to enable or not the Rbd backend for Nova
  62     type: boolean
  63   CinderEnableRbdBackend:
  64     default: false
  65     description: Whether to enable or not the Rbd backend for Cinder
  66     type: boolean
  67   CephClientKey:
  68     description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring.
  69     type: string
  70     hidden: true
  71   CephClusterFSID:
  72     type: string
  73     description: The Ceph cluster FSID. Must be a UUID.
  74
  75 conditions:
  76
  77   use_tls_for_live_migration:
  78     and:
  79     - equals:
  80       - {get_param: EnableInternalTLS}
  81       - true
  82     - equals:
  83       - {get_param: UseTLSTransportForLiveMigration}
  84       - true
  85
  86   need_libvirt_secret:
  87     or:
  88     - equals:
  89       - {get_param: NovaEnableRbdBackend}
  90       - true
  91     - equals:
  92       - {get_param: CinderEnableRbdBackend}
  93       - true
  94
  95 resources:
  96
  97   ContainersCommon:
  98     type: ./containers-common.yaml
  99
 100   MySQLClient:
 101     type: ../../puppet/services/database/mysql-client.yaml
 102
 103   NovaLibvirtBase:
 104     type: ../../puppet/services/nova-libvirt.yaml
 105     properties:
 106       EndpointMap: {get_param: EndpointMap}
 107       ServiceData: {get_param: ServiceData}
 108       ServiceNetMap: {get_param: ServiceNetMap}
 109       DefaultPasswords: {get_param: DefaultPasswords}
 110       RoleName: {get_param: RoleName}
 111       RoleParameters: {get_param: RoleParameters}
 112       MigrationSshPort: {get_param: DockerNovaMigrationSshdPort}
 113
 114 outputs:
 115   role_data:
 116     description: Role data for the Libvirt service.
 117     value:
 118       service_name: {get_attr: [NovaLibvirtBase, role_data, service_name]}
 119       config_settings:
 120         get_attr: [NovaLibvirtBase, role_data, config_settings]
 121       step_config: &step_config
 122         list_join:
 123           - "\n"
 124           - - {get_attr: [NovaLibvirtBase, role_data, step_config]}
 125             - {get_attr: [MySQLClient, role_data, step_config]}
 126       puppet_config:
 127         config_volume: nova_libvirt
 128         puppet_tags: libvirtd_config,nova_config,file
 129         step_config: *step_config
 130         config_image: {get_param: DockerNovaLibvirtConfigImage}
 131       kolla_config:
 132         /var/lib/kolla/config_files/nova_libvirt.json:
 133           command:
 134             if:
 135               - use_tls_for_live_migration
 136               - /usr/sbin/libvirtd --listen --config /etc/libvirt/libvirtd.conf
 137               - /usr/sbin/libvirtd --config /etc/libvirt/libvirtd.conf
 138           config_files:
 139             - source: "/var/lib/kolla/config_files/src/*"
 140               dest: "/"
 141               merge: true
 142               preserve_properties: true
 143             - source: "/var/lib/kolla/config_files/src-ceph/"
 144               dest: "/etc/ceph/"
 145               merge: true
 146               preserve_properties: true
 147           permissions:
 148             - path: /var/log/nova
 149               owner: nova:nova
 150               recurse: true
 151       docker_config:
 152         step_3:
 153           nova_libvirt:
 154             image: {get_param: DockerNovaLibvirtImage}
 155             net: host
 156             pid: host
 157             privileged: true
 158             restart: always
 159             volumes:
 160               list_concat:
 161                 - {get_attr: [ContainersCommon, volumes]}
 162                 -
 163                   - /var/lib/kolla/config_files/nova_libvirt.json:/var/lib/kolla/config_files/config.json:ro
 164                   - /var/lib/config-data/puppet-generated/nova_libvirt/:/var/lib/kolla/config_files/src:ro
 165                   - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
 166                   - /lib/modules:/lib/modules:ro
 167                   - /dev:/dev
 168                   - /run:/run
 169                   - /sys/fs/cgroup:/sys/fs/cgroup
 170                   - /var/lib/nova:/var/lib/nova
 171                   - /etc/libvirt:/etc/libvirt
 172                   # Needed to use host's virtlogd
 173                   - /var/run/libvirt:/var/run/libvirt
 174                   - /var/lib/libvirt:/var/lib/libvirt
 175                   - /var/log/libvirt/qemu:/var/log/libvirt/qemu:ro
 176                   - /var/log/containers/nova:/var/log/nova
 177             environment:
 178               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
 179         step_4:
 180           if:
 181             - need_libvirt_secret
 182             - nova_libvirt_init_secret:
 183                 detach: false
 184                 image: {get_param: DockerNovaLibvirtImage}
 185                 privileged: false
 186                 user: root
 187                 volumes:
 188                   list_concat:
 189                     - {get_attr: [ContainersCommon, volumes]}
 190                     -
 191                       - /var/lib/config-data/puppet-generated/nova_libvirt/etc/nova:/etc/nova:ro
 192                       - /etc/libvirt:/etc/libvirt
 193                       - /var/run/libvirt:/var/run/libvirt
 194                       - /var/lib/libvirt:/var/lib/libvirt
 195                 command:
 196                   - /bin/bash
 197                   - -c
 198                   - str_replace:
 199                       template: /usr/bin/virsh secret-define --file /etc/nova/secret.xml && /usr/bin/virsh secret-set-value --secret 'SECRET_UUID' --base64 'SECRET_KEY'
 200                       params:
 201                         SECRET_UUID: {get_param: CephClusterFSID}
 202                         SECRET_KEY: {get_param: CephClientKey}
 203             - {}
 204       host_prep_tasks:
 205         - name: create libvirt persistent data directories
 206           file:
 207             path: "{{ item }}"
 208             state: directory
 209           with_items:
 210             - /etc/libvirt
 211             - /etc/libvirt/secrets
 212             - /etc/libvirt/qemu
 213             - /var/lib/libvirt
 214             - /var/log/containers/nova
 215         - name: ensure ceph configurations exist
 216           file:
 217             path: /etc/ceph
 218             state: directory
 219         - name: set enable_package_install fact
 220           set_fact:
 221             enable_package_install: {get_param: EnablePackageInstall}
 222         # We use virtlogd on host, so when using Deployed Server
 223         # feature, we need to ensure libvirt is installed.
 224         - name: install libvirt-daemon
 225           package:
 226             name: libvirt-daemon
 227             state: present
 228           when: enable_package_install
 229         - name: start virtlogd socket
 230           service:
 231             name: virtlogd.socket
 232             state: started
 233             enabled: yes
 234           when: enable_package_install
 235       upgrade_tasks:
 236         - name: Stop and disable libvirtd service
 237           tags: step2
 238           service: name=libvirtd state=stopped enabled=no